diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-22 03:40:55 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:20:09 +0000 |
commit | 0f113f3ee4d629ef9a4a30911b22b224772085e5 (patch) | |
tree | e014603da5aed1d0751f587a66d6e270b6bda3de /crypto/ecdsa | |
parent | 22b52164aaed31d6e93dbd2d397ace041360e6aa (diff) |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/ecdsa')
-rw-r--r-- | crypto/ecdsa/ecdsa.h | 141 | ||||
-rw-r--r-- | crypto/ecdsa/ecdsatest.c | 938 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_asn1.c | 6 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_err.c | 62 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_lib.c | 375 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_locl.h | 68 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_ossl.c | 805 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_sign.c | 62 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_vrf.c | 69 |
9 files changed, 1233 insertions, 1293 deletions
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 657f0b9e98..86cafe2ba1 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -11,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,29 +57,28 @@ * */ #ifndef HEADER_ECDSA_H -#define HEADER_ECDSA_H +# define HEADER_ECDSA_H -#include <openssl/opensslconf.h> +# include <openssl/opensslconf.h> -#ifdef OPENSSL_NO_ECDSA -#error ECDSA is disabled. -#endif +# ifdef OPENSSL_NO_ECDSA +# error ECDSA is disabled. +# endif -#include <openssl/ec.h> -#include <openssl/ossl_typ.h> -#ifdef OPENSSL_USE_DEPRECATED -#include <openssl/bn.h> -#endif +# include <openssl/ec.h> +# include <openssl/ossl_typ.h> +# ifdef OPENSSL_USE_DEPRECATED +# include <openssl/bn.h> +# endif #ifdef __cplusplus extern "C" { #endif -typedef struct ECDSA_SIG_st - { - BIGNUM *r; - BIGNUM *s; - } ECDSA_SIG; +typedef struct ECDSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +} ECDSA_SIG; /** Allocates and initialize a ECDSA_SIG structure * \return pointer to a ECDSA_SIG structure or NULL if an error occurred @@ -89,18 +88,18 @@ ECDSA_SIG *ECDSA_SIG_new(void); /** frees a ECDSA_SIG structure * \param sig pointer to the ECDSA_SIG structure */ -void ECDSA_SIG_free(ECDSA_SIG *sig); +void ECDSA_SIG_free(ECDSA_SIG *sig); /** DER encode content of ECDSA_SIG object (note: this function modifies *pp * (*pp += length of the DER encoded signature)). * \param sig pointer to the ECDSA_SIG object * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 + * \return the length of the DER encoded ECDSA_SIG object or 0 */ -int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); /** Decodes a DER encoded ECDSA signature (note: this function changes *pp - * (*pp += len)). + * (*pp += len)). * \param sig pointer to ECDSA_SIG pointer (may be NULL) * \param pp memory buffer with the DER encoded signature * \param len length of the buffer @@ -115,20 +114,22 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); * \param eckey EC_KEY object containing a private EC key * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). * \param dgst pointer to the hash value to sign * \param dgstlen length of the hash value * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), + * \param rp BIGNUM with a pre-computed rp value (optioanl), * see ECDSA_sign_setup * \param eckey EC_KEY object containing a private EC key * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ -ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); /** Verifies that the supplied signature is a valid ECDSA * signature of the supplied hash value using the supplied public key. @@ -139,15 +140,15 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, * \return 1 if the signature is valid, 0 if the signature is invalid * and -1 on error */ -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY* eckey); +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); const ECDSA_METHOD *ECDSA_OpenSSL(void); /** Sets the default ECDSA method * \param meth new default ECDSA_METHOD */ -void ECDSA_set_default_method(const ECDSA_METHOD *meth); +void ECDSA_set_default_method(const ECDSA_METHOD *meth); /** Returns the default ECDSA method * \return pointer to ECDSA_METHOD structure containing the default method @@ -157,15 +158,15 @@ const ECDSA_METHOD *ECDSA_get_default_method(void); /** Sets method to be used for the ECDSA operations * \param eckey EC_KEY object * \param meth new method - * \return 1 on success and 0 otherwise + * \return 1 on success and 0 otherwise */ -int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); /** Returns the maximum length of the DER encoded signature * \param eckey EC_KEY object * \return numbers of bytes required for the DER encoded signature */ -int ECDSA_size(const EC_KEY *eckey); +int ECDSA_size(const EC_KEY *eckey); /** Precompute parts of the signing operation * \param eckey EC_KEY object containing a private EC key @@ -174,8 +175,7 @@ int ECDSA_size(const EC_KEY *eckey); * \param