mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-19 18:30:15 +00:00
ecdsa implementation
This commit is contained in:
parent
5f1088e4be
commit
a368a45a0d
2477
ChangeLog-1_0
Normal file
2477
ChangeLog-1_0
Normal file
File diff suppressed because it is too large
Load Diff
@ -84,7 +84,7 @@ CSRC = $(PORTSRC) \
|
||||
main.c usb_stm32f103.c adc_stm32f103.c \
|
||||
usb_desc.c usb_ctrl.c \
|
||||
usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \
|
||||
bn.c modp256.c jpc.c mod.c ec_p256.c \
|
||||
bn.c modp256.c jpc.c mod.c ec_p256.c call-ec_p256.c \
|
||||
random.c neug.c sys.c
|
||||
|
||||
ifneq ($(ENABLE_DEBUG),)
|
||||
|
85
src/call-ec_p256.c
Normal file
85
src/call-ec_p256.c
Normal file
@ -0,0 +1,85 @@
|
||||
/*
|
||||
* call-ec_p256.c - interface between Gnuk and Elliptic curve over GF(p256)
|
||||
*
|
||||
* Copyright (C) 2013 Free Software Initiative of Japan
|
||||
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
*
|
||||
* This file is a part of Gnuk, a GnuPG USB Token implementation.
|
||||
*
|
||||
* Gnuk is free software: you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Gnuk is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
||||
* License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "bn.h"
|
||||
#include "jpc-ac.h"
|
||||
#include "ec_p256.h"
|
||||
|
||||
#include "ch.h"
|
||||
#include "gnuk.h"
|
||||
|
||||
/* We are little endian. */
|
||||
|
||||
#define ECDSA_BYTE_SIZE 32
|
||||
|
||||
int
|
||||
ecdsa_sign (const uint8_t *hash, uint8_t *output,
|
||||
const struct key_data *kd)
|
||||
{
|
||||
int i;
|
||||
bn256 r[1], s[1], z[1];
|
||||
uint8_t *p;
|
||||
|
||||
p = (uint8_t *)z;
|
||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||
p[ECDSA_BYTE_SIZE - i - 1] = hash[i];
|
||||
|
||||
ecdsa (r, s, z, (const bn256 *)kd);
|
||||
p = (uint8_t *)r;
|
||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||
*output++ = p[ECDSA_BYTE_SIZE - i - 1];
|
||||
p = (uint8_t *)s;
|
||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||
*output++ = p[ECDSA_BYTE_SIZE - i - 1];
|
||||
return 0;
|
||||
}
|
||||
|
||||
const uint8_t *
|
||||
ecdsa_compute_public (const uint8_t *key_data)
|
||||
{
|
||||
uint8_t *p0, *p, *p1;
|
||||
ac q[1];
|
||||
bn256 k[1];
|
||||
int i;
|
||||
|
||||
p0 = (uint8_t *)malloc (ECDSA_BYTE_SIZE * 2);
|
||||
if (p0 == NULL)
|
||||
return NULL;
|
||||
|
||||
p = (uint8_t *)k;
|
||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||
p[ECDSA_BYTE_SIZE - i - 1] = key_data[i];
|
||||
compute_kG (q, k);
|
||||
p = p0;
|
||||
p1 = (uint8_t *)q->x;
|
||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||
*p++ = p1[ECDSA_BYTE_SIZE - i - 1];
|
||||
p1 = (uint8_t *)q->y;
|
||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||
*p++ = p1[ECDSA_BYTE_SIZE - i - 1];
|
||||
|
||||
return p0;
|
||||
}
|
@ -107,11 +107,6 @@ modulus_calc (const uint8_t *p, int len)
|
||||
return modulus;
|
||||
}
|
||||
|
||||
void
|
||||
modulus_free (const uint8_t *p)
|
||||
{
|
||||
free ((void *)p);
|
||||
}
|
||||
|
||||
int
|
||||
rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
|
||||
|
@ -237,12 +237,15 @@ extern struct key_data kd[3];
|
||||
|
||||
extern int rsa_sign (const uint8_t *, uint8_t *, int, struct key_data *);
|
||||
extern const uint8_t *modulus_calc (const uint8_t *, int);
|
||||
extern void modulus_free (const uint8_t *);
|
||||
extern int rsa_decrypt (const uint8_t *, uint8_t *, int, struct key_data *);
|
||||
extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash,
