mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification: Clarify the use of ECDSA API
This commit is contained in:
commit
c44c3c288d
|
@ -27,6 +27,9 @@ Bugfix
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Send fatal alerts in many more cases instead of dropping the connection.
|
* Send fatal alerts in many more cases instead of dropping the connection.
|
||||||
|
* Clarify ECDSA documentation and improve the sample code to avoid
|
||||||
|
misunderstandings and potentially dangerous use of the API. Pointed out
|
||||||
|
by Jean-Philippe Aumasson.
|
||||||
|
|
||||||
= mbed TLS 2.5.0 branch released 2017-05-17
|
= mbed TLS 2.5.0 branch released 2017-05-17
|
||||||
|
|
||||||
|
|
|
@ -69,6 +69,10 @@ extern "C" {
|
||||||
* \param f_rng RNG function
|
* \param f_rng RNG function
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
*
|
*
|
||||||
|
* \note If the bitlength of the message hash is larger than the
|
||||||
|
* bitlength of the group order, then the hash is truncated as
|
||||||
|
* prescribed by SEC1 4.1.3 step 5.
|
||||||
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||||
*/
|
*/
|
||||||
|
@ -89,6 +93,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||||
* \param blen Length of buf
|
* \param blen Length of buf
|
||||||
* \param md_alg MD algorithm used to hash the message
|
* \param md_alg MD algorithm used to hash the message
|
||||||
*
|
*
|
||||||
|
* \note If the bitlength of the message hash is larger than the
|
||||||
|
* bitlength of the group order, then the hash is truncated as
|
||||||
|
* prescribed by SEC1 4.1.3 step 5.
|
||||||
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||||
*/
|
*/
|
||||||
|
@ -107,6 +115,10 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
||||||
* \param r First integer of the signature
|
* \param r First integer of the signature
|
||||||
* \param s Second integer of the signature
|
* \param s Second integer of the signature
|
||||||
*
|
*
|
||||||
|
* \note If the bitlength of the message hash is larger than the
|
||||||
|
* bitlength of the group order, then the hash is truncated as
|
||||||
|
* prescribed by SEC1 4.1.4 step 3.
|
||||||
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
|
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
|
||||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||||
|
@ -120,7 +132,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||||
* serialized as defined in RFC 4492 page 20.
|
* serialized as defined in RFC 4492 page 20.
|
||||||
* (Not thread-safe to use same context in multiple threads)
|
* (Not thread-safe to use same context in multiple threads)
|
||||||
*
|
*
|
||||||
* \note The deterministice version (RFC 6979) is used if
|
* \note The deterministic version (RFC 6979) is used if
|
||||||
* MBEDTLS_ECDSA_DETERMINISTIC is defined.
|
* MBEDTLS_ECDSA_DETERMINISTIC is defined.
|
||||||
*
|
*
|
||||||
* \param ctx ECDSA context
|
* \param ctx ECDSA context
|
||||||
|
@ -136,6 +148,10 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||||
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
||||||
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||||
*
|
*
|
||||||
|
* \note If the bitlength of the message hash is larger than the
|
||||||
|
* bitlength of the group order, then the hash is truncated as
|
||||||
|
* prescribed by SEC1 4.1.3 step 5.
|
||||||
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
||||||
* MBEDTLS_ERR_ASN1_XXX error code
|
* MBEDTLS_ERR_ASN1_XXX error code
|
||||||
|
@ -172,6 +188,10 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
||||||
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
|
||||||
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
|
||||||
*
|
*
|
||||||
|
* \note If the bitlength of the message hash is larger than the
|
||||||
|
* bitlength of the group order, then the hash is truncated as
|
||||||
|
* prescribed by SEC1 4.1.3 step 5.
|
||||||
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
|
||||||
* MBEDTLS_ERR_ASN1_XXX error code
|
* MBEDTLS_ERR_ASN1_XXX error code
|
||||||
|
@ -193,6 +213,10 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||||
* \param sig Signature to read and verify
|
* \param sig Signature to read and verify
|
||||||
* \param slen Size of sig
|
* \param slen Size of sig
|
||||||
*
|
*
|
||||||
|
* \note If the bitlength of the message hash is larger than the
|
||||||
|
* bitlength of the group order, then the hash is truncated as
|
||||||
|
* prescribed by SEC1 4.1.4 step 3.
