mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 01:05:40 +01:00
Merge ecdsa_write_signature{,_det}() together
This commit is contained in:
parent
63e931902b
commit
dfdcac9d51
@ -6,6 +6,8 @@ Features
|
|||||||
* Support for DTLS 1.0 and 1.2 (RFC 6347).
|
* Support for DTLS 1.0 and 1.2 (RFC 6347).
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
|
* ecdsa_write_signature() gained an addtional md_alg argument and
|
||||||
|
ecdsa_write_signature_det() was deprecated.
|
||||||
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
|
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
|
||||||
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
|
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
|
||||||
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
|
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
|
||||||
|
@ -133,7 +133,11 @@ int ecdsa_verify( ecp_group *grp,
|
|||||||
* serialized as defined in RFC 4492 page 20.
|
* serialized as defined in RFC 4492 page 20.
|
||||||
* (Not thread-safe to use same context in multiple threads)
|
* (Not thread-safe to use same context in multiple threads)
|
||||||
*
|
*
|
||||||
|
* \note The deterministice version (RFC 6979) is used if
|
||||||
|
* POLARSSL_ECDSA_DETERMINISTIC is defined.
|
||||||
|
*
|
||||||
* \param ctx ECDSA context
|
* \param ctx ECDSA context
|
||||||
|
* \param md_alg Algorithm that was used to hash the message
|
||||||
* \param hash Message hash
|
* \param hash Message hash
|
||||||
* \param hlen Length of hash
|
* \param hlen Length of hash
|
||||||
* \param sig Buffer that will hold the signature
|
* \param sig Buffer that will hold the signature
|
||||||
@ -149,19 +153,27 @@ int ecdsa_verify( ecp_group *grp,
|
|||||||
* or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
|
* or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
|
||||||
* POLARSSL_ERR_ASN1 error code
|
* POLARSSL_ERR_ASN1 error code
|
||||||
*/
|
*/
|
||||||
int ecdsa_write_signature( ecdsa_context *ctx,
|
int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hlen,
|
const unsigned char *hash, size_t hlen,
|
||||||
unsigned char *sig, size_t *slen,
|
unsigned char *sig, size_t *slen,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
void *p_rng );
|
void *p_rng );
|
||||||
|
|
||||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||||
|
#if ! defined(POLARSSL_DEPRECATED_REMOVED)
|
||||||
|
#if defined(POLARSSL_DEPRECATED_WARNING)
|
||||||
|
#define DEPRECATED __attribute__((deprecated))
|
||||||
|
#else
|
||||||
|
#define DEPRECATED
|
||||||
|
#endif
|
||||||
/**
|
/**
|
||||||
* \brief Compute ECDSA signature and write it to buffer,
|
* \brief Compute ECDSA signature and write it to buffer,
|
||||||
* serialized as defined in RFC 4492 page 20.
|
* serialized as defined in RFC 4492 page 20.
|
||||||
* Deterministic version, RFC 6979.
|
* Deterministic version, RFC 6979.
|
||||||
* (Not thread-safe to use same context in multiple threads)
|
* (Not thread-safe to use same context in multiple threads)
|
||||||
*
|
*
|
||||||
|
* \deprecated Superseded by ecdsa_write_signature() in 2.0.0
|
||||||
|
*
|
||||||
* \param ctx ECDSA context
|
* \param ctx ECDSA context
|
||||||
* \param hash Message hash
|
* \param hash Message hash
|
||||||
* \param hlen Length of hash
|
* \param hlen Length of hash
|
||||||
@ -180,7 +192,9 @@ int ecdsa_write_signature( ecdsa_context *ctx,
|
|||||||
int ecdsa_write_signature_det( ecdsa_context *ctx,
|
int ecdsa_write_signature_det( ecdsa_context *ctx,
|
||||||
const unsigned char *hash, size_t hlen,
|
const unsigned char *hash, size_t hlen,
|
||||||
unsigned char *sig, size_t *slen,
|
unsigned char *sig, size_t *slen,
|
||||||
md_type_t md_alg );
|
md_type_t md_alg ) DEPRECATED;
|
||||||
|
#undef DEPRECATED
|
||||||
|
#endif /* POLARSSL_DEPRECATED_REMOVED */
|
||||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -308,7 +308,7 @@ static int ecdsa_signature_to_asn1( ecdsa_context *ctx,
|
|||||||
/*
|
/*
|
||||||
* Compute and write signature
|
* Compute and write signature
|
||||||
*/
|
*/
|
||||||
int ecdsa_write_signature( ecdsa_context *ctx,
|
int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hlen,
|
const unsigned char *hash, size_t hlen,
|
||||||
unsigned char *sig, size_t *slen,
|
unsigned char *sig, size_t *slen,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
@ -316,35 +316,34 @@ int ecdsa_write_signature( ecdsa_context *ctx,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||||
hash, hlen, f_rng, p_rng ) ) != 0 )
|
(void) f_rng;
|
||||||
{
|
(void) p_rng;
|
||||||
|
|
||||||
|
ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
||||||
|
hash, hlen, md_alg );
|
||||||
|
#else
|
||||||
|
(void) md_alg;
|
||||||
|
|
||||||
|
ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
||||||
|
hash, hlen, f_rng, p_rng );
|
||||||
|
#endif
|
||||||
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
|
||||||
|
|
||||||
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
|
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
#if ! defined(POLARSSL_DEPRECATED_REMOVED)
|
||||||
/*
|
|
||||||
* Compute and write signature deterministically
|
|
||||||
*/
|
|
||||||
int ecdsa_write_signature_det( ecdsa_context *ctx,
|
int ecdsa_write_signature_det( ecdsa_context *ctx,
|
||||||
const unsigned char *hash, size_t hlen,
|
const unsigned char *hash, size_t hlen,
|
||||||
unsigned char *sig, size_t *slen,
|
unsigned char *sig, size_t *slen,
|
||||||
md_type_t md_alg )
|
md_type_t md_alg )
|
||||||
{
|
{
|
||||||
int ret;
|
