Return and propagate UECC_FAULT_DETECTED
This commit first changes the return convention of EccPoint_mult_safer() so
that it properly reports when faults are detected. Then all functions that
call it need to be changed to (1) follow the same return convention and (2)
properly propagate UECC_FAULT_DETECTED when it occurs.
Here's the reverse call graph from EccPoint_mult_safer() to the rest of the
library (where return values are translated to the MBEDTLS_ERR_ space) and test
functions (where expected return values are asserted explicitly).
EccPoint_mult_safer()
EccPoint_compute_public_key()
uECC_compute_public_key()
pkparse.c
tests/suites/test_suite_pkparse.function
uECC_make_key_with_d()
uECC_make_key()
ssl_cli.c
ssl_srv.c
tests/suites/test_suite_pk.function
tests/suites/test_suite_tinycrypt.function
uECC_shared_secret()
ssl_tls.c
tests/suites/test_suite_tinycrypt.function
uECC_sign_with_k()
uECC_sign()
pk.c
tests/suites/test_suite_tinycrypt.function
Note: in uECC_sign_with_k() a test for uECC_vli_isZero(p) is suppressed
because it is redundant with a more thorough test (point validity) done at the
end of EccPoint_mult_safer(). This redundancy was introduced in a previous
commit but not noticed earlier.
diff --git a/library/pk.c b/library/pk.c
index fbe711d..dfdd4d1 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -723,8 +723,9 @@
#define MAX_SECP256R1_ECDSA_SIG_LEN ( 3 + 2 * ( 3 + NUM_ECC_BYTES ) )
ret = uECC_sign( keypair->private_key, hash, hash_len, sig );
- /* TinyCrypt uses 0 to signal errors. */
- if( ret == 0 )
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
*sig_len = 2 * NUM_ECC_BYTES;
diff --git a/library/pkparse.c b/library/pkparse.c
index 6a2507a..3f20225 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -987,7 +987,9 @@
{
ret = uECC_compute_public_key( keypair->private_key,
keypair->public_key );
- if( ret == 0 )
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
}
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 3a5671e..7c03b41 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3568,7 +3568,6 @@
{
((void) n);
- ((void) ret);
if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@@ -3576,10 +3575,11 @@
*p++ = 2 * NUM_ECC_BYTES + 1;
*p++ = 0x04; /* uncompressed point presentation */
- if( !uECC_make_key( p, ssl->handshake->ecdh_privkey ) )
- {
+ ret = uECC_make_key( p, ssl->handshake->ecdh_privkey );
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
p += 2 * NUM_ECC_BYTES;
}
else
@@ -3717,7 +3717,6 @@
{
#if defined(MBEDTLS_USE_TINYCRYPT)
((void) n);
- ((void) ret);
if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@@ -3725,10 +3724,11 @@
*p++ = 2 * NUM_ECC_BYTES + 1;
*p++ = 0x04; /* uncompressed point presentation */
- if( !uECC_make_key( p, ssl->handshake->ecdh_privkey ) )
- {
+ ret = uECC_make_key( p, ssl->handshake->ecdh_privkey );
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
p += 2 * NUM_ECC_BYTES;
#else /* MBEDTLS_USE_TINYCRYPT */
/*
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 43ca2ca..1ef8f94 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3410,6 +3410,7 @@
#if defined(MBEDTLS_USE_TINYCRYPT)
{
+ int ret;
static const unsigned char ecdh_param_hdr[] = {
MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
0 /* high bits of secp256r1 TLS ID */,
@@ -3426,12 +3427,12 @@
ecdh_param_hdr, sizeof( ecdh_param_hdr ) );
ssl->out_msglen += sizeof( ecdh_param_hdr );
- if( !uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
- ssl->handshake->ecdh_privkey ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+ ret = uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
+ ssl->handshake->ecdh_privkey );
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
ssl->out_msglen += 2*NUM_ECC_BYTES;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2fc569c..c12af96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1973,14 +1973,13 @@
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
- ((void) ret);
-
- if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
- ssl->handshake->ecdh_privkey,
- ssl->handshake->premaster ) )
- {
+ ret = uECC_shared_secret( ssl->handshake->ecdh_peerkey,
+ ssl->handshake->ecdh_privkey,
+ ssl->handshake->premaster );
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
ssl->handshake->pmslen = NUM_ECC_BYTES;
}
@@ -2168,14 +2167,13 @@
size_t zlen;
#if defined(MBEDTLS_USE_TINYCRYPT)
- ((void) ret);
-
- if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
- ssl->handshake->ecdh_privkey,
- p + 2 ) )
- {
+ ret = uECC_shared_secret( ssl->handshake->ecdh_peerkey,
+ ssl->handshake->ecdh_privkey,
+ p + 2 );
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
zlen = NUM_ECC_BYTES;
#else /* MBEDTLS_USE_TINYCRYPT */