Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions tests/api/test_ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -2385,6 +2385,31 @@ int test_wc_EccDecisionCoverage2(void)
mp_clear(&s);
mp_clear(&bigVal);
}

/* r/s with MORE bytes than the curve size (keySz + 1). This is the
* byte-length overshoot that overflows the fixed signature_buf on hardware
* ports; the software path rejects it in wc_ecc_check_r_s_range() (value >=
* order) and the PSoC6 port rejects it via the rSz/sSz > keySz guard.
* Assert path-agnostically: a failure return with verify == 0. */
if (key.dp != NULL)
{
mp_int r, s;
int verify = 0;
byte oversized[MAX_ECC_BYTES + 1];
word32 osSz = (word32)key.dp->size + 1;
byte digest[] = TEST_STRING;

XMEMSET(oversized, 0xFF, sizeof(oversized));
ExpectIntEQ(mp_init(&r), MP_OKAY);
ExpectIntEQ(mp_init(&s), MP_OKAY);
ExpectIntEQ(mp_read_unsigned_bin(&r, oversized, osSz), MP_OKAY);
ExpectIntEQ(mp_read_unsigned_bin(&s, oversized, osSz), MP_OKAY);
ExpectIntNE(ret = wc_ecc_verify_hash_ex(&r, &s, digest,
(word32)TEST_STRING_SZ, &verify, &key), 0);
ExpectIntEQ(verify, 0);
mp_clear(&r);
mp_clear(&s);
}
#endif

/* ---- wc_ecc_import_point_der_ex / wc_ecc_export_point_der{,_compressed}:
Expand Down
12 changes: 10 additions & 2 deletions wolfcrypt/src/port/cypress/psoc6_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -2093,7 +2093,7 @@ int psoc6_ecc_verify_hash_ex(MATH_INT_T* r, MATH_INT_T* s, const byte* hash,
uint8_t k[MAX_ECC_KEYSIZE] = { 0 };

if (!key || !verif_res || !r || !s || !hash)
return -BAD_FUNC_ARG;
return BAD_FUNC_ARG;
Comment on lines 2095 to +2096

/* Enable CRYPTO block if not enabled */
if (!Cy_Crypto_Core_IsEnabled(crypto_base)) {
Expand All @@ -2105,7 +2105,15 @@ int psoc6_ecc_verify_hash_ex(MATH_INT_T* r, MATH_INT_T* s, const byte* hash,
sSz = mp_unsigned_bin_size(s);

if (keySz > MAX_ECC_KEYSIZE)
return -BAD_FUNC_ARG;
return BAD_FUNC_ARG;

/* r and s come from the (untrusted) signature. A valid ECDSA r,s is in
* [1, order-1], so each fits in keySz bytes. Reject anything larger before
* it is copied into the fixed-size signature_buf, which would otherwise
* overflow. The software path enforces this via wc_ecc_check_r_s_range(),
* which is compiled out for the PSoC6 port. */
if (rSz > keySz || sSz > keySz)
return BAD_FUNC_ARG;

/* Prepare ECC key */
ecc_key.type = PK_PUBLIC;
Expand Down
Loading