pk_sign() now requires non-NONE md_alg for ECDSA

2024-11-22 06:15:41 +01:00 · 2015-03-31 11:04:45 +02:00 · 2015-03-31 11:04:45 +02:00 · b8cfe3f0d9
commit b8cfe3f0d9
parent fa44f20b9f
5 changed files with 11 additions and 42 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ Features
  * Support for DTLS 1.0 and 1.2 (RFC 6347).

 API Changes
+   * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
   * Last argument of x509_crt_check_key_usage() changed from int to unsigned.
   * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
     available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@ -52,6 +52,8 @@ extern "C" {
 /**
 * \brief           Compute ECDSA signature of a previously hashed message
 *
+ * \note            The deterministic version is usually prefered.
+ *
 * \param grp       ECP group
 * \param r         First output integer
 * \param s         Second output integer
@ -70,8 +72,8 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,

 #if defined(POLARSSL_ECDSA_DETERMINISTIC)
 /**
- * \brief           Compute ECDSA signature of a previously hashed message
- *                  (deterministic version)
+ * \brief           Compute ECDSA signature of a previously hashed message,
+ *                  deterministic version (RFC 6979).
 *
 * \param grp       ECP group
 * \param r         First output integer
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -377,7 +377,8 @@ int pk_verify_ext( pk_type_t type, const void *options,
 * \note            If hash_len is 0, then the length associated with md_alg
 *                  is used instead, or an error returned if it is invalid.
 *
- * \note            md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
+ * \note            For RSA, md_alg may be POLARSSL_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be POLARSSL_MD_NONE.
 */
 int pk_sign( pk_context *ctx, md_type_t md_alg,
             const unsigned char *hash, size_t hash_len,
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -43,35 +43,6 @@
 #include "mbedtls/hmac_drbg.h"
 #endif

-#if defined(POLARSSL_ECDSA_DETERMINISTIC)
-/*
- * This a hopefully temporary compatibility function.
- *
- * Since we can't ensure the caller will pass a valid md_alg before the next
- * interface change, try to pick up a decent md by size.
- *
- * Argument is the minimum size in bytes of the MD output.
- */
-static const md_info_t *md_info_by_size( size_t min_size )
-{
-    const md_info_t *md_cur, *md_picked = NULL;
-    const int *md_alg;
-
-    for( md_alg = md_list(); *md_alg != 0; md_alg++ )
-    {
-        if( ( md_cur = md_info_from_type( (md_type_t) *md_alg ) ) == NULL ||
-            (size_t) md_get_size( md_cur ) < min_size ||
-            ( md_picked != NULL &&
-              md_get_size( md_cur ) > md_get_size( md_picked ) ) )
-            continue;
-
-        md_picked = md_cur;
-    }
-
-    return( md_picked );
-}
-#endif /* POLARSSL_ECDSA_DETERMINISTIC */
-
 /*
 * Derive a suitable integer for group grp from a buffer of length len
 * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
@ -199,13 +170,7 @@ int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s,
    const md_info_t *md_info;
    mpi h;

-    /* Temporary fallback */
-    if( md_alg == POLARSSL_MD_NONE )
-        md_info = md_info_by_size( blen );
-    else
-        md_info = md_info_from_type( md_alg );
-
-    if( md_info == NULL )
+    if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
        return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );

    mpi_init( &h );
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@ -250,7 +250,7 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */
 void pk_sign_verify( int type, int sign_ret, int verify_ret )
 {
    pk_context pk;
@ -265,10 +265,10 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
    TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
    TEST_ASSERT( pk_genkey( &pk ) == 0 );

-    TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, hash, sizeof hash,
+    TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_SHA256, hash, sizeof hash,
                          sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );

-    TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE,
+    TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_SHA256,
                            hash, sizeof hash, sig, sig_len ) == verify_ret );

 exit: