From: Dr. Stephen Henson Date: Tue, 27 Oct 2015 18:19:32 +0000 (+0000) Subject: adapt ossl_ecdsa.c to crypto/ec X-Git-Tag: OpenSSL_1_1_0-pre1~54 X-Git-Url: https://git.openssl.org/?a=commitdiff_plain;h=6a47db450201dd7f6418be8177a6cfe5ffde3499;p=openssl.git adapt ossl_ecdsa.c to crypto/ec Reviewed-by: Richard Levitte --- diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index bff80f9e11..08e10f773f 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -1,4 +1,4 @@ -/* crypto/ecdsa/ecs_ossl.c */ +/* crypto/ec/ecdsa_ossl.c */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -56,42 +56,12 @@ * */ -#include "ecs_locl.h" #include #include #include #include - -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, - const BIGNUM *, const BIGNUM *, - EC_KEY *eckey); -static int ecdsa_sign_setup_no_digest(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp); -static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp, const unsigned char *dgst, int dlen); -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - -static ECDSA_METHOD openssl_ecdsa_meth = { - "OpenSSL ECDSA method", - ecdsa_do_sign, - ecdsa_sign_setup_no_digest, - ecdsa_do_verify, - ECDSA_FLAG_FIPS_METHOD, /* flags */ - NULL /* app_data */ -}; - -const ECDSA_METHOD *ECDSA_OpenSSL(void) -{ - return &openssl_ecdsa_meth; -} - -static int ecdsa_sign_setup_no_digest(EC_KEY *eckey, - BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) -{ - return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); -} +#include +#include "ec_lcl.h" static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp, @@ -104,13 +74,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, int ret = 0; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); return 0; } } else @@ -121,15 +91,15 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, order = BN_new(); X = BN_new(); if (k == NULL || r == NULL || order == NULL || X == NULL) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); goto err; } if ((tmp_point = EC_POINT_new(group)) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } @@ -140,14 +110,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, - ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + ECerr(EC_F_ECDSA_SIGN_SETUP, + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } else { if (!BN_rand_range(k, order)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, - ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + ECerr(EC_F_ECDSA_SIGN_SETUP, + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } @@ -166,14 +136,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp (group, tmp_point, X, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } } @@ -183,13 +153,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } } #endif if (!BN_nnmod(r, X, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } } @@ -202,22 +172,22 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, * order must be prime and use Fermats Little Theorem instead. */ if (!BN_set_word(X, 2)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } if (!BN_mod_sub(X, order, X, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } BN_set_flags(X, BN_FLG_CONSTTIME); if (!BN_mod_exp_mont_consttime (k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } } else { if (!BN_mod_inverse(k, k, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } } @@ -242,9 +212,15 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, return (ret); } -static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey) +int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) +{ + return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); +} + +ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey) { int ok = 0, i; BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; @@ -252,33 +228,31 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, BN_CTX *ctx = NULL; const EC_GROUP *group; ECDSA_SIG *ret; - ECDSA_DATA *ecdsa; const BIGNUM *priv_key; - ecdsa = ecdsa_check(eckey); group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); - if (group == NULL || priv_key == NULL || ecdsa == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); + if (group == NULL || priv_key == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER); return NULL; } ret = ECDSA_SIG_new(); if (ret == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); return NULL; } s = ret->s; if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB); goto err; } i = BN_num_bits(order); @@ -288,39 +262,39 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, if (8 * dgst_len > i) dgst_len = (i + 7) / 8; if (!BN_bin2bn(dgst, dgst_len, m)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } /* If still too long truncate remaining bits with a shift */ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } do { if (in_kinv == NULL || in_r == NULL) { if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB); goto err; } ckinv = kinv; } else { ckinv = in_kinv; if (BN_copy(ret->r, in_r) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } } if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } if (!BN_mod_add_quick(s, tmp, m, order)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } if (!BN_mod_mul(s, s, ckinv, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } if (BN_is_zero(s)) { @@ -329,8 +303,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, * generate new kinv and r values */ if (in_kinv != NULL && in_r != NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, - ECDSA_R_NEED_NEW_SETUP_VALUES); + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); goto err; } } else @@ -353,8 +326,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, return ret; } -static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) +int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) { int ret = -1, i; BN_CTX *ctx; @@ -366,13 +339,13 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS); return -1; } ctx = BN_CTX_new(); if (ctx == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE); return -1; } BN_CTX_start(ctx); @@ -382,25 +355,25 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, m = BN_CTX_get(ctx); X = BN_CTX_get(ctx); if (!X) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); goto err; } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE); ret = 0; /* signature is invalid */ goto err; } /* calculate tmp1 = inv(S) mod order */ if (!BN_mod_inverse(u2, sig->s, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } /* digest -> m */ @@ -411,37 +384,37 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, if (8 * dgst_len > i) dgst_len = (i + 7) / 8; if (!BN_bin2bn(dgst, dgst_len, m)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } /* If still too long truncate remaining bits with a shift */ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } /* u1 = m * tmp mod order */ if (!BN_mod_mul(u1, m, u2, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } /* u2 = r * w mod q */ if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } if ((point = EC_POINT_new(group)) == NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); goto err; } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); goto err; } } @@ -449,13 +422,13 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, else { /* NID_X9_62_characteristic_two_field */ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); goto err; } } #endif if (!BN_nnmod(u1, X, order, ctx)) { - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } /* if the signature is correct u1 is equal to sig->r */