sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-21 09:57:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Add support for ECDSA signatures

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2025-12-18 23:33:24 +00:00
parent 948677fe5e
commit 4e3cbeef83
5 changed files with 1223 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

928
src/crypto/ecdsa.c Normal file
View File

@@ -0,0 +1,928 @@
/*
* Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*
* You can also choose to distribute this program under the terms of
* the Unmodified Binary Distribution Licence (as given in the file
* COPYING.UBDL), provided that you have satisfied its requirements.
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
/** @file
*
* Elliptic curve digital signature algorithm (ECDSA)
*
* The elliptic curve public key format is documented in RFC 5480.
* The original private key format is documented in RFC 5915, and the
* generic container PKCS#8 format documented in RFC 5208.
*
*/
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/bigint.h>
#include <ipxe/hmac_drbg.h>
#include <ipxe/ecdsa.h>
/* Disambiguate the various error causes */
#define EINVAL_POINTSIZE \
__einfo_error ( EINFO_EINVAL_POINTSIZE )
#define EINFO_EINVAL_POINTSIZE \
__einfo_uniqify ( EINFO_EINVAL, 0x01, "Invalid point size" )
#define EINVAL_KEYSIZE \
__einfo_error ( EINFO_EINVAL_KEYSIZE )
#define EINFO_EINVAL_KEYSIZE \
__einfo_uniqify ( EINFO_EINVAL, 0x02, "Invalid key size" )
#define EINVAL_COMPRESSION \
__einfo_error ( EINFO_EINVAL_COMPRESSION )
#define EINFO_EINVAL_COMPRESSION \
__einfo_uniqify ( EINFO_EINVAL, 0x03, "Invalid compression")
#define EINVAL_INFINITY \
__einfo_error ( EINFO_EINVAL_INFINITY )
#define EINFO_EINVAL_INFINITY \
__einfo_uniqify ( EINFO_EINVAL, 0x04, "Point is infinity" )
#define EINVAL_SIGNATURE \
__einfo_error ( EINFO_EINVAL_SIGNATURE )
#define EINFO_EINVAL_SIGNATURE \
__einfo_uniqify ( EINFO_EINVAL, 0x05, "Invalid signature" )
/** An ECDSA key */
struct ecdsa_key {
/** Elliptic curve */
struct elliptic_curve *curve;
/** Public curve point */
const void *public;
/** Private multiple of base curve point (if applicable) */
const void *private;
};
/** ECDSA context */
struct ecdsa_context {
/** Key */
struct ecdsa_key key;
/** Big integer size */
unsigned int size;
/** Digest algorithm */
struct digest_algorithm *digest;
/** Digest length */
size_t zlen;
/** Dynamically allocated storage */
void *dynamic;
/** Element 0 of modulus N (i.e. curve group order */
bigint_element_t *modulus0;
/** Element 0 of constant N-2 (for Fermat's little theorem) */
bigint_element_t *fermat0;
/** Element 0 of Montgomery constant R^2 mod N */
bigint_element_t *square0;
/** Element 0 of constant 1 (in Montgomery form) */
bigint_element_t *one0;
/** Element 0 of digest value "z" */
bigint_element_t *z0;
/** Element 0 of random key "k" */
bigint_element_t *k0;
/** Element 0 of signature value "r" */
bigint_element_t *r0;
/** Element 0 of signature value "s" */
bigint_element_t *s0;
/** Element 0 of temporary value */
bigint_element_t *temp0;
/** Element 0 of product buffer */
bigint_element_t *product0;
/** Curve point 1 */
void *point1;
/** Curve point 2 */
void *point2;
/** Scalar value */
void *scalar;
/** HMAC_DRBG state for random value generation */
struct hmac_drbg_state *drbg;
};
/**
* Parse ECDSA key
*
* @v key ECDSA key
* @v raw ASN.1 cursor
* @ret rc Return status code
*/
static int ecdsa_parse_key ( struct ecdsa_key *key,
const struct asn1_cursor *raw ) {
struct asn1_algorithm *algorithm;
struct asn1_cursor cursor;
struct asn1_cursor curve;
struct asn1_cursor private;
const uint8_t *compression;
int is_private;
int rc;
/* Enter subjectPublicKeyInfo/ECPrivateKey */
memcpy ( &cursor, raw, sizeof ( cursor ) );
asn1_enter ( &cursor, ASN1_SEQUENCE );
asn1_invalidate_cursor ( &curve );
asn1_invalidate_cursor ( &private );
/* Determine key format */
if ( asn1_type ( &cursor ) == ASN1_INTEGER ) {
/* Private key */
is_private = 1;
/* Skip version */
asn1_skip_any ( &cursor );
/* Parse privateKeyAlgorithm, if present */
if ( asn1_type ( &cursor ) == ASN1_SEQUENCE ) {
/* PKCS#8 format */
DBGC ( key, "ECDSA %p is in PKCS#8 format\n", key );
/* Parse privateKeyAlgorithm */
memcpy ( &curve, &cursor, sizeof ( curve ) );
asn1_skip_any ( &cursor );
/* Enter privateKey */
asn1_enter ( &cursor, ASN1_OCTET_STRING );
/* Enter ECPrivateKey */
asn1_enter ( &cursor, ASN1_SEQUENCE );
/* Skip version */
asn1_skip ( &cursor, ASN1_INTEGER );
}
/* Parse privateKey */
memcpy ( &private, &cursor, sizeof ( private ) );
asn1_enter ( &private, ASN1_OCTET_STRING );
asn1_skip_any ( &cursor );
/* Parse parameters, if present */
if ( asn1_type ( &cursor ) == ASN1_EXPLICIT_TAG ( 0 ) ) {
memcpy ( &curve, &cursor, sizeof ( curve ) );
asn1_enter_any ( &curve );
asn1_skip_any ( &cursor );
}
/* Enter publicKey */
asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 1 ) );
} else {
/* Public key */
is_private = 0;
/* Parse algorithm */
memcpy ( &curve, &cursor, sizeof ( curve ) );
asn1_skip_any ( &cursor );
}
/* Enter publicKey */
asn1_enter_bits ( &cursor, NULL );
/* Identify curve */
if ( ( rc = asn1_curve_algorithm ( &curve, &algorithm ) ) != 0 ) {
DBGC ( key, "ECDSA %p unknown curve: %s\n",
key, strerror ( rc ) );
DBGC_HDA ( key, 0, raw->data, raw->len );
return rc;
}
key->curve = algorithm->curve;
DBGC ( key, "ECDSA %p is a %s (%s) %s key\n", key, algorithm->name,
key->curve->name, ( is_private ? "private" : "public" ) );
/* Check public key length */
if ( cursor.len != ( sizeof ( *compression ) +
key->curve->pointsize ) ) {
DBGC ( key, "ECDSA %p invalid public key length %zd\n",
key, cursor.len );
DBGC_HDA ( key, 0, raw->data, raw->len );
return -EINVAL_POINTSIZE;
}
/* Check that key is uncompressed */
compression = cursor.data;
if ( *compression != ECDSA_UNCOMPRESSED ) {
DBGC ( key, "ECDSA %p invalid compression %#02x\n",
key, *compression );
DBGC_HDA ( key, 0, raw->data, raw->len );
return -EINVAL_COMPRESSION;
}
/* Extract public curve point */
key->public = ( cursor.data + sizeof ( *compression ) );
DBGC ( key, "ECDSA %p public curve point:\n", key );
DBGC_HDA ( key, 0, key->public, key->curve->pointsize );
/* Check that public key is not the point at infinity */
if ( elliptic_is_infinity ( key->curve, key->public ) ) {
DBGC ( key, "ECDSA %p public curve point is infinity\n", key );
return -EINVAL_INFINITY;
}
/* Extract private key, if applicable */
if ( is_private ) {
/* Check private key length */
if ( private.len != key->curve->keysize ) {
DBGC ( key, "ECDSA %p invalid private key length "
"%zd\n", key, private.len );
DBGC_HDA ( key, 0, raw->data, raw->len );
return -EINVAL_KEYSIZE;
}
/* Extract private key */
key->private = private.data;
DBGC ( key, "ECDSA %p private multiplier:\n", key );
DBGC_HDA ( key, 0, key->private, key->curve->keysize );
} else {
/* No private key */
key->private = NULL;
}
return 0;
}
/**
* Parse ECDSA signature value
*
* @v ctx ECDSA context
* @v rs0 Element 0 of signature "r" or "s" value
* @v raw ASN.1 cursor
* @ret rc Return status code
*/
static int ecdsa_parse_signature ( struct ecdsa_context *ctx,
bigint_element_t *rs0,
const struct asn1_cursor *raw ) {
size_t keysize = ctx->key.curve->keysize;
unsigned int size = ctx->size;
bigint_t ( size ) __attribute__ (( may_alias )) *modulus =
( ( void * ) ctx->modulus0 );
bigint_t ( size ) __attribute__ (( may_alias )) *rs =
( ( void * ) rs0 );
struct asn1_cursor cursor;
int rc;
/* Enter integer */
memcpy ( &cursor, raw, sizeof ( cursor ) );
if ( ( rc = asn1_enter_unsigned ( &cursor ) ) != 0 ) {
DBGC ( ctx, "ECDSA %p invalid integer:\n", ctx );
DBGC_HDA ( ctx, 0, raw->data, raw->len );
return rc;
}
/* Extract value */
if ( cursor.len > keysize ) {
DBGC ( ctx, "ECDSA %p invalid signature value:\n", ctx );
DBGC_HDA ( ctx, 0, raw->data, raw->len );
return -EINVAL_KEYSIZE;
}
bigint_init ( rs, cursor.data, cursor.len );
/* Check that value is within the required range */
if ( bigint_is_zero ( rs ) || bigint_is_geq ( rs, modulus ) ) {
DBGC ( ctx, "ECDSA %p out-of-range signature value:\n", ctx );
DBGC_HDA ( ctx, 0, raw->data, raw->len );
return -ERANGE;
}
return 0;
}
/**
* Prepend ECDSA signature value
*
* @v ctx ECDSA context
* @v rs0 Element 0 of signature "r" or "s" value
* @v builder ASN.1 builder
* @ret rc Return status code
*/
static int ecdsa_prepend_signature ( struct ecdsa_context *ctx,
bigint_element_t *rs0,
struct asn1_builder *builder ) {
size_t keysize = ctx->key.curve->keysize;
unsigned int size = ctx->size;
bigint_t ( size ) __attribute__ (( may_alias )) *rs =
( ( void * ) rs0 );
uint8_t buf[ 1 /* potential sign byte */ + keysize ];
uint8_t *data;
size_t len;
int rc;
/* Construct value */
buf[0] = 0;
bigint_done ( rs, &buf[1], keysize );
/* Strip leading zeros */
data = buf;
len = sizeof ( buf );
while ( ( len > 1 ) && ( data[0] == 0 ) && ( data[1] < 0x80 ) ) {
data++;
len--;
}
/* Prepend integer */
if ( ( rc = asn1_prepend ( builder, ASN1_INTEGER, data, len ) ) != 0 )
return rc;
return 0;
}
/**
* Allocate ECDSA context dynamic storage
*
* @v ctx ECDSA context
* @ret rc Return status code
*/
static int ecdsa_alloc ( struct ecdsa_context *ctx ) {
struct elliptic_curve *curve = ctx->key.curve;
size_t pointsize = curve->pointsize;
size_t keysize = curve->keysize;
unsigned int size =
bigint_required_size ( keysize + 1 /* for addition */ );
