From afec8853c5ba39c2272e26a996a36f6257e0078c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 15 Jul 2020 16:31:27 -0400 Subject: [PATCH 1/2] Revert a part of the sensitive information duplication changes Signed-off-by: Andrzej Kurek --- library/aes.c | 23 ++--------- library/ccm.c | 46 +--------------------- library/ssl_cli.c | 17 ++------- library/ssl_srv.c | 33 ++-------------- library/ssl_tls.c | 97 ++++------------------------------------------- 5 files changed, 19 insertions(+), 197 deletions(-) diff --git a/library/aes.c b/library/aes.c index e49f74f76..f6c4fc33e 100644 --- a/library/aes.c +++ b/library/aes.c @@ -686,8 +686,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int flow_ctrl = 0; volatile unsigned int i = 0; volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; - volatile const unsigned char *key_dup = key; - volatile unsigned int keybits_dup = keybits; uint32_t *RK; uint32_t offset = 0; @@ -816,10 +814,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, #endif ) ) { - if( keybits_dup == keybits && key_dup == key ) - { - return ret; - } + return ret; } mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 ); @@ -1069,8 +1064,6 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, aes_r_data_t *aes_data_table[2]; // pointers to real and fake data int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS; volatile int flow_control; - volatile const unsigned char *input_dup = input; - volatile unsigned char *output_dup = output; // control bytes for AES calculation rounds, // reserve based on max rounds + dummy rounds + 2 (for initial key addition) uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; @@ -1170,11 +1163,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, if( flow_control == tindex + dummy_rounds + 8 ) { - /* Validate control path due possible fault injection */ - if( output_dup == output && input_dup == input ) - { - return 0; - } + return 0; } // Clear the output in case of a FI @@ -1355,8 +1344,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, aes_r_data_t *aes_data_table[2]; // pointers to real and fake data int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS; volatile int flow_control; - volatile const unsigned char *input_dup = input; - volatile unsigned char *output_dup = output; // control bytes for AES calculation rounds, // reserve based on max rounds + dummy rounds + 2 (for initial key addition) uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; @@ -1456,11 +1443,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, if( flow_control == tindex + dummy_rounds + 8 ) { - /* Validate control path due possible fault injection */ - if( output_dup == output && input_dup == input ) - { - return 0; - } + return 0; } // Clear the output in case of a FI diff --git a/library/ccm.c b/library/ccm.c index 54d051e34..750ec9e98 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -77,8 +77,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; const mbedtls_cipher_info_t *cipher_info; - volatile const unsigned char *key_dup = key; - volatile unsigned int keybits_dup = keybits; CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( key != NULL ); @@ -101,14 +99,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, return( ret ); } - if( keybits_dup == keybits && key_dup == key ) - { - return( ret ); - } - - // In case of a FI - clear the context - mbedtls_cipher_free( &ctx->cipher_ctx ); - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( ret ); } /* @@ -174,15 +165,6 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, unsigned char ctr[16]; const unsigned char *src; unsigned char *dst; - volatile size_t length_dup = length; - volatile const unsigned char *iv_dup = iv; - volatile size_t iv_len_dup = iv_len; - volatile const unsigned char *add_dup = add; - volatile size_t add_len_dup = add_len; - volatile const unsigned char *input_dup = input; - volatile unsigned char *output_dup = output; - volatile unsigned char *tag_dup = tag; - volatile size_t tag_len_dup = tag_len; /* * Check length requirements: SP800-38C A.1 @@ -334,16 +316,6 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, CTR_CRYPT( y, y, 16 ); mbedtls_platform_memcpy( tag, y, tag_len ); - if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len || - add_dup != add || add_len_dup != add_len || input_dup != input || - output_dup != output || tag_dup != tag || tag_len_dup != tag_len) - { - - // In case of a FI - clear the output - mbedtls_platform_memset( output, 0, length ); - return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; - } - return( ret ); } @@ -398,15 +370,6 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, unsigned char check_tag[16]; unsigned char i; int diff; - volatile size_t length_dup = length; - volatile const unsigned char *iv_dup = iv; - volatile size_t iv_len_dup = iv_len; - volatile const unsigned char *add_dup = add; - volatile size_t add_len_dup = add_len; - volatile const unsigned char *input_dup = input; - volatile unsigned char *output_dup = output; - volatile const unsigned char *tag_dup = tag; - volatile size_t tag_len_dup = tag_len; CCM_VALIDATE_RET( ctx != NULL ); CCM_VALIDATE_RET( iv != NULL ); @@ -432,13 +395,6 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } - if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len || - add_dup != add || add_len_dup != add_len || input_dup != input || - output_dup != output || tag_dup != tag || tag_len_dup != tag_len) - { - return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; - } - return( ret ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5b47c0a9b..58cbd87b0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2796,14 +2796,10 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, volatile int ret = 0; unsigned char *p; unsigned char *end; - volatile unsigned char *buf_dup = buf; - volatile size_t buflen_dup = buflen; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); - ((void) buf_dup); - ((void) buflen_dup); p = buf + mbedtls_ssl_hs_hdr_len( ssl ); end = buf + buflen; @@ -3104,7 +3100,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, { mbedtls_platform_random_delay(); - if( ret == 0 && buf_dup == buf && buflen_dup == buflen ) + if( ret == 0 ) { #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, @@ -3587,10 +3583,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, { int ret; unsigned char *p, *end; - volatile unsigned char *buf_dup = buf; - volatile size_t buflen_dup = buflen; size_t n; - mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); @@ -3873,12 +3866,8 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, } *olen = p - buf; - /* Secure against buffer substitution */ - if( buf_dup == buf && buflen_dup == buflen ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + + return( 0 ); } static int ssl_out_client_key_exchange_postprocess( mbedtls_ssl_context *ssl ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 7094a89a1..abfef5d45 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3269,19 +3269,13 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, - sig_start ); int ret = ssl->conf->f_async_resume( ssl, sig_start, signature_len, sig_max_len ); - volatile size_t *signature_len_dup = signature_len; if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) { ssl->handshake->async_in_progress = 0; mbedtls_ssl_set_async_operation_data( ssl, NULL ); } MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret ); - /* Secure against buffer substitution */ - if( signature_len_dup == signature_len ) - { - return( ret ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( ret ); } #endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ @@ -3292,7 +3286,6 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, size_t *signature_len ) { - volatile size_t *signature_len_dup = signature_len; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); @@ -3679,12 +3672,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, } } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ - - if( signature_len_dup == signature_len ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( 0 ); } /* Prepare the ServerKeyExchange message and send it. For ciphersuites @@ -3832,8 +3820,6 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * const unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - unsigned char ** volatile p_dup = p; - volatile const unsigned char *end_dup = end; size_t n; /* @@ -3864,12 +3850,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); - /* Secure against buffer substitution */ - if( p_dup == p && end_dup == end ) - { - return( ret ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( ret ); } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -4236,8 +4217,6 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); unsigned char *p, *end; - volatile unsigned char *buf_dup = buf; - volatile size_t buflen_dup = buflen; p = buf + mbedtls_ssl_hs_hdr_len( ssl ); end = buf + buflen; @@ -4432,11 +4411,7 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - if( buf_dup == buf && buflen_dup == buflen ) - { - return( ret ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( ret ); } /* Update the handshake state */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c16bd6154..bbe94cbb1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -177,8 +177,6 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, size_t buflen ) { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; - volatile unsigned char *buf_dup = buf; - volatile size_t buflen_dup = buflen; mbedtls_record rec; MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); @@ -230,10 +228,6 @@ exit: ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - if( buf_dup != buf || buflen_dup != buflen ) - { - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); - } MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); return( ret ); } @@ -288,9 +282,6 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, unsigned char const *own_cid, size_t own_cid_len ) { - volatile unsigned char const *own_cid_dup = own_cid; - volatile size_t own_cid_len_dup = own_cid_len; - if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -317,12 +308,7 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ ssl->own_cid_len = (uint8_t) own_cid_len; - /* Secure against buffer substitution */ - if( own_cid_dup == own_cid && own_cid_len_dup == own_cid_len ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( 0 ); } int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, @@ -619,13 +605,7 @@ MBEDTLS_NO_INLINE static int ssl3_prf( const unsigned char *secret, size_t slen, mbedtls_sha1_context sha1; unsigned char padding[16]; unsigned char sha1sum[20]; - volatile const unsigned char *secret_dup = secret; - volatile size_t slen_dup = slen; - volatile const char *label_dup = label; - volatile const unsigned char *random_dup = random; - volatile size_t rlen_dup = rlen; - volatile unsigned char *dstbuf_dup = dstbuf; - volatile size_t dlen_dup = dlen; + ((void)label); mbedtls_md5_init( &md5 ); mbedtls_sha1_init( &sha1 ); @@ -670,14 +650,7 @@ exit: mbedtls_platform_zeroize( padding, sizeof( padding ) ); mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); - /* Secure against buffer substitution */ - if( secret_dup == secret && slen_dup == slen && label_dup == label && - random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf && - dlen_dup == dlen ) - { - return( ret ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( ret ); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -695,13 +668,6 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; int ret; - volatile const unsigned char *secret_dup = secret; - volatile size_t slen_dup = slen; - volatile const char *label_dup = label; - volatile const unsigned char *random_dup = random; - volatile size_t rlen_dup = rlen; - volatile unsigned char *dstbuf_dup = dstbuf; - volatile size_t dlen_dup = dlen; mbedtls_md_init( &md_ctx ); @@ -788,14 +754,7 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); - /* Secure against buffer substitution */ - if( secret_dup == secret && slen_dup == slen && label_dup == label && - random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf && - dlen_dup == dlen ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( 0 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ @@ -818,13 +777,6 @@ int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; int ret; - volatile const unsigned char *secret_dup = secret; - volatile size_t slen_dup = slen; - volatile const char *label_dup = label; - volatile const unsigned char *random_dup = random; - volatile size_t rlen_dup = rlen; - volatile unsigned char *dstbuf_dup = dstbuf; - volatile size_t dlen_dup = dlen; mbedtls_md_init( &md_ctx ); @@ -884,14 +836,7 @@ int tls_prf_generic( mbedtls_md_type_t md_type, (void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); (void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); - /* Secure against buffer substitution */ - if( secret_dup == secret && slen_dup == slen && label_dup == label && - random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf && - dlen_dup == dlen ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( 0 ); } #if defined(MBEDTLS_SHA256_C) @@ -1883,7 +1828,6 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, const mbedtls_ssl_context *ssl ) { int ret; - volatile unsigned char *master_dup = master; /* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */ /* ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */ @@ -1944,12 +1888,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, mbedtls_platform_zeroize( handshake->premaster, sizeof(handshake->premaster) ); - /* Secure against buffer substitution */ - if( master_dup == master ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( 0 ); } int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) @@ -2466,9 +2405,6 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content, size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY - ( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY; - volatile unsigned char *content_dup = content; - volatile size_t *content_size_dup = content_size; - volatile size_t remaining_dup = remaining; /* Write real content type */ if( remaining == 0 ) @@ -2484,14 +2420,7 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content, remaining -= pad; *content_size = len; - - /* Secure against buffer substitution */ - if( content_dup == content && content_size_dup == content_size && - ( remaining_dup - 1 - pad ) == remaining ) - { - return( 0 ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( 0 ); } /* This function parses a DTLSInnerPlaintext structure. @@ -13028,10 +12957,6 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, { int ret = 0; mbedtls_md_context_t ctx; - volatile unsigned char* hash_dup = hash; - volatile size_t *hashlen_dup = hashlen; - volatile unsigned char* data_dup = data; - volatile size_t data_len_dup = data_len; mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); @@ -13078,13 +13003,7 @@ exit: mbedtls_ssl_pend_fatal_alert( ssl, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - /* Secure against buffer substitution */ - if( hash_dup == hash && hashlen_dup == hashlen && - data_dup == data && data_len_dup == data_len ) - { - return( ret ); - } - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + return( ret ); } #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ From cf3e35cc5804f6a7a239e2e2b82df9313fce87fe Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 15 Jul 2020 22:32:08 -0400 Subject: [PATCH 2/2] Revert a part of sensitive information duplication from tinycrypt Signed-off-by: Andrzej Kurek --- tinycrypt/ecc.c | 6 +----- tinycrypt/ecc_dh.c | 8 -------- tinycrypt/ecc_dsa.c | 8 -------- 3 files changed, 1 insertion(+), 21 deletions(-) diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index 805543204..bf54fe8e7 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -1239,8 +1239,6 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key) int ret = UECC_FAULT_DETECTED; uECC_word_t _private[NUM_ECC_WORDS]; uECC_word_t _public[NUM_ECC_WORDS * 2]; - volatile const uint8_t *private_key_dup = private_key; - volatile const uint8_t *public_key_dup = public_key; uECC_vli_bytesToNative( _private, @@ -1266,8 +1264,6 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key) uECC_vli_nativeToBytes( public_key + NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS); - if (private_key_dup != private_key || public_key_dup != public_key){ - return UECC_FAULT_DETECTED; - } + return ret; } diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c index bf3a80343..5a7a9e53e 100644 --- a/tinycrypt/ecc_dh.c +++ b/tinycrypt/ecc_dh.c @@ -170,9 +170,6 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key, wordcount_t num_words = NUM_ECC_WORDS; wordcount_t num_bytes = NUM_ECC_BYTES; int r = UECC_FAULT_DETECTED; - volatile const uint8_t *public_key_dup = public_key; - volatile const uint8_t *private_key_dup = private_key; - volatile const uint8_t *secret_dup = secret; /* Converting buffers to correct bit order: */ uECC_vli_bytesToNative(_private, @@ -190,11 +187,6 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key, /* erasing temporary buffer used to store secret: */ mbedtls_platform_zeroize(_private, sizeof(_private)); - if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) { - /* Erase secret in case of FI */ - mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES); - return UECC_FAULT_DETECTED; - } return r; } diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index 2a676dc8f..d432a2e6a 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -204,10 +204,6 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, bitcount_t i; bitcount_t flow_control; volatile uECC_word_t diff; - volatile const uint8_t *public_key_dup = public_key; - volatile const uint8_t *message_hash_dup = message_hash; - volatile unsigned hash_size_dup = hash_size; - volatile const uint8_t *signature_dup = signature; uECC_word_t _public[NUM_ECC_WORDS * 2]; uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS]; @@ -309,10 +305,6 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, * 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations. */ if (diff == 0 && flow_control == (num_bits + 5)) { - if (public_key_dup != public_key || message_hash_dup != message_hash || - hash_size_dup != hash_size || signature_dup != signature) { - return UECC_FAULT_DETECTED; - } return UECC_SUCCESS; } else {