rp BIGNUM pointer for x coordinate of k * generator * \return 1 on success and 0 otherwise */ -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - BIGNUM **rp); +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -187,9 +187,8 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, * \param eckey EC_KEY object containing a private EC key * \return 1 on success and 0 otherwise */ -int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -199,19 +198,19 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, * \param sig buffer to hold the DER encoded signature * \param siglen pointer to the length of the returned signature * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), + * \param rp BIGNUM with a pre-computed rp value (optioanl), * see ECDSA_sign_setup * \param eckey EC_KEY object containing a private EC key * \return 1 on success and 0 otherwise */ -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey); +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); /** Verifies that the given signature is valid ECDSA signature * of the supplied hash value using the specified public key. * \param type this parameter is ignored - * \param dgst pointer to the hash value + * \param dgst pointer to the hash value * \param dgstlen length of the hash value * \param sig pointer to the DER encoded signature * \param siglen length of the DER encoded signature @@ -219,14 +218,15 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, * \return 1 if the signature is valid, 0 if the signature is invalid * and -1 on error */ -int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); /* the standard ex_data functions */ -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); -void *ECDSA_get_ex_data(EC_KEY *d, int idx); +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDSA_get_ex_data(EC_KEY *d, int idx); /** Allocates and initialize a ECDSA_METHOD structure * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) @@ -252,8 +252,7 @@ void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); * \return pointer to application specific data. */ - -void * ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); +void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); /** Set the ECDSA_do_sign function in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD @@ -261,8 +260,11 @@ void * ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); */ void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, - ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, - const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)); + ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char + *dgst, int dgst_len, + const BIGNUM *inv, + const BIGNUM *rp, + EC_KEY *eckey)); /** Set the ECDSA_sign_setup function in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD @@ -270,8 +272,10 @@ void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, */ void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, - int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - BIGNUM **r)); + int (*ecdsa_sign_setup) (EC_KEY *eckey, + BN_CTX *ctx, + BIGNUM **kinv, + BIGNUM **r)); /** Set the ECDSA_do_verify function in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD @@ -279,8 +283,10 @@ void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, */ void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, - int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey)); + int (*ecdsa_do_verify) (const unsigned char + *dgst, int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); @@ -297,7 +303,8 @@ void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); */ /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_ECDSA_strings(void); @@ -305,20 +312,20 @@ void ERR_load_ECDSA_strings(void); /* Error codes for the ECDSA functions. */ /* Function codes. */ -#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 -#define ECDSA_F_ECDSA_DO_SIGN 101 -#define ECDSA_F_ECDSA_DO_VERIFY 102 -#define ECDSA_F_ECDSA_METHOD_NEW 105 -#define ECDSA_F_ECDSA_SIGN_SETUP 103 +# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 +# define ECDSA_F_ECDSA_DO_SIGN 101 +# define ECDSA_F_ECDSA_DO_VERIFY 102 +# define ECDSA_F_ECDSA_METHOD_NEW 105 +# define ECDSA_F_ECDSA_SIGN_SETUP 103 /* Reason codes. */ -#define ECDSA_R_BAD_SIGNATURE 100 -#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 -#define ECDSA_R_ERR_EC_LIB 102 -#define ECDSA_R_MISSING_PARAMETERS 103 -#define ECDSA_R_NEED_NEW_SETUP_VALUES 106 -#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 -#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 +# define ECDSA_R_BAD_SIGNATURE 100 +# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +# define ECDSA_R_ERR_EC_LIB 102 +# define ECDSA_R_MISSING_PARAMETERS 103 +# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 +# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 #ifdef __cplusplus } diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 