struct {
bigint_t ( size ) modulus;
bigint_t ( size ) fermat;
bigint_t ( size ) square;
bigint_t ( size ) one;
bigint_t ( size ) z;
bigint_t ( size ) k;
bigint_t ( size ) r;
bigint_t ( size ) s;
bigint_t ( size ) temp;
bigint_t ( size * 2 ) product;
uint8_t point1[pointsize];
uint8_t point2[pointsize];
uint8_t scalar[keysize];
struct hmac_drbg_state drbg;
} *dynamic;
/* Allocate dynamic storage */
dynamic = malloc ( sizeof ( *dynamic ) );
if ( ! dynamic )
return -ENOMEM;
/* Populate context */
ctx->size = size;
ctx->dynamic = dynamic;
ctx->modulus0 = dynamic->modulus.element;
ctx->fermat0 = dynamic->fermat.element;
ctx->square0 = dynamic->square.element;
ctx->one0 = dynamic->one.element;
ctx->z0 = dynamic->z.element;
ctx->k0 = dynamic->k.element;
ctx->r0 = dynamic->r.element;
ctx->s0 = dynamic->s.element;
ctx->temp0 = dynamic->temp.element;
ctx->product0 = dynamic->product.element;
ctx->point1 = dynamic->point1;
ctx->point2 = dynamic->point2;
ctx->scalar = dynamic->scalar;
ctx->drbg = &dynamic->drbg;
return 0;
}
/**
* Free ECDSA context dynamic storage
*
* @v ctx ECDSA context
*/
static void ecdsa_free ( struct ecdsa_context *ctx ) {
/* Free dynamic storage */
free ( ctx->dynamic );
}
/**
* Initialise ECDSA values
*
* @v ctx ECDSA context
* @v digest Digest algorithm
* @v value Digest value
*/
static void ecdsa_init_values ( struct ecdsa_context *ctx,
struct digest_algorithm *digest,
const void *value ) {
struct elliptic_curve *curve = ctx->key.curve;
unsigned int size = ctx->size;
bigint_t ( size ) __attribute__ (( may_alias )) *modulus =
( ( void * ) ctx->modulus0 );
bigint_t ( size ) __attribute__ (( may_alias )) *fermat =
( ( void * ) ctx->fermat0 );
bigint_t ( size ) __attribute__ (( may_alias )) *square =
( ( void * ) ctx->square0 );
bigint_t ( size ) __attribute__ (( may_alias )) *one =
( ( void * ) ctx->one0 );
bigint_t ( size ) __attribute__ (( may_alias )) *z =
( ( void * ) ctx->z0 );
bigint_t ( size * 2 ) __attribute__ (( may_alias )) *product =
( ( void * ) ctx->product0 );
static const uint8_t two_raw[] = { 2 };
size_t zlen;
/* Initialise modulus N */
bigint_init ( modulus, curve->order, curve->keysize );
DBGC2 ( ctx, "ECDSA %p N = %s\n", ctx, bigint_ntoa ( modulus ) );
/* Calculate N-2 (using Montgomery constant as temporary buffer) */
bigint_copy ( modulus, fermat );
bigint_init ( square, two_raw, sizeof ( two_raw ) );
bigint_subtract ( square, fermat );
/* Calculate Montgomery constant */
bigint_reduce ( modulus, square );
DBGC2 ( ctx, "ECDSA %p R^2 = %s mod N\n",
ctx, bigint_ntoa ( square ) );
/* Construct one in Montgomery form */
bigint_grow ( square, product );
bigint_montgomery ( modulus, product, one );
DBGC2 ( ctx, "ECDSA %p R = %s mod N\n",
ctx, bigint_ntoa ( one ) );
/* Initialise digest */
ctx->digest = digest;
zlen = ctx->key.curve->keysize;
if ( zlen > digest->digestsize )
zlen = digest->digestsize;
ctx->zlen = zlen;
bigint_init ( z, value, zlen );
DBGC2 ( ctx, "ECDSA %p z = %s (%s)\n",
ctx, bigint_ntoa ( z ), digest->name );
}
/**
* Initialise ECDSA context
*
* @v ctx ECDSA context
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @ret rc Return status code
*/
static int ecdsa_init ( struct ecdsa_context *ctx,
const struct asn1_cursor *key,
struct digest_algorithm *digest,
const void *value ) {
int rc;
/* Parse key */
if ( ( rc = ecdsa_parse_key ( &ctx->key, key ) ) != 0 )
goto err_parse;
/* Allocate dynamic storage */
if ( ( rc = ecdsa_alloc ( ctx ) ) != 0 )
goto err_alloc;
/* Initialise values */
ecdsa_init_values ( ctx, digest, value );
return 0;
ecdsa_free ( ctx );
err_alloc:
err_parse:
return rc;
}
/**
* Invert ECDSA value
*
* @v ctx ECDSA context
* @v val0 Element 0 of value to invert
*/
static void ecdsa_invert ( struct ecdsa_context *ctx,
bigint_element_t *val0 ) {
unsigned int size = ctx->size;
bigint_t ( size ) __attribute__ (( may_alias )) *modulus =
( ( void * ) ctx->modulus0 );
bigint_t ( size ) __attribute__ (( may_alias )) *fermat =
( ( void * ) ctx->fermat0 );
bigint_t ( size ) __attribute__ (( may_alias )) *square =
( ( void * ) ctx->square0 );
bigint_t ( size ) __attribute__ (( may_alias )) *one =
( ( void * ) ctx->one0 );
bigint_t ( size ) __attribute__ (( may_alias )) *temp =
( ( void * ) ctx->temp0 );
bigint_t ( size * 2 ) __attribute__ (( may_alias )) *product =
( ( void * ) ctx->product0 );
bigint_t ( size ) __attribute__ (( may_alias )) *val =
( ( void * ) val0 );
/* Convert value to Montgomery form */
bigint_multiply ( val, square, product );
bigint_montgomery ( modulus, product, temp );
/* Invert value via Fermat's little theorem */
bigint_copy ( one, val );
bigint_ladder ( val, temp, fermat, bigint_mod_exp_ladder, modulus,
