From bd3602eb8948dcd3a03cb56fbfa80bb4ac569cdb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 27 Oct 2015 19:11:00 +0000 Subject: [PATCH] Move and adapt ECDSA sign and verify functions. Reviewed-by: Richard Levitte --- crypto/ec/Makefile | 4 +- crypto/ec/ec_pmeth.c | 1 - crypto/{ecdsa/ecs_sign.c => ec/ecdsa_sign.c} | 19 ++++--- crypto/{ecdsa/ecs_vrf.c => ec/ecdsa_vrf.c} | 10 ++-- crypto/ecdsa/Makefile | 29 +---------- include/openssl/ec.h | 53 ++++++++++++++++++++ include/openssl/ecdsa.h | 53 -------------------- 7 files changed, 71 insertions(+), 98 deletions(-) rename crypto/{ecdsa/ecs_sign.c => ec/ecdsa_sign.c} (91%) rename crypto/{ecdsa/ecs_vrf.c => ec/ecdsa_vrf.c} (95%) diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 38f9c3ca4f..ff77ee356a 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -22,14 +22,14 @@ LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\ ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \ ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \ ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \ - ecdsa_ossl.c + ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\ ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\ ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o \ ecp_nistp224.o ecp_nistp256.o ecp_nistp521.o ecp_nistputil.o \ ecp_oct.o ec2_oct.o ec_oct.o ec_kmeth.o ecdh_ossl.o ecdh_kdf.o \ - ecdsa_ossl.o $(EC_ASM) + ecdsa_ossl.o ecdsa_sign.o ecdsa_vrf.o $(EC_ASM) SRC= $(LIBSRC) diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index ecae0bfe26..cbdf4e20db 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -62,7 +62,6 @@ #include #include #include "ec_lcl.h" -#include #include #include "internal/evp_int.h" diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ec/ecdsa_sign.c similarity index 91% rename from crypto/ecdsa/ecs_sign.c rename to crypto/ec/ecdsa_sign.c index 28652d455d..5a45454e89 100644 --- a/crypto/ecdsa/ecs_sign.c +++ b/crypto/ec/ecdsa_sign.c @@ -1,4 +1,4 @@ -/* crypto/ecdsa/ecdsa_sign.c */ +/* crypto/ec/ecdsa_sign.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -53,7 +53,8 @@ * */ -#include "ecs_locl.h" +# include +#include "ec_lcl.h" #ifndef OPENSSL_NO_ENGINE # include #endif @@ -68,10 +69,9 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return NULL; - return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); + if (eckey->meth->sign_sig) + return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey); + return NULL; } int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char @@ -99,8 +99,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return 0; - return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); + if (eckey->meth->sign_setup) + return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp); + return 0; } diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ec/ecdsa_vrf.c similarity index 95% rename from crypto/ecdsa/ecs_vrf.c rename to crypto/ec/ecdsa_vrf.c index b9bd32f619..ef8c66f448 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ec/ecdsa_vrf.c @@ -56,7 +56,8 @@ * */ -#include "ecs_locl.h" +#include +#include "ec_lcl.h" #include #ifndef OPENSSL_NO_ENGINE # include @@ -71,10 +72,9 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { - ECDSA_DATA *ecdsa = ecdsa_check(eckey); - if (ecdsa == NULL) - return 0; - return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); + if (eckey->meth->verify_sig) + return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); + return 0; } /*- diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index d72cd29155..090e0c1f0b 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -15,9 +15,9 @@ CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile LIB=$(TOP)/libcrypto.a -LIBSRC= ecs_lib.c ecs_sign.c ecs_vrf.c ecs_err.c +LIBSRC= ecs_lib.c ecs_err.c -LIBOBJ= ecs_lib.o ecs_sign.o ecs_vrf.o ecs_err.o +LIBOBJ= ecs_lib.o ecs_err.o SRC= $(LIBSRC) @@ -100,28 +100,3 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h ecs_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_ossl.o: ecs_locl.h ecs_ossl.c -ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c diff --git a/include/openssl/ec.h b/include/openssl/ec.h index c2a4175607..b770507017 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,3 +1,4 @@ + /* crypto/ec/ec.h */ /* * Originally written by Bodo Moeller for the OpenSSL project. @@ -1035,6 +1036,58 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); */ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, ECDSA_SIG *sig); +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index 37d2a5a5c2..00fd37cd45 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -136,59 +136,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); */ int ECDSA_size(const EC_KEY *eckey); -/** Precompute parts of the signing operation - * \param eckey EC_KEY object containing a private EC key - * \param ctx BN_CTX object (optional) - * \param kinv BIGNUM pointer for the inverse of k - * \param rp BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig memory for the DER encoded created signature - * \param siglen pointer to the length of the returned signature - * \param eckey EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), - * see ECDSA_sign_setup - * \param eckey EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); - -/** Verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored - * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid - * and -1 on error - */ -int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); - /* the standard ex_data functions */ #define ECDSA_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, l, p, newf, dupf, freef) -- 2.25.1