Update libmincrypttwrp
Change-Id: I90370cd8ef6d9f1be16adba51f51342827a04415
This commit is contained in:
@@ -1,16 +1,17 @@
|
||||
# Copyright 2008 The Android Open Source Project
|
||||
#
|
||||
LOCAL_PATH := $(call my-dir)
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := libmincrypttwrp
|
||||
LOCAL_C_INCLUDES := $(commands_recovery_local_path)/libmincrypt/includes
|
||||
LOCAL_SRC_FILES := rsa.c sha.c sha256.c
|
||||
LOCAL_SRC_FILES := dsa_sig.c p256.c p256_ec.c p256_ecdsa.c rsa.c sha.c sha256.c
|
||||
LOCAL_CFLAGS := -Wall -Werror
|
||||
include $(BUILD_STATIC_LIBRARY)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := libmincrypttwrp
|
||||
LOCAL_SRC_FILES := rsa.c sha.c sha256.c
|
||||
include $(BUILD_HOST_STATIC_LIBRARY)
|
||||
|
||||
LOCAL_C_INCLUDES := $(commands_recovery_local_path)/libmincrypt/includes
|
||||
LOCAL_SRC_FILES := dsa_sig.c p256.c p256_ec.c p256_ecdsa.c rsa.c sha.c sha256.c
|
||||
LOCAL_CFLAGS := -Wall -Werror
|
||||
include $(BUILD_HOST_STATIC_LIBRARY)
|
||||
@@ -0,0 +1,126 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "mincrypt/dsa_sig.h"
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
/**
|
||||
* Trims off the leading zero bytes and copy it to a buffer aligning it to the end.
|
||||
*/
|
||||
static inline int trim_to_p256_bytes(unsigned char dst[P256_NBYTES], unsigned char *src,
|
||||
int src_len) {
|
||||
int dst_offset;
|
||||
while (*src == '\0' && src_len > 0) {
|
||||
src++;
|
||||
src_len--;
|
||||
}
|
||||
if (src_len > P256_NBYTES || src_len < 1) {
|
||||
return 0;
|
||||
}
|
||||
dst_offset = P256_NBYTES - src_len;
|
||||
memset(dst, 0, dst_offset);
|
||||
memcpy(dst + dst_offset, src, src_len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Unpacks the ASN.1 DSA signature sequence.
|
||||
*/
|
||||
int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int) {
|
||||
/*
|
||||
* Structure is:
|
||||
* 0x30 0xNN SEQUENCE + s_length
|
||||
* 0x02 0xNN INTEGER + r_length
|
||||
* 0xAA 0xBB .. r_length bytes of "r" (offset 4)
|
||||
* 0x02 0xNN INTEGER + s_length
|
||||
* 0xMM 0xNN .. s_length bytes of "s" (offset 6 + r_len)
|
||||
*/
|
||||
int seq_len;
|
||||
unsigned char r_bytes[P256_NBYTES];
|
||||
unsigned char s_bytes[P256_NBYTES];
|
||||
int r_len;
|
||||
int s_len;
|
||||
|
||||
memset(r_bytes, 0, sizeof(r_bytes));
|
||||
memset(s_bytes, 0, sizeof(s_bytes));
|
||||
|
||||
/*
|
||||
* Must have at least:
|
||||
* 2 bytes sequence header and length
|
||||
* 2 bytes R integer header and length
|
||||
* 1 byte of R
|
||||
* 2 bytes S integer header and length
|
||||
* 1 byte of S
|
||||
*
|
||||
* 8 bytes total
|
||||
*/
|
||||
if (sig_len < 8 || sig[0] != 0x30 || sig[2] != 0x02) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
seq_len = sig[1];
|
||||
if ((seq_len <= 0) || (seq_len + 2 != sig_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
r_len = sig[3];
|
||||
/*
|
||||
* Must have at least:
|
||||
* 2 bytes for R header and length
|
||||
* 2 bytes S integer header and length
|
||||
* 1 byte of S
|
||||
*/
|
||||
if ((r_len < 1) || (r_len > seq_len - 5) || (sig[4 + r_len] != 0x02)) {
|
||||
return 0;
|
||||
}
|
||||
s_len = sig[5 + r_len];
|
||||
|
||||
/**
|
||||
* Must have:
|
||||
* 2 bytes for R header and length
|
||||
* r_len bytes for R
|
||||
* 2 bytes S integer header and length
|
||||
*/
|
||||
if ((s_len < 1) || (s_len != seq_len - 4 - r_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* ASN.1 encoded integers are zero-padded for positive integers. Make sure we have
|
||||
* a correctly-sized buffer and that the resulting integer isn't too large.