89b7c9f59c..d58490f21f 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,13 +58,13 @@ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * - * Portions of the attached software ("Contribution") are developed by + * Portions of the attached software ("Contribution") are developed by * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. * * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * The elliptic curve binary polynomial software is originally written by + * The elliptic curve binary polynomial software is originally written by * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. * */ @@ -76,26 +76,26 @@ #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */ #ifdef OPENSSL_NO_ECDSA -int main(int argc, char * argv[]) - { - puts("Elliptic curves are disabled."); - return 0; - } +int main(int argc, char *argv[]) +{ + puts("Elliptic curves are disabled."); + return 0; +} #else -#include <openssl/crypto.h> -#include <openssl/bio.h> -#include <openssl/evp.h> -#include <openssl/bn.h> -#include <openssl/ecdsa.h> -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -#endif -#include <openssl/err.h> -#include <openssl/rand.h> +# include <openssl/crypto.h> +# include <openssl/bio.h> +# include <openssl/evp.h> +# include <openssl/bn.h> +# include <openssl/ecdsa.h> +# ifndef OPENSSL_NO_ENGINE +# include <openssl/engine.h> +# endif +# include <openssl/err.h> +# include <openssl/rand.h> static const char rnd_seed[] = "string to make the random number generator " - "think it has entropy"; + "think it has entropy"; /* declaration of the test functions */ int x9_62_tests(BIO *); @@ -107,481 +107,465 @@ int change_rand(void); int restore_rand(void); int fbytes(unsigned char *buf, int num); -RAND_METHOD fake_rand; +RAND_METHOD fake_rand; const RAND_METHOD *old_rand; int change_rand(void) - { - /* save old rand method */ - if ((old_rand = RAND_get_rand_method()) == NULL) - return 0; - - fake_rand.seed = old_rand->seed; - fake_rand.cleanup = old_rand->cleanup; - fake_rand.add = old_rand->add; - fake_rand.status = old_rand->status; - /* use own random function */ - fake_rand.bytes = fbytes; - fake_rand.pseudorand = old_rand->bytes; - /* set new RAND_METHOD */ - if (!RAND_set_rand_method(&fake_rand)) - return 0; - return 1; - } +{ + /* save old rand method */ + if ((old_rand = RAND_get_rand_method()) == NULL) + return 0; + + fake_rand.seed = old_rand->seed; + fake_rand.cleanup = old_rand->cleanup; + fake_rand.add = old_rand->add; + fake_rand.status = old_rand->status; + /* use own random function */ + fake_rand.bytes = fbytes; + fake_rand.pseudorand = old_rand->bytes; + /* set new RAND_METHOD */ + if (!RAND_set_rand_method(&fake_rand)) + return 0; + return 1; +} int restore_rand(void) - { - if (!RAND_set_rand_method(old_rand)) - return 0; - else - return 1; - } +{ + if (!RAND_set_rand_method(old_rand)) + return 0; + else + return 1; +} static int fbytes_counter = 0, use_fake = 0; static const char *numbers[8] = { - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" - "55657156756655", - "1275552191113212300012030439187146164646146646466749494799", - "1542725565216523985789236956265265265235675811949404040041", - "1456427555219115346513212300075341203043918714616464614664" - "64667494947990", - "1712787255652165239672857892369562652652652356758119494040" - "40041670216363"}; + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" + "55657156756655", + "1275552191113212300012030439187146164646146646466749494799", + "1542725565216523985789236956265265265235675811949404040041", + "1456427555219115346513212300075341203043918714616464614664" + "64667494947990", + "1712787255652165239672857892369562652652652356758119494040" + "40041670216363" +}; int fbytes(unsigned char *buf, int num) - { - int ret; - BIGNUM *tmp = NULL; - - if (use_fake == 0) - return old_rand->bytes(buf, num); - - use_fake = 0; - - if (fbytes_counter >= 8) - return 0; - tmp = BN_new(); - if (!tmp) - return 0; - if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) - { - BN_free(tmp); - return 0; - } - fbytes_counter ++; - if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) - ret = 0; - else - ret = 1; - BN_free(tmp); - return ret; - } +{ + int ret; + BIGNUM *tmp = NULL; + + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + + if (fbytes_counter >= 8) + return 0; + tmp = BN_new(); + if (!tmp) + return 0; + if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) { + BN_free(tmp); + return 0; + } + fbytes_counter++; + if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) + ret = 0; + else + ret = 1; + BN_free(tmp); + return ret; +} /* some tests from the X9.62 draft */ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) - { - int ret = 0; - const char message[] = "abc"; - unsigned char digest[20]; - unsigned int dgst_len = 0; - EVP_MD_CTX md_ctx; - EC_KEY *key = NULL; - ECDSA_SIG *signature = NULL; - BIGNUM *r = NULL, *s = NULL; - BIGNUM *kinv = NULL, *rp = NULL; - - EVP_MD_CTX_init(&md_ctx); - /* get the message digest */ - if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) - || !EVP_DigestUpdate(&md_ctx, (const void*)message, 3) - || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) - goto x962_int_err; - - BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); - /* create the key */ - if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) - goto x962_int_err; - use_fake = 1; - if (!EC_KEY_generate_key(key)) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create the signature */ - use_fake = 1; - /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ - if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) - goto x962_int_err; - signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); - if (signature == NULL) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* compare the created signature with the expected signature */ - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) - goto x962_int_err; - if (!BN_dec2bn(&r, r_in) || - !BN_dec2bn(&s, s_in)) - goto x962_int_err; - if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify the signature */ - if (ECDSA_do_verify(digest, 20, signature, key) != 1) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - - BIO_printf(out, " ok\n"); - ret = 1; -x962_int_err: - if (!ret) - BIO_printf(out, " failed\n"); - if (key) - EC_KEY_free(key); - if (signature) - ECDSA_SIG_free(signature); - if (r) - BN_free(r); - if (s) - BN_free(s); - EVP_MD_CTX_cleanup(&md_ctx); - if (kinv) - BN_clear_free(kinv); - if (rp) - BN_clear_free(rp); - return ret; - } +{ + int ret = 0; + const char message[] = "abc"; + unsigned char digest[20]; + unsigned int dgst_len = 0; + EVP_MD_CTX md_ctx; + EC_KEY *key = NULL; + ECDSA_SIG *signature = NULL; + BIGNUM *r = NULL, *s = NULL; + BIGNUM *kinv = NULL, *rp = NULL; + + EVP_MD_CTX_init(&md_ctx); + /* get the message digest */ + if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) + || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) + || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) + goto x962_int_err; + + BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + /* create the key */ + if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) + goto x962_int_err; + use_fake = 1; + if (!EC_KEY_generate_key(key)) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* create the signature */ + use_fake = 1; + /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ + if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) + goto x962_int_err; + signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); + if (signature == NULL) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* compare the created signature with the expected signature */ + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + goto x962_int_err; + if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) + goto x962_int_err; + if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s)) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify the signature */ + if (ECDSA_do_verify(digest, 20, signature, key) != 1) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + + BIO_printf(out, " ok\n"); + ret = 1; + x962_int_err: + if (!ret) + BIO_printf(out, " failed\n"); + if (key) + EC_KEY_free(key); + if (signature) + ECDSA_SIG_free(signature); + if (r) + BN_free(r); + if (s) + BN_free(s); + EVP_MD_CTX_cleanup(&md_ctx); + if (kinv) + BN_clear_free(kinv); + if (rp) + BN_clear_free(rp); + return ret; +} int x9_62_tests(BIO *out) - { - int ret = 0; - - BIO_printf(out, "some tests from X9.62:\n"); - - /* set own rand method */ - if (!change_rand()) - goto x962_err; - - if (!x9_62_test_internal(out, NID_X9_62_prime192v1, - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) - goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_prime239v1, - "3086361431751678114926225473006680188549593787585317781474" - "62058306432176", - "3238135532097973577080787768312505059318910517550078427819" - "78505179448783")) - goto x962_err; -#ifndef OPENSSL_NO_EC2M - if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, - "87194383164871543355722284926904419997237591535066528048", - "308992691965804947361541664549085895292153777025772063598")) - goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, - "2159633321041961198501834003903461262881815148684178964245" - "5876922391552", - "1970303740007316867383349976549972270528498040721988191026" - "49413465737174")) - goto x962_err; -#endif - ret = 1; -x962_err: - if (!restore_rand()) - ret = 0; - return ret; - } +{ + int ret = 0; + + BIO_printf(out, "some tests from X9.62:\n"); + + /* set own rand method */ + if (!change_rand()) + goto x962_err; + + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" + "62058306432176", + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; +# ifndef OPENSSL_NO_EC2M + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" + "5876922391552", + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174")) + goto