mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:25:40 +00:00
4a658a01c6
Why: this protects against potential side-channels attacks. This counter-measure is for example effective against Template SPA. Also, the bignum arithmetic as implemented in TinyCrypt isn't entirely regular, which could in principle be exploited by an attacker; randomizing the coordinates makes this less likely to happen. Randomizing projective coordinates is also a well-known countermeasure to DPA. In the context of the scalar multiplication in ECDSA, DPA isn't a concern since it requires multiple measurements with various base points and the same scalar, and the scalar mult in ECDSA is the opposite: the base point's always the same and the scalar is always unique. But we want protection against the other attacks as well. How: we use the same code fragment as in uECC_shared_secret in ecc_dh.c, adapted as follows: (1) replace p2 with k2 as that's how it's called in this function; (2) adjust how errors are handled. The code might not be immediately clear so here are a few more details: regularize_k() takes two arrays as outputs, and the return value says which one should be passed to ECCPoint_mult(). The other one is free for us to re-use to generate a random number to be used as the initial Z value for randomizing coordinates (otherwise the initial Z value is 1), thus avoiding the use of an extra stack buffer. |
||
---|---|---|
.. | ||
CMakeLists.txt | ||
ecc.c | ||
ecc_dh.c | ||
ecc_dsa.c | ||
LICENSE | ||
README |
================================================================================ TinyCrypt Cryptographic Library (integrated as part of Mbed TLS) ================================================================================ Copyright (c) 2017, Intel Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================================================ Copyright (c) 2019 ARM Limited ================================================================================ Overview: The TinyCrypt Library provides an implementation for constrained devices of a minimal set of standard cryptography primitives. This is a modified form of the library based on version 0.2.8 included as part of Mbed TLS as a compilation option. It is not included in its full form and those wishing to use TinyCrypt should use the original unmodified project. The original project can be found here: https://github.com/intel/tinycrypt Contributions should be made upstream to that project, and full documentation can be found in the originating repository. ================================================================================ Organization: tinycrypt: C source code of the cryptographic primitives. include/tinycrypt: C header files of the cryptographic primitives. No documentation is provided, and instead is available with the original project. Tests are provided as part of Mbed TLS and the Mbed TLS test suites. ================================================================================ Building: To include TinyCrypt as part of Mbed TLS, enable the configuration option MBEDTLS_USE_TINYCRYPT in the configration file 'include/mbedtls/config.h', and build as Mbed TLS as normal. ================================================================================