eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Return and propagate UECC_FAULT_DETECTED

Browse source 
This commit first changes the return convention of EccPoint_mult_safer() so
that it properly reports when faults are detected. Then all functions that
call it need to be changed to (1) follow the same return convention and (2)
properly propagate UECC_FAULT_DETECTED when it occurs.

Here's the reverse call graph from EccPoint_mult_safer() to the rest of the
library (where return values are translated to the MBEDTLS_ERR_ space) and test
functions (where expected return values are asserted explicitly).

EccPoint_mult_safer()
    EccPoint_compute_public_key()
        uECC_compute_public_key()
            pkparse.c
            tests/suites/test_suite_pkparse.function
        uECC_make_key_with_d()
        uECC_make_key()
            ssl_cli.c
            ssl_srv.c
            tests/suites/test_suite_pk.function
            tests/suites/test_suite_tinycrypt.function
    uECC_shared_secret()
        ssl_tls.c
        tests/suites/test_suite_tinycrypt.function
    uECC_sign_with_k()
        uECC_sign()
            pk.c
            tests/suites/test_suite_tinycrypt.function

Note: in uECC_sign_with_k() a test for uECC_vli_isZero(p) is suppressed
because it is redundant with a more thorough test (point validity) done at the
end of EccPoint_mult_safer(). This redundancy was introduced in a previous
commit but not noticed earlier.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-25 13:06:05 +01:00
parent 4d6186beb0
commit 9d6a535ba1
14 changed files with 112 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

13
library/ssl_srv.c
View file

@ -3410,6 +3410,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_USE_TINYCRYPT)
{
int ret;
static const unsigned char ecdh_param_hdr[] = {
MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
0 /* high bits of secp256r1 TLS ID */,
@ -3426,12 +3427,12 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ecdh_param_hdr, sizeof( ecdh_param_hdr ) );
ssl->out_msglen += sizeof( ecdh_param_hdr );
if( !uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
ssl->handshake->ecdh_privkey ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ret = uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
ssl->handshake->ecdh_privkey );
if( ret == UECC_FAULT_DETECTED )
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
ssl->out_msglen += 2*NUM_ECC_BYTES;
}