|
||||
const uint8_t *signature);
|
||||
extern const uint8_t *rsa_genkey (void);
|
||||
|
||||
extern int ecdsa_sign (const uint8_t *hash, uint8_t *output,
|
||||
const struct key_data *kd);
|
||||
extern const uint8_t *ecdsa_compute_public (const uint8_t *key_data);
|
||||
|
||||
extern const uint8_t *gpg_do_read_simple (uint8_t);
|
||||
extern void gpg_do_write_simple (uint8_t, const uint8_t *, int);
|
||||
extern void gpg_increment_digital_signature_counter (void);
|
||||
|
134
src/openpgp-do.c
134
src/openpgp-do.c
@ -122,7 +122,7 @@ static const uint8_t extended_capabilities[] __attribute__ ((aligned (1))) = {
|
||||
};
|
||||
|
||||
/* Algorithm Attributes */
|
||||
static const uint8_t algorithm_attr[] __attribute__ ((aligned (1))) = {
|
||||
static const uint8_t algorithm_attr_rsa[] __attribute__ ((aligned (1))) = {
|
||||
6,
|
||||
0x01, /* RSA */
|
||||
0x08, 0x00, /* Length modulus (in bit): 2048 */
|
||||
@ -130,6 +130,12 @@ static const uint8_t algorithm_attr[] __attribute__ ((aligned (1))) = {
|
||||
0x00 /* 0: p&q , 3: CRT with N (not yet supported) */
|
||||
};
|
||||
|
||||
static const uint8_t algorithm_attr_ecdsa[] __attribute__ ((aligned (1))) = {
|
||||
9,
|
||||
0x13, /* ECDSA */
|
||||
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 /* OID of NIST curve P-256 */
|
||||
};
|
||||
|
||||
#define PW_LEN_MAX 127
|
||||
/*
|
||||
* Representation of PW1_LIFETIME:
|
||||
@ -722,7 +728,7 @@ static int8_t num_prv_keys;
|
||||
|
||||
static int
|
||||
gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
|
||||
const uint8_t *keystring_admin, const uint8_t *modulus)
|
||||
const uint8_t *keystring_admin, const uint8_t *pubkey)
|
||||
{
|
||||
uint8_t nr = get_do_ptr_nr_for_kk (kk);
|
||||
const uint8_t *p;
|
||||
@ -734,7 +740,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
|
||||
const uint8_t *ks_pw1;
|
||||
const uint8_t *ks_rc;
|
||||
struct key_data_internal kdi;
|
||||
int modulus_allocated_here = 0;
|
||||
int pubkey_allocated_here = 0;
|
||||
uint8_t ks_pw1_len = 0;
|
||||
uint8_t ks_rc_len = 0;
|
||||
|
||||
@ -745,23 +751,28 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
|
||||
/* No replace support, you need to remove it first. */
|
||||
return -1;
|
||||
|
||||
if (key_len != KEY_CONTENT_LEN)
|
||||
if (kk != GPG_KEY_FOR_AUTHENTICATION && key_len != KEY_CONTENT_LEN)
|
||||
return -1;
|
||||
if (kk == GPG_KEY_FOR_AUTHENTICATION && key_len != 32)
|
||||
return -1;
|
||||
|
||||
pd = (struct prvkey_data *)malloc (sizeof (struct prvkey_data));
|
||||
if (pd == NULL)
|
||||
return -1;
|
||||
|
||||
if (modulus == NULL)
|
||||
if (pubkey == NULL)
|
||||
{
|
||||
modulus = modulus_calc (key_data, key_len);
|
||||
if (modulus == NULL)
|
||||
if (kk == GPG_KEY_FOR_AUTHENTICATION)
|
||||
pubkey = ecdsa_compute_public (key_data);
|
||||
else
|
||||
pubkey = modulus_calc (key_data, key_len);
|
||||
if (pubkey == NULL)
|
||||
{
|
||||
free (pd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
modulus_allocated_here = 1;
|
||||
pubkey_allocated_here = 1;
|
||||
}
|
||||
|
||||
DEBUG_INFO ("Getting keystore address...\r\n");
|
||||
@ -769,15 +780,21 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
|
||||
if (key_addr == NULL)
|
||||
{
|
||||
free (pd);
|
||||
if (modulus_allocated_here)
|
||||
modulus_free (modulus);
|
||||
if (pubkey_allocated_here)
|
||||
free ((void *)pubkey);
|
||||
return -1;
|
||||
}
|
||||
|
||||
DEBUG_INFO ("key_addr: ");
|
||||
