yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update LMOTS signature use of temporary variables

Browse source 
Document them properly, and move random value to a temporary variable

Signed-off-by: Raef Coles <raef.coles@arm.com>
This commit is contained in:
Raef Coles 2022-09-01 11:05:48 +01:00
parent 0c88d4e447
commit 891c613f31
No known key found for this signature in database
GPG key ID: 1AAF1B43DF2086F4
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
library/lmots.c
View file

@ -640,7 +640,15 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
unsigned char *sig, size_t sig_size, size_t* sig_len ) unsigned char *sig, size_t sig_size, size_t* sig_len )
{ {
unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT]; unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT];
/* Create a temporary buffer to prepare the signature in. This allows us to
* finish creating a signature (ensuring the process doesn't fail), and then
* erase the private key **before** writing any data into the sig parameter
* buffer. If data were directly written into the sig buffer, it might leak
* a partial signature on failure, which effectively compromises the private
* key.
*/
unsigned char tmp_sig[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT][MBEDTLS_LMOTS_N_HASH_LEN]; unsigned char tmp_sig[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT][MBEDTLS_LMOTS_N_HASH_LEN];
unsigned char tmp_c_random[MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ( msg == NULL && msg_size != 0 ) if ( msg == NULL && msg_size != 0 )
@ -659,7 +667,7 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
} }
ret = f_rng( p_rng, sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, MBEDTLS_LMOTS_N_HASH_LEN ); ret = f_rng( p_rng, tmp_c_random, MBEDTLS_LMOTS_N_HASH_LEN );
if ( ret ) if ( ret )
{ {
return( ret ); return( ret );
@ -667,7 +675,7 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
ret = create_digit_array_with_checksum( &ctx->params, ret = create_digit_array_with_checksum( &ctx->params,
msg, msg_size, msg, msg_size,
sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random,
tmp_digit_array ); tmp_digit_array );
if ( ret ) if ( ret )
{ {
@ -693,8 +701,11 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
mbedtls_platform_zeroize(ctx->private_key, mbedtls_platform_zeroize(ctx->private_key,
sizeof(ctx->private_key)); sizeof(ctx->private_key));
memcpy(sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET, tmp_sig, memcpy( sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random,
MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT * MBEDTLS_LMOTS_N_HASH_LEN); MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN );
memcpy( sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET, tmp_sig,
MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT * MBEDTLS_LMOTS_N_HASH_LEN );
if( sig_len != NULL ) if( sig_len != NULL )
{ {