generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Top level ECDSA sign/verify redirection.

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-10-28 16:57:51 +00:00
parent 7d711cbc33
commit a200a817ad
5 changed files with 73 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/ec/ec_kmeth.c
View File

@ -66,8 +66,10 @@ static const EC_KEY_METHOD openssl_ec_key_method = {
0,0,0,0,0,0, 0,0,0,0,0,0,
ossl_ec_key_gen, ossl_ec_key_gen,
ossl_ecdh_compute_key, ossl_ecdh_compute_key,
ossl_ecdsa_sign,
ossl_ecdsa_sign_setup, ossl_ecdsa_sign_setup,
ossl_ecdsa_sign_sig, ossl_ecdsa_sign_sig,
ossl_ecdsa_verify,
ossl_ecdsa_verify_sig ossl_ecdsa_verify_sig
}; };

11
crypto/ec/ec_lcl.h
View File

@ -572,11 +572,17 @@ struct ec_key_method_st {
void *(*KDF) (const void *in, size_t inlen, void *(*KDF) (const void *in, size_t inlen,
void *out, size_t *outlen)); void *out, size_t *outlen));
int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
*sig, unsigned int *siglen, const BIGNUM *kinv,
const BIGNUM *r, EC_KEY *eckey);
int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp); BIGNUM **rp);
ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
const BIGNUM *in_kinv, const BIGNUM *in_r, const BIGNUM *in_kinv, const BIGNUM *in_r,
EC_KEY *eckey); EC_KEY *eckey);
int (*verify)(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
int (*verify_sig)(const unsigned char *dgst, int dgst_len, int (*verify_sig)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey); const ECDSA_SIG *sig, EC_KEY *eckey);
} /* EC_KEY_METHOD */ ; } /* EC_KEY_METHOD */ ;
@ -596,8 +602,13 @@ struct ECDSA_SIG_st {
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp); BIGNUM **rp);
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
const BIGNUM *in_kinv, const BIGNUM *in_r, const BIGNUM *in_kinv, const BIGNUM *in_r,
EC_KEY *eckey); EC_KEY *eckey);
int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey); const ECDSA_SIG *sig, EC_KEY *eckey);

48
crypto/ec/ecdsa_ossl.c
View File

@ -56,6 +56,7 @@
* *
*/ */
#include <string.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/obj_mac.h> #include <openssl/obj_mac.h>
#include <openssl/bn.h> #include <openssl/bn.h>
@ -63,6 +64,22 @@
#include <openssl/ec.h> #include <openssl/ec.h>
#include "ec_lcl.h" #include "ec_lcl.h"
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
{
ECDSA_SIG *s;
RAND_seed(dgst, dlen);
s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
if (s == NULL) {
*siglen = 0;
return 0;
}
*siglen = i2d_ECDSA_SIG(s, &sig);
ECDSA_SIG_free(s);
return 1;
}
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
BIGNUM **kinvp, BIGNUM **rp, BIGNUM **kinvp, BIGNUM **rp,
const unsigned char *dgst, int dlen) const unsigned char *dgst, int dlen)
@ -326,6 +343,37 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
return ret; return ret;
} }
/*-
* returns
* 1: correct signature
* 0: incorrect signature
* -1: error
*/
int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
const unsigned char *p = sigbuf;
unsigned char *der = NULL;
int derlen = -1;
int ret = -1;
s = ECDSA_SIG_new();
if (s == NULL)
return (ret);
if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
goto err;
/* Ensure signature uses DER and doesn't have trailing garbage */
derlen = i2d_ECDSA_SIG(s, &der);
if (derlen != sig_len || memcmp(sigbuf, der, derlen))
goto err;
ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
OPENSSL_clear_free(der, derlen);
ECDSA_SIG_free(s);
return (ret);
}
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey) const ECDSA_SIG *sig, EC_KEY *eckey)
{ {

18
crypto/ec/ecdsa_sign.c
View File

@ -82,20 +82,14 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
} }
int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen,
*sig, unsigned int *siglen, const BIGNUM *kinv, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
const BIGNUM *r, EC_KEY *eckey) const BIGNUM *r, EC_KEY *eckey)
{ {
ECDSA_SIG *s; if (eckey->meth->sign)
RAND_seed(dgst, dlen); return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey);
s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); ECerr(EC_F_ECDSA_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
if (s == NULL) { return 0;
*siglen = 0;
return 0;
}
*siglen = i2d_ECDSA_SIG(s, &sig);
ECDSA_SIG_free(s);
return 1;
} }
int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,

26
crypto/ec/ecdsa_vrf.c
View File

@ -88,24 +88,10 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{ {
ECDSA_SIG *s; if (eckey->meth->verify)
const unsigned char *p = sigbuf; return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
unsigned char *der = NULL; eckey);
int derlen = -1; ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
int ret = -1; return 0;
return 0;
s = ECDSA_SIG_new();
if (s == NULL)
return (ret);
if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
goto err;
/* Ensure signature uses DER and doesn't have trailing garbage */
derlen = i2d_ECDSA_SIG(s, &der);
if (derlen != sig_len || memcmp(sigbuf, der, derlen))
goto err;
ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
OPENSSL_clear_free(der, derlen);
ECDSA_SIG_free(s);
return (ret);
} }