|
||||
*/
|
||||
if (!trim_to_p256_bytes(r_bytes, &sig[4], r_len)
|
||||
|| !trim_to_p256_bytes(s_bytes, &sig[6 + r_len], s_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
p256_from_bin(r_bytes, r_int);
|
||||
p256_from_bin(s_bytes, s_int);
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -0,0 +1,43 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
|
||||
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Returns 0 if input sig is not a valid ASN.1 sequence
|
||||
int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_ */
|
||||
@@ -1,8 +1,31 @@
|
||||
// Copyright 2007 Google Inc. All Rights Reserved.
|
||||
// Author: mschilder@google.com (Marius Schilder)
|
||||
/*
|
||||
* Copyright 2007 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_UTIL_LITE_HASH_INTERNAL_H__
|
||||
#define SECURITY_UTIL_LITE_HASH_INTERNAL_H__
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
@@ -37,4 +60,4 @@ typedef struct HASH_CTX {
|
||||
}
|
||||
#endif // __cplusplus
|
||||
|
||||
#endif // SECURITY_UTIL_LITE_HASH_INTERNAL_H__
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
|
||||
|
||||
@@ -0,0 +1,162 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
|
||||
|
||||
// Collection of routines manipulating 256 bit unsigned integers.
|
||||
// Just enough to implement ecdsa-p256 and related algorithms.
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define P256_BITSPERDIGIT 32
|
||||
#define P256_NDIGITS 8
|
||||
#define P256_NBYTES 32
|
||||
|
||||
typedef int p256_err;
|
||||
typedef uint32_t p256_digit;
|
||||
typedef int32_t p256_sdigit;
|
||||
typedef uint64_t p256_ddigit;
|
||||
typedef int64_t p256_sddigit;
|
||||
|
||||
// Defining p256_int as struct to leverage struct assigment.
|
||||
typedef struct {
|
||||
p256_digit a[P256_NDIGITS];
|
||||
} p256_int;
|
||||
|
||||
extern const p256_int SECP256r1_n; // Curve order
|
||||
extern const p256_int SECP256r1_p; // Curve prime
|
||||
extern const p256_int SECP256r1_b; // Curve param
|
||||
|
||||
// Initialize a p256_int to zero.
|
||||
void p256_init(p256_int* a);
|
||||
|
||||
// Clear a p256_int to zero.
|
||||
void p256_clear(p256_int* a);
|
||||
|
||||
// Return bit. Index 0 is least significant.
|
||||
int p256_get_bit(const p256_int* a, int index);
|
||||
|
||||
// b := a % MOD
|
||||
void p256_mod(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b);
|
||||
|
||||
// c := a * (top_b | b) % MOD
|
||||
void p256_modmul(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
const p256_digit top_b,
|
||||
const p256_int* b,
|
||||
p256_int* c);
|
||||
|
||||
// b := 1 / a % MOD
|
||||
// MOD best be SECP256r1_n
|
||||
void p256_modinv(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b);
|
||||
|
||||
// b := 1 / a % MOD
|
||||
// MOD best be SECP256r1_n
|
||||
// Faster than p256_modinv()
|
||||
void p256_modinv_vartime(
|
||||
const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b);
|
||||
|
||||
// b := a << (n % P256_BITSPERDIGIT)
|
||||
// Returns the bits shifted out of most significant digit.
