Summary

Potentially Impacted Features

The following are potential impacts:

• Failure to validate private key inputs when generating the public key can result in the private key material being leaked to a malicious third party that receives the public key.
• Failure to validate private key inputs prior to generating an ECDSA signature can result in insecure signatures.

Suggested Mitigations

The following software release addresses this vulnerability. Customers can upgrade to this version to avoid this vulnerability.

Customers are recommended to upgrade to the latest SDK for CC2640 and CC2650. The impacted functions are now provided with wrappers in source code to validate the inputs prior to calling the library functions.

The validation steps increase the time to perform the operations. If customers have to limit when the validation is performed, new function has been provided which do not perform the validation. Customers are encouraged to always validate the inputs at least once (for example, validate keys on first use and then store the validated keys in non-volatile memory with integrity protections for subsequent uses.)

In addition, customers are encouraged to confirm that ECC private key material is in the range [1, n -1] before using the private key in any operations.

External References

ANS X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Standard (ECDSA), November 2005.

FIPS PUB 186-4, Digital Signature Standard (DSS), July 2013. https://doi.org/10.6028/NIST.FIPS.186-4

NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, April 2018. https://doi.org/10.6028/NIST.SP.800-56Ar3