diff --git a/ChangeLog b/ChangeLog index 4b6d21fa5..8453794f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Features * Support for DTLS 1.0 and 1.2 (RFC 6347). API Changes + * ecdsa_write_signature() gained an addtional md_alg argument and + ecdsa_write_signature_det() was deprecated. * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. * Last argument of x509_crt_check_key_usage() changed from int to unsigned. * test_ca_list (from certs.h) is renamed to test_cas_pem and is only diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index b0a54831e..e516ff6f7 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -133,7 +133,11 @@ int ecdsa_verify( ecp_group *grp, * serialized as defined in RFC 4492 page 20. * (Not thread-safe to use same context in multiple threads) * + * \note The deterministice version (RFC 6979) is used if + * POLARSSL_ECDSA_DETERMINISTIC is defined. + * * \param ctx ECDSA context + * \param md_alg Algorithm that was used to hash the message * \param hash Message hash * \param hlen Length of hash * \param sig Buffer that will hold the signature @@ -149,19 +153,27 @@ int ecdsa_verify( ecp_group *grp, * or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or * POLARSSL_ERR_ASN1 error code */ -int ecdsa_write_signature( ecdsa_context *ctx, +int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); #if defined(POLARSSL_ECDSA_DETERMINISTIC) +#if ! defined(POLARSSL_DEPRECATED_REMOVED) +#if defined(POLARSSL_DEPRECATED_WARNING) +#define DEPRECATED __attribute__((deprecated)) +#else +#define DEPRECATED +#endif /** * \brief Compute ECDSA signature and write it to buffer, * serialized as defined in RFC 4492 page 20. * Deterministic version, RFC 6979. * (Not thread-safe to use same context in multiple threads) * + * \deprecated Superseded by ecdsa_write_signature() in 2.0.0 + * * \param ctx ECDSA context * \param hash Message hash * \param hlen Length of hash @@ -180,7 +192,9 @@ int ecdsa_write_signature( ecdsa_context *ctx, int ecdsa_write_signature_det( ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, - md_type_t md_alg ); + md_type_t md_alg ) DEPRECATED; +#undef DEPRECATED +#endif /* POLARSSL_DEPRECATED_REMOVED */ #endif /* POLARSSL_ECDSA_DETERMINISTIC */ /** diff --git a/library/ecdsa.c b/library/ecdsa.c index 006413c2b..f1a48ff4e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -308,7 +308,7 @@ static int ecdsa_signature_to_asn1( ecdsa_context *ctx, /* * Compute and write signature */ -int ecdsa_write_signature( ecdsa_context *ctx, +int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int (*f_rng)(void *, unsigned char *, size_t), @@ -316,35 +316,34 @@ int ecdsa_write_signature( ecdsa_context *ctx, { int ret; - if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d, - hash, hlen, f_rng, p_rng ) ) != 0 ) - { +#if defined(POLARSSL_ECDSA_DETERMINISTIC) + (void) f_rng; + (void) p_rng; + + ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d, + hash, hlen, md_alg ); +#else + (void) md_alg; + + ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d, + hash, hlen, f_rng, p_rng ); +#endif + if( ret != 0 ) return( ret ); - } return( ecdsa_signature_to_asn1( ctx, sig, slen ) ); } -#if defined(POLARSSL_ECDSA_DETERMINISTIC) -/* - * Compute and write signature deterministically - */ +#if ! defined(POLARSSL_DEPRECATED_REMOVED) int ecdsa_write_signature_det( ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, md_type_t md_alg ) { - int ret; - - if( ( ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d, - hash, hlen, md_alg ) ) != 0 ) - { - return( ret ); - } - - return( ecdsa_signature_to_asn1( ctx, sig, slen ) ); + return( ecdsa_write_signature( ctx, md_ald, hash, hlen, sig, siglen, + NULL, NULL ) ); } -#endif /* POLARSSL_ECDSA_DETERMINISTIC */ +#endif /* * Read and check signature diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 66afa7cb6..d6dea12c1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -341,19 +341,8 @@ static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - /* Use deterministic ECDSA by default if available */ -#if defined(POLARSSL_ECDSA_DETERMINISTIC) - ((void) f_rng); - ((void) p_rng); - - return( ecdsa_write_signature_det( (ecdsa_context *) ctx, - hash, hash_len, sig, sig_len, md_alg ) ); -#else - ((void) md_alg); - return( ecdsa_write_signature( (ecdsa_context *) ctx, - hash, hash_len, sig, sig_len, f_rng, p_rng ) ); -#endif /* POLARSSL_ECDSA_DETERMINISTIC */ + md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); } static void *ecdsa_alloc_wrap( void ) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index b03549bf5..dbc909092 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -250,26 +250,3 @@ ECDSA deterministic test vector rfc 6979 p521 sha512 depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C ecdsa_det_test_vectors:POLARSSL_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":POLARSSL_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3" -ECDSA deterministic read-write random p256 sha256 -depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C -ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA256 - -ECDSA deterministic read-write random p256 sha384 -depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA512_C -ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA384 - -ECDSA deterministic read-write random p384 sha256 -depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA256_C -ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA256 - -ECDSA deterministic read-write random p384 sha384 -depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA512_C -ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA384 - -ECDSA deterministic read-write random p521 sha256 -depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA256_C -ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA256 - -ECDSA deterministic read-write random p521 sha384 -depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C -ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA384 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 864fadeb8..7d5e6df17 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -132,12 +132,12 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */ void ecdsa_write_read_random( int id ) { ecdsa_context ctx; rnd_pseudo_info rnd_info; - unsigned char hash[66]; + unsigned char hash[32]; unsigned char sig[200]; size_t sig_len, i; @@ -153,7 +153,8 @@ void ecdsa_write_read_random( int id ) TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 ); /* generate and write signature, then read and verify it */ - TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ), + TEST_ASSERT( ecdsa_write_signature( &ctx, POLARSSL_MD_SHA256, + hash, sizeof( hash ), sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) == 0 ); @@ -191,35 +192,3 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */ -void ecdsa_write_read_det_random( int id, int md_alg ) -{ - ecdsa_context ctx; - rnd_pseudo_info rnd_info; - unsigned char msg[100]; - unsigned char hash[POLARSSL_MD_MAX_SIZE]; - unsigned char sig[200]; - size_t sig_len; - - ecdsa_init( &ctx ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); - memset( hash, 0, sizeof( hash ) ); - memset( sig, 0x2a, sizeof( sig ) ); - - /* prepare material for signature */ - TEST_ASSERT( rnd_pseudo_rand( &rnd_info, msg, sizeof( msg ) ) == 0 ); - md( md_info_from_type( md_alg ), msg, sizeof( msg ), hash ); - - /* generate signing key */ - TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 ); - - /* generate and write signature, then read and verify it */ - TEST_ASSERT( ecdsa_write_signature_det( &ctx, hash, sizeof( hash ), - sig, &sig_len, md_alg ) == 0 ); - TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ), - sig, sig_len ) == 0 ); - -exit: - ecdsa_free( &ctx ); -} -/* END_CASE */