eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use safer return values in uECC_verify()

Browse source 
This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.

The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-06 10:30:26 +01:00
parent c05f1506f4
commit 10d8e8ed64
5 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/tinycrypt/ecc_dsa.h
View file

@ -123,8 +123,8 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
/**
* @brief Verify an ECDSA signature.
* @return returns TC_SUCCESS (1) if the signature is valid
* returns TC_FAIL (0) if the signature is invalid.
* @return returns UECC_SUCCESS if the signature is valid
* returns UECC_FAILURE if the signature is invalid.
*
* @param p_public_key IN -- The signer's public key.
* @param p_message_hash IN -- The hash of the signed data.