Merge ecdsa_write_signature{,_det}() together
diff --git a/ChangeLog b/ChangeLog
index 4b6d21f..8453794 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
+ * ecdsa_write_signature() gained an addtional md_alg argument and
+ ecdsa_write_signature_det() was deprecated.
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index b0a5483..e516ff6 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -133,7 +133,11 @@
* serialized as defined in RFC 4492 page 20.
* (Not thread-safe to use same context in multiple threads)
*
+ * \note The deterministice version (RFC 6979) is used if
+ * POLARSSL_ECDSA_DETERMINISTIC is defined.
+ *
* \param ctx ECDSA context
+ * \param md_alg Algorithm that was used to hash the message
* \param hash Message hash
* \param hlen Length of hash
* \param sig Buffer that will hold the signature
@@ -149,19 +153,27 @@
* or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
* POLARSSL_ERR_ASN1 error code
*/
-int ecdsa_write_signature( ecdsa_context *ctx,
+int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
+#if defined(POLARSSL_DEPRECATED_WARNING)
+#define DEPRECATED __attribute__((deprecated))
+#else
+#define DEPRECATED
+#endif
/**
* \brief Compute ECDSA signature and write it to buffer,
* serialized as defined in RFC 4492 page 20.
* Deterministic version, RFC 6979.
* (Not thread-safe to use same context in multiple threads)
*
+ * \deprecated Superseded by ecdsa_write_signature() in 2.0.0
+ *
* \param ctx ECDSA context
* \param hash Message hash
* \param hlen Length of hash
@@ -180,7 +192,9 @@
int ecdsa_write_signature_det( ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
- md_type_t md_alg );
+ md_type_t md_alg ) DEPRECATED;
+#undef DEPRECATED
+#endif /* POLARSSL_DEPRECATED_REMOVED */
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
/**
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 006413c..f1a48ff 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -308,7 +308,7 @@
/*
* Compute and write signature
*/
-int ecdsa_write_signature( ecdsa_context *ctx,
+int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -316,35 +316,34 @@
{
int ret;
- if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
- hash, hlen, f_rng, p_rng ) ) != 0 )
- {
+#if defined(POLARSSL_ECDSA_DETERMINISTIC)
+ (void) f_rng;
+ (void) p_rng;
+
+ ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
+ hash, hlen, md_alg );
+#else
+ (void) md_alg;
+
+ ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
+ hash, hlen, f_rng, p_rng );
+#endif
+ if( ret != 0 )
return( ret );
- }
return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
}
-#if defined(POLARSSL_ECDSA_DETERMINISTIC)
-/*
- * Compute and write signature deterministically
- */
+#if ! defined(POLARSSL_DEPRECATED_REMOVED)
int ecdsa_write_signature_det( ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
md_type_t md_alg )
{
- int ret;
-
- if( ( ret = ecdsa_sign_det( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
- hash, hlen, md_alg ) ) != 0 )
- {
- return( ret );
- }
-
- return( ecdsa_signature_to_asn1( ctx, sig, slen ) );
+ return( ecdsa_write_signature( ctx, md_ald, hash, hlen, sig, siglen,
+ NULL, NULL ) );
}
-#endif /* POLARSSL_ECDSA_DETERMINISTIC */
+#endif
/*
* Read and check signature
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 66afa7c..d6dea12 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -341,19 +341,8 @@
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- /* Use deterministic ECDSA by default if available */
-#if defined(POLARSSL_ECDSA_DETERMINISTIC)
- ((void) f_rng);
- ((void) p_rng);
-
- return( ecdsa_write_signature_det( (ecdsa_context *) ctx,
- hash, hash_len, sig, sig_len, md_alg ) );
-#else
- ((void) md_alg);
-
return( ecdsa_write_signature( (ecdsa_context *) ctx,
- hash, hash_len, sig, sig_len, f_rng, p_rng ) );
-#endif /* POLARSSL_ECDSA_DETERMINISTIC */
+ md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
}
static void *ecdsa_alloc_wrap( void )
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index b03549b..dbc9090 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -250,26 +250,3 @@
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
ecdsa_det_test_vectors:POLARSSL_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":POLARSSL_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
-ECDSA deterministic read-write random p256 sha256
-depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C
-ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA256
-
-ECDSA deterministic read-write random p256 sha384
-depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA512_C
-ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP256R1:POLARSSL_MD_SHA384
-
-ECDSA deterministic read-write random p384 sha256
-depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA256_C
-ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA256
-
-ECDSA deterministic read-write random p384 sha384
-depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA512_C
-ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP384R1:POLARSSL_MD_SHA384
-
-ECDSA deterministic read-write random p521 sha256
-depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA256_C
-ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA256
-
-ECDSA deterministic read-write random p521 sha384
-depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_SHA512_C
-ecdsa_write_read_det_random:POLARSSL_ECP_DP_SECP521R1:POLARSSL_MD_SHA384
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 864fade..7d5e6df 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -132,12 +132,12 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_SHA256_C */
void ecdsa_write_read_random( int id )
{
ecdsa_context ctx;
rnd_pseudo_info rnd_info;
- unsigned char hash[66];
+ unsigned char hash[32];
unsigned char sig[200];
size_t sig_len, i;
@@ -153,7 +153,8 @@
TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
/* generate and write signature, then read and verify it */
- TEST_ASSERT( ecdsa_write_signature( &ctx, hash, sizeof( hash ),
+ TEST_ASSERT( ecdsa_write_signature( &ctx, POLARSSL_MD_SHA256,
+ hash, sizeof( hash ),
sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
@@ -191,35 +192,3 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:POLARSSL_ECDSA_DETERMINISTIC */
-void ecdsa_write_read_det_random( int id, int md_alg )
-{
- ecdsa_context ctx;
- rnd_pseudo_info rnd_info;
- unsigned char msg[100];
- unsigned char hash[POLARSSL_MD_MAX_SIZE];
- unsigned char sig[200];
- size_t sig_len;
-
- ecdsa_init( &ctx );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
- memset( hash, 0, sizeof( hash ) );
- memset( sig, 0x2a, sizeof( sig ) );
-
- /* prepare material for signature */
- TEST_ASSERT( rnd_pseudo_rand( &rnd_info, msg, sizeof( msg ) ) == 0 );
- md( md_info_from_type( md_alg ), msg, sizeof( msg ), hash );
-
- /* generate signing key */
- TEST_ASSERT( ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
-
- /* generate and write signature, then read and verify it */
- TEST_ASSERT( ecdsa_write_signature_det( &ctx, hash, sizeof( hash ),
- sig, &sig_len, md_alg ) == 0 );
- TEST_ASSERT( ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) == 0 );
-
-exit:
- ecdsa_free( &ctx );
-}
-/* END_CASE */
