Use safer return values in uECC_verify()
This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.
The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.
diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function
index 24b331d..664cd08 100644
--- a/tests/suites/test_suite_tinycrypt.function
+++ b/tests/suites/test_suite_tinycrypt.function
@@ -55,7 +55,7 @@
TEST_ASSERT( uECC_sign( private, hash, sizeof( hash ), sig, curve ) != 0 );
- TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) != 0 );
+ TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) == UECC_SUCCESS );
}
/* END_CASE */
@@ -88,8 +88,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */
void ecdsa_primitive_testvec( data_t * xQ_str, data_t * yQ_str,
- data_t * hash, data_t * r_str, data_t * s_str,
- int result )
+ data_t * hash, data_t * r_str, data_t * s_str )
{
const struct uECC_Curve_t * curve = uECC_secp256r1();
uint8_t pub_bytes[2*NUM_ECC_BYTES] = {0};
@@ -101,7 +100,7 @@
memcpy( sig_bytes + NUM_ECC_BYTES, s_str->x, r_str->len );
TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len,
- sig_bytes, curve ) == result );
+ sig_bytes, curve ) == UECC_SUCCESS );
// Alter the signature and check the verification fails
for( int i = 0; i < 2*NUM_ECC_BYTES; i++ )
@@ -109,7 +108,7 @@
uint8_t temp = sig_bytes[i];
sig_bytes[i] = ( sig_bytes[i] + 1 ) % 256;
TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len,
- sig_bytes, curve ) == 0 );
+ sig_bytes, curve ) == UECC_FAILURE );
sig_bytes[i] = temp;
}