DEBUG_WORD ((uint32_t)key_addr);
|
||||
|
||||
memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
|
||||
if (kk == GPG_KEY_FOR_AUTHENTICATION)
|
||||
{
|
||||
memcpy (kdi.data, key_data, key_len);
|
||||
memset (kdi.data + key_len, 0, KEY_CONTENT_LEN - key_len);
|
||||
}
|
||||
else
|
||||
memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
|
||||
compute_key_data_checksum (&kdi, 0);
|
||||
|
||||
dek = random_bytes_get (); /* 32-byte random bytes */
|
||||
@ -790,9 +807,9 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
|
||||
|
||||
encrypt (dek, iv, (uint8_t *)&kdi, sizeof (struct key_data_internal));
|
||||
|
||||
r = flash_key_write (key_addr, kdi.data, modulus);
|
||||
if (modulus_allocated_here)
|
||||
modulus_free (modulus);
|
||||
r = flash_key_write (key_addr, kdi.data, pubkey);
|
||||
if (pubkey_allocated_here)
|
||||
free ((void *)pubkey);
|
||||
|
||||
if (r < 0)
|
||||
{
|
||||
@ -895,13 +912,23 @@ gpg_do_chks_prvkey (enum kind_of_key kk,
|
||||
}
|
||||
|
||||
/*
|
||||
* RSA:
|
||||
* 4d, xx, xx, xx: Extended Header List
|
||||
* b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT)
|
||||
* 7f48, xx: cardholder private key template
|
||||
* 91 xx
|
||||
* 92 xx xx
|
||||
* 93 xx xx
|
||||
* 91 xx: length of E
|
||||
* 92 xx xx: length of P
|
||||
* 93 xx xx: length of Q
|
||||
* 5f48, xx xx xx: cardholder private key
|
||||
* <E: 4-byte>, <P: 128-byte>, <Q: 128-byte>
|
||||
*
|
||||
* ECDSA:
|
||||
* 4d, xx: Extended Header List
|
||||
* a4 00 (AUT)
|
||||
* 7f48, xx: cardholder private key template
|
||||
* 91 xx: length of d
|
||||
* 5f48, xx : cardholder private key
|
||||
* <d>
|
||||
*/
|
||||
static int
|
||||
proc_key_import (const uint8_t *data, int len)
|
||||
@ -944,7 +971,8 @@ proc_key_import (const uint8_t *data, int len)
|
||||
ac_reset_other ();
|
||||
}
|
||||
|
||||
if (len <= 22)
|
||||
if ((kk != GPG_KEY_FOR_AUTHENTICATION && len <= 22)
|
||||
|| (kk == GPG_KEY_FOR_AUTHENTICATION && len <= 12))
|
||||
{ /* Deletion of the key */
|
||||
uint8_t nr = get_do_ptr_nr_for_kk (kk);
|
||||
const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
|
||||
@ -972,9 +1000,15 @@ proc_key_import (const uint8_t *data, int len)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* It should starts with 00 01 00 01 (E) */
|
||||
/* Skip E, 4-byte */
|
||||
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
|
||||
if (kk != GPG_KEY_FOR_AUTHENTICATION)
|
||||
{ /* RSA */
|
||||
/* It should starts with 00 01 00 01 (E) */
|
||||
/* Skip E, 4-byte */
|
||||
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
|
||||
}
|
||||
else
|
||||
r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL);
|
||||
|
||||
if (r < 0)
|
||||
return 0;
|
||||
else
|
||||
@ -1032,9 +1066,9 @@ gpg_do_table[] = {
|
||||
rw_pw_status },
|
||||
/* Fixed data */
|
||||
{ GPG_DO_EXTCAP, DO_FIXED, AC_ALWAYS, AC_NEVER, extended_capabilities },
|
||||
{ GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
|
||||
{ GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
|
||||
{ GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
|
||||
{ GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
|
||||
{ GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
|
||||
{ GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_ecdsa },
|
||||
/* Compound data: Read access only */
|
||||
{ GPG_DO_CH_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ch_data },
|
||||
{ GPG_DO_APP_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_app_data },
|
||||
@ -1475,26 +1509,42 @@ gpg_do_public_key (uint8_t kk_byte)
|
||||
|
||||
/* TAG */
|
||||
*res_p++ = 0x7f; *res_p++ = 0x49;
|
||||
/* LEN = 9+256 */
|
||||
*res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09;
|
||||
|
||||
{
|
||||
/*TAG*/ /*LEN = 256 */
|
||||
*res_p++ = 0x81; *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x00;
|
||||
/* 256-byte binary (big endian) */
|
||||
memcpy (res_p, key_addr + KEY_CONTENT_LEN, KEY_CONTENT_LEN);
|
||||
res_p += 256;
|
||||
}
|
||||
{
|
||||
/*TAG*/ /*LEN= 3 */
|
||||
*res_p++ = 0x82; *res_p++ = 3;
|
||||
/* 3-byte E=0x10001 (big endian) */
|
||||
*res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01;
|
||||
if (kk_byte != 0xa4)
|
||||
{ /* RSA */
|
||||
/* LEN = 9+256 */
|
||||
*res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09;
|
||||
|
||||
/* Success */
|
||||
res_APDU_size = res_p - res_APDU;
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
{
|
||||
/*TAG*/ /* LEN = 256 */
|
||||
*res_p++ = 0x81; *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x00;
|
||||
/* 256-byte binary (big endian) */
|
||||
memcpy (res_p, key_addr + KEY_CONTENT_LEN, KEY_CONTENT_LEN);
|
||||
res_p += 256;
|
||||
}
|
||||
{
|
||||
/*TAG*/ /* LEN= 3 */
|
||||
*res_p++ = 0x82; *res_p++ = 3;
|
||||
/* 3-byte E=0x10001 (big endian) */
|
||||
*res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01;
|
||||
}
|
||||
}
|
||||
else
|
||||
{ /* ECDSA */
|
||||
/* LEN = 2+64 */
|
||||
*res_p++ = 0x42;
|
||||
{
|
||||
/*TAG*/ /* LEN = 64 */
|
||||
*res_p++ = 0x81; *res_p++ = 0x40;
|
||||
/* 64-byte binary (big endian) */
|
||||
memcpy (res_p, key_addr + KEY_CONTENT_LEN, 64);
|
||||
res_p += 64;
|
||||
}
|
||||
}
|
||||
|
||||
/* Success */
|
||||
res_APDU_size = res_p - res_APDU;
|
||||
GPG_SUCCESS ();
|
||||
|
||||
DEBUG_INFO ("done.\r\n");
|
||||
return;
|
||||
|
@ -833,6 +833,7 @@ cmd_pso (void)
|
||||
}
|
||||
|
||||
|
||||
#if RSA_AUTH
|
||||
#define MAX_DIGEST_INFO_LEN 102 /* 40% */
|
||||
static void
|
||||
cmd_internal_authenticate (void)
|
||||
@ -876,6 +877,54 @@ cmd_internal_authenticate (void)
|
||||
|
||||
DEBUG_INFO ("INTERNAL AUTHENTICATE done.\r\n");
|
||||
}
|
||||
#else
|
||||
#define ECDSA_P256_HASH_LEN 32
|
||||
#define ECDSA_SIGNATURE_LENGTH 64
|
||||
|
||||
static void
|
||||
cmd_internal_authenticate (void)
|
||||
{
|
||||
int len = apdu.cmd_apdu_data_len;
|
||||
int r;
|
||||
|
||||
DEBUG_INFO (" - INTERNAL AUTHENTICATE\r\n");
|
||||
|
||||
if (P1 (apdu) == 0x00 && P2 (apdu) == 0x00)
|
||||
{
|
||||
DEBUG_SHORT (len);
|
||||
|
||||
if (!ac_check_status (AC_OTHER_AUTHORIZED))
|
||||
{
|
||||
DEBUG_INFO ("security error.");
|
||||
GPG_SECURITY_FAILURE ();
|
||||
return;
|
||||
}
|
||||
|
||||
if (len != ECDSA_P256_HASH_LEN)
|
||||
{
|
||||
DEBUG_INFO ("wrong hash length.");
|
||||
GPG_CONDITION_NOT_SATISFIED ();
|
||||
return;
|
||||
}
|
||||
|
||||
res_APDU_size = ECDSA_SIGNATURE_LENGTH;
|
||||
r = ecdsa_sign (apdu.cmd_apdu_data, res_APDU,
|
||||
&kd[GPG_KEY_FOR_AUTHENTICATION]);
|
||||
if (r < 0)
|
||||
GPG_ERROR ();
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG_INFO (" - ??");
|
||||
DEBUG_BYTE (P1 (apdu));
|
||||
DEBUG_INFO (" - ??");
|
||||
DEBUG_BYTE (P2 (apdu));
|
||||
GPG_ERROR ();
|
||||
}
|
||||
|
||||
DEBUG_INFO ("INTERNAL AUTHENTICATE done.\r\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
#define MBD_OPRATION_WRITE 0
|
||||
#define MBD_OPRATION_UPDATE 1
|
||||
|
Loading…
Reference in New Issue
Block a user