Duplicate sensitive buffer and buffer length information Detect FI attacks on buffer pointers and buffer lengths. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 74f7d0f03de292474ed16500575aee45758fa491 [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Mon Jul 06 14:28:12 2020 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> Mon Jul 06 14:28:12 2020 -0400
tree: 8c7c27d291705e8bd54131673e0810729c66cc8a
parent: 98c847a4834eff8cd9b27b3ac5bbf30668578b48 [diff] [blame]
diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c
index ca91e12..27cef2e 100644
--- a/tinycrypt/ecc.c
+++ b/tinycrypt/ecc.c

@@ -1234,11 +1234,13 @@
 	return uECC_valid_point(_public);
 }
 
-int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
+int uECC_compute_public_key(const uint8_t * private_key, uint8_t * public_key)
 {
 	int ret = UECC_FAULT_DETECTED;
 	uECC_word_t _private[NUM_ECC_WORDS];
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
+	volatile const uint8_t * private_key_dup = private_key;
+	volatile const uint8_t * public_key_dup = public_key;
 
 	uECC_vli_bytesToNative(
 	_private,
@@ -1264,5 +1266,8 @@
 	uECC_vli_nativeToBytes(
 	public_key +
 	NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
+	if(private_key_dup != private_key || public_key_dup != public_key){
+	    return UECC_FAULT_DETECTED;
+	}
 	return ret;
 }
commit	74f7d0f03de292474ed16500575aee45758fa491	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Mon Jul 06 14:28:12 2020 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Mon Jul 06 14:28:12 2020 -0400
tree	8c7c27d291705e8bd54131673e0810729c66cc8a
parent	98c847a4834eff8cd9b27b3ac5bbf30668578b48 [diff] [blame]