return( ecdsa_write_signature( ctx, md_ald, hash, hlen, sig, siglen,
|
||||||
|
NULL, NULL ) );
|
||||||
if( ( ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
|
||||||
hash, hlen, md_alg ) ) != 0 )
|
|
||||||
{
|
|
||||||
return( ret );
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
|
|
||||||
}
|
|
||||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read and check signature
|
* Read and check signature
|
||||||
|
@ -341,19 +341,8 @@ static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
|
|||||||
unsigned char *sig, size_t *sig_len,
|
unsigned char *sig, size_t *sig_len,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||||
{
|
{
|
||||||
/* Use deterministic ECDSA by default if available */
|
|
||||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
|
||||||
((void) f_rng);
|
|
||||||
((void) p_rng);
|
|
||||||
|
|
||||||
return( ecdsa_write_signature_det( (ecdsa_context *) ctx,
|
|
||||||
hash, hash_len, sig, sig_len, md_alg ) );
|
|
||||||
#else
|
|
||||||
((void) md_alg);
|
|
||||||
|
|
||||||
return( ecdsa_write_signature( (ecdsa_context *) ctx,
|
return( ecdsa_write_signature( (ecdsa_context *) ctx,
|
||||||
hash, hash_len, sig, sig_len, f_rng, p_rng ) );
|
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
|
||||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void *ecdsa_alloc_wrap( void )
|
static void *ecdsa_alloc_wrap( void )
|
||||||
|
@ -250,26 +250,3 @@ ECDSA deterministic test vector rfc 6979 p521 sha512
|
|||||||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
|
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
|
||||||
ecdsa_det_test_vectors:POLARSSL_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":POLARSSL_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
|
ecdsa_det_test_vectors:POLARSSL_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":POLARSSL_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
|
||||||
|
|
||||||
ECDSA deterministic read-write random p256 sha256
|
|
||||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C
|
|
||||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA256
|
|
||||||
|
|
||||||
ECDSA deterministic read-write random p256 sha384
|
|
||||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA512_C
|
|
||||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA384
|
|
||||||
|
|
||||||
ECDSA deterministic read-write random p384 sha256
|
|
||||||
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA256_C
|
|
||||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA256
|
|
||||||
|
|
||||||
ECDSA deterministic read-write random p384 sha384
|
|
||||||
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA512_C
|
|
||||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA384
|
|
||||||
|
|
||||||
ECDSA deterministic read-write random p521 sha256
|
|
||||||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA256_C
|
|
||||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA256
|
|
||||||
|
|
||||||
ECDSA deterministic read-write random p521 sha384
|
|
||||||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
|
|
||||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA384
|
|
||||||
|
@ -132,12 +132,12 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */
|
||||||
void ecdsa_write_read_random( int id )
|
void ecdsa_write_read_random( int id )
|
||||||
{
|
{
|
||||||
ecdsa_context ctx;
|
ecdsa_context ctx;
|
||||||
rnd_pseudo_info rnd_info;
|
rnd_pseudo_info rnd_info;
|
||||||
unsigned char hash[66];
|
unsigned char hash[32];
|
||||||
unsigned char sig[200];
|
unsigned char sig[200];
|
||||||
size_t sig_len, i;
|
size_t sig_len, i;
|
||||||
|
|
||||||
@ -153,7 +153,8 @@ void ecdsa_write_read_random( int id )
|
|||||||
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
|
|
||||||
/* generate and write signature, then read and verify it */
|
/* generate and write signature, then read and verify it */
|
||||||
TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ),
|
TEST_ASSERT( ecdsa_write_signature( &ctx, POLARSSL_MD_SHA256,
|
||||||
|
hash, sizeof( hash ),
|
||||||
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
||||||
sig, sig_len ) == 0 );
|
sig, sig_len ) == 0 );
|
||||||
@ -191,35 +192,3 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */
|
|
||||||
void ecdsa_write_read_det_random( int id, int md_alg )
|
|
||||||
{
|
|
||||||
ecdsa_context ctx;
|
|
||||||
rnd_pseudo_info rnd_info;
|
|
||||||
unsigned char msg[100];
|
|
||||||
unsigned char hash[POLARSSL_MD_MAX_SIZE];
|
|
||||||
unsigned char sig[200];
|
|
||||||
size_t sig_len;
|
|
||||||
|
|
||||||
ecdsa_init( &ctx );
|
|
||||||
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
|
||||||
memset( hash, 0, sizeof( hash ) );
|
|
||||||
memset( sig, 0x2a, sizeof( sig ) );
|
|
||||||
|
|
||||||
/* prepare material for signature */
|
|
||||||
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, msg, sizeof( msg ) ) == 0 );
|
|
||||||
md( md_info_from_type( md_alg ), msg, sizeof( msg ), hash );
|
|
||||||
|
|
||||||
/* generate signing key */
|
|
||||||
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
|
||||||
|
|
||||||
/* generate and write signature, then read and verify it */
|
|
||||||
TEST_ASSERT( ecdsa_write_signature_det( &ctx, hash, sizeof( hash ),
|
|
||||||
sig, &sig_len, md_alg ) == 0 );
|
|
||||||
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
|
||||||
sig, sig_len ) == 0 );
|
|
||||||
|
|
||||||
exit:
|
|
||||||
ecdsa_free( &ctx );
|
|
||||||
}
|
|
||||||
/* END_CASE */
|
|
||||||
|
Loading…
Reference in New Issue
Block a user