product );
}
/**
* Generate ECDSA "r" and "s" values
*
* @v ctx ECDSA context
* @v sig Signature
* @ret rc Return status code
*/
static int ecdsa_sign_rs ( struct ecdsa_context *ctx ) {
struct digest_algorithm *digest = ctx->digest;
struct elliptic_curve *curve = ctx->key.curve;
size_t pointsize = curve->pointsize;
size_t keysize = curve->keysize;
unsigned int size = ctx->size;
bigint_t ( size ) __attribute__ (( may_alias )) *modulus =
( ( void * ) ctx->modulus0 );
bigint_t ( size ) __attribute__ (( may_alias )) *square =
( ( void * ) ctx->square0 );
bigint_t ( size ) __attribute__ (( may_alias )) *one =
( ( void * ) ctx->one0 );
bigint_t ( size ) __attribute__ (( may_alias )) *z =
( ( void * ) ctx->z0 );
bigint_t ( size ) __attribute__ (( may_alias )) *k =
( ( void * ) ctx->k0 );
bigint_t ( size ) __attribute__ (( may_alias )) *r =
( ( void * ) ctx->r0 );
bigint_t ( size ) __attribute__ (( may_alias )) *s =
( ( void * ) ctx->s0 );
bigint_t ( size ) __attribute__ (( may_alias )) *temp =
( ( void * ) ctx->temp0 );
bigint_t ( size * 2 ) __attribute__ (( may_alias )) *product =
( ( void * ) ctx->product0 );
bigint_t ( size ) __attribute__ (( may_alias )) *x1 =
( ( void * ) temp );
void *point1 = ctx->point1;
void *scalar = ctx->scalar;
int rc;
/* Loop until a suitable signature is generated */
while ( 1 ) {
/* Generate pseudo-random data */
if ( ( rc = hmac_drbg_generate ( digest, ctx->drbg, NULL, 0,
scalar, keysize ) ) != 0 ) {
DBGC ( ctx, "ECDSA %p could not generate: %s\n",
ctx, strerror ( rc ) );
return rc;
}
/* Check suitability of pseudo-random data */
bigint_init ( k, scalar, keysize );
DBGC2 ( ctx, "ECDSA %p k = %s\n",
ctx, bigint_ntoa ( k ) );
if ( bigint_is_zero ( k ) )
continue;
if ( bigint_is_geq ( k, modulus ) )
continue;
/* Calculate (x1,y1) = k*G */
elliptic_multiply ( curve, curve->base, scalar, point1 );
bigint_init ( x1, point1, ( pointsize / 2 ) );
DBGC2 ( ctx, "ECDSA %p x1 = %s mod N\n",
ctx, bigint_ntoa ( x1 ) );
/* Calculate r = x1 mod N */
bigint_multiply ( x1, one, product );
bigint_montgomery ( modulus, product, r );
DBGC2 ( ctx, "ECDSA %p r = %s\n",
ctx, bigint_ntoa ( r ) );
/* Check suitability of r */
if ( bigint_is_zero ( r ) )
continue;
/* Calculate k^-1 mod N (in Montgomery form) */
ecdsa_invert ( ctx, k->element );
DBGC2 ( ctx, "ECDSA %p (k^-1)R = %s mod N\n",
ctx, bigint_ntoa ( k ) );
/* Calculate r * dA */
bigint_init ( temp, ctx->key.private, keysize );
DBGC2 ( ctx, "ECDSA %p dA = %s\n",
ctx, bigint_ntoa ( temp ) );
bigint_multiply ( r, temp, product );
bigint_montgomery ( modulus, product, temp );
bigint_multiply ( temp, square, product );
bigint_montgomery ( modulus, product, temp );
DBGC2 ( ctx, "ECDSA %p r*dA = %s mod N\n",
ctx, bigint_ntoa ( temp ) );
/* Calculate k^-1 * (z + r*dA) */
bigint_add ( z, temp );
DBGC2 ( ctx, "ECDSA %p z+r*dA = %s mod N\n",
ctx, bigint_ntoa ( temp ) );
bigint_multiply ( k, temp, product );
bigint_montgomery ( modulus, product, s );
DBGC2 ( ctx, "ECDSA %p s = %s\n",
ctx, bigint_ntoa ( s ) );
/* Check suitability of s */
if ( bigint_is_zero ( s ) )
continue;
return 0;
}
}
/**
* Verify ECDSA "r" and "s" values
*
* @v ctx ECDSA context
* @v sig Signature
* @ret rc Return status code
*/
static int ecdsa_verify_rs ( struct ecdsa_context *ctx ) {
struct elliptic_curve *curve = ctx->key.curve;
size_t pointsize = curve->pointsize;
size_t keysize = curve->keysize;
const void *public = ctx->key.public;
unsigned int size = ctx->size;
bigint_t ( size ) __attribute__ (( may_alias )) *modulus =
( ( void * ) ctx->modulus0 );
bigint_t ( size ) __attribute__ (( may_alias )) *one =
( ( void * ) ctx->one0 );
bigint_t ( size ) __attribute__ (( may_alias )) *z =
( ( void * ) ctx->z0 );
bigint_t ( size ) __attribute__ (( may_alias )) *r =
( ( void * ) ctx->r0 );
bigint_t ( size ) __attribute__ (( may_alias )) *s =
( ( void * ) ctx->s0 );
bigint_t ( size ) __attribute__ (( may_alias )) *temp =
( ( void * ) ctx->temp0 );
bigint_t ( size * 2 ) __attribute__ (( may_alias )) *product =
( ( void * ) ctx->product0 );
bigint_t ( size ) __attribute__ (( may_alias )) *u1 =
( ( void * ) temp );
bigint_t ( size ) __attribute__ (( may_alias )) *u2 =
( ( void * ) temp );
bigint_t ( size ) __attribute__ (( may_alias )) *x1 =
( ( void * ) temp );
void *point1 = ctx->point1;
void *point2 = ctx->point2;
void *scalar = ctx->scalar;
int valid;
int rc;
DBGC2 ( ctx, "ECDSA %p r = %s\n", ctx, bigint_ntoa ( r ) );
DBGC2 ( ctx, "ECDSA %p s = %s\n", ctx, bigint_ntoa ( s ) );
/* Calculate s^-1 mod N (in Montgomery form) */
ecdsa_invert ( ctx, s->element );
DBGC2 ( ctx, "ECDSA %p (s^-1)R = %s mod N\n", ctx, bigint_ntoa ( s ) );
