mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 02:55:41 +01:00
Add ecp_check_prvkey, with test
Also group key checking and generation functions in ecp.h and ecp.c.
This commit is contained in:
parent
b8c6e0e3e9
commit
c8dc295e83
@ -228,25 +228,6 @@ int ecp_is_zero( ecp_point *pt );
|
|||||||
*/
|
*/
|
||||||
int ecp_copy( ecp_point *P, const ecp_point *Q );
|
int ecp_copy( ecp_point *P, const ecp_point *Q );
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Check that a point is a valid public key on this curve
|
|
||||||
*
|
|
||||||
* \param grp Curve/group the point should belong to
|
|
||||||
* \param pt Point to check
|
|
||||||
*
|
|
||||||
* \return 0 if point is a valid public key,
|
|
||||||
* POLARSSL_ERR_ECP_GENERIC otherwise.
|
|
||||||
*
|
|
||||||
* \note This function only checks the point is non-zero, has valid
|
|
||||||
* coordinates and lies on the curve, but not that it is
|
|
||||||
* indeed a multiple of G. This is additional check is more
|
|
||||||
* expensive, isn't required by standards, and shouldn't be
|
|
||||||
* necessary if the group used has a small cofactor. In
|
|
||||||
* particular, it is useless for the NIST groups which all
|
|
||||||
* have a cofactor of 1.
|
|
||||||
*/
|
|
||||||
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Import a non-zero point from two ASCII strings
|
* \brief Import a non-zero point from two ASCII strings
|
||||||
*
|
*
|
||||||
@ -437,6 +418,44 @@ int ecp_sub( const ecp_group *grp, ecp_point *R,
|
|||||||
int ecp_mul( const ecp_group *grp, ecp_point *R,
|
int ecp_mul( const ecp_group *grp, ecp_point *R,
|
||||||
const mpi *m, const ecp_point *P );
|
const mpi *m, const ecp_point *P );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Check that a point is a valid public key on this curve
|
||||||
|
*
|
||||||
|
* \param grp Curve/group the point should belong to
|
||||||
|
* \param pt Point to check
|
||||||
|
*
|
||||||
|
* \return 0 if point is a valid public key,
|
||||||
|
* POLARSSL_ERR_ECP_GENERIC otherwise.
|
||||||
|
*
|
||||||
|
* \note This function only checks the point is non-zero, has valid
|
||||||
|
* coordinates and lies on the curve, but not that it is
|
||||||
|
* indeed a multiple of G. This is additional check is more
|
||||||
|
* expensive, isn't required by standards, and shouldn't be
|
||||||
|
* necessary if the group used has a small cofactor. In
|
||||||
|
* particular, it is useless for the NIST groups which all
|
||||||
|
* have a cofactor of 1.
|
||||||
|
*
|
||||||
|
* \note Uses bare components rather than an ecp_keypair structure
|
||||||
|
* in order to ease use with other structures such as
|
||||||
|
* ecdh_context of ecdsa_context.
|
||||||
|
*/
|
||||||
|
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Check that an mpi is a valid private key for this curve
|
||||||
|
*
|
||||||
|
* \param grp Group used
|
||||||
|
* \param d Integer to check
|
||||||
|
*
|
||||||
|
* \return 0 if point is a valid private key,
|
||||||
|
* POLARSSL_ERR_ECP_GENERIC otherwise.
|
||||||
|
*
|
||||||
|
* \note Uses bare components rather than an ecp_keypair structure
|
||||||
|
* in order to ease use with other structures such as
|
||||||
|
* ecdh_context of ecdsa_context.
|
||||||
|
*/
|
||||||
|
int ecp_check_prvkey( const ecp_group *grp, const mpi *d );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Generate a keypair
|
* \brief Generate a keypair
|
||||||
*
|
*
|
||||||
@ -448,6 +467,10 @@ int ecp_mul( const ecp_group *grp, ecp_point *R,
|
|||||||
*
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
|
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
|
||||||
|
*
|
||||||
|
* \note Uses bare components rather than an ecp_keypair structure
|
||||||
|
* in order to ease use with other structures such as
|
||||||
|
* ecdh_context of ecdsa_context.
