From 67200b641ded39dd02c6c21e4a703d185ef752fe Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 12:11:35 +0200 Subject: [PATCH 1/7] ecc_sign+verify_hash_raw > ecc_sign+verify_hash_rfc7518 --- src/headers/tomcrypt_pk.h | 12 +-- src/pk/ecc/ecc_sign_hash.c | 151 +++++++++++++++++++---------------- src/pk/ecc/ecc_verify_hash.c | 135 +++++++++++++++---------------- 3 files changed, 154 insertions(+), 144 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index ed108cc..da3296e 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -314,17 +314,17 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, ecc_key *key); -int ecc_sign_hash_raw(const unsigned char *in, unsigned long inlen, - void *r, void *s, - prng_state *prng, int wprng, ecc_key *key); +int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key); int ecc_sign_hash(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, ecc_key *key); -int ecc_verify_hash_raw( void *r, void *s, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key); +int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key); int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c index 9896783..c408aee 100644 --- a/src/pk/ecc/ecc_sign_hash.c +++ b/src/pk/ecc/ecc_sign_hash.c @@ -7,43 +7,29 @@ * guarantee it works. */ -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ #include "tomcrypt.h" +#ifdef LTC_MECC + /** @file ecc_sign_hash.c ECC Crypto, Tom St Denis */ -#ifdef LTC_MECC - -/** - Sign a hash with ECC - @param in The hash to sign - @param inlen The length of the hash to sign - @param r The "r" integer of the signature (caller must initialize with mp_init() first) - @param s The "s" integer of the signature (caller must initialize with mp_init() first) - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param key A private ECC key - @return CRYPT_OK if successful -*/ -int ecc_sign_hash_raw(const unsigned char *in, unsigned long inlen, - void *r, void *s, - prng_state *prng, int wprng, ecc_key *key) +static int ecc_sign_hash_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key, int sigformat) { ecc_key pubkey; - void *e, *p; + void *r, *s, *e, *p; int err; + unsigned long pbits, pbytes, i, shift_right; + unsigned char ch, buf[MAXBLOCKSIZE]; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); /* is this a private key? */ if (key->type != PK_PRIVATE) { @@ -59,13 +45,30 @@ int ecc_sign_hash_raw(const unsigned char *in, unsigned long inlen, return err; } - /* get the hash and load it as a bignum into 'e' */ /* init the bignums */ - if ((err = mp_init_multi(&p, &e, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) { return err; } - if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } - if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto errnokey; } + if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } + + /* get the hash and load it as a bignum into 'e' */ + pbits = mp_count_bits(p); + pbytes = (pbits+7) >> 3; + if (pbits > inlen*8) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, inlen)) != CRYPT_OK) { goto errnokey; } + } + else if (pbits % 8 == 0) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, pbytes)) != CRYPT_OK) { goto errnokey; } + } + else { + shift_right = 8 - pbits % 8; + for (i=0, ch=0; i> shift_right); + } + if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto errnokey; } + } /* make up a key and export the public copy */ for (;;) { @@ -74,31 +77,47 @@ int ecc_sign_hash_raw(const unsigned char *in, unsigned long inlen, } /* find r = x1 mod n */ - if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } if (mp_iszero(r) == LTC_MP_YES) { ecc_free(&pubkey); } else { - /* find s = (e + xr)/k */ - if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */ - if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ - if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ - if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ - if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */ - ecc_free(&pubkey); - if (mp_iszero(s) == LTC_MP_NO) { - break; - } + /* find s = (e + xr)/k */ + if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */ + if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ + if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ + if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ + if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */ + ecc_free(&pubkey); + if (mp_iszero(s) == LTC_MP_NO) { + break; + } } } - err = CRYPT_OK; + if (sigformat == 1) { + /* RFC7518 format */ + if (*outlen < 2*pbytes) { err = CRYPT_MEM; goto errnokey; } + zeromem(out, 2*pbytes); + i = mp_unsigned_bin_size(r); + if ((err = mp_to_unsigned_bin(r, out + (pbytes - i))) != CRYPT_OK) { goto errnokey; } + i = mp_unsigned_bin_size(s); + if ((err = mp_to_unsigned_bin(s, out + (2*pbytes - i))) != CRYPT_OK) { goto errnokey; } + *outlen = 2*pbytes; + err = CRYPT_OK; + } + else { + /* store as ASN.1 SEQUENCE { r, s -- integer } */ + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, + LTC_ASN1_EOL, 0UL, NULL); + } goto errnokey; - error: ecc_free(&pubkey); errnokey: - mp_clear_multi(p, e, NULL); + mp_clear_multi(r, s, p, e, NULL); return err; } @@ -117,35 +136,29 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, ecc_key *key) { - void *r, *s; - int err; + return ecc_sign_hash_ex(in, inlen, out, outlen, prng, wprng, key, 0); +} - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - if ((err = ecc_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) { - goto error; - } - - /* store as SEQUENCE { r, s -- integer } */ - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL); - -error: - mp_clear_multi(r, s, NULL); - return err; +/** + Sign a message digest in RFC7518 format + @param in The message digest to sign + @param inlen The length of the digest + @param out [out] The destination for the signature + @param outlen [in/out] The max size and resulting size of the signature + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param key A private ECC key + @return CRYPT_OK if successful +*/ +int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key) +{ + return ecc_sign_hash_ex(in, inlen, out, outlen, prng, wprng, key, 1); } #endif + /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */ - diff --git a/src/pk/ecc/ecc_verify_hash.c b/src/pk/ecc/ecc_verify_hash.c index 80a2a62..d163f70 100644 --- a/src/pk/ecc/ecc_verify_hash.c +++ b/src/pk/ecc/ecc_verify_hash.c @@ -7,51 +7,27 @@ * guarantee it works. */ -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ #include "tomcrypt.h" +#ifdef LTC_MECC + /** @file ecc_verify_hash.c ECC Crypto, Tom St Denis */ -#ifdef LTC_MECC - -/* verify - * - * w = s^-1 mod n - * u1 = xw - * u2 = rw - * X = u1*G + u2*Q - * v = X_x1 mod n - * accept if v == r - */ - -/** - Verify a ECC signature - @param r ECC "r" parameter - @param s ECC "s" parameter - @param hash The hash that was signed - @param hashlen The length of the hash that was signed - @param stat [out] The result of the signature verification, 1==valid, 0==invalid - @param key The corresponding public DH key - @return CRYPT_OK if successful (even if the signature is invalid) -*/ -int ecc_verify_hash_raw( void *r, void *s, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key) +static int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key, int sigformat) { ecc_point *mG, *mQ; - void *v, *w, *u1, *u2, *e, *p, *m; - void *mp = NULL; + void *r, *s, *v, *w, *u1, *u2, *e, *p, *m; + void *mp; int err; + unsigned long pbits, pbytes, i, shift_right; + unsigned char ch, buf[MAXBLOCKSIZE]; - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); + LTC_ARGCHK(sig != NULL); LTC_ARGCHK(hash != NULL); LTC_ARGCHK(stat != NULL); LTC_ARGCHK(key != NULL); @@ -66,7 +42,7 @@ int ecc_verify_hash_raw( void *r, void *s, } /* allocate ints */ - if ((err = mp_init_multi(&v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) { return CRYPT_MEM; } @@ -78,6 +54,24 @@ int ecc_verify_hash_raw( void *r, void *s, goto error; } + if (sigformat == 1) { + /* RFC7518 format */ + if ((siglen % 2) == 1) { + err = CRYPT_INVALID_PACKET; + goto error; + } + i = siglen / 2; + if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; } + if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; } + } + else { + /* ASN.1 format */ + if ((err = der_decode_sequence_multi(sig, siglen, + LTC_ASN1_INTEGER, 1UL, r, + LTC_ASN1_INTEGER, 1UL, s, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } + } + /* get the order */ if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; } @@ -90,8 +84,24 @@ int ecc_verify_hash_raw( void *r, void *s, goto error; } - /* read hash */ - if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) != CRYPT_OK) { goto error; } + /* read hash - truncate if needed */ + pbits = mp_count_bits(p); + pbytes = (pbits+7) >> 3; + if (pbits > hashlen*8) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } + } + else if (pbits % 8 == 0) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, pbytes)) != CRYPT_OK) { goto error; } + } + else { + shift_right = 8 - pbits % 8; + for (i=0, ch=0; i> shift_right); + } + if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto error; } + } /* w = s^-1 mod n */ if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; } @@ -116,9 +126,6 @@ int ecc_verify_hash_raw( void *r, void *s, if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; } if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; } - /* find the montgomery mp */ - if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; } - /* add them */ if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; } @@ -142,7 +149,7 @@ int ecc_verify_hash_raw( void *r, void *s, error: ltc_ecc_del_point(mG); ltc_ecc_del_point(mQ); - mp_clear_multi(v, w, u1, u2, p, e, m, NULL); + mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL); if (mp != NULL) { mp_montgomery_free(mp); } @@ -159,42 +166,32 @@ error: @param key The corresponding public ECC key @return CRYPT_OK if successful (even if the signature is not valid) */ - int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, int *stat, ecc_key *key) { - void *r, *s; - int err; + return ecc_verify_hash_ex(sig, siglen, hash, hashlen, stat, key, 0); +} - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* allocate ints */ - if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* parse header */ - if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - - /* do the op */ - err = ecc_verify_hash_raw(r, s, hash, hashlen, stat, key); - -error: - mp_clear_multi(r, s, NULL); - return err; +/** + Verify an ECC signature in RFC7518 format + @param sig The signature to verify + @param siglen The length of the signature (octets) + @param hash The hash (message digest) that was signed + @param hashlen The length of the hash (octets) + @param stat Result of signature, 1==valid, 0==invalid + @param key The corresponding public ECC key + @return CRYPT_OK if successful (even if the signature is not valid) +*/ +int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key) +{ + return ecc_verify_hash_ex(sig, siglen, hash, hashlen, stat, key, 1); } #endif + /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */ - From a937f23821c2927bee9a90bfb454f88c4d009171 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 12:43:12 +0200 Subject: [PATCH 2/7] static functions name fix --- src/pk/ecc/ecc_sign_hash.c | 10 +++++----- src/pk/ecc/ecc_verify_hash.c | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c index c408aee..c62c774 100644 --- a/src/pk/ecc/ecc_sign_hash.c +++ b/src/pk/ecc/ecc_sign_hash.c @@ -16,9 +16,9 @@ ECC Crypto, Tom St Denis */ -static int ecc_sign_hash_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key, int sigformat) +static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key, int sigformat) { ecc_key pubkey; void *r, *s, *e, *p; @@ -136,7 +136,7 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, ecc_key *key) { - return ecc_sign_hash_ex(in, inlen, out, outlen, prng, wprng, key, 0); + return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0); } /** @@ -154,7 +154,7 @@ int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, prng_state *prng, int wprng, ecc_key *key) { - return ecc_sign_hash_ex(in, inlen, out, outlen, prng, wprng, key, 1); + return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1); } #endif diff --git a/src/pk/ecc/ecc_verify_hash.c b/src/pk/ecc/ecc_verify_hash.c index d163f70..eff1d14 100644 --- a/src/pk/ecc/ecc_verify_hash.c +++ b/src/pk/ecc/ecc_verify_hash.c @@ -16,9 +16,9 @@ ECC Crypto, Tom St Denis */ -static int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key, int sigformat) +static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key, int sigformat) { ecc_point *mG, *mQ; void *r, *s, *v, *w, *u1, *u2, *e, *p, *m; @@ -170,7 +170,7 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, int *stat, ecc_key *key) { - return ecc_verify_hash_ex(sig, siglen, hash, hashlen, stat, key, 0); + return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 0); } /** @@ -187,7 +187,7 @@ int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, int *stat, ecc_key *key) { - return ecc_verify_hash_ex(sig, siglen, hash, hashlen, stat, key, 1); + return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 1); } #endif From cdf04b6140d8ec229415814dcdd3ffdda40c73b0 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 13:01:22 +0200 Subject: [PATCH 3/7] fix mp_montgomery_setup --- src/pk/ecc/ecc_verify_hash.