ECDSA alternative support
Support for alternative implementation of ECDSA, at the higher layer
diff --git a/ChangeLog b/ChangeLog
index 243bd6b..e9be97b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,10 @@
* Clarify ECDSA documentation and improve the sample code to avoid
misunderstandings and potentially dangerous use of the API. Pointed out
by Jean-Philippe Aumasson.
+ * Add support for alternative implementation for ECDSA, controlled by new
+ configuration flag MBEDTLS_ECDSA_ALT in config.h.
+ Alternative Ecdsa is supported for implementation of `mbedtls_ecdsa_sign`
+ and `mbedtls_ecdsa_verify`.
= mbed TLS 2.5.0 branch released 2017-05-17
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index c4b8995..54dc237 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -238,6 +238,7 @@
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_ECDSA_ALT
//#define MBEDTLS_XTEA_ALT
//#define MBEDTLS_MD2_ALT
//#define MBEDTLS_MD4_ALT
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 4156f3c..d95dcae 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -37,11 +37,10 @@
#include "mbedtls/asn1write.h"
#include <string.h>
-
+#include "mbedtls/platform.h"
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
#include "mbedtls/hmac_drbg.h"
#endif
-
/*
* Derive a suitable integer for group grp from a buffer of length len
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
@@ -65,6 +64,8 @@
return( ret );
}
+#if !defined(MBEDTLS_ECDSA_ALT)
+
/*
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
@@ -154,43 +155,6 @@
return( ret );
}
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/*
- * Deterministic signature wrapper
- */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg )
-{
- int ret;
- mbedtls_hmac_drbg_context rng_ctx;
- unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
- size_t grp_len = ( grp->nbits + 7 ) / 8;
- const mbedtls_md_info_t *md_info;
- mbedtls_mpi h;
-
- if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- mbedtls_mpi_init( &h );
- mbedtls_hmac_drbg_init( &rng_ctx );
-
- /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
- MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
- mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
-
- ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
- mbedtls_hmac_drbg_random, &rng_ctx );
-
-cleanup:
- mbedtls_hmac_drbg_free( &rng_ctx );
- mbedtls_mpi_free( &h );
-
- return( ret );
-}
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/*
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
@@ -279,6 +243,56 @@
}
/*
+ * Generate key pair
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
+ mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+}
+
+#endif /* MBEDTLS_ECDSA_ALT */
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/*
+ * Deterministic signature wrapper
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg )
+{
+ int ret;
+ mbedtls_hmac_drbg_context rng_ctx;
+ unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
+ size_t grp_len = ( grp->nbits + 7 ) / 8;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_mpi h;
+
+ if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ mbedtls_mpi_init( &h );
+ mbedtls_hmac_drbg_init( &rng_ctx );
+
+ /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
+ MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
+ mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
+
+ ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
+ mbedtls_hmac_drbg_random, &rng_ctx );
+
+cleanup:
+ mbedtls_hmac_drbg_free( &rng_ctx );
+ mbedtls_mpi_free( &h );
+
+ return( ret );
+}
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/*
* Convert a signature (given by context) to ASN.1
*/
static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
@@ -301,7 +315,6 @@
return( 0 );
}
-
/*
* Compute and write signature
*/
@@ -403,16 +416,6 @@
}
/*
- * Generate key pair
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
- return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
- mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
-}
-
-/*
* Set context from an mbedtls_ecp_keypair
*/
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
diff --git a/library/version_features.c b/library/version_features.c
index 9f97c7b..df7f957 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -93,6 +93,9 @@
#if defined(MBEDTLS_DES_ALT)
"MBEDTLS_DES_ALT",
#endif /* MBEDTLS_DES_ALT */
+#if defined(MBEDTLS_ECDSA_ALT)
+ "MBEDTLS_ECDSA_ALT",
+#endif /* MBEDTLS_ECDSA_ALT */
#if defined(MBEDTLS_XTEA_ALT)
"MBEDTLS_XTEA_ALT",
#endif /* MBEDTLS_XTEA_ALT */