eddsa_sign_25519
This commit is contained in:
NIIBE Yutaka
@@ -1,5 +1,7 @@
|
|||||||
2014-03-31 Niibe Yutaka <gniibe@fsij.org>
|
2014-03-31 Niibe Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
|
* src/ecc-edwards.c (eddsa_sign_25519): Rename and API change.
|
||||||
|
|
||||||
* src/openpgp-do.c (gpg_do_load_prvkey, gpg_do_delete_prvkey)
|
* src/openpgp-do.c (gpg_do_load_prvkey, gpg_do_delete_prvkey)
|
||||||
(gpg_do_write_prvkey, gpg_do_public_key, gpg_do_keygen): Follow
|
(gpg_do_write_prvkey, gpg_do_public_key, gpg_do_keygen): Follow
|
||||||
the change of PRVKEY_DATA and KEY_DATA.
|
the change of PRVKEY_DATA and KEY_DATA.
|
||||||
|
|||||||
@@ -344,12 +344,17 @@ main (int argc, char *argv[])
|
|||||||
bn256 pk_calculated[1];
|
bn256 pk_calculated[1];
|
||||||
uint8_t hash[64];
|
uint8_t hash[64];
|
||||||
bn256 a[1];
|
bn256 a[1];
|
||||||
extern void eddsa_25519 (bn256 *r, bn256 *s, const uint8_t *input,
|
bn256 *R, *S;
|
||||||
size_t ilen, const bn256 *a, const uint8_t *seed,
|
uint8_t out[64];
|
||||||
|
|
||||||
|
extern void eddsa_sign_25519 (const uint8_t *input, size_t ilen,
|
||||||
|
uint8_t *output,
|
||||||
|
const bn256 *a, const uint8_t *seed,
|
||||||
const bn256 *pk);
|
const bn256 *pk);
|
||||||
extern void eddsa_public_key_25519 (bn256 *pk, const bn256 *a);
|
extern void eddsa_public_key_25519 (bn256 *pk, const bn256 *a);
|
||||||
|
|
||||||
bn256 R[1], S[1];
|
R = (bn256 *)out;
|
||||||
|
S = (bn256 *)(out+32);
|
||||||
|
|
||||||
while (1)
|
while (1)
|
||||||
{
|
{
|
||||||
@@ -374,7 +379,7 @@ main (int argc, char *argv[])
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
eddsa_25519 (R, S, msg, msglen, a, hash+32, pk);
|
eddsa_sign_25519 (msg, msglen, out, a, hash+32, pk);
|
||||||
if (memcmp (sig, R, sizeof (bn256)) != 0
|
if (memcmp (sig, R, sizeof (bn256)) != 0
|
||||||
|| memcmp (((const uint8_t *)sig)+32, S, sizeof (bn256)) != 0)
|
|| memcmp (((const uint8_t *)sig)+32, S, sizeof (bn256)) != 0)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ CSRC = main.c usb_stm32f103.c adc_stm32f103.c \
|
|||||||
bn.c mod.c \
|
bn.c mod.c \
|
||||||
modp256r1.c jpc_p256r1.c ec_p256r1.c call-ec_p256r1.c \
|
modp256r1.c jpc_p256r1.c ec_p256r1.c call-ec_p256r1.c \
|
||||||
modp256k1.c jpc_p256k1.c ec_p256k1.c call-ec_p256k1.c \
|
modp256k1.c jpc_p256k1.c ec_p256k1.c call-ec_p256k1.c \
|
||||||
|
mod25638.c ecc-edwards.c sha512.c \
|
||||||
random.c neug.c sha256.c sys.c
|
random.c neug.c sha256.c sys.c
|
||||||
|
|
||||||
INCDIR =
|
INCDIR =
|
||||||
|
|||||||
@@ -749,15 +749,19 @@ mod_reduce_M (bn256 *R, const bn512 *A)
|
|||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
eddsa_25519 (bn256 *r, bn256 *s, const uint8_t *input, size_t ilen,
|
eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint8_t *out,
|
||||||
const bn256 *a, const uint8_t *seed, const bn256 *pk)
|
const bn256 *a, const uint8_t *seed, const bn256 *pk)
|
||||||
{
|
{
|
||||||
|
bn256 *r, *s;
|
||||||
sha512_context ctx;
|
sha512_context ctx;
|
||||||
uint8_t hash[64];
|
uint8_t hash[64];
|
||||||
bn256 tmp[1];
|
bn256 tmp[1];
|
||||||
ac R[1];
|
ac R[1];
|
||||||
uint32_t carry, borrow;
|
uint32_t carry, borrow;
|
||||||
|
|
||||||
|
r = (bn256 *)out;
|
||||||
|
s = (bn256 *)(out+32);
|
||||||
|
|
||||||
sha512_start (&ctx);
|
sha512_start (&ctx);
|
||||||
sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
|
sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
|
||||||
sha512_update (&ctx, input, ilen);
|
sha512_update (&ctx, input, ilen);
|
||||||
@@ -965,8 +969,9 @@ main (int argc, char *argv[])
|
|||||||
#ifdef TESTING_EDDSA
|
#ifdef TESTING_EDDSA
|
||||||
uint8_t hash[64];
|
uint8_t hash[64];
|
||||||
bn256 a[1];
|
bn256 a[1];
|
||||||
bn256 r[1], s[1];
|
uint8_t r_s[64];
|
||||||
bn256 pk[1];
|
bn256 pk[1];
|
||||||
|
bn256 *r, *s;
|
||||||
|
|
||||||
const bn256 sk[1] = {
|
const bn256 sk[1] = {
|
||||||
{{ 0x9db1619d, 0x605afdef, 0xf44a84ba, 0xc42cec92,
|
{{ 0x9db1619d, 0x605afdef, 0xf44a84ba, 0xc42cec92,
|
||||||
@@ -980,6 +985,9 @@ main (int argc, char *argv[])
|
|||||||
{{ 0x1582b85f, 0xac3ba390, 0x70391ec6, 0x6bb4f91c,
|
{{ 0x1582b85f, 0xac3ba390, 0x70391ec6, 0x6bb4f91c,
|
||||||
0xf0f55bd2, 0x24be5b59, 0x43415165, 0x0b107a8e }} };
|
0xf0f55bd2, 0x24be5b59, 0x43415165, 0x0b107a8e }} };
|
||||||
|
|
||||||
|
r = (bn256 *)r_s;
|
||||||
|
s = (bn256 *)(r_s+32);
|
||||||
|
|
||||||
sha512 ((uint8_t *)sk, sizeof (bn256), hash);
|
sha512 ((uint8_t *)sk, sizeof (bn256), hash);
|
||||||
hash[0] &= 248;
|
hash[0] &= 248;
|
||||||
hash[31] &= 127;
|
hash[31] &= 127;
|
||||||
@@ -987,7 +995,7 @@ main (int argc, char *argv[])
|
|||||||
memcpy (a, hash, sizeof (bn256));
|
memcpy (a, hash, sizeof (bn256));
|
||||||
|
|
||||||
eddsa_public_key_25519 (pk, a);
|
eddsa_public_key_25519 (pk, a);
|
||||||
eddsa_25519 (r, s, (const uint8_t *)"", 0, a, hash+32, pk);
|
eddsa_sign_25519 ((const uint8_t *)"", 0, r_s, a, hash+32, pk);
|
||||||
|
|
||||||
if (memcmp (r, r_expected, sizeof (bn256)) != 0
|
if (memcmp (r, r_expected, sizeof (bn256)) != 0
|
||||||
|| memcmp (s, s_expected, sizeof (bn256)) != 0)
|
|| memcmp (s, s_expected, sizeof (bn256)) != 0)
|
||||||
|
|||||||
11
src/gnuk.h
11
src/gnuk.h
@@ -154,7 +154,10 @@ struct key_data {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct key_data_internal {
|
struct key_data_internal {
|
||||||
uint32_t data[KEY_CONTENT_LEN/4]; /* p and q */
|
uint32_t data[KEY_CONTENT_LEN/4]; /*
|
||||||
|
* Secret key data.
|
||||||
|
* RSA: p and q, ECDSA: d, EdDSA: a+seed
|
||||||
|
*/
|
||||||
uint32_t checksum[DATA_ENCRYPTION_KEY_SIZE/4];
|
uint32_t checksum[DATA_ENCRYPTION_KEY_SIZE/4];
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -253,6 +256,12 @@ extern int ecdsa_sign_p256k1 (const uint8_t *hash, uint8_t *output,
|
|||||||
const uint8_t *key_data);
|
const uint8_t *key_data);
|
||||||
extern uint8_t *ecdsa_compute_public_p256k1 (const uint8_t *key_data);
|
extern uint8_t *ecdsa_compute_public_p256k1 (const uint8_t *key_data);
|
||||||
|
|
||||||
|
|
||||||
|
extern int eddsa_sign_25519 (const uint8_t *input, size_t ilen,
|
||||||
|
uint8_t *output,
|
||||||
|
const uint8_t *sk_a, const uint8_t *seed,
|
||||||
|
const uint8_t *pk);
|
||||||
|
|
||||||
extern const uint8_t *gpg_do_read_simple (uint8_t);
|
extern const uint8_t *gpg_do_read_simple (uint8_t);
|
||||||
extern void gpg_do_write_simple (uint8_t, const uint8_t *, int);
|
extern void gpg_do_write_simple (uint8_t, const uint8_t *, int);
|
||||||
extern void gpg_increment_digital_signature_counter (void);
|
extern void gpg_increment_digital_signature_counter (void);
|
||||||
|
|||||||
@@ -808,6 +808,9 @@ cmd_get_data (void)
|
|||||||
#define ECDSA_HASH_LEN 32
|
#define ECDSA_HASH_LEN 32
|
||||||
#define ECDSA_SIGNATURE_LENGTH 64
|
#define ECDSA_SIGNATURE_LENGTH 64
|
||||||
|
|
||||||
|
#define EDDSA_HASH_LEN_MAX 256
|
||||||
|
#define EDDSA_SIGNATURE_LENGTH 32
|
||||||
|
|
||||||
static void
|
static void
|
||||||
cmd_pso (void)
|
cmd_pso (void)
|
||||||
{
|
{
|
||||||
@@ -1034,8 +1037,10 @@ cmd_internal_authenticate (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
res_APDU_size = EDDSA_SIGNATURE_LENGTH;
|
res_APDU_size = EDDSA_SIGNATURE_LENGTH;
|
||||||
r = eddsa_sign_25519 (apdu.cmd_apdu_data, res_APDU,
|
r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, res_APDU,
|
||||||
&kd[GPG_KEY_FOR_AUTHENTICATION]);
|
kd[GPG_KEY_FOR_AUTHENTICATION].data,
|
||||||
|
kd[GPG_KEY_FOR_AUTHENTICATION].data+32,
|
||||||
|
kd[GPG_KEY_FOR_AUTHENTICATION].key_addr + KEY_CONTENT_LEN);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
GPG_ERROR ();
|
GPG_ERROR ();
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user