From 7e7cbdc7150a54dd56910307b0d5c66a5ac05b74 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 29 Aug 2014 10:46:25 -0600 Subject: [PATCH] add raw ECC key import functionality and tests --- ctaocrypt/src/ecc.c | 106 +++++++++++++++++++++++++++++++++++++++++ ctaocrypt/test/test.c | 96 ++++++++++++++++++++++++++++++++++++- cyassl/ctaocrypt/ecc.h | 6 +++ 3 files changed, 207 insertions(+), 1 deletion(-) diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index aa74a9650..2415a4080 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -2299,6 +2299,112 @@ int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, return mp_read_unsigned_bin(&key->k, priv, privSz); } +/** + Convert ECC R,S to signature + r R component of signature + s S component of signature + out DER-encoded ECDSA signature + outlen [in/out] output buffer size, output signature size + return MP_OKAY on success +*/ +int ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen) +{ + int err; + mp_int rtmp; + mp_int stmp; + + if (r == NULL || s == NULL || out == NULL) + return ECC_BAD_ARG_E; + + err = mp_read_radix(&rtmp, r, 16); + + if (err == MP_OKAY) + err = mp_read_radix(&stmp, s, 16); + + /* convert mp_ints to ECDSA sig, initializes rtmp and stmp internally */ + err = StoreECC_DSA_Sig(out, outlen, &rtmp, &stmp); + + if (err == MP_OKAY) { + if (mp_iszero(&rtmp) || mp_iszero(&stmp)) + err = MP_ZERO_E; + } + + mp_clear(&rtmp); + mp_clear(&stmp); + + return err; +} + +/** + Import raw ECC key + key The destination ecc_key structure + qx x component of base point, as ASCII hex string + qy y component of base point, as ASCII hex string + d private key, as ASCII hex string + curveName ECC curve name, from ecc_sets[] + return MP_OKAY on success +*/ +int ecc_import_raw(ecc_key* key, const char* qx, const char* qy, + const char* d, const char* curveName) +{ + int err, x; + + if (key == NULL || qx == NULL || qy == NULL || d == NULL || + curveName == NULL) + return ECC_BAD_ARG_E; + + /* init key */ + if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, + NULL, NULL) != MP_OKAY) { + return MEMORY_E; + } + err = MP_OKAY; + + /* read Qx */ + if (err == MP_OKAY) + err = mp_read_radix(&key->pubkey.x, qx, 16); + + /* read Qy */ + if (err == MP_OKAY) + err = mp_read_radix(&key->pubkey.y, qy, 16); + + if (err == MP_OKAY) + mp_set(&key->pubkey.z, 1); + + /* read and set the curve */ + if (err == MP_OKAY) { + for (x = 0; ecc_sets[x].size != 0; x++) { + if (XSTRNCMP(ecc_sets[x].name, curveName, + XSTRLEN(curveName)) == 0) { + break; + } + } + if (ecc_sets[x].size == 0) { + err = ASN_PARSE_E; + } else { + /* set the curve */ + key->idx = x; + key->dp = &ecc_sets[x]; + key->type = ECC_PUBLICKEY; + } + } + + /* import private key */ + if (err == MP_OKAY) { + key->type = ECC_PRIVATEKEY; + err = mp_read_radix(&key->k, d, 16); + } + + if (err != MP_OKAY) { + mp_clear(&key->pubkey.x); + mp_clear(&key->pubkey.y); + mp_clear(&key->pubkey.z); + mp_clear(&key->k); + } + + return err; +} + /* key size in octets */ int ecc_size(ecc_key* key) diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 78817abe7..d58a92a1f 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -4407,6 +4407,17 @@ int hkdf_test(void) #ifdef HAVE_ECC +typedef struct rawEccVector { + const char* msg; + const char* Qx; + const char* Qy; + const char* d; + const char* R; + const char* S; + const char* curveName; + size_t msgLen; +} rawEccVector; + int ecc_test(void) { RNG rng; @@ -4498,9 +4509,92 @@ int ecc_test(void) if (ret != 0) return -1013; + { + /* test raw ECC key import */ + Sha sha; + byte hash[SHA_DIGEST_SIZE]; + rawEccVector a, b; + rawEccVector test_ecc[2]; + int times = sizeof(test_ecc) / sizeof(rawEccVector); + + /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ + a.msg = "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a" + "\x6e\x6b\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d" + "\xf3\x46\x4b\xa4\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b" + "\xb5\x98\x6f\xa1\xa2\xaf\x04\x8a\x0e\x14\xdc\x51\xe5\x26" + "\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a\xc6\xf1\xa7\xf1\x56\xce" + "\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd\x7a\x20\x93\xe2" + "\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5\x9c\x78" + "\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3" + "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0" + "\x71\xcf"; + a.msgLen = 128; + a.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; + a.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; + a.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; + a.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + a.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + a.curveName = "ECC-192"; + + /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ + b.msg = "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e" + "\x20\x47\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69" + "\xe0\x63\x0f\x99\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28" + "\x27\xb6\x95\xfc\x2d\x64\xd9\x13\x8b\x1c\xf4\xc1\x21\x55" + "\x89\x4c\x42\x13\x21\xa7\xbb\x97\x0b\xdc\xe0\xfb\xf0\xd2" + "\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf\xe3\xff\x8d\xea" + "\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e\x26\xc1" + "\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38" + "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7" + "\x1c\x20"; + b.msgLen = 128; + b.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; + b.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; + b.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; + b.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; + b.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; + b.curveName = "ECC-224"; + + test_ecc[0] = a; + test_ecc[1] = b; + + for (i = 0; i < times; i++) { + + ecc_init(&userA); + + memset(sig, 0, sizeof(sig)); + x = sizeof(sig); + + /* calculate SHA-1 hash of message */ + ret = InitSha(&sha); + if (ret != 0) + return -1015 - i; + + ShaUpdate(&sha, (byte*)test_ecc[i].msg, (word32)test_ecc[i].msgLen); + ShaFinal(&sha, hash); + + ret = ecc_import_raw(&userA, test_ecc[i].Qx, test_ecc[i].Qy, + test_ecc[i].d, test_ecc[i].curveName); + if (ret != 0) + return -1017 - i; + + ret = ecc_rs_to_sig(test_ecc[i].R, test_ecc[i].S, sig, &x); + if (ret != 0) + return -1019 - i; + + ret = ecc_verify_hash(sig, x, hash, sizeof(hash), &verify, &userA); + if (ret != 0) + return -1021 - i; + + if (verify != 1) + return -1023 - i; + + ecc_free(&userA); + } + } + ecc_free(&pubKey); ecc_free(&userB); - ecc_free(&userA); return 0; } diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index a885abf63..a7378fdbd 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -110,6 +110,12 @@ CYASSL_API int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key); CYASSL_API +int ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); +CYASSL_API +int ecc_import_raw(ecc_key* key, const char* qx, const char* qy, + const char* d, const char* curveName); + +CYASSL_API int ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); /* size helper */