Address PR review comments
1) update ChangLog to have new feature in Features instead of Changes 2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions: MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
This commit is contained in:
parent
2981a0a740
commit
314adb6baa
4 changed files with 71 additions and 59 deletions
|
@ -36,10 +36,13 @@ Changes
|
|||
* Clarify ECDSA documentation and improve the sample code to avoid
|
||||
misunderstandings and potentially dangerous use of the API. Pointed out
|
||||
by Jean-Philippe Aumasson.
|
||||
* Add support for alternative implementation for ECDSA, controlled by new
|
||||
configuration flag MBEDTLS_ECDSA_ALT in config.h.
|
||||
|
||||
Features
|
||||
* Add support for alternative implementations for ECDSA, controlled by new
|
||||
configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
|
||||
MBEDTLS_ECDSDA_GENKEY_AT in config.h.
|
||||
The following functions from the ECDSA module can be replaced
|
||||
with an alternative implementation:
|
||||
with alternative implementation:
|
||||
mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
|
||||
|
||||
= mbed TLS 2.5.0 branch released 2017-05-17
|
||||
|
|
|
@ -238,7 +238,6 @@
|
|||
//#define MBEDTLS_BLOWFISH_ALT
|
||||
//#define MBEDTLS_CAMELLIA_ALT
|
||||
//#define MBEDTLS_DES_ALT
|
||||
//#define MBEDTLS_ECDSA_ALT
|
||||
//#define MBEDTLS_XTEA_ALT
|
||||
//#define MBEDTLS_MD2_ALT
|
||||
//#define MBEDTLS_MD4_ALT
|
||||
|
@ -295,6 +294,9 @@
|
|||
//#define MBEDTLS_AES_SETKEY_DEC_ALT
|
||||
//#define MBEDTLS_AES_ENCRYPT_ALT
|
||||
//#define MBEDTLS_AES_DECRYPT_ALT
|
||||
//#define MBEDTLS_ECDSA_VERIFY_ALT
|
||||
//#define MBEDTLS_ECDSA_SIGN_ALT
|
||||
//#define MBEDTLS_ECDSA_GENKEY_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_INTERNAL_ALT
|
||||
|
|
105
library/ecdsa.c
105
library/ecdsa.c
|
@ -65,8 +65,7 @@ cleanup:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_ALT)
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
|
||||
/*
|
||||
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
|
||||
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
|
||||
|
@ -155,8 +154,47 @@ cleanup:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/*
|
||||
* Deterministic signature wrapper
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
mbedtls_md_type_t md_alg )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_hmac_drbg_context rng_ctx;
|
||||
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
|
||||
size_t grp_len = ( grp->nbits + 7 ) / 8;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_mpi h;
|
||||
|
||||
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_mpi_init( &h );
|
||||
mbedtls_hmac_drbg_init( &rng_ctx );
|
||||
|
||||
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
|
||||
MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
|
||||
mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
|
||||
|
||||
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
|
||||
mbedtls_hmac_drbg_random, &rng_ctx );
|
||||
|
||||
cleanup:
|
||||
mbedtls_hmac_drbg_free( &rng_ctx );
|
||||
mbedtls_mpi_free( &h );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
|
||||
/*
|
||||
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
|
||||
* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
|
||||
|
@ -242,56 +280,7 @@ cleanup:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate key pair
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
|
||||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_ECDSA_ALT */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
/*
|
||||
* Deterministic signature wrapper
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
mbedtls_md_type_t md_alg )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_hmac_drbg_context rng_ctx;
|
||||
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
|
||||
size_t grp_len = ( grp->nbits + 7 ) / 8;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_mpi h;
|
||||
|
||||
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_mpi_init( &h );
|
||||
mbedtls_hmac_drbg_init( &rng_ctx );
|
||||
|
||||
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
|
||||
MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
|
||||
mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
|
||||
|
||||
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
|
||||
mbedtls_hmac_drbg_random, &rng_ctx );
|
||||
|
||||
cleanup:
|
||||
mbedtls_hmac_drbg_free( &rng_ctx );
|
||||
mbedtls_mpi_free( &h );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
|
||||
|
||||
/*
|
||||
* Convert a signature (given by context) to ASN.1
|
||||
|
@ -417,6 +406,18 @@ cleanup:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
|
||||
/*
|
||||
* Generate key pair
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
|
||||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
|
||||
|
||||
/*
|
||||
* Set context from an mbedtls_ecp_keypair
|
||||
*/
|
||||
|
|
|
@ -93,9 +93,6 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_DES_ALT)
|
||||
"MBEDTLS_DES_ALT",
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
#if defined(MBEDTLS_ECDSA_ALT)
|
||||
"MBEDTLS_ECDSA_ALT",
|
||||
#endif /* MBEDTLS_ECDSA_ALT */
|
||||
#if defined(MBEDTLS_XTEA_ALT)
|
||||
"MBEDTLS_XTEA_ALT",
|
||||
#endif /* MBEDTLS_XTEA_ALT */
|
||||
|
@ -165,6 +162,15 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_AES_DECRYPT_ALT)
|
||||
"MBEDTLS_AES_DECRYPT_ALT",
|
||||
#endif /* MBEDTLS_AES_DECRYPT_ALT */
|
||||
#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
|
||||
"MBEDTLS_ECDSA_VERIFY_ALT",
|
||||
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
|
||||
#if defined(MBEDTLS_ECDSA_SIGN_ALT)
|
||||
"MBEDTLS_ECDSA_SIGN_ALT",
|
||||
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
|
||||
#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
|
||||
"MBEDTLS_ECDSA_GENKEY_ALT",
|
||||
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
|
||||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
"MBEDTLS_ECP_INTERNAL_ALT",
|
||||
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
|
||||
|
|
Loading…
Reference in a new issue