From 314adb6baa2cabf4244162da68c9733ece3afabc Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 10 Oct 2017 18:28:25 +0300
Subject: [PATCH] Address PR review comments

1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
---
 ChangeLog                  |   9 ++--
 include/mbedtls/config.h   |   4 +-
 library/ecdsa.c            | 105 +++++++++++++++++++------------------
 library/version_features.c |  12 +++--
 4 files changed, 71 insertions(+), 59 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 94eba4208..040632cf4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,10 +36,13 @@ Changes
    * Clarify ECDSA documentation and improve the sample code to avoid
      misunderstandings and potentially dangerous use of the API. Pointed out
      by Jean-Philippe Aumasson.
-   * Add support for alternative implementation for ECDSA, controlled by new
-     configuration flag MBEDTLS_ECDSA_ALT in config.h.
+
+Features
+   * Add support for alternative implementations for ECDSA, controlled by new
+     configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
+     MBEDTLS_ECDSDA_GENKEY_AT in config.h.
      The following functions from the ECDSA module can be replaced
-     with an alternative implementation:
+     with alternative implementation:
      mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
 
 = mbed TLS 2.5.0 branch released 2017-05-17
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 54dc2372d..7c06ec488 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -238,7 +238,6 @@
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
 //#define MBEDTLS_DES_ALT
-//#define MBEDTLS_ECDSA_ALT
 //#define MBEDTLS_XTEA_ALT
 //#define MBEDTLS_MD2_ALT
 //#define MBEDTLS_MD4_ALT
@@ -295,6 +294,9 @@
 //#define MBEDTLS_AES_SETKEY_DEC_ALT
 //#define MBEDTLS_AES_ENCRYPT_ALT
 //#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT
 
 /**
  * \def MBEDTLS_ECP_INTERNAL_ALT
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 804884bca..a241072c3 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -65,8 +65,7 @@ cleanup:
     return( ret );
 }
 
-#if !defined(MBEDTLS_ECDSA_ALT)
-
+#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
  * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
  * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
@@ -155,8 +154,47 @@ cleanup:
 
     return( ret );
 }
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
 
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/*
+ * Deterministic signature wrapper
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg )
+{
+    int ret;
+    mbedtls_hmac_drbg_context rng_ctx;
+    unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
+    size_t grp_len = ( grp->nbits + 7 ) / 8;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_mpi h;
 
+    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &h );
+    mbedtls_hmac_drbg_init( &rng_ctx );
+
+    /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
+    MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
+    mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
+
+    ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
+                      mbedtls_hmac_drbg_random, &rng_ctx );
+
+cleanup:
+    mbedtls_hmac_drbg_free( &rng_ctx );
+    mbedtls_mpi_free( &h );
+
+    return( ret );
+}
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
 /*
  * Verify ECDSA signature of hashed message (SEC1 4.1.4)
  * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
@@ -242,56 +280,7 @@ cleanup:
 
     return( ret );
 }
-
-/*
- * Generate key pair
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
-            mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
-}
-
-#endif /* MBEDTLS_ECDSA_ALT */
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/*
- * Deterministic signature wrapper
- */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                    mbedtls_md_type_t md_alg )
-{
-    int ret;
-    mbedtls_hmac_drbg_context rng_ctx;
-    unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
-    size_t grp_len = ( grp->nbits + 7 ) / 8;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_mpi h;
-
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &h );
-    mbedtls_hmac_drbg_init( &rng_ctx );
-
-    /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
-    mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
-
-    ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
-                      mbedtls_hmac_drbg_random, &rng_ctx );
-
-cleanup:
-    mbedtls_hmac_drbg_free( &rng_ctx );
-    mbedtls_mpi_free( &h );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
 
 /*
  * Convert a signature (given by context) to ASN.1
@@ -417,6 +406,18 @@ cleanup:
     return( ret );
 }
 
+#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
+/*
+ * Generate key pair
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
+            mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+}
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
+
 /*
  * Set context from an mbedtls_ecp_keypair
  */
diff --git a/library/version_features.c b/library/version_features.c
index df7f957fe..2629098a6 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -93,9 +93,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_DES_ALT)
     "MBEDTLS_DES_ALT",
 #endif /* MBEDTLS_DES_ALT */
-#if defined(MBEDTLS_ECDSA_ALT)
-    "MBEDTLS_ECDSA_ALT",
-#endif /* MBEDTLS_ECDSA_ALT */
 #if defined(MBEDTLS_XTEA_ALT)
     "MBEDTLS_XTEA_ALT",
 #endif /* MBEDTLS_XTEA_ALT */
@@ -165,6 +162,15 @@ static const char *features[] = {
 #if defined(MBEDTLS_AES_DECRYPT_ALT)
     "MBEDTLS_AES_DECRYPT_ALT",
 #endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+    "MBEDTLS_ECDSA_VERIFY_ALT",
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+    "MBEDTLS_ECDSA_SIGN_ALT",
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+    "MBEDTLS_ECDSA_GENKEY_ALT",
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
     "MBEDTLS_ECP_INTERNAL_ALT",
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */