Merge pull request #3408 from AndrzejKurek/hamming-distance-improvements

Hamming distance improvements

include/tinycrypt/ecc.h

@@ -155,7 +155,8 @@ extern const uECC_word_t curve_b[NUM_ECC_WORDS];
  * @param random OUT -- random integer in the range 0 < random < top
  * @param top IN -- upper limit
  * @param num_words IN -- number of words
- * @return a random integer in the range 0 < random < top
+ * @return UECC_SUCCESS in case of success
+ * @return UECC_FAILURE upon failure
  */
 int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
 			     wordcount_t num_words);
@@ -163,9 +164,9 @@ int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
 
 /* uECC_RNG_Function type
  * The RNG function should fill 'size' random bytes into 'dest'. It should
- * return 1 if 'dest' was filled with random data, or 0 if the random data could
+ * return 'size' if 'dest' was filled with random data of 'size' length, or 0
- * not be generated. The filled-in values should be either truly random, or from
+ * if the random data could not be generated. The filled-in values should be
- * a cryptographically-secure PRNG.
+ * either truly random, or from a cryptographically-secure PRNG.
  *
  * A correctly functioning RNG function must be set (using uECC_set_rng())
  * before calling uECC_make_key() or uECC_sign().
@@ -181,8 +182,8 @@ typedef int(*uECC_RNG_Function)(uint8_t *dest, unsigned int size);
 
 /*
  * @brief Set the function that will be used to generate random bytes. The RNG
- * function should return 1 if the random data was generated, or 0 if the random
+ * function should return 'size' if the random data of length 'size' was
- * data could not be generated.
+ * generated, or 0 if the random data could not be generated.
  *
  * @note On platforms where there is no predefined RNG function, this must be
  * called before uECC_make_key() or uECC_sign() are used.

library/ssl_tls.c

@@ -56,6 +56,8 @@
 #include "mbedtls/oid.h"
 #endif
 
+#define PROPER_HS_FRAGMENT 0x75555555
+
 #if defined(MBEDTLS_USE_TINYCRYPT)
 static int uecc_rng_wrapper( uint8_t *dest, unsigned int size )
 {
@@ -4736,7 +4738,7 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
         mbedtls_platform_memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
         mbedtls_platform_memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
     {
-        return( 1 );
+        return( PROPER_HS_FRAGMENT );
     }
     return( 0 );
 }
@@ -4929,7 +4931,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
          * messages; the commonality is that both handshake fragments and
          * future messages cannot be forwarded immediately to the
          * handshake logic layer. */
-        if( ssl_hs_is_proper_fragment( ssl ) == 1 )
+        if( ssl_hs_is_proper_fragment( ssl ) == PROPER_HS_FRAGMENT )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
             return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
@@ -6053,7 +6055,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                 size_t reassembly_buf_sz;
 
                 hs_buf->is_fragmented =
-                    ( ssl_hs_is_proper_fragment( ssl ) == 1 );
+                    ( ssl_hs_is_proper_fragment( ssl ) == PROPER_HS_FRAGMENT );
 
                 /* We copy the message back into the input buffer
                  * after reassembly, so check that it's not too large.

tinycrypt/ecc.c

@@ -1080,7 +1080,7 @@ int EccPoint_mult_safer(uECC_word_t * result, const uECC_word_t * point,
 	/* If an RNG function was specified, get a random initial Z value to
          * protect against side-channel attacks such as Template SPA */
 	if (g_rng_function) {
-		if (!uECC_generate_random_int(k2[carry], curve_p, num_words)) {
+		if (uECC_generate_random_int(k2[carry], curve_p, num_words) != UECC_SUCCESS) {
 			r = UECC_FAILURE;
 			goto clear_and_out;
 		}
@@ -1165,21 +1165,21 @@ int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
 	bitcount_t num_bits = uECC_vli_numBits(top);
 
 	if (!g_rng_function) {
-		return 0;
+		return UECC_FAILURE;
 	}
 
 	for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
-		if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) {
+		if (g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE) != num_words * uECC_WORD_SIZE) {
-      			return 0;
+      			return UECC_FAILURE;
     		}
 		random[num_words - 1] &=
         		mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits));
 		if (!uECC_vli_isZero(random) &&
 			uECC_vli_cmp(top, random) == 1) {
-			return 1;
+			return UECC_SUCCESS;
 		}
 	}
-	return 0;
+	return UECC_FAILURE;
 }
 
 

tinycrypt/ecc_dh.c

@@ -119,7 +119,7 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
 		/* Generating _private uniformly at random: */
 		uECC_RNG_Function rng_function = uECC_get_rng();
 		if (!rng_function ||
-			!rng_function((uint8_t *)_random, 2 * NUM_ECC_WORDS*uECC_WORD_SIZE)) {
+			rng_function((uint8_t *)_random, 2 * NUM_ECC_WORDS*uECC_WORD_SIZE) != 2 * NUM_ECC_WORDS*uECC_WORD_SIZE) {
         		return UECC_FAILURE;
 		}
 

tinycrypt/ecc_dsa.c

@@ -109,7 +109,7 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
 		uECC_vli_clear(tmp);
 		tmp[0] = 1;
 	}
-	else if (!uECC_generate_random_int(tmp, curve_n, num_n_words)) {
+	else if (uECC_generate_random_int(tmp, curve_n, num_n_words) != UECC_SUCCESS) {
 		return UECC_FAILURE;
 	}
 
@@ -151,7 +151,7 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
 		/* Generating _random uniformly at random: */
 		uECC_RNG_Function rng_function = uECC_get_rng();
 		if (!rng_function ||
-		    !rng_function((uint8_t *)_random, 2*NUM_ECC_WORDS*uECC_WORD_SIZE)) {
+		    rng_function((uint8_t *)_random, 2*NUM_ECC_WORDS*uECC_WORD_SIZE) != 2*NUM_ECC_WORDS*uECC_WORD_SIZE) {
 			return UECC_FAILURE;
 		}