|
||||||
*/
|
*/
|
||||||
int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
|
int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
|
102
library/ecp.c
102
library/ecp.c
@ -727,51 +727,6 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
|
|||||||
while( mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
|
while( mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
|
||||||
MPI_CHK( mpi_sub_mpi( &N, &N, &grp->P ) )
|
MPI_CHK( mpi_sub_mpi( &N, &N, &grp->P ) )
|
||||||
|
|
||||||
/*
|
|
||||||
* Check that a point is valid as a public key (SEC1 3.2.3.1)
|
|
||||||
*/
|
|
||||||
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
mpi YY, RHS;
|
|
||||||
|
|
||||||
if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
|
|
||||||
return( POLARSSL_ERR_ECP_GENERIC );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* pt coordinates must be normalized for our checks
|
|
||||||
*/
|
|
||||||
if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
|
|
||||||
return( POLARSSL_ERR_ECP_GENERIC );
|
|
||||||
|
|
||||||
if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
|
|
||||||
mpi_cmp_int( &pt->Y, 0 ) < 0 ||
|
|
||||||
mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
|
|
||||||
mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
|
|
||||||
return( POLARSSL_ERR_ECP_GENERIC );
|
|
||||||
|
|
||||||
mpi_init( &YY ); mpi_init( &RHS );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* YY = Y^2
|
|
||||||
* RHS = X (X^2 - 3) + B = X^3 - 3X + B
|
|
||||||
*/
|
|
||||||
MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
|
|
||||||
MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
|
|
||||||
MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
|
|
||||||
MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
|
|
||||||
MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
|
|
||||||
|
|
||||||
if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
|
|
||||||
ret = POLARSSL_ERR_ECP_GENERIC;
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
|
|
||||||
mpi_free( &YY ); mpi_free( &RHS );
|
|
||||||
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1)
|
* Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1)
|
||||||
*/
|
*/
|
||||||
@ -1305,6 +1260,63 @@ cleanup:
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check that a point is valid as a public key (SEC1 3.2.3.1)
|
||||||
|
*/
|
||||||
|
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
mpi YY, RHS;
|
||||||
|
|
||||||
|
if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
|
||||||
|
return( POLARSSL_ERR_ECP_GENERIC );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* pt coordinates must be normalized for our checks
|
||||||
|
*/
|
||||||
|
if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
|
||||||
|
return( POLARSSL_ERR_ECP_GENERIC );
|
||||||
|
|
||||||
|
if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
|
||||||
|
mpi_cmp_int( &pt->Y, 0 ) < 0 ||
|
||||||
|
mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
|
||||||
|
mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
|
||||||
|
return( POLARSSL_ERR_ECP_GENERIC );
|
||||||
|
|
||||||
|
mpi_init( &YY ); mpi_init( &RHS );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* YY = Y^2
|
||||||
|
* RHS = X (X^2 - 3) + B = X^3 - 3X + B
|
||||||
|
*/
|
||||||
|
MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
|
||||||
|
MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
|
||||||
|
MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
|
||||||
|
MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
|
||||||
|
MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
|
||||||
|
|
||||||
|
if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
|
||||||
|
ret = POLARSSL_ERR_ECP_GENERIC;
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
|
||||||
|
mpi_free( &YY ); mpi_free( &RHS );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check that an mpi is valid as a private key (SEC1 3.2)
|
||||||
|
*/
|
||||||
|
int ecp_check_prvkey( const ecp_group *grp, const mpi *d )
|
||||||
|
{
|
||||||
|
/* We want 1 <= d <= N-1 */
|
||||||
|
if ( mpi_cmp_int( d, 1 ) < 0 || mpi_cmp_mpi( d, &grp->N ) >= 0 )
|
||||||
|
return( POLARSSL_ERR_ECP_GENERIC );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate a keypair (SEC1 3.2.1)
|
* Generate a keypair (SEC1 3.2.1)
|
||||||
*/
|
*/
|
||||||
|
@ -245,6 +245,9 @@ ECP tls write-read group #2
|
|||||||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
|
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
|
||||||
ecp_tls_write_read_group:SECP521R1
|
ecp_tls_write_read_group:SECP521R1
|
||||||
|
|
||||||
|
ECP check prvkey
|
||||||
|
ecp_check_prvkey:SECP192R1
|
||||||
|
|
||||||
ECP gen keypair
|
ECP gen keypair
|
||||||
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
ecp_gen_keypair:SECP192R1
|
ecp_gen_keypair:SECP192R1
|
||||||
|
@ -437,6 +437,28 @@ ecp_tls_write_read_group:id
|
|||||||
}
|
}
|
||||||
END_CASE
|
END_CASE
|
||||||
|
|
||||||
|
BEGIN_CASE
|
||||||
|
ecp_check_prvkey:id
|
||||||
|
{
|
||||||
|
ecp_group grp;
|
||||||
|
mpi d;
|
||||||
|
|
||||||
|
ecp_group_init( &grp );
|
||||||
|
mpi_init( &d );
|
||||||
|
|
||||||
|
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( mpi_lset( &d, 0 ) == 0 );
|
||||||
|
TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == POLARSSL_ERR_ECP_GENERIC );
|
||||||
|
|
||||||
|
TEST_ASSERT( mpi_copy( &d, &grp.N ) == 0 );
|
||||||
|
TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == POLARSSL_ERR_ECP_GENERIC );
|
||||||
|
|
||||||
|
ecp_group_free( &grp );
|
||||||
|
mpi_free( &d );
|
||||||
|
}
|
||||||
|
END_CASE
|
||||||
|
|
||||||
BEGIN_CASE
|
BEGIN_CASE
|
||||||
ecp_gen_keypair:id
|
ecp_gen_keypair:id
|
||||||
{
|
{
|
||||||
@ -455,8 +477,8 @@ ecp_gen_keypair:id
|
|||||||
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
|
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
|
||||||
== 0 );
|
== 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mpi_cmp_mpi( &d, &grp.N ) < 0 );
|
TEST_ASSERT( ecp_check_pubkey( &grp, &Q ) == 0 );
|
||||||
TEST_ASSERT( mpi_cmp_int( &d, 1 ) >= 0 );
|
TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == 0 );
|
||||||
|
|
||||||
ecp_group_free( &grp );
|
ecp_group_free( &grp );
|
||||||
ecp_point_free( &Q );
|
ecp_point_free( &Q );
|
||||||
|
Loading…
Reference in New Issue
Block a user