mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 16:55:43 +01:00
pk_sign() now requires non-NONE md_alg for ECDSA
This commit is contained in:
parent
fa44f20b9f
commit
b8cfe3f0d9
@ -6,6 +6,7 @@ Features
|
|||||||
* Support for DTLS 1.0 and 1.2 (RFC 6347).
|
* Support for DTLS 1.0 and 1.2 (RFC 6347).
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
|
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
|
||||||
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
|
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
|
||||||
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
|
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
|
||||||
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
|
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
|
||||||
|
@ -52,6 +52,8 @@ extern "C" {
|
|||||||
/**
|
/**
|
||||||
* \brief Compute ECDSA signature of a previously hashed message
|
* \brief Compute ECDSA signature of a previously hashed message
|
||||||
*
|
*
|
||||||
|
* \note The deterministic version is usually prefered.
|
||||||
|
*
|
||||||
* \param grp ECP group
|
* \param grp ECP group
|
||||||
* \param r First output integer
|
* \param r First output integer
|
||||||
* \param s Second output integer
|
* \param s Second output integer
|
||||||
@ -70,8 +72,8 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
|
|||||||
|
|
||||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||||
/**
|
/**
|
||||||
* \brief Compute ECDSA signature of a previously hashed message
|
* \brief Compute ECDSA signature of a previously hashed message,
|
||||||
* (deterministic version)
|
* deterministic version (RFC 6979).
|
||||||
*
|
*
|
||||||
* \param grp ECP group
|
* \param grp ECP group
|
||||||
* \param r First output integer
|
* \param r First output integer
|
||||||
|
@ -377,7 +377,8 @@ int pk_verify_ext( pk_type_t type, const void *options,
|
|||||||
* \note If hash_len is 0, then the length associated with md_alg
|
* \note If hash_len is 0, then the length associated with md_alg
|
||||||
* is used instead, or an error returned if it is invalid.
|
* is used instead, or an error returned if it is invalid.
|
||||||
*
|
*
|
||||||
* \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
|
* \note For RSA, md_alg may be POLARSSL_MD_NONE if hash_len != 0.
|
||||||
|
* For ECDSA, md_alg may never be POLARSSL_MD_NONE.
|
||||||
*/
|
*/
|
||||||
int pk_sign( pk_context *ctx, md_type_t md_alg,
|
int pk_sign( pk_context *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
|
@ -43,35 +43,6 @@
|
|||||||
#include "mbedtls/hmac_drbg.h"
|
#include "mbedtls/hmac_drbg.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
|
||||||
/*
|
|
||||||
* This a hopefully temporary compatibility function.
|
|
||||||
*
|
|
||||||
* Since we can't ensure the caller will pass a valid md_alg before the next
|
|
||||||
* interface change, try to pick up a decent md by size.
|
|
||||||
*
|
|
||||||
* Argument is the minimum size in bytes of the MD output.
|
|
||||||
*/
|
|
||||||
static const md_info_t *md_info_by_size( size_t min_size )
|
|
||||||
{
|
|
||||||
const md_info_t *md_cur, *md_picked = NULL;
|
|
||||||
const int *md_alg;
|
|
||||||
|
|
||||||
for( md_alg = md_list(); *md_alg != 0; md_alg++ )
|
|
||||||
{
|
|
||||||
if( ( md_cur = md_info_from_type( (md_type_t) *md_alg ) ) == NULL ||
|
|
||||||
(size_t) md_get_size( md_cur ) < min_size ||
|
|
||||||
( md_picked != NULL &&
|
|
||||||
md_get_size( md_cur ) > md_get_size( md_picked ) ) )
|
|
||||||
continue;
|
|
||||||
|
|
||||||
md_picked = md_cur;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( md_picked );
|
|
||||||
}
|
|
||||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Derive a suitable integer for group grp from a buffer of length len
|
* Derive a suitable integer for group grp from a buffer of length len
|
||||||
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
|
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
|
||||||
@ -199,13 +170,7 @@ int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s,
|
|||||||
const md_info_t *md_info;
|
const md_info_t *md_info;
|
||||||
mpi h;
|
mpi h;
|
||||||
|
|
||||||
/* Temporary fallback */
|
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
|
||||||
if( md_alg == POLARSSL_MD_NONE )
|
|
||||||
md_info = md_info_by_size( blen );
|
|
||||||
else
|
|
||||||
md_info = md_info_from_type( md_alg );
|
|
||||||
|
|
||||||
if( md_info == NULL )
|
|
||||||
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
||||||
|
|
||||||
mpi_init( &h );
|
mpi_init( &h );
|
||||||
|
@ -250,7 +250,7 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */
|
||||||
void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
||||||
{
|
{
|
||||||
pk_context pk;
|
pk_context pk;
|
||||||
@ -265,10 +265,10 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
|
|||||||
TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
|
TEST_ASSERT( pk_init_ctx( &pk, pk_info_from_type( type ) ) == 0 );
|
||||||
TEST_ASSERT( pk_genkey( &pk ) == 0 );
|
TEST_ASSERT( pk_genkey( &pk ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_NONE, hash, sizeof hash,
|
TEST_ASSERT( pk_sign( &pk, POLARSSL_MD_SHA256, hash, sizeof hash,
|
||||||
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
|
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
|
||||||
|
|
||||||
TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_NONE,
|
TEST_ASSERT( pk_verify( &pk, POLARSSL_MD_SHA256,
|
||||||
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
Loading…
Reference in New Issue
Block a user