commit 10d8e8ed64158e12fe4279ea59d5b383433ab24f
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Nov 06 10:30:26 2019 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 21 15:12:44 2019 +0100
tree 037215d166929c2db745a3498c1932913708b99e
parent c05f1506f41ef548680f4898245f693632a78152

Use safer return values in uECC_verify()

This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.

The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.

tests/suites/test_suite_tinycrypt.data

diff --git a/tests/suites/test_suite_tinycrypt.data b/tests/suites/test_suite_tinycrypt.data
index ac2a8e2..2c4d54b 100644
--- a/tests/suites/test_suite_tinycrypt.data
+++ b/tests/suites/test_suite_tinycrypt.data
@@ -8,4 +8,4 @@
 ecdh_primitive_testvec:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"DAD0B65394221CF9B051E1FECA5787D098DFE637FC90B9EF945D0C3772581180":"5271A0461CDB8252D61F1C456FA3E59AB1F45B33ACCF5F58389E0577B8990BB3":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D12DFB5289C8D4F81208B70270398C342296970A0BCCB74C736FC7554494BF63":"56FBF3CA366CC23E8157854C13C58D6AAC23F046ADA30F8353E74F33039872AB":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE"
 
 ECDSA primitive rfc 4754 p256
-ecdsa_primitive_testvec:"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":1
+ecdsa_primitive_testvec:"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315"

tests/suites/test_suite_tinycrypt.function

diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function
index 24b331d..664cd08 100644
--- a/tests/suites/test_suite_tinycrypt.function
+++ b/tests/suites/test_suite_tinycrypt.function
@@ -55,7 +55,7 @@
 
     TEST_ASSERT( uECC_sign( private, hash, sizeof( hash ), sig, curve ) != 0 );
 
-    TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) != 0 );
+    TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) == UECC_SUCCESS );
 }
 /* END_CASE */
 
@@ -88,8 +88,7 @@
 
 /* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */
 void ecdsa_primitive_testvec( data_t * xQ_str, data_t * yQ_str,
-                              data_t * hash, data_t * r_str, data_t * s_str,
-                              int result )
+                              data_t * hash, data_t * r_str, data_t * s_str )
 {
     const struct uECC_Curve_t * curve = uECC_secp256r1();
     uint8_t pub_bytes[2*NUM_ECC_BYTES] = {0};
@@ -101,7 +100,7 @@
     memcpy( sig_bytes + NUM_ECC_BYTES, s_str->x, r_str->len );
 
     TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len,
-                              sig_bytes, curve ) == result );
+                              sig_bytes, curve ) == UECC_SUCCESS );
 
     // Alter the signature and check the verification fails
     for( int i = 0; i < 2*NUM_ECC_BYTES; i++ )
@@ -109,7 +108,7 @@
         uint8_t temp = sig_bytes[i];
         sig_bytes[i] = ( sig_bytes[i] + 1 ) % 256;
         TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len,
-                                  sig_bytes, curve ) == 0 );
+                                  sig_bytes, curve ) == UECC_FAILURE );
         sig_bytes[i] = temp;
     }