Merge ecdsa_write_signature{,_det}() together
This commit is contained in:
parent
63e931902b
commit
dfdcac9d51
6 changed files with 41 additions and 91 deletions
|
@ -6,6 +6,8 @@ Features
|
|||
* Support for DTLS 1.0 and 1.2 (RFC 6347).
|
||||
|
||||
API Changes
|
||||
* ecdsa_write_signature() gained an addtional md_alg argument and
|
||||
ecdsa_write_signature_det() was deprecated.
|
||||
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
|
||||
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
|
||||
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
|
||||
|
|
|
@ -133,7 +133,11 @@ int ecdsa_verify( ecp_group *grp,
|
|||
* serialized as defined in RFC 4492 page 20.
|
||||
* (Not thread-safe to use same context in multiple threads)
|
||||
*
|
||||
* \note The deterministice version (RFC 6979) is used if
|
||||
* POLARSSL_ECDSA_DETERMINISTIC is defined.
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param md_alg Algorithm that was used to hash the message
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
* \param sig Buffer that will hold the signature
|
||||
|
@ -149,19 +153,27 @@ int ecdsa_verify( ecp_group *grp,
|
|||
* or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
|
||||
* POLARSSL_ERR_ASN1 error code
|
||||
*/
|
||||
int ecdsa_write_signature( ecdsa_context *ctx,
|
||||
int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||
#if ! defined(POLARSSL_DEPRECATED_REMOVED)
|
||||
#if defined(POLARSSL_DEPRECATED_WARNING)
|
||||
#define DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Compute ECDSA signature and write it to buffer,
|
||||
* serialized as defined in RFC 4492 page 20.
|
||||
* Deterministic version, RFC 6979.
|
||||
* (Not thread-safe to use same context in multiple threads)
|
||||
*
|
||||
* \deprecated Superseded by ecdsa_write_signature() in 2.0.0
|
||||
*
|
||||
* \param ctx ECDSA context
|
||||
* \param hash Message hash
|
||||
* \param hlen Length of hash
|
||||
|
@ -180,7 +192,9 @@ int ecdsa_write_signature( ecdsa_context *ctx,
|
|||
int ecdsa_write_signature_det( ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
md_type_t md_alg );
|
||||
md_type_t md_alg ) DEPRECATED;
|
||||
#undef DEPRECATED
|
||||
#endif /* POLARSSL_DEPRECATED_REMOVED */
|
||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
||||
|
||||
/**
|
||||
|
|
|
@ -308,7 +308,7 @@ static int ecdsa_signature_to_asn1( ecdsa_context *ctx,
|
|||
/*
|
||||
* Compute and write signature
|
||||
*/
|
||||
int ecdsa_write_signature( ecdsa_context *ctx,
|
||||
int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
@ -316,35 +316,34 @@ int ecdsa_write_signature( ecdsa_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
||||
hash, hlen, f_rng, p_rng ) ) != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||
(void) f_rng;
|
||||
(void) p_rng;
|
||||
|
||||
ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
||||
hash, hlen, md_alg );
|
||||
#else
|
||||
(void) md_alg;
|
||||
|
||||
ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
||||
hash, hlen, f_rng, p_rng );
|
||||
#endif
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||
/*
|
||||
* Compute and write signature deterministically
|
||||
*/
|
||||
#if ! defined(POLARSSL_DEPRECATED_REMOVED)
|
||||
int ecdsa_write_signature_det( ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
unsigned char *sig, size_t *slen,
|
||||
md_type_t md_alg )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
|
||||
hash, hlen, md_alg ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
|
||||
return( ecdsa_write_signature( ctx, md_ald, hash, hlen, sig, siglen,
|
||||
NULL, NULL ) );
|
||||
}
|
||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Read and check signature
|
||||
|
|
|
@ -341,19 +341,8 @@ static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
|
|||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
/* Use deterministic ECDSA by default if available */
|
||||
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
|
||||
return( ecdsa_write_signature_det( (ecdsa_context *) ctx,
|
||||
hash, hash_len, sig, sig_len, md_alg ) );
|
||||
#else
|
||||
((void) md_alg);
|
||||
|
||||
return( ecdsa_write_signature( (ecdsa_context *) ctx,
|
||||
hash, hash_len, sig, sig_len, f_rng, p_rng ) );
|
||||
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
|
||||
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
static void *ecdsa_alloc_wrap( void )
|
||||
|
|
|
@ -250,26 +250,3 @@ ECDSA deterministic test vector rfc 6979 p521 sha512
|
|||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
|
||||
ecdsa_det_test_vectors:POLARSSL_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":POLARSSL_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
|
||||
|
||||
ECDSA deterministic read-write random p256 sha256
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C
|
||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA256
|
||||
|
||||
ECDSA deterministic read-write random p256 sha384
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA512_C
|
||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA384
|
||||
|
||||
ECDSA deterministic read-write random p384 sha256
|
||||
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA256_C
|
||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA256
|
||||
|
||||
ECDSA deterministic read-write random p384 sha384
|
||||
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA512_C
|
||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA384
|
||||
|
||||
ECDSA deterministic read-write random p521 sha256
|
||||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA256_C
|
||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA256
|
||||
|
||||
ECDSA deterministic read-write random p521 sha384
|
||||
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
|
||||
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA384
|
||||
|
|
|
@ -132,12 +132,12 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */
|
||||
void ecdsa_write_read_random( int id )
|
||||
{
|
||||
ecdsa_context ctx;
|
||||
rnd_pseudo_info rnd_info;
|
||||
unsigned char hash[66];
|
||||
unsigned char hash[32];
|
||||
unsigned char sig[200];
|
||||
size_t sig_len, i;
|
||||
|
||||
|
@ -153,7 +153,8 @@ void ecdsa_write_read_random( int id )
|
|||
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||
|
||||
/* generate and write signature, then read and verify it */
|
||||
TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ),
|
||||
TEST_ASSERT( ecdsa_write_signature( &ctx, POLARSSL_MD_SHA256,
|
||||
hash, sizeof( hash ),
|
||||
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
||||
sig, sig_len ) == 0 );
|
||||
|
@ -191,35 +192,3 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */
|
||||
void ecdsa_write_read_det_random( int id, int md_alg )
|
||||
{
|
||||
ecdsa_context ctx;
|
||||
rnd_pseudo_info rnd_info;
|
||||
unsigned char msg[100];
|
||||
unsigned char hash[POLARSSL_MD_MAX_SIZE];
|
||||
unsigned char sig[200];
|
||||
size_t sig_len;
|
||||
|
||||
ecdsa_init( &ctx );
|
||||
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
|
||||
memset( hash, 0, sizeof( hash ) );
|
||||
memset( sig, 0x2a, sizeof( sig ) );
|
||||
|
||||
/* prepare material for signature */
|
||||
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, msg, sizeof( msg ) ) == 0 );
|
||||
md( md_info_from_type( md_alg ), msg, sizeof( msg ), hash );
|
||||
|
||||
/* generate signing key */
|
||||
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||
|
||||
/* generate and write signature, then read and verify it */
|
||||
TEST_ASSERT( ecdsa_write_signature_det( &ctx, hash, sizeof( hash ),
|
||||
sig, &sig_len, md_alg ) == 0 );
|
||||
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
|
||||
sig, sig_len ) == 0 );
|
||||
|
||||
exit:
|
||||
ecdsa_free( &ctx );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
Loading…
Reference in a new issue