|
||||||
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||||
* MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
|
* MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
|
||||||
|
|
|
@ -37,6 +37,7 @@
|
||||||
#include "mbedtls/entropy.h"
|
#include "mbedtls/entropy.h"
|
||||||
#include "mbedtls/ctr_drbg.h"
|
#include "mbedtls/ctr_drbg.h"
|
||||||
#include "mbedtls/ecdsa.h"
|
#include "mbedtls/ecdsa.h"
|
||||||
|
#include "mbedtls/sha256.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#endif
|
#endif
|
||||||
|
@ -101,8 +102,10 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ecdsa_context ctx_sign, ctx_verify;
|
mbedtls_ecdsa_context ctx_sign, ctx_verify;
|
||||||
mbedtls_entropy_context entropy;
|
mbedtls_entropy_context entropy;
|
||||||
mbedtls_ctr_drbg_context ctr_drbg;
|
mbedtls_ctr_drbg_context ctr_drbg;
|
||||||
unsigned char hash[] = "This should be the hash of a message.";
|
mbedtls_sha256_context sha256_ctx;
|
||||||
unsigned char sig[512];
|
unsigned char message[100];
|
||||||
|
unsigned char hash[32];
|
||||||
|
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
|
||||||
size_t sig_len;
|
size_t sig_len;
|
||||||
const char *pers = "ecdsa";
|
const char *pers = "ecdsa";
|
||||||
((void) argv);
|
((void) argv);
|
||||||
|
@ -110,8 +113,10 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ecdsa_init( &ctx_sign );
|
mbedtls_ecdsa_init( &ctx_sign );
|
||||||
mbedtls_ecdsa_init( &ctx_verify );
|
mbedtls_ecdsa_init( &ctx_verify );
|
||||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||||
|
mbedtls_sha256_init( &sha256_ctx );
|
||||||
|
|
||||||
memset(sig, 0, sizeof( sig ) );
|
memset( sig, 0, sizeof( sig ) );
|
||||||
|
memset( message, 0x25, sizeof( message ) );
|
||||||
ret = 1;
|
ret = 1;
|
||||||
|
|
||||||
if( argc != 1 )
|
if( argc != 1 )
|
||||||
|
@ -155,9 +160,23 @@ int main( int argc, char *argv[] )
|
||||||
dump_pubkey( " + Public key: ", &ctx_sign );
|
dump_pubkey( " + Public key: ", &ctx_sign );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Sign some message hash
|
* Compute message hash
|
||||||
*/
|
*/
|
||||||
mbedtls_printf( " . Signing message..." );
|
mbedtls_printf( " . Computing message hash..." );
|
||||||
|
fflush( stdout );
|
||||||
|
|
||||||
|
mbedtls_sha256_starts( &sha256_ctx, 0 );
|
||||||
|
mbedtls_sha256_update( &sha256_ctx, message, sizeof( message ) );
|
||||||
|
mbedtls_sha256_finish( &sha256_ctx, hash );
|
||||||
|
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
|
dump_buf( " + Hash: ", hash, sizeof( hash ) );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Sign message hash
|
||||||
|
*/
|
||||||
|
mbedtls_printf( " . Signing message hash..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
|
if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
|
||||||
|
@ -170,7 +189,6 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
|
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
|
||||||
|
|
||||||
dump_buf( " + Hash: ", hash, sizeof hash );
|
|
||||||
dump_buf( " + Signature: ", sig, sig_len );
|
dump_buf( " + Signature: ", sig, sig_len );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -224,6 +242,7 @@ exit:
|
||||||
mbedtls_ecdsa_free( &ctx_sign );
|
mbedtls_ecdsa_free( &ctx_sign );
|
||||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||||
mbedtls_entropy_free( &entropy );
|
mbedtls_entropy_free( &entropy );
|
||||||
|
mbedtls_sha256_free( &sha256_ctx );
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue