wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

ECCSI/SAKKE: add loop count to generation functions

Browse Source
This commit is contained in:
Sean Parkinson
2021-03-12 09:18:57 +10:00
parent a55e94cf6f
commit a20b7fae32
4 changed files with 44 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
wolfcrypt/src/eccsi.c
View File

@@ -867,13 +867,21 @@ static int eccsi_make_pair(EccsiKey* key, WC_RNG* rng,
enum wc_HashType hashType, const byte* id, word32 idSz, mp_int* ssk, enum wc_HashType hashType, const byte* id, word32 idSz, mp_int* ssk,
ecc_point* pvt) ecc_point* pvt)
{ {
int err; int err = 0;
byte hashSz = 0; byte hashSz = 0;
int genTryCnt = 0;
do { do {
/* Don't infinitely make pairs when random number generator fails. */
if ((++genTryCnt) > ECCSI_MAX_GEN_COUNT) {
err = RNG_FAILURE_E;
}
if (err == 0) {
/* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */ /* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */
err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey, err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey,
key->ecc.dp->id); key->ecc.dp->id);
}
if (err == 0) { if (err == 0) {
err = wc_ecc_copy_point(&key->pubkey.pubkey, pvt); err = wc_ecc_copy_point(&key->pubkey.pubkey, pvt);
} }
@@ -1830,15 +1838,23 @@ static int eccsi_encode_sig(const EccsiKey* key, mp_int* r, mp_int* s,
static int eccsi_gen_sig(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, static int eccsi_gen_sig(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType,
const byte* msg, word32 msgSz, mp_int* r, mp_int* s) const byte* msg, word32 msgSz, mp_int* r, mp_int* s)
{ {
int err; int err = 0;
word32 sz = key->ecc.dp->size; word32 sz = key->ecc.dp->size;
word32 heSz = 0; word32 heSz = 0;
const mp_int* jx = NULL; const mp_int* jx = NULL;
mp_int* he = &key->tmp; mp_int* he = &key->tmp;
int genTryCnt = 0;
do { do {
/* Don't infinitely gen sigs when random number generator fails. */
if ((++genTryCnt) > ECCSI_MAX_GEN_COUNT) {
err = RNG_FAILURE_E;
}
if (err == 0) {
/* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */ /* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */
err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id); err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id);
}
if (err == 0) { if (err == 0) {
jx = key->pubkey.pubkey.x; jx = key->pubkey.pubkey.x;
err = eccsi_fit_to_octets(jx, &key->params.order, sz, r); err = eccsi_fit_to_octets(jx, &key->params.order, sz, r);

8
wolfcrypt/src/sakke.c
View File

@@ -506,9 +506,17 @@ int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng)
err = sakke_load_base_point(key); err = sakke_load_base_point(key);
} }
if (err == 0) { if (err == 0) {
int genTryCnt = 0;
/* Generate a random number that is not 0 - master secret. */ /* Generate a random number that is not 0 - master secret. */
do { do {
/* Don't infinitely loop on random number generation failure. */
if ((++genTryCnt) > SAKKE_MAX_GEN_COUNT) {
err = RNG_FAILURE_E;
}
if (err == 0) {
err = mp_rand(&key->ecc.k, digits, rng); err = mp_rand(&key->ecc.k, digits, rng);
}
if (err == 0) { if (err == 0) {
err = mp_mod(&key->ecc.k, &key->params.q, &key->ecc.k); err = mp_mod(&key->ecc.k, &key->params.q, &key->ecc.k);
} }

6
wolfssl/wolfcrypt/eccsi.h
View File

@@ -41,6 +41,12 @@
#define MAX_ECCSI_BYTES (256 / 8) #define MAX_ECCSI_BYTES (256 / 8)
/* Maximum number of loops of attempting to generate key pairs and signatures.
*/
#ifndef ECCSI_MAX_GEN_COUNT
#define ECCSI_MAX_GEN_COUNT 10
#endif
typedef struct EccsiKeyParams { typedef struct EccsiKeyParams {
/** Order (q) of elliptic curve as an MP integer. */ /** Order (q) of elliptic curve as an MP integer. */
mp_int order; mp_int order;

6
wolfssl/wolfcrypt/sakke.h
View File

@@ -41,6 +41,12 @@
#define SAKKE_ID_MAX_SIZE 128 #define SAKKE_ID_MAX_SIZE 128
/* Maximum number of loops of attempting to generate a key. */
#ifndef SAKKE_MAX_GEN_COUNT
#define SAKKE_MAX_GEN_COUNT 10
#endif
/** MP integer in projective form. */ /** MP integer in projective form. */
typedef ecc_point mp_proj; typedef ecc_point mp_proj;