commit cf3e35cc5804f6a7a239e2e2b82df9313fce87fe
author Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 15 22:32:08 2020 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 15 22:32:30 2020 -0400
tree 6665eef167f2ea9a44fddf611b6fee413f823628
parent afec8853c5ba39c2272e26a996a36f6257e0078c

Revert a part of sensitive information duplication from tinycrypt

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

tinycrypt/ecc.c

diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c
index 8055432..bf54fe8 100644
--- a/tinycrypt/ecc.c
+++ b/tinycrypt/ecc.c
@@ -1239,8 +1239,6 @@
 	int ret = UECC_FAULT_DETECTED;
 	uECC_word_t _private[NUM_ECC_WORDS];
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
-	volatile const uint8_t *private_key_dup = private_key;
-	volatile const uint8_t *public_key_dup = public_key;
 
 	uECC_vli_bytesToNative(
 	_private,
@@ -1266,8 +1264,6 @@
 	uECC_vli_nativeToBytes(
 	public_key +
 	NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
-	if (private_key_dup != private_key || public_key_dup != public_key){
-		return UECC_FAULT_DETECTED;
-	}
+
 	return ret;
 }

tinycrypt/ecc_dh.c

diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index bf3a803..5a7a9e5 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -170,9 +170,6 @@
 	wordcount_t num_words = NUM_ECC_WORDS;
 	wordcount_t num_bytes = NUM_ECC_BYTES;
 	int r = UECC_FAULT_DETECTED;
-	volatile const uint8_t *public_key_dup = public_key;
-	volatile const uint8_t *private_key_dup = private_key;
-	volatile const uint8_t *secret_dup = secret;
 
 	/* Converting buffers to correct bit order: */
 	uECC_vli_bytesToNative(_private,
@@ -190,11 +187,6 @@
 
 	/* erasing temporary buffer used to store secret: */
 	mbedtls_platform_zeroize(_private, sizeof(_private));
-	if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
-	    /* Erase secret in case of FI */
-	    mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
-		return UECC_FAULT_DETECTED;
-	}
 
 	return r;
 }

tinycrypt/ecc_dsa.c

diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index 2a676dc..d432a2e 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c
@@ -204,10 +204,6 @@
 	bitcount_t i;
 	bitcount_t flow_control;
 	volatile uECC_word_t diff;
-	volatile const uint8_t *public_key_dup = public_key;
-	volatile const uint8_t *message_hash_dup = message_hash;
-	volatile unsigned hash_size_dup = hash_size;
-	volatile const uint8_t *signature_dup = signature;
 
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
 	uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
@@ -309,10 +305,6 @@
 		 * 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
 		 */
 		if (diff == 0 && flow_control == (num_bits + 5)) {
-			if (public_key_dup != public_key || message_hash_dup != message_hash ||
-				hash_size_dup != hash_size || signature_dup != signature) {
-				return UECC_FAULT_DETECTED;
-			}
 			return UECC_SUCCESS;
 		}
 		else {