From 79d8772c09b7bc7c8962aa33136100d7c3c1a2cb Mon Sep 17 00:00:00 2001 From: tabudz Date: Wed, 26 Feb 2025 16:33:46 +0800 Subject: [PATCH 1/3] Fix for #168 --- .../ble/ble_stack/common/tinycrypt/source/ecc_dsa.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c b/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c index 6bad09339e..9fbf6fcc5c 100644 --- a/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c +++ b/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c @@ -101,6 +101,7 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, un uECC_word_t tmp[NUM_ECC_WORDS]; uECC_word_t s[NUM_ECC_WORDS]; uECC_word_t *k2[2] = {tmp, s}; + uECC_word_t *initial_Z = 0; uECC_word_t p[NUM_ECC_WORDS * 2]; uECC_word_t carry; wordcount_t num_words = curve->num_words; @@ -113,7 +114,15 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, un } carry = regularize_k(k, tmp, s, curve); - EccPoint_mult(p, curve->G, k2[!carry], 0, num_n_bits + 1, curve); + /* If an RNG function was specified, try to get a random initial Z value to improve + protection against side-channel attacks. */ + if (g_rng_function) { + if (!uECC_generate_random_int(k2[carry], curve->p, num_words)) { + return 0; + } + initial_Z = k2[carry]; + } + EccPoint_mult(p, curve->G, k2[!carry], initial_Z, num_n_bits + 1, curve); if (uECC_vli_isZero(p, num_words)) { return 0; } From a35415941075263d581624e9ce52eb278b0096e7 Mon Sep 17 00:00:00 2001 From: tabudz <64760144+tabudz@users.noreply.github.com> Date: Wed, 26 Feb 2025 16:47:50 +0800 Subject: [PATCH 2/3] Adapt style ecc_dsa.c --- .../ble/ble_stack/common/tinycrypt/source/ecc_dsa.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c b/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c index 9fbf6fcc5c..141b783a50 100644 --- a/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c +++ b/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c @@ -100,7 +100,7 @@ static void bits2int(uECC_word_t *native, const uint8_t *bits, unsigned bits_siz int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, unsigned hash_size, uECC_word_t *k, uint8_t *signature, uECC_Curve curve) { uECC_word_t tmp[NUM_ECC_WORDS]; uECC_word_t s[NUM_ECC_WORDS]; - uECC_word_t *k2[2] = {tmp, s}; + uECC_word_t *k2[2] = {tmp, s}; uECC_word_t *initial_Z = 0; uECC_word_t p[NUM_ECC_WORDS * 2]; uECC_word_t carry; @@ -117,10 +117,10 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, un /* If an RNG function was specified, try to get a random initial Z value to improve protection against side-channel attacks. */ if (g_rng_function) { - if (!uECC_generate_random_int(k2[carry], curve->p, num_words)) { - return 0; - } - initial_Z = k2[carry]; + if (!uECC_generate_random_int(k2[carry], curve->p, num_words)) { + return 0; + } + initial_Z = k2[carry]; } EccPoint_mult(p, curve->G, k2[!carry], initial_Z, num_n_bits + 1, curve); if (uECC_vli_isZero(p, num_words)) { From 66c2291bcae3e8ba2ce78a679fb43656a0f94c6a Mon Sep 17 00:00:00 2001 From: tabudz <64760144+tabudz@users.noreply.github.com> Date: Wed, 26 Feb 2025 16:49:24 +0800 Subject: [PATCH 3/3] Update ecc_dsa.c --- .../components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c b/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c index 141b783a50..e729f4faa8 100644 --- a/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c +++ b/source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source/ecc_dsa.c @@ -118,7 +118,7 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, un protection against side-channel attacks. */ if (g_rng_function) { if (!uECC_generate_random_int(k2[carry], curve->p, num_words)) { - return 0; + return 0; } initial_Z = k2[carry]; }