Return and propagate UECC_FAULT_DETECTED
This commit first changes the return convention of EccPoint_mult_safer() so
that it properly reports when faults are detected. Then all functions that
call it need to be changed to (1) follow the same return convention and (2)
properly propagate UECC_FAULT_DETECTED when it occurs.
Here's the reverse call graph from EccPoint_mult_safer() to the rest of the
library (where return values are translated to the MBEDTLS_ERR_ space) and test
functions (where expected return values are asserted explicitly).
EccPoint_mult_safer()
EccPoint_compute_public_key()
uECC_compute_public_key()
pkparse.c
tests/suites/test_suite_pkparse.function
uECC_make_key_with_d()
uECC_make_key()
ssl_cli.c
ssl_srv.c
tests/suites/test_suite_pk.function
tests/suites/test_suite_tinycrypt.function
uECC_shared_secret()
ssl_tls.c
tests/suites/test_suite_tinycrypt.function
uECC_sign_with_k()
uECC_sign()
pk.c
tests/suites/test_suite_tinycrypt.function
Note: in uECC_sign_with_k() a test for uECC_vli_isZero(p) is suppressed
because it is redundant with a more thorough test (point validity) done at the
end of EccPoint_mult_safer(). This redundancy was introduced in a previous
commit but not noticed earlier.
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 94e10ba..61bf95c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -36,7 +36,7 @@
ret = uECC_make_key( mbedtls_pk_uecc( *pk )->public_key,
mbedtls_pk_uecc( *pk )->private_key );
- if( ret == 0 )
+ if( ret != UECC_SUCCESS )
return( -1 );
return( 0 );
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 5563d60..54fa7af 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -137,7 +137,7 @@
uecckey = mbedtls_pk_uecc( ctx );
TEST_ASSERT( uECC_valid_public_key( uecckey->public_key ) == 0 );
TEST_ASSERT( uECC_compute_public_key( uecckey->private_key,
- tmp_pubkey ) != 0 );
+ tmp_pubkey ) == UECC_SUCCESS );
TEST_ASSERT( memcmp( tmp_pubkey, uecckey->public_key,
sizeof( tmp_pubkey ) ) == 0 );
#endif /* MBEDTLS_USE_TINYCRYPT */
diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function
index 3e41720..3247e05 100644
--- a/tests/suites/test_suite_tinycrypt.function
+++ b/tests/suites/test_suite_tinycrypt.function
@@ -23,13 +23,13 @@
uECC_set_rng( &uecc_rng_wrapper );
- TEST_ASSERT( uECC_make_key( public1, private1 ) != 0 );
+ TEST_ASSERT( uECC_make_key( public1, private1 ) == UECC_SUCCESS );
- TEST_ASSERT( uECC_make_key( public2, private2 ) != 0 );
+ TEST_ASSERT( uECC_make_key( public2, private2 ) == UECC_SUCCESS );
- TEST_ASSERT( uECC_shared_secret( public2, private1, secret1 ) != 0 );
+ TEST_ASSERT( uECC_shared_secret( public2, private1, secret1 ) == UECC_SUCCESS );
- TEST_ASSERT( uECC_shared_secret( public1, private2, secret2 ) != 0 );
+ TEST_ASSERT( uECC_shared_secret( public1, private2, secret2 ) == UECC_SUCCESS );
TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 );
}
@@ -47,9 +47,9 @@
TEST_ASSERT( rnd_std_rand( NULL, hash, NUM_ECC_BYTES ) == 0 );
- TEST_ASSERT( uECC_make_key( public, private ) != 0 );
+ TEST_ASSERT( uECC_make_key( public, private ) == UECC_SUCCESS );
- TEST_ASSERT( uECC_sign( private, hash, sizeof( hash ), sig ) != 0 );
+ TEST_ASSERT( uECC_sign( private, hash, sizeof( hash ), sig ) == UECC_SUCCESS );
TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig ) == UECC_SUCCESS );
}
@@ -71,9 +71,9 @@
memcpy( public2 + NUM_ECC_BYTES, yB_str->x, yB_str->len );
// Compute shared secrets and compare to test vector secret
- TEST_ASSERT( uECC_shared_secret( public2, private1->x, secret1 ) != 0 );
+ TEST_ASSERT( uECC_shared_secret( public2, private1->x, secret1 ) == UECC_SUCCESS );
- TEST_ASSERT( uECC_shared_secret( public1, private2->x, secret2 ) != 0 );
+ TEST_ASSERT( uECC_shared_secret( public1, private2->x, secret2 ) == UECC_SUCCESS );
TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 );
TEST_ASSERT( memcmp( secret1, z_str->x, sizeof( secret1 ) ) == 0 );