/* Calculate u1 = (z * s^-1) mod N */
bigint_multiply ( z, s, product );
bigint_montgomery ( modulus, product, u1 );
DBGC2 ( ctx, "ECDSA %p u1 = %s mod N\n",
ctx, bigint_ntoa ( u1 ) );
bigint_done ( u1, scalar, keysize );
/* Calculate u1 * G */
if ( ( rc = elliptic_multiply ( curve, curve->base, scalar,
point1 ) ) != 0 ) {
DBGC ( ctx, "ECDSA %p could not calculate u1*G: %s\n",
ctx, strerror ( rc ) );
return rc;
}
/* Calculate u2 = (r * s^-1) mod N */
bigint_multiply ( r, s, product );
bigint_montgomery ( modulus, product, u2 );
bigint_done ( u2, scalar, keysize );
DBGC2 ( ctx, "ECDSA %p u2 = %s mod N\n",
ctx, bigint_ntoa ( u2 ) );
/* Calculate u2 * Qa */
if ( ( rc = elliptic_multiply ( curve, public, scalar,
point2 ) ) != 0 ) {
DBGC ( ctx, "ECDSA %p could not calculate u2*Qa: %s\n",
ctx, strerror ( rc ) );
return rc;
}
/* Calculate u1 * G + u2 * Qa */
if ( ( rc = elliptic_add ( curve, point1, point2, point1 ) ) != 0 ) {
DBGC ( ctx, "ECDSA %p could not calculate u1*G+u2*Qa: %s\n",
ctx, strerror ( rc ) );
return rc;
}
/* Check that result is not the point at infinity */
if ( elliptic_is_infinity ( curve, point1 ) ) {
DBGC ( ctx, "ECDSA %p result is point at infinity\n", ctx );
return -EINVAL;
}
/* Calculate x1 mod N */
bigint_init ( x1, point1, ( pointsize / 2 ) );
DBGC2 ( ctx, "ECDSA %p x1 = %s mod N\n", ctx, bigint_ntoa ( x1 ) );
bigint_multiply ( x1, one, product );
bigint_montgomery ( modulus, product, x1 );
DBGC2 ( ctx, "ECDSA %p x1 = %s\n", ctx, bigint_ntoa ( x1 ) );
/* Check signature */
bigint_subtract ( x1, r );
valid = bigint_is_zero ( r );
DBGC2 ( ctx, "ECDSA %p signature is%s valid\n",
ctx, ( valid ? "" : " not" ) );
return ( valid ? 0 : -EINVAL_SIGNATURE );
}
/**
* Encrypt using ECDSA
*
* @v key Key
* @v plaintext Plaintext
* @v ciphertext Ciphertext
* @ret rc Return status code
*/
static int ecdsa_encrypt ( const struct asn1_cursor *key __unused,
const struct asn1_cursor *plaintext __unused,
struct asn1_builder *ciphertext __unused ) {
/* Not a defined operation for ECDSA */
return -ENOTTY;
}
/**
* Decrypt using ECDSA
*
* @v key Key
* @v ciphertext Ciphertext
* @v plaintext Plaintext
* @ret rc Return status code
*/
static int ecdsa_decrypt ( const struct asn1_cursor *key __unused,
const struct asn1_cursor *ciphertext __unused,
struct asn1_builder *plaintext __unused ) {
/* Not a defined operation for ECDSA */
return -ENOTTY;
}
/**
* Sign digest value using ECDSA
*
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
* @ret rc Return status code
*/
static int ecdsa_sign ( const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
struct asn1_builder *signature ) {
struct ecdsa_context ctx;
int rc;
/* Initialise context */
if ( ( rc = ecdsa_init ( &ctx, key, digest, value ) ) != 0 )
goto err_init;
/* Fail unless we have a private key */
if ( ! ctx.key.private ) {
rc = -ENOTTY;
goto err_no_key;
}
/* Instantiate DRBG */
hmac_drbg_instantiate ( digest, ctx.drbg, ctx.key.private,
ctx.key.curve->keysize, value, ctx.zlen );
/* Create signature */
if ( ( rc = ecdsa_sign_rs ( &ctx ) ) != 0 )
goto err_signature;
/* Construct "r" and "s" values */
if ( ( rc = ecdsa_prepend_signature ( &ctx, ctx.s0, signature ) ) != 0)
goto err_s;
if ( ( rc = ecdsa_prepend_signature ( &ctx, ctx.r0, signature ) ) != 0)
goto err_r;
if ( ( rc = asn1_wrap ( signature, ASN1_SEQUENCE ) ) != 0 )
goto err_wrap;
/* Free context */
ecdsa_free ( &ctx );
return 0;
err_wrap:
err_r:
err_s:
err_signature:
err_no_key:
ecdsa_free ( &ctx );
err_init:
return rc;
}
/**
* Verify signed digest using ECDSA
*
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
* @ret rc Return status code
*/
static int ecdsa_verify ( const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
const struct asn1_cursor *signature ) {
struct ecdsa_context ctx;
struct asn1_cursor cursor;
int rc;
/* Initialise context */
if ( ( rc = ecdsa_init ( &ctx, key, digest, value ) ) != 0 )
goto err_init;
/* Enter sequence */
memcpy ( &cursor, signature, sizeof ( cursor ) );
asn1_enter ( &cursor, ASN1_SEQUENCE );
/* Extract "r" and "s" values */
if ( ( rc = ecdsa_parse_signature ( &ctx, ctx.r0, &cursor ) ) != 0 )
goto err_r;
asn1_skip_any ( &cursor );
if ( ( rc = ecdsa_parse_signature ( &ctx, ctx.s0, &cursor ) ) != 0 )
goto err_s;
/* Verify signature */
if ( ( rc = ecdsa_verify_rs ( &ctx ) ) != 0 )
goto err_verify;
/* Free context */
ecdsa_free ( &ctx );
return 0;
err_verify:
err_s:
err_r:
ecdsa_free ( &ctx );
err_init:
return rc;
}
/**
* Check for matching ECDSA public/private key pair
*
* @v private_key Private key
* @v public_key Public key
* @ret rc Return status code
*/
static int ecdsa_match ( const struct asn1_cursor *private_key,
const struct asn1_cursor *public_key ) {
struct elliptic_curve *curve;
struct ecdsa_key privkey;
struct ecdsa_key pubkey;
int rc;
/* Parse keys */
if ( ( rc = ecdsa_parse_key ( &privkey, private_key ) ) != 0 )
return rc;
if ( ( rc = ecdsa_parse_key ( &pubkey, public_key ) ) != 0 )
return rc;
/* Compare curves */
if ( privkey.curve != pubkey.curve )
return -ENOTTY;
curve = privkey.curve;
/* Compare public curve points */
if ( memcmp ( privkey.public, pubkey.public, curve->pointsize ) != 0 )
return -ENOTTY;
return 0;
}
/** ECDSA public-key algorithm */
struct pubkey_algorithm ecdsa_algorithm = {
.name = "ecdsa",
.encrypt = ecdsa_encrypt,
.decrypt = ecdsa_decrypt,
.sign = ecdsa_sign,
.verify = ecdsa_verify,
.match = ecdsa_match,
};

19
src/include/ipxe/ecdsa.h Normal file
View File

@@ -0,0 +1,19 @@
#ifndef _IPXE_ECDSA_H
#define _IPXE_ECDSA_H
/** @file
*
* Elliptic curve digital signature algorithm (ECDSA)
*
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/crypto.h>
/** Uncompressed curve point */
#define ECDSA_UNCOMPRESSED 0x04
extern struct pubkey_algorithm ecdsa_algorithm;
#endif /* _IPXE_ECDSA_H */

1
src/include/ipxe/errfile.h
View File

@@ -444,6 +444,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#define ERRFILE_weierstrass ( ERRFILE_OTHER | 0x00660000 )
#define ERRFILE_efi_cacert ( ERRFILE_OTHER | 0x00670000 )
#define ERRFILE_ecdhe ( ERRFILE_OTHER | 0x00680000 )
#define ERRFILE_ecdsa ( ERRFILE_OTHER | 0x00690000 )
/** @} */

274
src/tests/ecdsa_test.c Normal file
View File

@@ -0,0 +1,274 @@
/*
* Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*
* You can also choose to distribute this program under the terms of
* the Unmodified Binary Distribution Licence (as given in the file
* COPYING.UBDL), provided that you have satisfied its requirements.
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
/** @file
*
* ECDSA self-tests
*
* These test vectors are generated using openssl's ecparam, pkey,
* pkcs8, and dgst tools.
*/
/* Forcibly enable assertions */
#undef NDEBUG
#include <string.h>
#include <ipxe/crypto.h>
#include <ipxe/ecdsa.h>
#include <ipxe/sha256.h>
#include <ipxe/sha512.h>
#include <ipxe/test.h>
#include "pubkey_test.h"
/** "Hello world" P-256 signature test (traditional private key) */
PUBKEY_SIGN_TEST ( p256_hw_test, &ecdsa_algorithm,
PRIVATE ( 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x5d, 0xc9, 0xbc,
0x58, 0x82, 0x99, 0xaf, 0x56, 0x6a, 0x4a, 0x4d, 0xec, 0xce,
0x9f, 0x6d, 0xfd, 0xb4, 0xfa, 0x5f, 0x8c, 0xd2, 0xfe, 0x5a,
0x4b, 0x9b, 0x83, 0x0a, 0xe6, 0x86, 0x90, 0x13, 0x12, 0xa0,
0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x31, 0x20, 0x90,
0xeb, 0xd1, 0x74, 0xc0, 0x88, 0x03, 0x97, 0x96, 0x67, 0x11,
0xda, 0x74, 0xe9, 0x09, 0xd1, 0x64, 0x01, 0x26, 0x9b, 0x30,
0x8c, 0x6a, 0xbe, 0xcf, 0x6f, 0x01, 0xd5, 0x86, 0xe2, 0xab,
0x60, 0x8f, 0x5b, 0x60, 0x86, 0xc8, 0x2d, 0xee, 0xa7, 0x42,
0x59, 0xd5, 0xdc, 0x3d, 0xb8, 0x13, 0x8f, 0x90, 0x26, 0xfc,
0xf5, 0xce, 0xcb, 0xf9, 0x68, 0x91, 0x59, 0x87, 0xc6, 0x7d,
0x2a ),
PUBLIC ( 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x31, 0x20, 0x90,
0xeb, 0xd1, 0x74, 0xc0, 0x88, 0x03, 0x97, 0x96, 0x67, 0x11,
0xda, 0x74, 0xe9, 0x09, 0xd1, 0x64, 0x01, 0x26, 0x9b, 0x30,
0x8c, 0x6a, 0xbe, 0xcf, 0x6f, 0x01, 0xd5, 0x86, 0xe2, 0xab,
0x60, 0x8f, 0x5b, 0x60, 0x86, 0xc8, 0x2d, 0xee, 0xa7, 0x42,
0x59, 0xd5, 0xdc, 0x3d, 0xb8, 0x13, 0x8f, 0x90, 0x26, 0xfc,
0xf5, 0xce, 0xcb, 0xf9, 0x68, 0x91, 0x59, 0x87, 0xc6, 0x7d,
0x2a ),
PLAINTEXT ( 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c,
0x64, 0x0a ),
&sha256_algorithm,
SIGNATURE ( 0x30, 0x45, 0x02, 0x21, 0x00, 0xc4, 0xb5, 0xb9, 0x40, 0xf7,
0x73, 0x9f, 0x77, 0x90, 0xa1, 0xa0, 0x0d, 0xc4, 0xd3, 0x1e,
0x18, 0x08, 0xc0, 0xe9, 0xb1, 0xf5, 0x16, 0x71, 0xf0, 0x75,
0x9f, 0xac, 0x5e, 0xeb, 0xca, 0x0d, 0x02, 0x02, 0x20, 0x32,
0xb6, 0x77, 0x9e, 0x19, 0x1f, 0xde, 0x03, 0x1d, 0x8a, 0x29,
0xe4, 0x97, 0xb9, 0x90, 0x1b, 0xff, 0xf3, 0x10, 0x8d, 0xc3,
0x41, 0x4e, 0xc1, 0xef, 0x59, 0x37, 0xc3, 0xf7, 0xd5, 0xbe,
0xb0 ) );
/** "Hello world" P-256 signature test (traditional private key, SHA-512) */
PUBKEY_SIGN_TEST ( p256_hw_sha512_test, &ecdsa_algorithm,
PRIVATE ( 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x5d, 0xc9, 0xbc,
0x58, 0x82, 0x99, 0xaf, 0x56, 0x6a, 0x4a, 0x4d, 0xec, 0xce,
0x9f, 0x6d, 0xfd, 0xb4, 0xfa, 0x5f, 0x8c, 0xd2, 0xfe, 0x5a,
0x4b, 0x9b, 0x83, 0x0a, 0xe6, 0x86, 0x90, 0x13, 0x12, 0xa0,
0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x31, 0x20, 0x90,
0xeb, 0xd1, 0x74, 0xc0, 0x88, 0x03, 0x97, 0x96, 0x67, 0x11,
0xda, 0x74, 0xe9, 0x09, 0xd1, 0x64, 0x01, 0x26, 0x9b, 0x30,
0x8c, 0x6a, 0xbe, 0xcf, 0x6f, 0x01, 0xd5, 0x86, 0xe2, 0xab,
0x60, 0x8f, 0x5b, 0x60, 0x86, 0xc8, 0x2d, 0xee, 0xa7, 0x42,
0x59, 0xd5, 0xdc, 0x3d, 0xb8, 0x13, 0x8f, 0x90, 0x26, 0xfc,
0xf5, 0xce, 0xcb, 0xf9, 0x68, 0x91, 0x59, 0x87, 0xc6, 0x7d,
0x2a ),
PUBLIC ( 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x31, 0x20, 0x90,
0xeb, 0xd1, 0x74, 0xc0, 0x88, 0x03, 0x97, 0x96, 0x67, 0x11,
0xda, 0x74, 0xe9, 0x09, 0xd1, 0x64, 0x01, 0x26, 0x9b, 0x30,
0x8c, 0x6a, 0xbe, 0xcf, 0x6f, 0x01, 0xd5, 0x86, 0xe2, 0xab,
0x60, 0x8f, 0x5b, 0x60, 0x86, 0xc8, 0x2d, 0xee, 0xa7, 0x42,
0x59, 0xd5, 0xdc, 0x3d, 0xb8, 0x13, 0x8f, 0x90, 0x26, 0xfc,
0xf5, 0xce, 0xcb, 0xf9, 0x68, 0x91, 0x59, 0x87, 0xc6, 0x7d,
0x2a ),
PLAINTEXT ( 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c,
0x64, 0x0a ),
&sha512_algorithm,
SIGNATURE ( 0x30, 0x45, 0x02, 0x21, 0x00, 0x8b, 0x62, 0xf5, 0xda, 0x49,
0x41, 0x85, 0xfe, 0xac, 0x1c, 0x6f, 0xf3, 0x43, 0xd9, 0xa6,
0x03, 0x89, 0x5f, 0x1c, 0x5a, 0xd4, 0x8e, 0xdd, 0x4a, 0x58,
0x48, 0x8f, 0x07, 0xb3, 0x85, 0xdb, 0x07, 0x02, 0x20, 0x7c,
0x82, 0x77, 0x9c, 0x03, 0xd1, 0xd9, 0x2f, 0xf9, 0x1e, 0xcb,
0x06, 0x29, 0x37, 0x0c, 0x96, 0x17, 0xc7, 0xc4, 0x3c, 0x0d,
0x4a, 0x2e, 0x85, 0xe1, 0x13, 0x29, 0xc2, 0x46, 0x2d, 0x2f,
0x85 ) );
/** Random message P-256 signature test (PKCS#8 private key) */
PUBKEY_SIGN_TEST ( p256_random_test, &ecdsa_algorithm,
PRIVATE ( 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07,
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30,
0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 0x5d, 0xc9, 0xbc, 0x58,
0x82, 0x99, 0xaf, 0x56, 0x6a, 0x4a, 0x4d, 0xec, 0xce, 0x9f,
0x6d, 0xfd, 0xb4, 0xfa, 0x5f, 0x8c, 0xd2, 0xfe, 0x5a, 0x4b,
0x9b, 0x83, 0x0a, 0xe6, 0x86, 0x90, 0x13, 0x12, 0xa1, 0x44,
0x03, 0x42, 0x00, 0x04, 0x31, 0x20, 0x90, 0xeb, 0xd1, 0x74,
0xc0, 0x88, 0x03, 0x97, 0x96, 0x67, 0x11, 0xda, 0x74, 0xe9,
0x09, 0xd1, 0x64, 0x01, 0x26, 0x9b, 0x30, 0x8c, 0x6a, 0xbe,
0xcf, 0x6f, 0x01, 0xd5, 0x86, 0xe2, 0xab, 0x60, 0x8f, 0x5b,
0x60, 0x86, 0xc8, 0x2d, 0xee, 0xa7, 0x42, 0x59, 0xd5, 0xdc,
0x3d, 0xb8, 0x13, 0x8f, 0x90, 0x26, 0xfc, 0xf5, 0xce, 0xcb,
0xf9, 0x68, 0x91, 0x59, 0x87, 0xc6, 0x7d, 0x2a ),
PUBLIC ( 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x31, 0x20, 0x90,
0xeb, 0xd1, 0x74, 0xc0, 0x88, 0x03, 0x97, 0x96, 0x67, 0x11,
0xda, 0x74, 0xe9, 0x09, 0xd1, 0x64, 0x01, 0x26, 0x9b, 0x30,
0x8c, 0x6a, 0xbe, 0xcf, 0x6f, 0x01, 0xd5, 0x86, 0xe2, 0xab,
0x60, 0x8f, 0x5b, 0x60, 0x86, 0xc8, 0x2d, 0xee, 0xa7, 0x42,
0x59, 0xd5, 0xdc, 0x3d, 0xb8, 0x13, 0x8f, 0x90, 0x26, 0xfc,
0xf5, 0xce, 0xcb, 0xf9, 0x68, 0x91, 0x59, 0x87, 0xc6, 0x7d,
0x2a ),
PLAINTEXT ( 0xe0, 0xf0, 0x1b, 0xd1, 0x95, 0xe0, 0x4b, 0xd1, 0xf7, 0x4a,
0x18, 0xca, 0x60, 0x02, 0x29, 0xc1, 0x58, 0x03, 0xf8, 0xc2,
0x3c, 0x0f, 0x86, 0x55, 0xc5, 0x22, 0x88, 0x7e, 0x1f, 0x6c,
0x4e, 0x14, 0xb5, 0x7e, 0x52, 0x02, 0x40, 0xb2, 0x70, 0xa6,
0x60, 0xef, 0xcb, 0xab, 0xbd, 0x9d, 0xbe, 0x88, 0x41, 0x3f,
0x0f, 0x44, 0x24, 0xdf, 0x86, 0x1c, 0x41, 0x39, 0x38, 0xf9,
0x7e, 0x26, 0xcb, 0x1e, 0x31, 0xa6, 0x4c, 0x38, 0x3f, 0x55,
0xb6, 0xbe, 0x8a, 0xc8, 0xbd, 0xa8, 0x96, 0xef, 0x68, 0xf8,
0x4e, 0x28, 0xd2, 0x4d, 0x31, 0x02, 0xb8, 0x4c, 0xb6, 0xd2,
0x34, 0x1d, 0x95, 0xfa, 0x37, 0xfe, 0x29, 0x1f, 0xe3, 0x06,
0x19, 0xe7, 0x21, 0x16, 0x3d, 0xa0, 0xdb, 0xb6, 0x9b, 0x5b,
0x61, 0x28, 0x6f, 0x32, 0xe1, 0x5e, 0x6e, 0xe1, 0x11, 0xb3,
0x28, 0x82, 0xf1, 0xf4, 0x75, 0x1f, 0x0d, 0x7c, 0x0d, 0x8f,
0x43, 0x55, 0xc9, 0xad, 0x9d, 0x8a, 0xd4, 0xf9, 0xb4, 0xd5,
0x9a, 0xda, 0xd7, 0xe3, 0x15, 0xcb, 0x09, 0x2c, 0x2d, 0xc4,
0x9d, 0x9c, 0x34, 0xe1, 0x84, 0x1c, 0xbd, 0x38, 0x3b, 0x0e,
0xa3, 0xfd, 0x78, 0x29, 0x79, 0xa9, 0x73, 0x36, 0x8f, 0xab,
0xef, 0xb3, 0x4e, 0x93, 0xc8, 0x18, 0xba, 0x3a, 0x3d, 0x78,
0x0f, 0x47, 0xa4, 0x0b, 0x87, 0xfd, 0x00, 0x11, 0x34, 0x41,
0x6c, 0x01, 0x4e, 0xdd, 0x77, 0x81, 0x21, 0x54, 0x64, 0x60,
0xa1, 0xe0, 0xc9, 0x4b, 0xc6, 0xc6, 0x07, 0x52, 0xa2, 0xba,
0x51, 0xc9, 0xa0, 0xa8, 0xf6, 0xa4, 0xdf, 0x37, 0x80, 0xc5,
0x03, 0x1d, 0x9c, 0x85, 0xf9, 0x93, 0x4d, 0x1b, 0xec, 0x1c,
0x1f, 0xab, 0xb2, 0xfa, 0x0c, 0xc5, 0x59, 0x2e, 0xf7, 0x01,
0xc6, 0x3b, 0x39, 0x0e, 0x90, 0x92, 0x42, 0x76, 0x80, 0xfe,
0x67, 0x05, 0xdd, 0x80, 0xf4, 0x06 ),
&sha256_algorithm,
SIGNATURE ( 0x30, 0x44, 0x02, 0x20, 0x12, 0x9c, 0x69, 0xb2, 0x61, 0x49,
0x95, 0x0e, 0xab, 0x3b, 0x8f, 0x15, 0x31, 0x97, 0x30, 0x73,
0x68, 0xe1, 0xcb, 0x32, 0x45, 0xe7, 0x9c, 0x8f, 0x50, 0xa0,
0x84, 0x89, 0x16, 0xf8, 0x59, 0xe9, 0x02, 0x20, 0x7f, 0x46,
0x97, 0xf1, 0x99, 0x45, 0x09, 0x0f, 0x80, 0xe1, 0xf3, 0xfc,
0x62, 0x6b, 0x35, 0xb1, 0x4c, 0xdb, 0x48, 0x0b, 0xff, 0x48,
0xae, 0x3a, 0x5b, 0x20, 0x48, 0x31, 0x91, 0x88, 0xba,
0xde ) );
/** Random message P-384 signature test (PKCS#8 private key) */
PUBKEY_SIGN_TEST ( p384_random_test, &ecdsa_algorithm,
PRIVATE ( 0x30, 0x81, 0xb6, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07,
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
0x81, 0x04, 0x00, 0x22, 0x04, 0x81, 0x9e, 0x30, 0x81, 0x9b,
0x02, 0x01, 0x01, 0x04, 0x30, 0x5f, 0xc5, 0x6a, 0x6e, 0xf2,
0x91, 0xf2, 0x1e, 0xa9, 0x80, 0xd3, 0xfd, 0xd3, 0x3a, 0x0b,
0x6b, 0xd0, 0x8c, 0xdb, 0x4a, 0xd9, 0x72, 0x6d, 0x56, 0x11,
0x43, 0x10, 0x64, 0x45, 0x20, 0x6e, 0x3a, 0x77, 0x99, 0x55,
0x72, 0x86, 0x30, 0xd4, 0x69, 0xd6, 0x10, 0x2d, 0x2d, 0x46,
0x72, 0x1f, 0x3e, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x6a,
0xb2, 0x1a, 0x29, 0x54, 0x71, 0x27, 0x3c, 0x02, 0x3e, 0x3b,
0x4c, 0x0e, 0x69, 0x4f, 0xe3, 0xdf, 0x8d, 0x02, 0x76, 0x7c,
0x12, 0x2e, 0x31, 0xe7, 0x8b, 0xc8, 0x09, 0x1e, 0x0a, 0x5d,
0x98, 0x0a, 0x3c, 0x43, 0xc6, 0xd4, 0x95, 0x53, 0xc0, 0x53,
0x91, 0xdd, 0x70, 0x03, 0x77, 0xe7, 0xe8, 0xe9, 0x04, 0x46,
0x7e, 0x9a, 0x8f, 0x0b, 0x21, 0x30, 0x06, 0x80, 0xa1, 0xc1,
0xff, 0x20, 0x91, 0x68, 0x1f, 0x84, 0x01, 0x52, 0x28, 0xb8,
0x18, 0xb0, 0xcc, 0x33, 0x9c, 0x44, 0x98, 0xa3, 0x59, 0x92,
0x36, 0xe3, 0x46, 0x72, 0xa8, 0x86, 0xec, 0x69, 0x24, 0x29,
0x29, 0xc0, 0xca, 0x2b, 0x40 ),
PUBLIC ( 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
0x03, 0x62, 0x00, 0x04, 0x6a, 0xb2, 0x1a, 0x29, 0x54, 0x71,
0x27, 0x3c, 0x02, 0x3e, 0x3b, 0x4c, 0x0e, 0x69, 0x4f, 0xe3,
0xdf, 0x8d, 0x02, 0x76, 0x7c, 0x12, 0x2e, 0x31, 0xe7, 0x8b,
0xc8, 0x09, 0x1e, 0x0a, 0x5d, 0x98, 0x0a, 0x3c, 0x43, 0xc6,
0xd4, 0x95, 0x53, 0xc0, 0x53, 0x91, 0xdd, 0x70, 0x03, 0x77,
0xe7, 0xe8, 0xe9, 0x04, 0x46, 0x7e, 0x9a, 0x8f, 0x0b, 0x21,
0x30, 0x06, 0x80, 0xa1, 0xc1, 0xff, 0x20, 0x91, 0x68, 0x1f,
0x84, 0x01, 0x52, 0x28, 0xb8, 0x18, 0xb0, 0xcc, 0x33, 0x9c,
0x44, 0x98, 0xa3, 0x59, 0x92, 0x36, 0xe3, 0x46, 0x72, 0xa8,
0x86, 0xec, 0x69, 0x24, 0x29, 0x29, 0xc0, 0xca, 0x2b, 0x40 ),
PLAINTEXT ( 0xe0, 0xf0, 0x1b, 0xd1, 0x95, 0xe0, 0x4b, 0xd1, 0xf7, 0x4a,
0x18, 0xca, 0x60, 0x02, 0x29, 0xc1, 0x58, 0x03, 0xf8, 0xc2,
0x3c, 0x0f, 0x86, 0x55, 0xc5, 0x22, 0x88, 0x7e, 0x1f, 0x6c,
0x4e, 0x14, 0xb5, 0x7e, 0x52, 0x02, 0x40, 0xb2, 0x70, 0xa6,
0x60, 0xef, 0xcb, 0xab, 0xbd, 0x9d, 0xbe, 0x88, 0x41, 0x3f,
0x0f, 0x44, 0x24, 0xdf, 0x86, 0x1c, 0x41, 0x39, 0x38, 0xf9,
0x7e, 0x26, 0xcb, 0x1e, 0x31, 0xa6, 0x4c, 0x38, 0x3f, 0x55,
0xb6, 0xbe, 0x8a, 0xc8, 0xbd, 0xa8, 0x96, 0xef, 0x68, 0xf8,
0x4e, 0x28, 0xd2, 0x4d, 0x31, 0x02, 0xb8, 0x4c, 0xb6, 0xd2,
0x34, 0x1d, 0x95, 0xfa, 0x37, 0xfe, 0x29, 0x1f, 0xe3, 0x06,
0x19, 0xe7, 0x21, 0x16, 0x3d, 0xa0, 0xdb, 0xb6, 0x9b, 0x5b,
0x61, 0x28, 0x6f, 0x32, 0xe1, 0x5e, 0x6e, 0xe1, 0x11, 0xb3,
0x28, 0x82, 0xf1, 0xf4, 0x75, 0x1f, 0x0d, 0x7c, 0x0d, 0x8f,
0x43, 0x55, 0xc9, 0xad, 0x9d, 0x8a, 0xd4, 0xf9, 0xb4, 0xd5,
0x9a, 0xda, 0xd7, 0xe3, 0x15, 0xcb, 0x09, 0x2c, 0x2d, 0xc4,
0x9d, 0x9c, 0x34, 0xe1, 0x84, 0x1c, 0xbd, 0x38, 0x3b, 0x0e,
0xa3, 0xfd, 0x78, 0x29, 0x79, 0xa9, 0x73, 0x36, 0x8f, 0xab,
0xef, 0xb3, 0x4e, 0x93, 0xc8, 0x18, 0xba, 0x3a, 0x3d, 0x78,
0x0f, 0x47, 0xa4, 0x0b, 0x87, 0xfd, 0x00, 0x11, 0x34, 0x41,
0x6c, 0x01, 0x4e, 0xdd, 0x77, 0x81, 0x21, 0x54, 0x64, 0x60,
0xa1, 0xe0, 0xc9, 0x4b, 0xc6, 0xc6, 0x07, 0x52, 0xa2, 0xba,
0x51, 0xc9, 0xa0, 0xa8, 0xf6, 0xa4, 0xdf, 0x37, 0x80, 0xc5,
0x03, 0x1d, 0x9c, 0x85, 0xf9, 0x93, 0x4d, 0x1b, 0xec, 0x1c,
0x1f, 0xab, 0xb2, 0xfa, 0x0c, 0xc5, 0x59, 0x2e, 0xf7, 0x01,
0xc6, 0x3b, 0x39, 0x0e, 0x90, 0x92, 0x42, 0x76, 0x80, 0xfe,
0x67, 0x05, 0xdd, 0x80, 0xf4, 0x06 ),
&sha512_algorithm,
SIGNATURE ( 0x30, 0x64, 0x02, 0x30, 0x17, 0xa4, 0x1f, 0x5d, 0xb7, 0x6d,
0x85, 0xd0, 0x1f, 0xf1, 0x28, 0x5c, 0x45, 0x27, 0x15, 0x30,
0x9c, 0xb5, 0xe3, 0x36, 0x70, 0xf3, 0x82, 0xa6, 0x1c, 0x4a,
0xb7, 0x87, 0xc7, 0x86, 0xae, 0x5d, 0x99, 0xba, 0xa9, 0x9a,
0x2b, 0x25, 0x0a, 0xd2, 0x25, 0x1d, 0xe9, 0x78, 0xff, 0x2d,
0x8d, 0xd6, 0x02, 0x30, 0x55, 0x95, 0x5d, 0x4d, 0x74, 0x3d,
0xd1, 0xae, 0xf0, 0x6d, 0x6a, 0x77, 0x40, 0xa6, 0x57, 0xb2,
0xb1, 0xee, 0xef, 0xd5, 0xcf, 0xeb, 0xa8, 0x82, 0x22, 0x1a,
0xaf, 0x1e, 0xbc, 0x51, 0x59, 0xb7, 0x66, 0xbb, 0x83, 0x38,
0x8b, 0x28, 0xa7, 0x84, 0x4e, 0x5c, 0x0a, 0x07, 0x56, 0x75,
0x01, 0x8a ) );
/**
* Perform ECDSA self-tests
*
*/
static void ecdsa_test_exec ( void ) {
pubkey_sign_ok ( &p256_hw_test );
pubkey_sign_ok ( &p256_hw_sha512_test );
pubkey_sign_ok ( &p256_random_test );
pubkey_sign_ok ( &p384_random_test );
}
/** ECDSA self-test */
struct self_test ecdsa_test __self_test = {
.name = "ecdsa",
.exec = ecdsa_test_exec,
};
/* Drag in required ASN.1 OID-identified algorithms */
REQUIRING_SYMBOL ( ecdsa_test );
REQUIRE_OBJECT ( oid_p256 );
REQUIRE_OBJECT ( oid_p384 );

1
src/tests/tests.c
View File

@@ -91,3 +91,4 @@ REQUIRE_OBJECT ( p384_test );
REQUIRE_OBJECT ( efi_siglist_test );
REQUIRE_OBJECT ( cpio_test );
REQUIRE_OBJECT ( fdt_test );
REQUIRE_OBJECT ( ecdsa_test );