now EdDSA works.
This commit is contained in:
NIIBE Yutaka
@@ -1,3 +1,10 @@
|
|||||||
|
2014-04-03 Niibe Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
|
* src/ecc-edwards.c (eddsa_sign_25519): Change type of OUT.
|
||||||
|
* src/openpgp.c (cmd_internal_authenticate): Have a buffer.
|
||||||
|
|
||||||
|
* src/flash.c (flash_init): Fix key address finder.
|
||||||
|
|
||||||
2014-04-02 Niibe Yutaka <gniibe@fsij.org>
|
2014-04-02 Niibe Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
* src/openpgp-do.c (proc_key_import): Handle EdDSA.
|
* src/openpgp-do.c (proc_key_import): Handle EdDSA.
|
||||||
|
|||||||
@@ -76,7 +76,6 @@ KEYPTR
|
|||||||
----> [ P ][ Q ][ N ]
|
----> [ P ][ Q ][ N ]
|
||||||
<---encrypted----><--- plain ---->
|
<---encrypted----><--- plain ---->
|
||||||
|
|
||||||
key_addr 4-byte
|
|
||||||
initial_vector (random) 16-byte
|
initial_vector (random) 16-byte
|
||||||
checksum_encrypted 16-byte
|
checksum_encrypted 16-byte
|
||||||
dek_encrypted_by_keystring_pw1 16-byte
|
dek_encrypted_by_keystring_pw1 16-byte
|
||||||
|
|||||||
@@ -750,7 +750,7 @@ mod_reduce_M (bn256 *R, const bn512 *A)
|
|||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint8_t *out,
|
eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint32_t *out,
|
||||||
const bn256 *a, const uint8_t *seed, const bn256 *pk)
|
const bn256 *a, const uint8_t *seed, const bn256 *pk)
|
||||||
{
|
{
|
||||||
bn256 *r, *s;
|
bn256 *r, *s;
|
||||||
@@ -761,7 +761,7 @@ eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint8_t *out,
|
|||||||
uint32_t carry, borrow;
|
uint32_t carry, borrow;
|
||||||
|
|
||||||
r = (bn256 *)out;
|
r = (bn256 *)out;
|
||||||
s = (bn256 *)(out+32);
|
s = (bn256 *)(out+(32/4));
|
||||||
|
|
||||||
sha512_start (&ctx);
|
sha512_start (&ctx);
|
||||||
sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
|
sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
|
||||||
|
|||||||
13
src/flash.c
13
src/flash.c
@@ -80,20 +80,17 @@ extern uint8_t _data_pool;
|
|||||||
static int key_available_at (uint8_t *k)
|
static int key_available_at (uint8_t *k)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
uint8_t *p;
|
|
||||||
|
|
||||||
p = k;
|
|
||||||
for (i = 0; i < KEY_SIZE; i++)
|
for (i = 0; i < KEY_SIZE; i++)
|
||||||
if (*p)
|
if (k[i])
|
||||||
break;
|
break;
|
||||||
if (p == k + KEY_SIZE) /* It's ZERO. Released key. */
|
if (i == KEY_SIZE) /* It's ZERO. Released key. */
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
p = k;
|
|
||||||
for (i = 0; i < KEY_SIZE; i++)
|
for (i = 0; i < KEY_SIZE; i++)
|
||||||
if (*p != 0xff)
|
if (k[i] != 0xff)
|
||||||
break;
|
break;
|
||||||
if (p == k + KEY_SIZE) /* It's FULL. Unused key. */
|
if (i == KEY_SIZE) /* It's FULL. Unused key. */
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
@@ -127,7 +124,7 @@ flash_init (void)
|
|||||||
uint8_t *k;
|
uint8_t *k;
|
||||||
|
|
||||||
kd[i].key_addr = NULL;
|
kd[i].key_addr = NULL;
|
||||||
for (k = p; k < k + FLASH_PAGE_SIZE; k += KEY_SIZE)
|
for (k = p; k < p + FLASH_PAGE_SIZE; k += KEY_SIZE)
|
||||||
if (key_available_at (k))
|
if (key_available_at (k))
|
||||||
{
|
{
|
||||||
kd[i].key_addr = k;
|
kd[i].key_addr = k;
|
||||||
|
|||||||
@@ -257,7 +257,7 @@ extern int ecdsa_sign_p256k1 (const uint8_t *hash, uint8_t *output,
|
|||||||
extern uint8_t *ecdsa_compute_public_p256k1 (const uint8_t *key_data);
|
extern uint8_t *ecdsa_compute_public_p256k1 (const uint8_t *key_data);
|
||||||
|
|
||||||
extern int eddsa_sign_25519 (const uint8_t *input, size_t ilen,
|
extern int eddsa_sign_25519 (const uint8_t *input, size_t ilen,
|
||||||
uint8_t *output,
|
uint32_t *output,
|
||||||
const uint8_t *sk_a, const uint8_t *seed,
|
const uint8_t *sk_a, const uint8_t *seed,
|
||||||
const uint8_t *pk);
|
const uint8_t *pk);
|
||||||
extern uint8_t *eddsa_compute_public_25519 (const uint8_t *a);
|
extern uint8_t *eddsa_compute_public_25519 (const uint8_t *a);
|
||||||
|
|||||||
@@ -809,7 +809,7 @@ cmd_get_data (void)
|
|||||||
#define ECDSA_SIGNATURE_LENGTH 64
|
#define ECDSA_SIGNATURE_LENGTH 64
|
||||||
|
|
||||||
#define EDDSA_HASH_LEN_MAX 256
|
#define EDDSA_HASH_LEN_MAX 256
|
||||||
#define EDDSA_SIGNATURE_LENGTH 32
|
#define EDDSA_SIGNATURE_LENGTH 64
|
||||||
|
|
||||||
static void
|
static void
|
||||||
cmd_pso (void)
|
cmd_pso (void)
|
||||||
@@ -1020,6 +1020,8 @@ cmd_internal_authenticate (void)
|
|||||||
|
|
||||||
if (P1 (apdu) == 0x00 && P2 (apdu) == 0x00)
|
if (P1 (apdu) == 0x00 && P2 (apdu) == 0x00)
|
||||||
{
|
{
|
||||||
|
uint32_t output[64/4]; /* Require 4-byte alignment. */
|
||||||
|
|
||||||
DEBUG_SHORT (len);
|
DEBUG_SHORT (len);
|
||||||
|
|
||||||
if (!ac_check_status (AC_OTHER_AUTHORIZED))
|
if (!ac_check_status (AC_OTHER_AUTHORIZED))
|
||||||
@@ -1037,10 +1039,11 @@ cmd_internal_authenticate (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
res_APDU_size = EDDSA_SIGNATURE_LENGTH;
|
res_APDU_size = EDDSA_SIGNATURE_LENGTH;
|
||||||
r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, res_APDU,
|
r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, output,
|
||||||
kd[GPG_KEY_FOR_AUTHENTICATION].data,
|
kd[GPG_KEY_FOR_AUTHENTICATION].data,
|
||||||
kd[GPG_KEY_FOR_AUTHENTICATION].data+32,
|
kd[GPG_KEY_FOR_AUTHENTICATION].data+32,
|
||||||
kd[GPG_KEY_FOR_AUTHENTICATION].key_addr + KEY_CONTENT_LEN);
|
kd[GPG_KEY_FOR_AUTHENTICATION].key_addr + KEY_CONTENT_LEN);
|
||||||
|
memcpy (res_APDU, output, EDDSA_SIGNATURE_LENGTH);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
GPG_ERROR ();
|
GPG_ERROR ();
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user