mbedtls/tinycrypt
Manuel Pégourié-Gonnard 4a658a01c6 Add projective coordinates randomization in ECDSA
Why: this protects against potential side-channels attacks. This
counter-measure is for example effective against Template SPA. Also, the
bignum arithmetic as implemented in TinyCrypt isn't entirely regular, which
could in principle be exploited by an attacker; randomizing the coordinates
makes this less likely to happen.

Randomizing projective coordinates is also a well-known countermeasure to DPA.
In the context of the scalar multiplication in ECDSA, DPA isn't a concern
since it requires multiple measurements with various base points and the same
scalar, and the scalar mult in ECDSA is the opposite: the base point's always
the same and the scalar is always unique. But we want protection against the
other attacks as well.

How: we use the same code fragment as in uECC_shared_secret in ecc_dh.c,
adapted as follows: (1) replace p2 with k2 as that's how it's called in this
function; (2) adjust how errors are handled.

The code might not be immediately clear so here are a few more details:
regularize_k() takes two arrays as outputs, and the return value says which one
should be passed to ECCPoint_mult(). The other one is free for us to re-use to
generate a random number to be used as the initial Z value for randomizing
coordinates (otherwise the initial Z value is 1), thus avoiding the use of an
extra stack buffer.
2019-10-31 13:07:52 +01:00
..
CMakeLists.txt Add CMake support for uecc 2019-04-24 16:17:10 +03:00
ecc.c Addition of copyright statements to tinycrypt files 2019-09-09 17:37:08 +01:00
ecc_dh.c Replace memset() with mbedtls_platform_memset() 2019-10-22 10:03:07 +02:00
ecc_dsa.c Add projective coordinates randomization in ECDSA 2019-10-31 13:07:52 +01:00
LICENSE Add LICENSE and README for tinycrypt 2019-09-09 17:36:58 +01:00
README Minor changes to tinycrypt README 2019-09-09 18:40:17 +01:00

================================================================================

                     TinyCrypt Cryptographic Library
                    (integrated as  part of Mbed TLS)

================================================================================

          Copyright (c) 2017, Intel Corporation. All rights reserved.         

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

  - Redistributions of source code must retain the above copyright notice, this 
      list of conditions and the following disclaimer.
      
  - Redistributions in binary form must reproduce the above copyright notice, 
      this list of conditions and the following disclaimer in the documentation 
      and/or other materials provided with the distribution.
      
  - Neither the name of the Intel Corporation nor the names of its contributors 
      may be used to endorse or promote products derived from this software 
      without specific prior written permission. 


THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

================================================================================

Copyright (c) 2019 ARM Limited

================================================================================
Overview:

The TinyCrypt Library provides an implementation for constrained devices of a 
minimal set of standard cryptography primitives. 

This is a modified form of the library based on version 0.2.8 included as part
of Mbed TLS as a compilation option. It is not included in its full form and
those wishing to use TinyCrypt should use the original unmodified project.

The original project can be found here: https://github.com/intel/tinycrypt

Contributions should be made upstream to that project, and full documentation 
can be found in the originating repository.

================================================================================

Organization:

tinycrypt: C source code of the cryptographic primitives.
include/tinycrypt: C header files of the cryptographic primitives.

No documentation is provided, and instead is available with the original
project.

Tests are provided as part of Mbed TLS and the Mbed TLS test suites.

================================================================================

Building:

To include TinyCrypt as part of Mbed TLS, enable the configuration option
MBEDTLS_USE_TINYCRYPT in the configration file 'include/mbedtls/config.h', and
build as Mbed TLS as normal.

================================================================================