32 #if !defined(POLARSSL_CONFIG_FILE)
35 #include POLARSSL_CONFIG_FILE
38 #if defined(POLARSSL_ECDSA_C)
43 #if defined(POLARSSL_ECDSA_DETERMINISTIC)
47 #if defined(POLARSSL_ECDSA_DETERMINISTIC)
56 static const md_info_t *md_info_by_size(
size_t min_size )
58 const md_info_t *md_cur, *md_picked = NULL;
61 for( md_alg =
md_list(); *md_alg != 0; md_alg++ )
64 (
size_t) md_cur->
size < min_size ||
65 ( md_picked != NULL && md_cur->
size > md_picked->
size ) )
80 const unsigned char *buf,
size_t blen )
83 size_t n_size = (grp->
nbits + 7) / 8;
84 size_t use_size = blen > n_size ? n_size : blen;
87 if( use_size * 8 > grp->
nbits )
103 const mpi *d,
const unsigned char *buf,
size_t blen,
104 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
106 int ret, key_tries, sign_tries, blind_tries;
111 if( grp->
N.
p == NULL )
130 if( key_tries++ > 10 )
141 MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
150 size_t n_size = (grp->
nbits + 7) / 8;
155 if( ++blind_tries > 30 )
172 if( sign_tries++ > 10 )
187 #if defined(POLARSSL_ECDSA_DETERMINISTIC)
192 const mpi *d,
const unsigned char *buf,
size_t blen,
198 size_t grp_len = ( grp->
nbits + 7 ) / 8;
204 md_info = md_info_by_size( blen );
208 if( md_info == NULL )
216 MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
236 const unsigned char *buf,
size_t blen,
240 mpi e, s_inv, u1, u2;
247 if( grp->
N.
p == NULL )
268 MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
333 #if POLARSSL_ECP_MAX_BYTES > 124
334 #error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
336 #define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
342 unsigned char *sig,
size_t *slen )
345 unsigned char buf[MAX_SIG_LEN];
346 unsigned char *p = buf +
sizeof( buf );
356 memcpy( sig, p, len );
366 const unsigned char *hash,
size_t hlen,
367 unsigned char *sig,
size_t *slen,
368 int (*f_rng)(
void *,
unsigned char *,
size_t),
374 hash, hlen, f_rng, p_rng ) ) != 0 )
379 return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
382 #if defined(POLARSSL_ECDSA_DETERMINISTIC)
387 const unsigned char *hash,
size_t hlen,
388 unsigned char *sig,
size_t *slen,
394 hash, hlen, md_alg ) ) != 0 )
399 return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
407 const unsigned char *hash,
size_t hlen,
408 const unsigned char *sig,
size_t slen )
411 unsigned char *p = (
unsigned char *) sig;
412 const unsigned char *end = sig + slen;
430 &ctx->
Q, &ctx->
r, &ctx->
s ) ) != 0 )
443 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
457 ( ret =
mpi_copy( &ctx->
d, &key->
d ) ) != 0 ||
490 #if defined(POLARSSL_SELF_TEST)
int mpi_cmp_int(const mpi *X, t_sint z)
Compare signed values.
int ecdsa_from_keypair(ecdsa_context *ctx, const ecp_keypair *key)
Set an ECDSA context from an EC key pair.
int ecdsa_verify(ecp_group *grp, const unsigned char *buf, size_t blen, const ecp_point *Q, const mpi *r, const mpi *s)
Verify ECDSA signature of a previously hashed message.
#define POLARSSL_ERR_ECP_BAD_INPUT_DATA
Bad input parameters to function.
int ecp_group_copy(ecp_group *dst, const ecp_group *src)
Copy the contents of a group object.
int hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
HMAC_DRBG generate random.
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int mpi_fill_random(mpi *X, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Fill an MPI X with size bytes of random.
int ecdsa_write_signature(ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20...
int ecdsa_sign(ecp_group *grp, mpi *r, mpi *s, const mpi *d, const unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Compute ECDSA signature of a previously hashed message.
Configuration options (set of defines)
int ecdsa_self_test(int verbose)
Checkup routine.
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
void mpi_init(mpi *X)
Initialize one MPI.
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
int mpi_shift_r(mpi *X, size_t count)
Right-shift: X >>= count.
int asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
Write a length field in ASN.1 format Note: function works backwards in data buffer.
int mpi_add_mpi(mpi *X, const mpi *A, const mpi *B)
Signed addition: X = A + B.
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
#define POLARSSL_ERR_ECP_VERIFY_FAILED
The signature is not valid.
ECP point structure (jacobian coordinates)
int ecp_is_zero(ecp_point *pt)
Tell if a point is zero.
void ecp_point_init(ecp_point *pt)
Initialize a point (as zero)
void hmac_drbg_free(hmac_drbg_context *ctx)
Free an HMAC_DRBG context.
int mpi_inv_mod(mpi *X, const mpi *A, const mpi *N)
Modular inverse: X = A^-1 mod N.
void mpi_free(mpi *X)
Unallocate one MPI.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
int ecdsa_read_signature(ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen)
Read and verify an ECDSA signature.
void ecdsa_init(ecdsa_context *ctx)
Initialize context.
int ecp_gen_keypair(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
const int * md_list(void)
Returns the list of digests supported by the generic digest module.
#define POLARSSL_ECP_MAX_BYTES
int asn1_write_mpi(unsigned char **p, unsigned char *start, mpi *X)
Write a big number (ASN1_INTEGER) in ASN.1 format Note: function works backwards in data buffer...
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int ecp_copy(ecp_point *P, const ecp_point *Q)
Copy the contents of point Q into P.
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
#define ASN1_CHK_ADD(g, f)
int ecdsa_genkey(ecdsa_context *ctx, ecp_group_id gid, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate an ECDSA keypair on the given curve.
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
#define POLARSSL_ERR_ECP_RANDOM_FAILED
Generation of random value, such as (ephemeral) key, failed.
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
int mpi_mod_mpi(mpi *R, const mpi *A, const mpi *B)
Modulo: R = A mod B.
int ecdsa_sign_det(ecp_group *grp, mpi *r, mpi *s, const mpi *d, const unsigned char *buf, size_t blen, md_type_t md_alg)
Compute ECDSA signature of a previously hashed message (deterministic version)
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int mpi_write_binary(const mpi *X, unsigned char *buf, size_t buflen)
Export X into unsigned binary data, big endian.
int hmac_drbg_init_buf(hmac_drbg_context *ctx, const md_info_t *md_info, const unsigned char *data, size_t data_len)
Initilisation of simpified HMAC_DRBG (never reseeds).
void ecdsa_free(ecdsa_context *ctx)
Free context.
ASN.1 buffer writing functionality.
int size
Output length of the digest function.
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
int ecp_add(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Addition: R = P + Q.
int asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
Write a ASN.1 tag in ASN.1 format Note: function works backwards in data buffer.
int mpi_mul_mpi(mpi *X, const mpi *A, const mpi *B)
Baseline multiplication: X = A * B.
int mpi_sub_mpi(mpi *X, const mpi *A, const mpi *B)
Signed subtraction: X = A - B.
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
Message digest information.
int ecdsa_write_signature_det(ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, md_type_t md_alg)
Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20...
#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH
Signature is valid but shorter than the user-supplied length.
HMAC_DRBG (NIST SP 800-90A)
void ecp_point_free(ecp_point *pt)
Free the components of a point.