wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add wc_ecc_set_deterministic_ex to support custom hash type for deterministic sign or verify.

Browse Source
This commit is contained in:
David Garske
2024-07-03 15:13:29 -07:00
parent 9ec29e9ad9
commit 4335dac794
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
wolfcrypt/src/ecc.c
View File

@@ -6847,7 +6847,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
} }
if (key->sign_k != NULL) { if (key->sign_k != NULL) {
if (wc_ecc_gen_deterministic_k(in, inlen, if (wc_ecc_gen_deterministic_k(in, inlen,
WC_HASH_TYPE_NONE, ecc_get_k(key), key->sign_k, key->hashType, ecc_get_k(key), key->sign_k,
curve->order, key->heap) != 0) { curve->order, key->heap) != 0) {
mp_free(key->sign_k); mp_free(key->sign_k);
XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
@@ -6865,7 +6865,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
} }
#else #else
key->sign_k_set = 0; key->sign_k_set = 0;
if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_NONE, if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType,
ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) { ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) {
err = ECC_PRIV_KEY_E; err = ECC_PRIV_KEY_E;
} }
@@ -7561,6 +7561,14 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
} }
} }
/* For deterministic k only SHA2-256, SHA2-384 and SHA2-512 are supported */
if ( hashType != WC_HASH_TYPE_SHA256 &&
hashType != WC_HASH_TYPE_SHA384 &&
hashType != WC_HASH_TYPE_SHA512) {
WOLFSSL_MSG("Invalid deterministic hash type");
return BAD_FUNC_ARG;
}
if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) { if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) {
WOLFSSL_MSG("private key larger than max expected!"); WOLFSSL_MSG("private key larger than max expected!");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -7775,15 +7783,22 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
/* Sets the deterministic flag for 'k' generation with sign. /* Sets the deterministic flag for 'k' generation with sign.
* returns 0 on success * returns 0 on success
*/ */
int wc_ecc_set_deterministic(ecc_key* key, byte flag) int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, int hashType)
{ {
if (key == NULL) { if (key == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
key->deterministic = flag ? 1 : 0; key->deterministic = flag ? 1 : 0;
key->hashType = hashType;
return 0; return 0;
} }
int wc_ecc_set_deterministic(ecc_key* key, byte flag)
{
return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE);
}
#endif /* end sign_ex and deterministic sign */ #endif /* end sign_ex and deterministic sign */

3
wolfssl/wolfcrypt/ecc.h
View File

@@ -595,6 +595,7 @@ struct ecc_key {
#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
byte deterministic:1; byte deterministic:1;
int hashType;
#endif #endif
#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
@@ -719,6 +720,8 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
WOLFSSL_API WOLFSSL_API
int wc_ecc_set_deterministic(ecc_key* key, byte flag); int wc_ecc_set_deterministic(ecc_key* key, byte flag);
WOLFSSL_API WOLFSSL_API
int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, int hashType);
WOLFSSL_API
int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order, enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
void* heap); void* heap);