mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 15:04:18 +01:00
Merge pull request #3379 from AndrzejKurek/fi_check_loops
Add flow control to tinycrypt verification
This commit is contained in:
commit
0da03c70e9
@ -192,6 +192,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
const uECC_word_t *point;
|
const uECC_word_t *point;
|
||||||
bitcount_t num_bits;
|
bitcount_t num_bits;
|
||||||
bitcount_t i;
|
bitcount_t i;
|
||||||
|
bitcount_t flow_control;
|
||||||
volatile uECC_word_t diff;
|
volatile uECC_word_t diff;
|
||||||
|
|
||||||
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
||||||
@ -202,6 +203,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
rx[num_n_words - 1] = 0;
|
rx[num_n_words - 1] = 0;
|
||||||
r[num_n_words - 1] = 0;
|
r[num_n_words - 1] = 0;
|
||||||
s[num_n_words - 1] = 0;
|
s[num_n_words - 1] = 0;
|
||||||
|
flow_control = 1;
|
||||||
|
|
||||||
uECC_vli_bytesToNative(_public, public_key, NUM_ECC_BYTES);
|
uECC_vli_bytesToNative(_public, public_key, NUM_ECC_BYTES);
|
||||||
uECC_vli_bytesToNative(_public + num_words, public_key + NUM_ECC_BYTES,
|
uECC_vli_bytesToNative(_public + num_words, public_key + NUM_ECC_BYTES,
|
||||||
@ -220,6 +222,8 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
return UECC_FAILURE;
|
return UECC_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
flow_control++;
|
||||||
|
|
||||||
/* Calculate u1 and u2. */
|
/* Calculate u1 and u2. */
|
||||||
uECC_vli_modInv(z, s, curve_n); /* z = 1/s */
|
uECC_vli_modInv(z, s, curve_n); /* z = 1/s */
|
||||||
u1[num_n_words - 1] = 0;
|
u1[num_n_words - 1] = 0;
|
||||||
@ -237,6 +241,8 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
uECC_vli_modInv(z, z, curve_p); /* z = 1/z */
|
uECC_vli_modInv(z, z, curve_p); /* z = 1/z */
|
||||||
apply_z(sum, sum + num_words, z);
|
apply_z(sum, sum + num_words, z);
|
||||||
|
|
||||||
|
flow_control++;
|
||||||
|
|
||||||
/* Use Shamir's trick to calculate u1*G + u2*Q */
|
/* Use Shamir's trick to calculate u1*G + u2*Q */
|
||||||
points[0] = 0;
|
points[0] = 0;
|
||||||
points[1] = curve_G;
|
points[1] = curve_G;
|
||||||
@ -251,6 +257,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
uECC_vli_set(ry, point + num_words);
|
uECC_vli_set(ry, point + num_words);
|
||||||
uECC_vli_clear(z);
|
uECC_vli_clear(z);
|
||||||
z[0] = 1;
|
z[0] = 1;
|
||||||
|
flow_control++;
|
||||||
|
|
||||||
for (i = num_bits - 2; i >= 0; --i) {
|
for (i = num_bits - 2; i >= 0; --i) {
|
||||||
uECC_word_t index;
|
uECC_word_t index;
|
||||||
@ -266,10 +273,12 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
XYcZ_add(tx, ty, rx, ry);
|
XYcZ_add(tx, ty, rx, ry);
|
||||||
uECC_vli_modMult_fast(z, z, tz);
|
uECC_vli_modMult_fast(z, z, tz);
|
||||||
}
|
}
|
||||||
|
flow_control++;
|
||||||
}
|
}
|
||||||
|
|
||||||
uECC_vli_modInv(z, z, curve_p); /* Z = 1/Z */
|
uECC_vli_modInv(z, z, curve_p); /* Z = 1/Z */
|
||||||
apply_z(rx, ry, z);
|
apply_z(rx, ry, z);
|
||||||
|
flow_control++;
|
||||||
|
|
||||||
/* v = x1 (mod n) */
|
/* v = x1 (mod n) */
|
||||||
if (uECC_vli_cmp_unsafe(curve_n, rx) != 1) {
|
if (uECC_vli_cmp_unsafe(curve_n, rx) != 1) {
|
||||||
@ -279,8 +288,13 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
/* Accept only if v == r. */
|
/* Accept only if v == r. */
|
||||||
diff = uECC_vli_equal(rx, r);
|
diff = uECC_vli_equal(rx, r);
|
||||||
if (diff == 0) {
|
if (diff == 0) {
|
||||||
|
flow_control++;
|
||||||
mbedtls_platform_random_delay();
|
mbedtls_platform_random_delay();
|
||||||
if (diff == 0) {
|
|
||||||
|
/* Re-check the condition and test if the control flow is as expected.
|
||||||
|
* 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
|
||||||
|
*/
|
||||||
|
if (diff == 0 && flow_control == (num_bits + 5)) {
|
||||||
return UECC_SUCCESS;
|
return UECC_SUCCESS;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
Loading…
Reference in New Issue
Block a user