mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 02:40:08 +00:00
eddsa_sign_25519
This commit is contained in:
NIIBE Yutaka
parent
07b960009a
commit
28a5799cf7
@ -1,5 +1,7 @@
|
||||
2014-03-31 Niibe Yutaka <gniibe@fsij.org>
|
||||
|
||||
* src/ecc-edwards.c (eddsa_sign_25519): Rename and API change.
|
||||
|
||||
* src/openpgp-do.c (gpg_do_load_prvkey, gpg_do_delete_prvkey)
|
||||
(gpg_do_write_prvkey, gpg_do_public_key, gpg_do_keygen): Follow
|
||||
the change of PRVKEY_DATA and KEY_DATA.
|
||||
|
||||
@ -344,12 +344,17 @@ main (int argc, char *argv[])
|
||||
bn256 pk_calculated[1];
|
||||
uint8_t hash[64];
|
||||
bn256 a[1];
|
||||
extern void eddsa_25519 (bn256 *r, bn256 *s, const uint8_t *input,
|
||||
size_t ilen, const bn256 *a, const uint8_t *seed,
|
||||
const bn256 *pk);
|
||||
bn256 *R, *S;
|
||||
uint8_t out[64];
|
||||
|
||||
extern void eddsa_sign_25519 (const uint8_t *input, size_t ilen,
|
||||
uint8_t *output,
|
||||
const bn256 *a, const uint8_t *seed,
|
||||
const bn256 *pk);
|
||||
extern void eddsa_public_key_25519 (bn256 *pk, const bn256 *a);
|
||||
|
||||
bn256 R[1], S[1];
|
||||
R = (bn256 *)out;
|
||||
S = (bn256 *)(out+32);
|
||||
|
||||
while (1)
|
||||
{
|
||||
@ -374,7 +379,7 @@ main (int argc, char *argv[])
|
||||
continue;
|
||||
}
|
||||
|
||||
eddsa_25519 (R, S, msg, msglen, a, hash+32, pk);
|
||||
eddsa_sign_25519 (msg, msglen, out, a, hash+32, pk);
|
||||
if (memcmp (sig, R, sizeof (bn256)) != 0
|
||||
|| memcmp (((const uint8_t *)sig)+32, S, sizeof (bn256)) != 0)
|
||||
{
|
||||
|
||||
@ -15,6 +15,7 @@ CSRC = main.c usb_stm32f103.c adc_stm32f103.c \
|
||||
bn.c mod.c \
|
||||
modp256r1.c jpc_p256r1.c ec_p256r1.c call-ec_p256r1.c \
|
||||
modp256k1.c jpc_p256k1.c ec_p256k1.c call-ec_p256k1.c \
|
||||
mod25638.c ecc-edwards.c sha512.c \
|
||||
random.c neug.c sha256.c sys.c
|
||||
|
||||
INCDIR =
|
||||
|
||||
@ -749,15 +749,19 @@ mod_reduce_M (bn256 *R, const bn512 *A)
|
||||
|
||||
|
||||
void
|
||||
eddsa_25519 (bn256 *r, bn256 *s, const uint8_t *input, size_t ilen,
|
||||
const bn256 *a, const uint8_t *seed, const bn256 *pk)
|
||||
eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint8_t *out,
|
||||
const bn256 *a, const uint8_t *seed, const bn256 *pk)
|
||||
{
|
||||
bn256 *r, *s;
|
||||
sha512_context ctx;
|
||||
uint8_t hash[64];
|
||||
bn256 tmp[1];
|
||||
ac R[1];
|
||||
uint32_t carry, borrow;
|
||||
|
||||
r = (bn256 *)out;
|
||||
s = (bn256 *)(out+32);
|
||||
|
||||
sha512_start (&ctx);
|
||||
sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
|
||||
sha512_update (&ctx, input, ilen);
|
||||
@ -965,8 +969,9 @@ main (int argc, char *argv[])
|
||||
#ifdef TESTING_EDDSA
|
||||
uint8_t hash[64];
|
||||
bn256 a[1];
|
||||
bn256 r[1], s[1];
|
||||
uint8_t r_s[64];
|
||||
bn256 pk[1];
|
||||
bn256 *r, *s;
|
||||
|
||||
const bn256 sk[1] = {
|
||||
{{ 0x9db1619d, 0x605afdef, 0xf44a84ba, 0xc42cec92,
|
||||
@ -980,6 +985,9 @@ main (int argc, char *argv[])
|
||||
{{ 0x1582b85f, 0xac3ba390, 0x70391ec6, 0x6bb4f91c,
|
||||
0xf0f55bd2, 0x24be5b59, 0x43415165, 0x0b107a8e }} };
|
||||
|
||||
r = (bn256 *)r_s;
|
||||
s = (bn256 *)(r_s+32);
|
||||
|
||||
sha512 ((uint8_t *)sk, sizeof (bn256), hash);
|
||||
hash[0] &= 248;
|
||||
hash[31] &= 127;
|
||||
@ -987,7 +995,7 @@ main (int argc, char *argv[])
|
||||
memcpy (a, hash, sizeof (bn256));
|
||||
|
||||
eddsa_public_key_25519 (pk, a);
|
||||
eddsa_25519 (r, s, (const uint8_t *)"", 0, a, hash+32, pk);
|
||||
eddsa_sign_25519 ((const uint8_t *)"", 0, r_s, a, hash+32, pk);
|
||||
|
||||
if (memcmp (r, r_expected, sizeof (bn256)) != 0
|
||||
|| memcmp (s, s_expected, sizeof (bn256)) != 0)
|
||||
|
||||
11
src/gnuk.h
11
src/gnuk.h
@ -154,7 +154,10 @@ struct key_data {
|
||||
};
|
||||
|
||||
struct key_data_internal {
|
||||
uint32_t data[KEY_CONTENT_LEN/4]; /* p and q */
|
||||
uint32_t data[KEY_CONTENT_LEN/4]; /*
|
||||
* Secret key data.
|
||||
* RSA: p and q, ECDSA: d, EdDSA: a+seed
|
||||
*/
|
||||
uint32_t checksum[DATA_ENCRYPTION_KEY_SIZE/4];
|
||||
};
|
||||
|
||||
@ -253,6 +256,12 @@ extern int ecdsa_sign_p256k1 (const uint8_t *hash, uint8_t *output,
|
||||
const uint8_t *key_data);
|
||||
extern uint8_t *ecdsa_compute_public_p256k1 (const uint8_t *key_data);
|
||||
|
||||
|
||||
extern int eddsa_sign_25519 (const uint8_t *input, size_t ilen,
|
||||
uint8_t *output,
|
||||
const uint8_t *sk_a, const uint8_t *seed,
|
||||
const uint8_t *pk);
|
||||
|
||||
extern const uint8_t *gpg_do_read_simple (uint8_t);
|
||||
extern void gpg_do_write_simple (uint8_t, const uint8_t *, int);
|
||||
extern void gpg_increment_digital_signature_counter (void);
|
||||
|
||||
@ -808,6 +808,9 @@ cmd_get_data (void)
|
||||
#define ECDSA_HASH_LEN 32
|
||||
#define ECDSA_SIGNATURE_LENGTH 64
|
||||
|
||||
#define EDDSA_HASH_LEN_MAX 256
|
||||
#define EDDSA_SIGNATURE_LENGTH 32
|
||||
|
||||
static void
|
||||
cmd_pso (void)
|
||||
{
|
||||
@ -1034,8 +1037,10 @@ cmd_internal_authenticate (void)
|
||||
}
|
||||
|
||||
res_APDU_size = EDDSA_SIGNATURE_LENGTH;
|
||||
r = eddsa_sign_25519 (apdu.cmd_apdu_data, res_APDU,
|
||||
&kd[GPG_KEY_FOR_AUTHENTICATION]);
|
||||
r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, res_APDU,
|
||||
kd[GPG_KEY_FOR_AUTHENTICATION].data,
|
||||
kd[GPG_KEY_FOR_AUTHENTICATION].data+32,
|
||||
kd[GPG_KEY_FOR_AUTHENTICATION].key_addr + KEY_CONTENT_LEN);
|
||||
if (r < 0)
|
||||
GPG_ERROR ();
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user