Commit dfdcac9d authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Merge ecdsa_write_signature{,_det}() together

parent 63e93190
......@@ -6,6 +6,8 @@ Features
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
* ecdsa_write_signature() gained an addtional md_alg argument and
ecdsa_write_signature_det() was deprecated.
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
......
......@@ -133,7 +133,11 @@ int ecdsa_verify( ecp_group *grp,
* serialized as defined in RFC 4492 page 20.
* (Not thread-safe to use same context in multiple threads)
*
* \note The deterministice version (RFC 6979) is used if
* POLARSSL_ECDSA_DETERMINISTIC is defined.
*
* \param ctx ECDSA context
* \param md_alg Algorithm that was used to hash the message
* \param hash Message hash
* \param hlen Length of hash
* \param sig Buffer that will hold the signature
......@@ -149,19 +153,27 @@ int ecdsa_verify( ecp_group *grp,
* or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
* POLARSSL_ERR_ASN1 error code
*/
int ecdsa_write_signature( ecdsa_context *ctx,
int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
#if ! defined(POLARSSL_DEPRECATED_REMOVED)
#if defined(POLARSSL_DEPRECATED_WARNING)
#define DEPRECATED __attribute__((deprecated))
#else
#define DEPRECATED
#endif
/**
* \brief Compute ECDSA signature and write it to buffer,
* serialized as defined in RFC 4492 page 20.
* Deterministic version, RFC 6979.
* (Not thread-safe to use same context in multiple threads)
*
* \deprecated Superseded by ecdsa_write_signature() in 2.0.0
*
* \param ctx ECDSA context
* \param hash Message hash
* \param hlen Length of hash
......@@ -180,7 +192,9 @@ int ecdsa_write_signature( ecdsa_context *ctx,
int ecdsa_write_signature_det( ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
md_type_t md_alg );
md_type_t md_alg ) DEPRECATED;
#undef DEPRECATED
#endif /* POLARSSL_DEPRECATED_REMOVED */
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
/**
......
......@@ -308,7 +308,7 @@ static int ecdsa_signature_to_asn1( ecdsa_context *ctx,
/*
* Compute and write signature
*/
int ecdsa_write_signature( ecdsa_context *ctx,
int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
......@@ -316,35 +316,34 @@ int ecdsa_write_signature( ecdsa_context *ctx,
{
int ret;
if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
hash, hlen, f_rng, p_rng ) ) != 0 )
{
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
(void) f_rng;
(void) p_rng;
ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
hash, hlen, md_alg );
#else
(void) md_alg;
ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
hash, hlen, f_rng, p_rng );
#endif
if( ret != 0 )
return( ret );
}
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
}
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
/*
* Compute and write signature deterministically
*/
#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int ecdsa_write_signature_det( ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
md_type_t md_alg )
{
int ret;
if( ( ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
hash, hlen, md_alg ) ) != 0 )
{
return( ret );
}
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
return( ecdsa_write_signature( ctx, md_ald, hash, hlen, sig, siglen,
NULL, NULL ) );
}
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
#endif
/*
* Read and check signature
......
......@@ -341,19 +341,8 @@ static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
/* Use deterministic ECDSA by default if available */
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
((void) f_rng);
((void) p_rng);
return( ecdsa_write_signature_det( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len, md_alg ) );
#else
((void) md_alg);
return( ecdsa_write_signature( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len, f_rng, p_rng ) );
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
}
static void *ecdsa_alloc_wrap( void )
......
......@@ -250,26 +250,3 @@ ECDSA deterministic test vector rfc 6979 p521 sha512
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
ecdsa_det_test_vectors:POLARSSL_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":POLARSSL_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
ECDSA deterministic read-write random p256 sha256
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA256
ECDSA deterministic read-write random p256 sha384
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA512_C
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA384
ECDSA deterministic read-write random p384 sha256
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA256_C
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA256
ECDSA deterministic read-write random p384 sha384
depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA512_C
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA384
ECDSA deterministic read-write random p521 sha256
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA256_C
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA256
ECDSA deterministic read-write random p521 sha384
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA384
......@@ -132,12 +132,12 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */
void ecdsa_write_read_random( int id )
{
ecdsa_context ctx;
rnd_pseudo_info rnd_info;
unsigned char hash[66];
unsigned char hash[32];
unsigned char sig[200];
size_t sig_len, i;
......@@ -153,7 +153,8 @@ void ecdsa_write_read_random( int id )
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
/* generate and write signature, then read and verify it */
TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ),
TEST_ASSERT( ecdsa_write_signature( &ctx, POLARSSL_MD_SHA256,
hash, sizeof( hash ),
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
......@@ -191,35 +192,3 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */
void ecdsa_write_read_det_random( int id, int md_alg )
{
ecdsa_context ctx;
rnd_pseudo_info rnd_info;
unsigned char msg[100];
unsigned char hash[POLARSSL_MD_MAX_SIZE];
unsigned char sig[200];
size_t sig_len;
ecdsa_init( &ctx );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
memset( hash, 0, sizeof( hash ) );
memset( sig, 0x2a, sizeof( sig ) );
/* prepare material for signature */
TEST_ASSERT( rnd_pseudo_rand( &rnd_info, msg, sizeof( msg ) ) == 0 );
md( md_info_from_type( md_alg ), msg, sizeof( msg ), hash );
/* generate signing key */
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
/* generate and write signature, then read and verify it */
TEST_ASSERT( ecdsa_write_signature_det( &ctx, hash, sizeof( hash ),
sig, &sig_len, md_alg ) == 0 );
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
exit:
ecdsa_free( &ctx );
}
/* END_CASE */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment