cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add ecp_check_prvkey, with test

Browse Source 
Also group key checking and generation functions in ecp.h and ecp.c.
This commit is contained in:
Manuel Pégourié-Gonnard 2013-07-01 14:06:13 +02:00
parent b8c6e0e3e9
commit c8dc295e83
4 changed files with 126 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
include/polarssl/ecp.h
View File

@ -228,25 +228,6 @@ int ecp_is_zero( ecp_point *pt );
*/
int ecp_copy( ecp_point *P, const ecp_point *Q );
/**
* \brief Check that a point is a valid public key on this curve
*
* \param grp Curve/group the point should belong to
* \param pt Point to check
*
* \return 0 if point is a valid public key,
* POLARSSL_ERR_ECP_GENERIC otherwise.
*
* \note This function only checks the point is non-zero, has valid
* coordinates and lies on the curve, but not that it is
* indeed a multiple of G. This is additional check is more
* expensive, isn't required by standards, and shouldn't be
* necessary if the group used has a small cofactor. In
* particular, it is useless for the NIST groups which all
* have a cofactor of 1.
*/
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
/**
* \brief Import a non-zero point from two ASCII strings
*
@ -437,6 +418,44 @@ int ecp_sub( const ecp_group *grp, ecp_point *R,
int ecp_mul( const ecp_group *grp, ecp_point *R,
const mpi *m, const ecp_point *P );
/**
* \brief Check that a point is a valid public key on this curve
*
* \param grp Curve/group the point should belong to
* \param pt Point to check
*
* \return 0 if point is a valid public key,
* POLARSSL_ERR_ECP_GENERIC otherwise.
*
* \note This function only checks the point is non-zero, has valid
* coordinates and lies on the curve, but not that it is
* indeed a multiple of G. This is additional check is more
* expensive, isn't required by standards, and shouldn't be
* necessary if the group used has a small cofactor. In
* particular, it is useless for the NIST groups which all
* have a cofactor of 1.
*
* \note Uses bare components rather than an ecp_keypair structure
* in order to ease use with other structures such as
* ecdh_context of ecdsa_context.
*/
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
/**
* \brief Check that an mpi is a valid private key for this curve
*
* \param grp Group used
* \param d Integer to check
*
* \return 0 if point is a valid private key,
* POLARSSL_ERR_ECP_GENERIC otherwise.
*
* \note Uses bare components rather than an ecp_keypair structure
* in order to ease use with other structures such as
* ecdh_context of ecdsa_context.
*/
int ecp_check_prvkey( const ecp_group *grp, const mpi *d );
/**
* \brief Generate a keypair
*
@ -448,6 +467,10 @@ int ecp_mul( const ecp_group *grp, ecp_point *R,
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
*
* \note Uses bare components rather than an ecp_keypair structure
* in order to ease use with other structures such as
* ecdh_context of ecdsa_context.
*/
int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),

102
library/ecp.c
View File

@ -727,51 +727,6 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
while( mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
MPI_CHK( mpi_sub_mpi( &N, &N, &grp->P ) )
/*
* Check that a point is valid as a public key (SEC1 3.2.3.1)
*/
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
{
int ret;
mpi YY, RHS;
if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
return( POLARSSL_ERR_ECP_GENERIC );
/*
* pt coordinates must be normalized for our checks
*/
if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
return( POLARSSL_ERR_ECP_GENERIC );
if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
mpi_cmp_int( &pt->Y, 0 ) < 0 ||
mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
return( POLARSSL_ERR_ECP_GENERIC );
mpi_init( &YY ); mpi_init( &RHS );
/*
* YY = Y^2
* RHS = X (X^2 - 3) + B = X^3 - 3X + B
*/
MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
ret = POLARSSL_ERR_ECP_GENERIC;
cleanup:
mpi_free( &YY ); mpi_free( &RHS );
return( ret );
}
/*
* Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1)
*/
@ -1305,6 +1260,63 @@ cleanup:
return( ret );
}
/*
* Check that a point is valid as a public key (SEC1 3.2.3.1)
*/
int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
{
int ret;
mpi YY, RHS;
if( mpi_cmp_int( &pt->Z, 0 ) == 0 )
return( POLARSSL_ERR_ECP_GENERIC );
/*
* pt coordinates must be normalized for our checks
*/
if( mpi_cmp_int( &pt->Z, 1 ) != 0 )
return( POLARSSL_ERR_ECP_GENERIC );
if( mpi_cmp_int( &pt->X, 0 ) < 0 ||
mpi_cmp_int( &pt->Y, 0 ) < 0 ||
mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
return( POLARSSL_ERR_ECP_GENERIC );
mpi_init( &YY ); mpi_init( &RHS );
/*
* YY = Y^2
* RHS = X (X^2 - 3) + B = X^3 - 3X + B
*/
MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );
if( mpi_cmp_mpi( &YY, &RHS ) != 0 )
ret = POLARSSL_ERR_ECP_GENERIC;
cleanup:
mpi_free( &YY ); mpi_free( &RHS );
return( ret );
}
/*
* Check that an mpi is valid as a private key (SEC1 3.2)
*/
int ecp_check_prvkey( const ecp_group *grp, const mpi *d )
{
/* We want 1 <= d <= N-1 */
if ( mpi_cmp_int( d, 1 ) < 0 || mpi_cmp_mpi( d, &grp->N ) >= 0 )
return( POLARSSL_ERR_ECP_GENERIC );
return( 0 );
}
/*
* Generate a keypair (SEC1 3.2.1)
*/

3
tests/suites/test_suite_ecp.data
View File

@ -245,6 +245,9 @@ ECP tls write-read group #2
depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_group:SECP521R1
ECP check prvkey
ecp_check_prvkey:SECP192R1
ECP gen keypair
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_keypair:SECP192R1

26
tests/suites/test_suite_ecp.function
View File

@ -437,6 +437,28 @@ ecp_tls_write_read_group:id
}
END_CASE
BEGIN_CASE
ecp_check_prvkey:id
{
ecp_group grp;
mpi d;
ecp_group_init( &grp );
mpi_init( &d );
TEST_ASSERT( ecp_use_known_dp( &grp, POLARSSL_ECP_DP_{id} ) == 0 );
TEST_ASSERT( mpi_lset( &d, 0 ) == 0 );
TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == POLARSSL_ERR_ECP_GENERIC );
TEST_ASSERT( mpi_copy( &d, &grp.N ) == 0 );
TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == POLARSSL_ERR_ECP_GENERIC );
ecp_group_free( &grp );
mpi_free( &d );
}
END_CASE
BEGIN_CASE
ecp_gen_keypair:id
{
@ -455,8 +477,8 @@ ecp_gen_keypair:id
TEST_ASSERT( ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
== 0 );
TEST_ASSERT( mpi_cmp_mpi( &d, &grp.N ) < 0 );
TEST_ASSERT( mpi_cmp_int( &d, 1 ) >= 0 );
TEST_ASSERT( ecp_check_pubkey( &grp, &Q ) == 0 );
TEST_ASSERT( ecp_check_prvkey( &grp, &d ) == 0 );
ecp_group_free( &grp );
ecp_point_free( &Q );