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/pk/ecc/ecc_verify_hash.c b/src/pk/ecc/ecc_verify_hash.c index eff1d14..af17758 100644 --- a/src/pk/ecc/ecc_verify_hash.c +++ b/src/pk/ecc/ecc_verify_hash.c @@ -126,6 +126,9 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; } if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; } + /* find the montgomery mp */ + if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; } + /* add them */ if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; } From fff832091f35ee481111e8bf1dca1ea7ffe1d0c0 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 13:25:06 +0200 Subject: [PATCH 4/7] ecc_sign_hash max_iterations --- src/pk/ecc/ecc_sign_hash.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c index c62c774..65d2a8c 100644 --- a/src/pk/ecc/ecc_sign_hash.c +++ b/src/pk/ecc/ecc_sign_hash.c @@ -22,7 +22,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, { ecc_key pubkey; void *r, *s, *e, *p; - int err; + int err, max_iterations = 20; unsigned long pbits, pbytes, i, shift_right; unsigned char ch, buf[MAXBLOCKSIZE]; @@ -71,7 +71,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, } /* make up a key and export the public copy */ - for (;;) { + do { if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) { goto errnokey; } @@ -93,6 +93,10 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, break; } } + } while (--max_iterations > 0); + + if (max_iterations == 0) { + goto errnokey; } if (sigformat == 1) { From 0c115a162dd0ac0e12358f771634f52d6505639d Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 13:26:52 +0200 Subject: [PATCH 5/7] whitespace --- src/pk/ecc/ecc_sign_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c index 65d2a8c..18e3875 100644 --- a/src/pk/ecc/ecc_sign_hash.c +++ b/src/pk/ecc/ecc_sign_hash.c @@ -96,7 +96,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, } while (--max_iterations > 0); if (max_iterations == 0) { - goto errnokey; + goto errnokey; } if (sigformat == 1) { From b8f22157b336eefc127998ec1368b86857f481f6 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 13:38:39 +0200 Subject: [PATCH 6/7] PK_MAX_RETRIES --- src/headers/tomcrypt_pk.h | 3 +++ src/pk/ecc/ecc_sign_hash.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index da3296e..aa00be1 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -17,6 +17,9 @@ enum { /* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */ #define PK_STD 0x1000 +/* iterations limit for retry-loops */ +#define PK_MAX_RETRIES 20 + int rand_prime(void *N, long len, prng_state *prng, int wprng); int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng); diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c index 18e3875..e97dcf4 100644 --- a/src/pk/ecc/ecc_sign_hash.c +++ b/src/pk/ecc/ecc_sign_hash.c @@ -22,7 +22,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, { ecc_key pubkey; void *r, *s, *e, *p; - int err, max_iterations = 20; + int err, max_iterations = PK_MAX_RETRIES; unsigned long pbits, pbytes, i, shift_right; unsigned char ch, buf[MAXBLOCKSIZE]; From ac02f7422b8c39c7783a8120399a7dadd772dc5c Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Wed, 21 Jun 2017 13:43:25 +0200 Subject: [PATCH 7/7] ecc_sign+verify_hash_rfc7518 tests --- tests/ecc_test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 7fb88d4..da981c3 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -230,6 +230,19 @@ int ecc_tests (void) fprintf(stderr, "ecc_verify_hash failed %d, %d, ", stat, stat2); return 1; } + /* test sign_hash_rfc7518 */ + for (ch = 0; ch < 16; ch++) { + buf[0][ch] = ch; + } + x = sizeof (buf[1]); + DO(ecc_sign_hash_rfc7518(buf[0], 16, buf[1], &x, &yarrow_prng, find_prng ("yarrow"), &privKey)); + DO(ecc_verify_hash_rfc7518(buf[1], x, buf[0], 16, &stat, &pubKey)); + buf[0][0] ^= 1; + DO(ecc_verify_hash_rfc7518(buf[1], x, buf[0], 16, &stat2, &privKey)); + if (!(stat == 1 && stat2 == 0)) { + fprintf(stderr, "ecc_verify_hash_rfc7518 failed %d, %d, ", stat, stat2); + return 1; + } ecc_free (&usera); ecc_free (&pubKey); ecc_free (&privKey);