Patch for #39 Sidechannel resistence of uECC_sign disabled

intel / tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.

Other

446 stars 156 forks source link

Patch for #39 Sidechannel resistence of uECC_sign disabled #40

Closed winnietwo closed 5 years ago

winnietwo commented 5 years ago

I removed the g_rng_function variable from ecc_dh.c, as there is another one in ecc.c. I access the g_rng_function variable in ecc.c by the uECC_get_rng(). In this way, side-channel resistance should be enabled again.

mczraf commented 5 years ago

This patch effectively enables the provided side-channel countermeasure in the EC-DSA sign procedure. Thanks @winnietwo for your contribution to enhance TinyCrypt!

I have noticed that the same problem preventing EC-DSA sign to use the side-channel countermeasure was replicated in the EC-DH algorithm. I have fixed the EC-DH implementation in the commit above using the same strategy described by @winnietwo for EC-DSA.

winnietwo commented 5 years ago

Is there a reason to have different random generators? The default random number generator is for Linux. On many non-Linux embedded devices, it's necessary to have your own implementation.