Add double-checking of critical value in uECC_verify()

This hardens against attacks that glitch the conditional branch by making it
necessary for the attacker to inject two consecutive faults instead of one. If
desired, we could insert a random delay in order to further protect against
double-glitch attacks.

Also, when a single glitch is detected we report it.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-06 11:14:38 +01:00
parent 2b6312b7d9
commit e6d6f17738

View file

@ -214,6 +214,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
const uECC_word_t *point;
bitcount_t num_bits;
bitcount_t i;
volatile uECC_word_t diff;
uECC_word_t _public[NUM_ECC_WORDS * 2];
uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
@ -301,8 +302,15 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
}
/* Accept only if v == r. */
if (uECC_vli_equal(rx, r) == 0)
return UECC_SUCCESS;
diff = uECC_vli_equal(rx, r);
if (diff == 0) {
if (diff == 0) {
return UECC_SUCCESS;
}
else {
return UECC_ATTACK_DETECTED;
}
}
return UECC_FAILURE;
}