From 5fc98a11a4d7c1549ed8bb25ae0e6e6c3103ffbb Mon Sep 17 00:00:00 2001
From: Steve Clark <steve.clark@atmel.com>
Date: Fri, 2 Oct 2015 07:06:02 -0600
Subject: [PATCH] Fix tinydtls implementation of sign & verify

Change-Id: Id9b721a12e517fb0fe5adae76b380acb04b467cd
Signed-off-by: Steve Clark <steve.clark@atmel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/3417
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Sachin Agrawal <sachin.agrawal@intel.com>
(cherry picked from commit 28fd8b67657cdbe3860302a3ea92d83515c1a688)
Reviewed-on: https://gerrit.iotivity.org/gerrit/3435
(cherry picked from commit f2da5d0b80c95fac89caae6dcc9b3d567ea82c8f)
Reviewed-on: https://gerrit.iotivity.org/gerrit/3443
---
 extlibs/tinydtls/crypto.c | 55 +++++++++++++++++++++++++++++++----------------
 extlibs/tinydtls/dtls.c   | 24 ++++++++++-----------
 2 files changed, 48 insertions(+), 31 deletions(-)

diff --git a/extlibs/tinydtls/crypto.c b/extlibs/tinydtls/crypto.c
index 7433432..d8e5e8e 100644
--- a/extlibs/tinydtls/crypto.c
+++ b/extlibs/tinydtls/crypto.c
@@ -573,16 +573,20 @@ dtls_ecdsa_generate_key(unsigned char *priv_key,
 /* rfc4492#section-5.4 */
 void
 dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size,
-			   const unsigned char *sign_hash, size_t sign_hash_size,
-			   uint32_t point_r[9], uint32_t point_s[9]) {
-  uint8_t privateKey[32];
-  uint8_t hashValue[32];
-  uint8_t sign[64];
+                           const unsigned char *sign_hash, size_t sign_hash_size,
+                           uint32_t point_r[9], uint32_t point_s[9])
+{
+    uint8_t sign[64];
 
+    // Check the buffers
+    if (priv_key == NULL || key_size < 32)
+        return 0;
+    if (sign_hash == NULL || sign_hash_size < 32)
+        return 0;
 
-  uECC_sign(privateKey, hashValue, sign);
-  memcpy(point_r, sign, 32);
-  memcpy(point_s, sign + 32, 32);
+    uECC_sign(priv_key, sign_hash, sign);
+    memcpy(point_r, sign, 32);
+    memcpy(point_s, sign + 32, 32);
 }
 
 void
@@ -607,17 +611,30 @@ dtls_ecdsa_create_sig(const unsigned char *priv_key, size_t key_size,
 /* rfc4492#section-5.4 */
 int
 dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x,
-			   const unsigned char *pub_key_y, size_t key_size,
-			   const unsigned char *sign_hash, size_t sign_hash_size,
-			   unsigned char *result_r, unsigned char *result_s) {
-
-  uint8_t publicKey[64];
-  uint8_t hashValue[32];
-  uint8_t sign[64];
-
-  memcpy(publicKey, pub_key_x, 32);
-  memcpy(publicKey + 32, pub_key_y, 32);
-  return uECC_verify(publicKey, hashValue, sign);
+                           const unsigned char *pub_key_y, size_t key_size,
+                           const unsigned char *sign_hash, size_t sign_hash_size,
+                           unsigned char *result_r, unsigned char *result_s)
+{
+    uint8_t publicKey[64];
+    uint8_t sign[64];
+
+    // Check the buffers
+    if (pub_key_x == NULL || pub_key_y == NULL || key_size < 32)
+        return 0;
+    if (sign_hash == NULL || sign_hash_size < 32)
+        return 0;
+    if (result_r == NULL || result_s == NULL)
+        return 0;
+
+    // Copy the public key into a single buffer
+    memcpy(publicKey, pub_key_x, 32);
+    memcpy(publicKey + 32, pub_key_y, 32);
+
+    // Copy the signature into a single buffer
+    memcpy(sign, result_r, 32);
+    memcpy(sign + 32, result_s, 32);
+
+    return uECC_verify(publicKey, sign_hash, sign);
 }
 
 int
diff --git a/extlibs/tinydtls/dtls.c b/extlibs/tinydtls/dtls.c
index e22ad7c..7815c66 100644
--- a/extlibs/tinydtls/dtls.c
+++ b/extlibs/tinydtls/dtls.c
@@ -1994,11 +1994,11 @@ check_client_certificate_verify(dtls_context_t *ctx,
   dtls_hash_finalize(sha256hash, &hs_hash);
 
   ret = dtls_ecdsa_verify_sig_hash(config->keyx.ecc.other_pub_x, config->keyx.ecc.other_pub_y,
-			    sizeof(config->keyx.ecc.other_pub_x),
-			    sha256hash, sizeof(sha256hash),
-			    result_r, result_s);
+                                   sizeof(config->keyx.ecc.other_pub_x),
+                                   sha256hash, sizeof(sha256hash),
+                                   result_r, result_s);
 
-  if (ret < 0) {
+  if (ret <= 0) {
     dtls_alert("wrong signature err: %i\n", ret);
     return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
   }
@@ -3247,14 +3247,14 @@ check_server_key_exchange_ecdsa(dtls_context_t *ctx,
   data_length -= ret;
 
   ret = dtls_ecdsa_verify_sig(config->keyx.ecc.other_pub_x, config->keyx.ecc.other_pub_y,
-			    sizeof(config->keyx.ecc.other_pub_x),
-			    config->tmp.random.client, DTLS_RANDOM_LENGTH,
-			    config->tmp.random.server, DTLS_RANDOM_LENGTH,
-			    key_params,
-			    1 + 2 + 1 + 1 + (2 * DTLS_EC_KEY_SIZE),
-			    result_r, result_s);
-
-  if (ret < 0) {
+                              sizeof(config->keyx.ecc.other_pub_x),
+                              config->tmp.random.client, DTLS_RANDOM_LENGTH,
+                              config->tmp.random.server, DTLS_RANDOM_LENGTH,
+                              key_params,
+                              1 + 2 + 1 + 1 + (2 * DTLS_EC_KEY_SIZE),
+                              result_r, result_s);
+
+  if (ret <= 0) {
     dtls_alert("wrong signature\n");
     return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
   }
-- 
2.7.4