Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ecc.c and test.c changes to add support in ecc_sign_determinsitic.c #7700

Merged
merged 8 commits into from
Jul 16, 2024
Merged

ecc.c and test.c changes to add support in ecc_sign_determinsitic.c #7700

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b5b0e17
ecc.c and test.c changes to add support in ecc_sign_determinsitic.c f…
Jun 28, 2024
c07e7f1
Fixed async test for test.c deterministic K.
Jul 1, 2024
ac7f44b
Fix the async tests for deterministic sign. The _ex versions cannot b…
dgarske Jul 1, 2024
9ec29e9
Reduced duplicate code in deterministic test.
dgarske Jul 1, 2024
4335dac
Add `wc_ecc_set_deterministic_ex` to support custom hash type for det…
dgarske Jul 3, 2024
f91d0a2
Remove hash type check not required for ECDSA deterministic k. Fix `_…
dgarske Jul 4, 2024
96af77d
Hash Type selection changes to `ecc.c`.
Jul 16, 2024
237df2c
Hash Type selection changes to `ecc.c`.
Jul 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 43 additions & 15 deletions wolfcrypt/src/ecc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6837,13 +6837,17 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
if (key->sign_k == NULL) {
key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap,
DYNAMIC_TYPE_ECC);
if (key->sign_k != NULL) {
err = mp_init(key->sign_k);
if (err != MP_OKAY) {
XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
key->sign_k = NULL;
}
}
}

if (key->sign_k != NULL) {
/* currently limiting to SHA256 for auto create */
if (mp_init(key->sign_k) != MP_OKAY ||
wc_ecc_gen_deterministic_k(in, inlen,
WC_HASH_TYPE_SHA256, ecc_get_k(key), key->sign_k,
if (wc_ecc_gen_deterministic_k(in, inlen,
key->hashType, ecc_get_k(key), key->sign_k,
curve->order, key->heap) != 0) {
mp_free(key->sign_k);
XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
Expand All @@ -6861,8 +6865,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
}
#else
key->sign_k_set = 0;
/* currently limiting to SHA256 for auto create */
if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256,
if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType,
ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) {
err = ECC_PRIV_KEY_E;
}
Expand Down Expand Up @@ -7479,7 +7482,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz,
Hmac hmac;
int ret, init;

ret = init = wc_HmacInit(&hmac, heap, 0);
ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID);
if (ret == 0)
ret = wc_HmacSetKey(&hmac, hashType, K, KSz);

Expand Down Expand Up @@ -7519,7 +7522,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
void* heap)
{
int ret = 0, qbits = 0;
int ret = 0;
#ifndef WOLFSSL_SMALL_STACK
byte h1[MAX_ECC_BYTES];
byte V[WC_MAX_DIGEST_SIZE];
Expand All @@ -7535,6 +7538,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
#endif
word32 xSz, VSz, KSz, h1len, qLen;
byte intOct;
word32 qbits = 0;

if (hash == NULL || k == NULL || order == NULL) {
return BAD_FUNC_ARG;
Expand All @@ -7545,9 +7549,20 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
return BAD_FUNC_ARG;
}

if (hashSz != WC_SHA256_DIGEST_SIZE) {
WOLFSSL_MSG("Currently only SHA256 digest is supported");
return BAD_FUNC_ARG;
/* if none is provided then detect has type based on hash size */
if (hashType == WC_HASH_TYPE_NONE) {
if (hashSz == 64) {
hashType = WC_HASH_TYPE_SHA512;
}
else if (hashSz == 48) {
hashType = WC_HASH_TYPE_SHA384;
}
else if (hashSz == 32) {
hashType = WC_HASH_TYPE_SHA256;
}
else {
return BAD_FUNC_ARG;
}
}

if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) {
Expand Down Expand Up @@ -7615,6 +7630,12 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen);
#endif
qbits = mp_count_bits(order);

/* hash truncate if too long */
if (((WOLFSSL_BIT_SIZE) * hashSz) > qbits) {
/* calculate truncated hash size using bits rounded up byte */
hashSz = (qbits + ((WOLFSSL_BIT_SIZE) - 1)) / (WOLFSSL_BIT_SIZE);
}
ret = mp_read_unsigned_bin(z1, hash, hashSz);
}

Expand All @@ -7636,7 +7657,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
ret = BUFFER_E;
}
else {
ret = mp_to_unsigned_bin_len(z1, h1, h1len);
ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len);
}
}
else
Expand Down Expand Up @@ -7705,7 +7726,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
ret = mp_read_unsigned_bin(k, x, xSz);
}

if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) {
if ((ret == 0) && ((xSz * WOLFSSL_BIT_SIZE) != qbits)) {
/* handle odd case where shift of 'k' is needed with RFC 6979
* k = bits2int(T) in section 3.2 h.3 */
mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits);
Expand Down Expand Up @@ -7758,15 +7779,22 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
/* Sets the deterministic flag for 'k' generation with sign.
* returns 0 on success
*/
int wc_ecc_set_deterministic(ecc_key* key, byte flag)
int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, int hashType)
{
if (key == NULL) {
return BAD_FUNC_ARG;
}

key->deterministic = flag ? 1 : 0;
key->hashType = hashType;
return 0;
}

int wc_ecc_set_deterministic(ecc_key* key, byte flag)
{
return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE);
}

#endif /* end sign_ex and deterministic sign */


Expand Down
Loading