Add buffer and context clearing upon suspected FI
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index 197a61a..bf3a803 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -153,6 +153,8 @@
if (private_key == private_key_dup && public_key == public_key_dup) {
return UECC_SUCCESS;
}
+ /* Erase key in case of FI */
+ mbedtls_platform_memset(public_key, 0, 2*NUM_ECC_BYTES);
return UECC_FAULT_DETECTED;
}
}
@@ -189,6 +191,8 @@
/* erasing temporary buffer used to store secret: */
mbedtls_platform_zeroize(_private, sizeof(_private));
if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
+ /* Erase secret in case of FI */
+ mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
return UECC_FAULT_DETECTED;
}