x962_err; +# endif + ret = 1; + x962_err: + if (!restore_rand()) + ret = 0; + return ret; +} int test_builtin(BIO *out) - { - EC_builtin_curve *curves = NULL; - size_t crv_len = 0, n = 0; - EC_KEY *eckey = NULL, *wrong_eckey = NULL; - EC_GROUP *group; - ECDSA_SIG *ecdsa_sig = NULL; - unsigned char digest[20], wrong_digest[20]; - unsigned char *signature = NULL; - const unsigned char *sig_ptr; - unsigned char *sig_ptr2; - unsigned char *raw_buf = NULL; - unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; - int nid, ret = 0; - - /* fill digest values with some random data */ - if (!RAND_pseudo_bytes(digest, 20) || - !RAND_pseudo_bytes(wrong_digest, 20)) - { - BIO_printf(out, "ERROR: unable to get random data\n"); - goto builtin_err; - } - - /* create and verify a ecdsa signature with every availble curve - * (with ) */ - BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " - "with some internal curves:\n"); - - /* get a list of all internal curves */ - crv_len = EC_get_builtin_curves(NULL, 0); - - curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); - - if (curves == NULL) - { - BIO_printf(out, "malloc error\n"); - goto builtin_err; - } - - if (!EC_get_builtin_curves(curves, crv_len)) - { - BIO_printf(out, "unable to get internal curves\n"); - goto builtin_err; - } - - /* now create and verify a signature for every curve */ - for (n = 0; n < crv_len; n++) - { - unsigned char dirt, offset; - - nid = curves[n].nid; - if (nid == NID_ipsec4) - continue; - /* create new ecdsa key (== EC_KEY) */ - if ((eckey = EC_KEY_new()) == NULL) - goto builtin_err; - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - goto builtin_err; - if (EC_KEY_set_group(eckey, group) == 0) - goto builtin_err; - EC_GROUP_free(group); - degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); - if (degree < 160) - /* drop the curve */ - { - EC_KEY_free(eckey); - eckey = NULL; - continue; - } - BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); - /* create key */ - if (!EC_KEY_generate_key(eckey)) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - /* create second key */ - if ((wrong_eckey = EC_KEY_new()) == NULL) - goto builtin_err; - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - goto builtin_err; - if (EC_KEY_set_group(wrong_eckey, group) == 0) - goto builtin_err; - EC_GROUP_free(group); - if (!EC_KEY_generate_key(wrong_eckey)) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - - BIO_printf(out, "."); - (void)BIO_flush(out); - /* check key */ - if (!EC_KEY_check_key(eckey)) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create signature */ - sig_len = ECDSA_size(eckey); - if ((signature = OPENSSL_malloc(sig_len)) == NULL) - goto builtin_err; - if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature with the wrong key */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, - wrong_eckey) == 1) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong digest */ - if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, - eckey) == 1) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong length */ - if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, - eckey) == 1) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - - /* Modify a single byte of the signature: to ensure we don't - * garble the ASN1 structure, we read the raw signature and - * modify a byte in one of the bignums directly. */ - sig_ptr = signature; - if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - - /* Store the two BIGNUMs in raw_buf. */ - r_len = BN_num_bytes(ecdsa_sig->r); - s_len = BN_num_bytes(ecdsa_sig->s); - bn_len = (degree + 7) / 8; - if ((r_len > bn_len) || (s_len > bn_len)) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - buf_len = 2 * bn_len; - if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) - goto builtin_err; - /* Pad the bignums with leading zeroes. */ - memset(raw_buf, 0, buf_len); - BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); - BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); - - /* Modify a single byte in the buffer. */ - offset = raw_buf[10] % buf_len; - dirt = raw_buf[11] ? raw_buf[11] : 1; - raw_buf[offset] ^= dirt; - /* Now read the BIGNUMs back in from raw_buf. */ - if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || - (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) - goto builtin_err; - - sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - /* Sanity check: undo the modification and verify signature. */ - raw_buf[offset] ^= dirt; - if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || - (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) - goto builtin_err; - - sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) - { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - - BIO_printf(out, " ok\n"); - /* cleanup */ - /* clean bogus errors */ - ERR_clear_error(); - OPENSSL_free(signature); - signature = NULL; |