Return and propagate UECC_FAULT_DETECTED
This commit first changes the return convention of EccPoint_mult_safer() so
that it properly reports when faults are detected. Then all functions that
call it need to be changed to (1) follow the same return convention and (2)
properly propagate UECC_FAULT_DETECTED when it occurs.
Here's the reverse call graph from EccPoint_mult_safer() to the rest of the
library (where return values are translated to the MBEDTLS_ERR_ space) and test
functions (where expected return values are asserted explicitly).
EccPoint_mult_safer()
EccPoint_compute_public_key()
uECC_compute_public_key()
pkparse.c
tests/suites/test_suite_pkparse.function
uECC_make_key_with_d()
uECC_make_key()
ssl_cli.c
ssl_srv.c
tests/suites/test_suite_pk.function
tests/suites/test_suite_tinycrypt.function
uECC_shared_secret()
ssl_tls.c
tests/suites/test_suite_tinycrypt.function
uECC_sign_with_k()
uECC_sign()
pk.c
tests/suites/test_suite_tinycrypt.function
Note: in uECC_sign_with_k() a test for uECC_vli_isZero(p) is suppressed
because it is redundant with a more thorough test (point validity) done at the
end of EccPoint_mult_safer(). This redundancy was introduced in a previous
commit but not noticed earlier.
diff --git a/library/pkparse.c b/library/pkparse.c
index 6a2507a..3f20225 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -987,7 +987,9 @@
{
ret = uECC_compute_public_key( keypair->private_key,
keypair->public_key );
- if( ret == 0 )
+ if( ret == UECC_FAULT_DETECTED )
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
}