From 6ee7a4e01c587072b88cf9bcb4c7566f614bda9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 14 Oct 2019 14:02:07 +0200
Subject: [PATCH] Validate peer's public key in ECDH

This protects against invalid curve attacks.

(It's also a tiny step in the direction of protecting against some fault
injection attacks.)
---
 tinycrypt/ecc_dh.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index 54b9a8ab4..853c50dca 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -169,6 +169,12 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
 	wordcount_t num_bytes = curve->num_bytes;
 	int r;
 
+        /* Protect against invalid curve attacks */
+        if (uECC_valid_public_key(public_key, curve) != 0) {
+            r = 0;
+            goto clear_and_out;
+        }
+
 	/* Converting buffers to correct bit order: */
 	uECC_vli_bytesToNative(_private,
       			       private_key,