From 03582eb669494cb778ebea7b0fe3b1b841335750 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 7 Jul 2011 22:27:17 +0200 Subject: [PATCH] Implement ECDSA sign and verify operations. Very basic at the moment, doesn't hash the input first, and uses OpenSSL's DER encoded signature as output. --- src/openssl/ecdsa.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c index 84fe8fd..000bfaa 100644 --- a/src/openssl/ecdsa.c +++ b/src/openssl/ecdsa.c @@ -70,12 +70,31 @@ size_t ecdsa_size(ecdsa_t *ecdsa) { return ECDSA_size(*ecdsa); } +// TODO: hash first, standardise output format? + bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) { - logger(LOG_ERR, "Unable to perform ECDSA signature: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; + unsigned int siglen = ECDSA_size(*ecdsa); + memset(sig, 0, siglen); + + if(!ECDSA_sign(0, in, len, sig, &siglen, *ecdsa)) { + logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + if(siglen != ECDSA_size(*ecdsa)) { + logger(LOG_ERR, "Signature length %d != %d", siglen, ECDSA_size(*ecdsa)); + } + + return true; } bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) { - logger(LOG_ERR, "Unable to perform ECDSA verification: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; + unsigned int siglen = ECDSA_size(*ecdsa); + + if(!ECDSA_verify(0, in, len, sig, siglen, *ecdsa)) { + logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + return true; } -- 2.25.1