From 7845fc06c9ce22381bc1ba9eb823e4c55fb424cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 27 Jan 2014 14:24:03 +0100 Subject: [PATCH] Use new HMAC_DRBG module for deterministic ECDSA --- include/polarssl/config.h | 4 +- library/ecdsa.c | 97 ++------------------------------------- 2 files changed, 5 insertions(+), 96 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index a124720b7..7b08bbcc6 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -290,7 +290,7 @@ * may result in a compromise of the long-term signing key. This is avoided by * the deterministic variant. * - * Requires: POLARSSL_MD_C + * Requires: POLARSSL_HMAC_DRBG_C * * Comment this macro to disable deterministic ECDSA. */ @@ -1976,7 +1976,7 @@ #error "POLARSSL_ECDSA_C defined, but not all prerequisites" #endif -#if defined(POLARSSL_ECDSA_DETERMINISTIC) && !defined(POLARSSL_MD_C) +#if defined(POLARSSL_ECDSA_DETERMINISTIC) && !defined(POLARSSL_HMAC_DRBG_C) #error "POLARSSL_ECDSA_DETERMINISTIC defined, but not all prerequisites" #endif diff --git a/library/ecdsa.c b/library/ecdsa.c index b208755f0..92f6eef1e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,101 +37,10 @@ #include "polarssl/asn1write.h" #if defined(POLARSSL_ECDSA_DETERMINISTIC) -/* - * Simplified HMAC_DRBG context. - * No reseed counter, no prediction resistance flag. - */ -typedef struct -{ - md_context_t md_ctx; - unsigned char V[POLARSSL_MD_MAX_SIZE]; - unsigned char K[POLARSSL_MD_MAX_SIZE]; -} hmac_drbg_context; - -/* - * Simplified HMAC_DRBG update, using optional additional data - */ -static void hmac_drbg_update( hmac_drbg_context *ctx, - const unsigned char *data, size_t data_len ) -{ - size_t md_len = ctx->md_ctx.md_info->size; - unsigned char rounds = ( data != NULL && data_len != 0 ) ? 2 : 1; - unsigned char sep[1]; - - for( sep[0] = 0; sep[0] < rounds; sep[0]++ ) - { - md_hmac_starts( &ctx->md_ctx, ctx->K, md_len ); - md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); - md_hmac_update( &ctx->md_ctx, sep, 1 ); - if( rounds == 2 ) - md_hmac_update( &ctx->md_ctx, data, data_len ); - md_hmac_finish( &ctx->md_ctx, ctx->K ); - - md_hmac_starts( &ctx->md_ctx, ctx->K, md_len ); - md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); - md_hmac_finish( &ctx->md_ctx, ctx->V ); - } -} - -/* - * Simplified HMAC_DRBG initialisation. - * - * Uses an entropy buffer rather than callback, - * assume personalisation string is included in entropy buffer, - * assumes md_info is not NULL and valid. - */ -static void hmac_drbg_init( hmac_drbg_context *ctx, - const md_info_t * md_info, - const unsigned char *data, size_t data_len ) -{ - memset( ctx, 0, sizeof( hmac_drbg_context ) ); - md_init_ctx( &ctx->md_ctx, md_info ); - - memset( ctx->V, 0x01, md_info->size ); - /* ctx->K is already 0 */ - - hmac_drbg_update( ctx, data, data_len ); -} - -/* - * Simplified HMAC_DRBG random function - */ -static int hmac_drbg_random( void *state, - unsigned char *output, size_t out_len ) -{ - hmac_drbg_context *ctx = (hmac_drbg_context *) state; - size_t md_len = ctx->md_ctx.md_info->size; - size_t left = out_len; - unsigned char *out = output; - - while( left != 0 ) - { - size_t use_len = left > md_len ? md_len : left; - - md_hmac_starts( &ctx->md_ctx, ctx->K, md_len ); - md_hmac_update( &ctx->md_ctx, ctx->V, md_len ); - md_hmac_finish( &ctx->md_ctx, ctx->V ); - - memcpy( out, ctx->V, use_len ); - out += use_len; - left -= use_len; - } - - hmac_drbg_update( ctx, NULL, 0 ); - - return( 0 ); -} - -static void hmac_drbg_free( hmac_drbg_context *ctx ) -{ - if( ctx == NULL ) - return; - - md_free_ctx( &ctx->md_ctx ); - - memset( ctx, 0, sizeof( hmac_drbg_context ) ); -} +#include "polarssl/hmac_drbg.h" +#endif +#if defined(POLARSSL_ECDSA_DETERMINISTIC) /* * This a hopefully temporary compatibility function. *