diff options
Diffstat (limited to 'board/cr50/dcrypto/p256_ec.c')
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index fee1434136..4c97c521fc 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -4,6 +4,8 @@ */ #include "dcrypto.h" +#include "fips.h" +#include "fips_rand.h" #include <stdint.h> @@ -36,6 +38,28 @@ int DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, return dcrypto_p256_point_mul(n, in_x, in_y, out_x, out_y); } +int DCRYPTO_p256_key_pwct(p256_int *d, p256_int *x, p256_int *y) +{ + p256_int message, r, s; + int result; + + if (p256_is_zero(d)) + return 0; + + /* set some pseudo-random message. */ + p256_fast_random(&message); + + if (fips_p256_ecdsa_sign(d, &message, &r, &s) == 0) + return 0; + +#ifdef CRYPTO_TEST_SETUP + if (fips_break_cmd == FIPS_BREAK_ECDSA_PWCT) + message.a[0] = ~message.a[0]; +#endif + result = dcrypto_p256_ecdsa_verify(x, y, &message, &r, &s); + return result; +} + /** * Key selection based on FIPS-186-4, section B.4.2 (Key Pair * Generation by Testing Candidates). @@ -44,6 +68,7 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, const uint8_t key_bytes[P256_NBYTES]) { p256_int key; + p256_int tx, ty; p256_from_bin(key_bytes, &key); @@ -57,7 +82,16 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, return 0; p256_add_d(&key, 1, d); always_memset(&key, 0, sizeof(key)); - if (x == NULL || y == NULL) - return 1; - return dcrypto_p256_base_point_mul(d, x, y); + + /* We need public key anyway for pair-wise consistency test. */ + if (!x) + x = &tx; + if (!y) + y = &ty; + + /* Compute public key (x,y) = d * G */ + if (dcrypto_p256_base_point_mul(d, x, y) == 0) + return 0; + + return DCRYPTO_p256_key_pwct(d, x, y); } |