commit ca7b5ab5ef0e8943fda34c6347a2f10136bd7fcf
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Nov 06 11:56:25 2019 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 21 15:14:59 2019 +0100
tree bbbbec3c57d7040851e7d9de0acff95a9dbb12b6
parent 324c6e9cc9768f435f0f13bf66b3df449b94ceb3

Use double-checking of critical value in pk_verify()

Also change the flow so that the default return value is a failing one.

library/pk.c

diff --git a/library/pk.c b/library/pk.c
index 857bafc..eaaa371 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -577,6 +577,7 @@
                        const unsigned char *sig, size_t sig_len )
 {
     int ret;
+    volatile int ret_fi;
     uint8_t signature[2*NUM_ECC_BYTES];
     unsigned char *p;
     const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
@@ -589,12 +590,21 @@
     if( ret != 0 )
         return( ret );
 
-    ret = uECC_verify( keypair->public_key, hash,
-                       (unsigned) hash_len, signature, uecc_curve );
-    if( ret != UECC_SUCCESS )
-        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+    ret_fi = uECC_verify( keypair->public_key, hash,
+                          (unsigned) hash_len, signature, uecc_curve );
 
-    return( 0 );
+    if( ret_fi == UECC_ATTACK_DETECTED )
+        return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+
+    if( ret_fi == UECC_SUCCESS )
+    {
+        if( ret_fi == UECC_SUCCESS )
+            return( 0 );
+        else
+            return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    }
+
+    return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 }
 
 /*