Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ecc.c and test.c changes to add support in ecc_sign_determinsitic.c #7700

Merged
merged 8 commits into from
Jul 16, 2024
60 changes: 46 additions & 14 deletions wolfcrypt/src/ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -6837,13 +6837,17 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
if (key->sign_k == NULL) {
key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap,
DYNAMIC_TYPE_ECC);
if (key->sign_k != NULL) {
err = mp_init(key->sign_k);
if (err != MP_OKAY) {
XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
key->sign_k = NULL;
}
}
}

if (key->sign_k != NULL) {
/* currently limiting to SHA256 for auto create */
if (mp_init(key->sign_k) != MP_OKAY ||
wc_ecc_gen_deterministic_k(in, inlen,
WC_HASH_TYPE_SHA256, ecc_get_k(key), key->sign_k,
if (wc_ecc_gen_deterministic_k(in, inlen,
key->hashType, ecc_get_k(key), key->sign_k,
curve->order, key->heap) != 0) {
mp_free(key->sign_k);
XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
Expand All @@ -6861,8 +6865,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
}
#else
key->sign_k_set = 0;
/* currently limiting to SHA256 for auto create */
if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256,
if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType,
ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) {
err = ECC_PRIV_KEY_E;
}
Expand Down Expand Up @@ -7519,7 +7522,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
void* heap)
{
int ret = 0, qbits = 0;
int ret = 0;
#ifndef WOLFSSL_SMALL_STACK
byte h1[MAX_ECC_BYTES];
byte V[WC_MAX_DIGEST_SIZE];
Expand All @@ -7533,7 +7536,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
byte *x = NULL;
mp_int *z1 = NULL;
#endif
word32 xSz, VSz, KSz, h1len, qLen;
word32 qbits = 0, xSz, VSz, KSz, h1len, qLen;
aidangarske marked this conversation as resolved.
Show resolved Hide resolved
byte intOct;

if (hash == NULL || k == NULL || order == NULL) {
Expand All @@ -7545,8 +7548,24 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
return BAD_FUNC_ARG;
}

if (hashSz != WC_SHA256_DIGEST_SIZE) {
WOLFSSL_MSG("Currently only SHA256 digest is supported");
/* if none is provided then detect has type based on hash size */
if (hashType == WC_HASH_TYPE_NONE) {
if (hashSz >= 64) {
aidangarske marked this conversation as resolved.
Show resolved Hide resolved
hashType = WC_HASH_TYPE_SHA512;
}
else if (hashSz >= 48) {
aidangarske marked this conversation as resolved.
Show resolved Hide resolved
hashType = WC_HASH_TYPE_SHA384;
}
else {
aidangarske marked this conversation as resolved.
Show resolved Hide resolved
hashType = WC_HASH_TYPE_SHA256;
}
}

/* For deterministic k only SHA2-256, SHA2-384 and SHA2-512 are supported */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SparkiDev do we need this restriction? Seems like any supported HMAC algo would be fine. As long as we properly fail later if the hash type is unsupported or invalid. Thoughts?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. We can remove this now.

if ( hashType != WC_HASH_TYPE_SHA256 &&
hashType != WC_HASH_TYPE_SHA384 &&
hashType != WC_HASH_TYPE_SHA512) {
WOLFSSL_MSG("Invalid deterministic hash type");
return BAD_FUNC_ARG;
}

Expand Down Expand Up @@ -7615,6 +7634,12 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen);
#endif
qbits = mp_count_bits(order);

/* hash truncate if too long */
if (((WOLFSSL_BIT_SIZE) * hashSz) > qbits) {
/* calculate truncated hash size using bits rounded up byte */
hashSz = (qbits + ((WOLFSSL_BIT_SIZE) - 1)) / (WOLFSSL_BIT_SIZE);
}
ret = mp_read_unsigned_bin(z1, hash, hashSz);
}

Expand All @@ -7636,7 +7661,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
ret = BUFFER_E;
}
else {
ret = mp_to_unsigned_bin_len(z1, h1, h1len);
ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len);
}
}
else
Expand Down Expand Up @@ -7705,7 +7730,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
ret = mp_read_unsigned_bin(k, x, xSz);
}

if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) {
if ((ret == 0) && ((xSz * WOLFSSL_BIT_SIZE) != qbits)) {
/* handle odd case where shift of 'k' is needed with RFC 6979
* k = bits2int(T) in section 3.2 h.3 */
mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits);
Expand Down Expand Up @@ -7758,15 +7783,22 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
/* Sets the deterministic flag for 'k' generation with sign.
* returns 0 on success
*/
int wc_ecc_set_deterministic(ecc_key* key, byte flag)
int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, int hashType)
{
if (key == NULL) {
return BAD_FUNC_ARG;
}

key->deterministic = flag ? 1 : 0;
key->hashType = hashType;
return 0;
}

int wc_ecc_set_deterministic(ecc_key* key, byte flag)
{
return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE);
}

#endif /* end sign_ex and deterministic sign */


Expand Down
Loading