Sidechannel resistence of uECC_sign disabled

intel / tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.

Other

436 stars 154 forks source link

Sidechannel resistence of uECC_sign disabled #39

Closed winnietwo closed 5 years ago

winnietwo commented 5 years ago

The function uECC_sign_with_k() applies side-channel resistance to k by multiplying k with a random number "tmp". This is only applied if g_rng_function is set. unfortunately, g_rng_function is never set. The reason is:

g_rng_function in ecc_dsa.c is a different variable than g_rng_function in ecc.c.
When compiling ecc_dsa.c, <tinycrypt/ecc_platform_specific.h> is not included, the copy of g_rng_function points to NULL
if g_rng_function is NULL, the side channel resistance is disabled

mczraf commented 5 years ago

The issue has been fixed for both EC-DSA and EC-DH implementations. Thank you @winnietwo for your contribution to TinyCrypt!