summaryrefslogtreecommitdiff
path: root/cipher/ecc-ecdsa.c
Commit message (Collapse)AuthorAgeFilesLines
* cipher:dsa,ecdsa: Support supplying K externally.NIIBE Yutaka2021-10-071-28/+48
| | | | | | | | | | | | | | * cipher/dsa.c (sign): Add an argument K for DSA. (test_keys, dsa_sign): Follow the change. * cipher/ecc-common.h (_gcry_ecc_ecdsa_sign): Likewise for ECDSA. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise for ECDSA. * cipher/ecc.c (test_keys, ecc_sign): Follow the change. * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support "label" for K. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* cipher: Support internal hashing for DSA and ECDSA signing.NIIBE Yutaka2021-07-291-3/+32
| | | | | | | | | | | | | | | | | | | | | | | | * cipher/dsa-common.c (_gcry_dsa_compute_hash): New. * cipher/pubkey-internal.h (_gcry_dsa_compute_hash): New. * cipher/dsa.c (verify): Add FLAGS and HASHALGO. (test_keys): Follow the change of verify API. (sign, verify): Support PUBKEY_FLAG_PREHASH flag to hash internally. (selftest_sign): Test with "prehash" flag. * cipher/ecc-common.h (_gcry_ecc_ecdsa_verify): Add FLAGS and HASHALGO. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Support PUBKEY_FLAG_PREHASH flag to hash internally. (_gcry_ecc_ecdsa_verify): Likewise. * cipher/ecc.c (test_keys): Follow the change of _gcry_ecc_ecdsa_verify API. (selftest_sign): Test with "prehash" flag. * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support handling of "hash-algo" and "value" with "prehash" flag. -- GnuPG-bug-id: 5530 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* ecc: Add checking key for ECDSA.NIIBE Yutaka2021-02-021-0/+3
| | | | | | | | | | | | * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): Validate public key. * cipher/ecc-gost.c (_gcry_ecc_gost_verify): Likewise. * cipher/ecc-sm2.c (_gcry_ecc_sm2_verify): Likewise. -- GnuPG-bug-id: 5282 Reported-by: Guido Vranken <guidovranken@gmail.com> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* DSA,ECDSA: Fix use of mpi_invm.NIIBE Yutaka2020-03-181-1/+2
| | | | | | | | * cipher/dsa.c (sign): Call mpi_invm before _gcry_dsa_modify_k. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. GnuPG-bug-id: 4869 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* ecc: Simplify using mpi_ec_t directly.NIIBE Yutaka2019-10-221-39/+29
| | | | | | | | | | | | | | | | * cipher/ecc-common.h (ECC_public_key, ECC_secret_key): Remove. (_gcry_ecc_ecdsa_sign, _gcry_ecc_ecdsa_verify): Use mpi_ec_t. (_gcry_ecc_eddsa_genkey, gcry_ecc_eddsa_sign): Likewise. (_gcry_ecc_eddsa_verify): Likewise. (_gcry_ecc_gost_sign, _gcry_ecc_gost_verify): Likewise. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Use mpi_ec_t directly. (_gcry_ecc_ecdsa_verify): Likewise. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise. (_gcry_ecc_eddsa_sign, _gcry_ecc_eddsa_verify): Likewise. * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise. (_gcry_ecc_gost_verify): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* ecdsa: Fix unblinding too early.NIIBE Yutaka2019-08-161-3/+5
| | | | | | | | | * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until the last step. Suggested-by: David Schrammel <david.schrammel@iaik.tugraz.at> Suggested-by: Samuel Weiser <samuel.weiser@iaik.tugraz.at> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dsa,ecdsa: Fix use of nonce, use larger one.NIIBE Yutaka2019-08-081-9/+1
| | | | | | | | | | | | * cipher/dsa-common.c (_gcry_dsa_modify_k): New. * cipher/pubkey-internal.h (_gcry_dsa_modify_k): New. * cipher/dsa.c (sign): Use _gcry_dsa_modify_k. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise. CVE-id: CVE-2019-13627 GnuPG-bug-id: 4626 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* ecc: Add mitigation against timing attack.NIIBE Yutaka2019-08-071-0/+10
| | | | | | | | | | * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K. * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger. CVE-id: CVE-2019-13627 GnuPG-bug-id: 4626 Co-authored-by: Ján Jančár <johny@neuromancer.sk> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* ecc: Add blinding for ECDSA.NIIBE Yutaka2018-06-131-2/+18
| | | | | | | | | | | * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with randomized nonce B. -- Reported-by: Keegan Ryan <Keegan.Ryan@nccgroup.trust> CVE-id: CVE-2018-0495 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Truncate hash values for ECDSA signature schemeDmitry Eremin-Solenikov2014-01-131-14/+14
| | | | | | | | | | | | | | | | * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque mpis as required for DSA and ECDSA signature schemas. * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to behave like the rest of internal sign/verify functions. * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): as required by ECDSA scheme, truncate hash values to bitlength of used curve. * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash truncation. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Remove macro hacks for internal vs. external functions. Part 1.Werner Koch2013-12-051-15/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * src/visibility.h: Remove almost all define/undef hacks for symbol visibility. Add macros to detect the use of the public functions. Change all affected functions by prefixing them explicitly with an underscore and change all internal callers to call the underscore prefixed versions. Provide convenience macros from sexp and mpi functions. * src/visibility.c: Change all functions to use only gpg_err_code_t and translate to gpg_error_t only in visibility.c. -- The use of the macro magic made if hard to follow the function calls in the source. It was not easy to see if an internal or external function (as defined by visibility.c) was called. The change is quite large but hopefully makes Libgcrypt easier to maintain. Some function have not yet been fixed; this will be done soon. Because Libgcrypt does no make use of any other libgpg-error using libraries it is useless to always translate between gpg_error_t and gpg_err_code_t (i.e with and w/o error source identifier). This translation has no mostly be moved to the function wrappers in visibility.c. An additional advantage of using gpg_err_code_t is that comparison can be done without using gpg_err_code(). I am sorry for that large patch, but a series of patches would actually be more work to audit. Signed-off-by: Werner Koch <wk@gnupg.org>
* ecc: Fully implement Ed25519 compression in ECDSA mode.Werner Koch2013-11-051-2/+2
| | | | | | | | | | | * src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS. * mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it. * cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as opaque mpi and use eddsa decoding depending on the flag. (_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the curve. Signed-off-by: Werner Koch <wk@gnupg.org>
* ecc: Refactor ecc.cWerner Koch2013-10-231-0/+235
* cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files. * cipher/ecc.c (point_init, point_free): Move to ecc-common.h. (sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign. (verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify. (sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign. (verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify. (sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign. (verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify. (eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey. (reverse_buffer): Move to ecc-eddsa.c. (eddsa_encodempi, eddsa_encode_x_y): Ditto. (_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto. -- This change should make it easier to add new ECC algorithms. Signed-off-by: Werner Koch <wk@gnupg.org>
View Lorry Controller Status