Commit Graph

11 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
c3ec14c87f Harcode curve in semi-internal modMult function
Saves 80 bytes of code size.
2019-11-04 12:23:11 +01:00
Manuel Pégourié-Gonnard
ef238283d5 Add ECCPoint_mult_safer() function
This avoids the need for each calling site to manually regularize the scalar
and randomize coordinates, which makes for simpler safe use and saves 50 bytes
of code size in the library.
2019-11-04 11:19:30 +01:00
Manuel Pégourié-Gonnard
4a658a01c6 Add projective coordinates randomization in ECDSA
Why: this protects against potential side-channels attacks. This
counter-measure is for example effective against Template SPA. Also, the
bignum arithmetic as implemented in TinyCrypt isn't entirely regular, which
could in principle be exploited by an attacker; randomizing the coordinates
makes this less likely to happen.

Randomizing projective coordinates is also a well-known countermeasure to DPA.
In the context of the scalar multiplication in ECDSA, DPA isn't a concern
since it requires multiple measurements with various base points and the same
scalar, and the scalar mult in ECDSA is the opposite: the base point's always
the same and the scalar is always unique. But we want protection against the
other attacks as well.

How: we use the same code fragment as in uECC_shared_secret in ecc_dh.c,
adapted as follows: (1) replace p2 with k2 as that's how it's called in this
function; (2) adjust how errors are handled.

The code might not be immediately clear so here are a few more details:
regularize_k() takes two arrays as outputs, and the return value says which one
should be passed to ECCPoint_mult(). The other one is free for us to re-use to
generate a random number to be used as the initial Z value for randomizing
coordinates (otherwise the initial Z value is 1), thus avoiding the use of an
extra stack buffer.
2019-10-31 13:07:52 +01:00
Simon Butcher
92c3d1f4f4 Addition of copyright statements to tinycrypt files
Each of the tinycrypt files have had some very minor changes, so need a
copyright statement.
2019-09-09 17:37:08 +01:00
Simon Butcher
cffedb548f Add SPDX lines to each imported TinyCrypt file
Out of the 6 tinycrypt files included in Mbed TLS, this commit adds SPDX lines
to each for the BSD 3 Clause licence.
2019-09-09 17:34:51 +01:00
Hanno Becker
36ae758798 Include Mbed TLS config in tinycrypt compilation units 2019-08-12 17:05:38 +01:00
Manuel Pégourié-Gonnard
afdc1b5cbd Consistently use the name tinycrypt over uecc
We called in tinycrypt in the file names, but uecc in config.h, all.sh and
other places, which could be confusing. Just use tinycrypt everywhere because
that's the name of the project and repo where we took the files.

The changes were made using the following commands (with GNU sed and zsh):

sed -i 's/uecc/tinycrypt/g' **/*.[ch] tests/scripts/all.sh
sed -i 's/MBEDTLS_USE_UECC/MBEDTLS_USE_TINYCRYPT/g' **/*.[ch] tests/scripts/all.sh scripts/config.pl
2019-05-09 11:24:11 +02:00
Jarno Lamsa
46132207f8 Make compiler happy when MBEDTLS_USE_UECC disabled 2019-04-29 14:29:52 +03:00
Jarno Lamsa
55427964b1 Guard tinycrypt files with MBEDTLS_USE_UECC 2019-04-29 10:25:23 +03:00
Jarno Lamsa
d50fd6b373 Remove unused headers from uecc sources 2019-04-24 16:19:50 +03:00
Jarno Lamsa
18987a420b Add micro-ecc based ecc-files to mbedtls
The files are from https://github.com/intel/tinycrypt
Using commit 6e0eb53fc8403988f97345e94081b0453f47231d as a base.
2019-04-24 15:40:43 +03:00