|
||||
p256_digit p256_shl(const p256_int* a, int n, p256_int* b);
|
||||
|
||||
// b := a >> (n % P256_BITSPERDIGIT)
|
||||
void p256_shr(const p256_int* a, int n, p256_int* b);
|
||||
|
||||
int p256_is_zero(const p256_int* a);
|
||||
int p256_is_odd(const p256_int* a);
|
||||
int p256_is_even(const p256_int* a);
|
||||
|
||||
// Returns -1, 0 or 1.
|
||||
int p256_cmp(const p256_int* a, const p256_int *b);
|
||||
|
||||
// c: = a - b
|
||||
// Returns -1 on borrow.
|
||||
int p256_sub(const p256_int* a, const p256_int* b, p256_int* c);
|
||||
|
||||
// c := a + b
|
||||
// Returns 1 on carry.
|
||||
int p256_add(const p256_int* a, const p256_int* b, p256_int* c);
|
||||
|
||||
// c := a + (single digit)b
|
||||
// Returns carry 1 on carry.
|
||||
int p256_add_d(const p256_int* a, p256_digit b, p256_int* c);
|
||||
|
||||
// ec routines.
|
||||
|
||||
// {out_x,out_y} := nG
|
||||
void p256_base_point_mul(const p256_int *n,
|
||||
p256_int *out_x,
|
||||
p256_int *out_y);
|
||||
|
||||
// {out_x,out_y} := n{in_x,in_y}
|
||||
void p256_point_mul(const p256_int *n,
|
||||
const p256_int *in_x,
|
||||
const p256_int *in_y,
|
||||
p256_int *out_x,
|
||||
p256_int *out_y);
|
||||
|
||||
// {out_x,out_y} := n1G + n2{in_x,in_y}
|
||||
void p256_points_mul_vartime(
|
||||
const p256_int *n1, const p256_int *n2,
|
||||
const p256_int *in_x, const p256_int *in_y,
|
||||
p256_int *out_x, p256_int *out_y);
|
||||
|
||||
// Return whether point {x,y} is on curve.
|
||||
int p256_is_valid_point(const p256_int* x, const p256_int* y);
|
||||
|
||||
// Outputs big-endian binary form. No leading zero skips.
|
||||
void p256_to_bin(const p256_int* src, uint8_t dst[P256_NBYTES]);
|
||||
|
||||
// Reads from big-endian binary form,
|
||||
// thus pre-pad with leading zeros if short.
|
||||
void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst);
|
||||
|
||||
#define P256_DIGITS(x) ((x)->a)
|
||||
#define P256_DIGIT(x,y) ((x)->a[y])
|
||||
|
||||
#define P256_ZERO {{0}}
|
||||
#define P256_ONE {{1}}
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
|
||||
@@ -0,0 +1,53 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
|
||||
|
||||
// Using current directory as relative include path here since
|
||||
// this code typically gets lifted into a variety of build systems
|
||||
// and directory structures.
|
||||
#include "p256.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Returns 0 if {r,s} is not a signature on message for
|
||||
// public key {key_x,key_y}.
|
||||
//
|
||||
// Note: message is a p256_int.
|
||||
// Convert from a binary string using p256_from_bin().
|
||||
int p256_ecdsa_verify(const p256_int* key_x,
|
||||
const p256_int* key_y,
|
||||
const p256_int* message,
|
||||
const p256_int* r, const p256_int* s);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
|
||||
@@ -25,8 +25,8 @@
|
||||
** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _EMBEDDED_RSA_H_
|
||||
#define _EMBEDDED_RSA_H_
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
|
||||
|
||||
#include <inttypes.h>
|
||||
|
||||
@@ -55,4 +55,4 @@ int RSA_verify(const RSAPublicKey *key,
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
|
||||
|
||||
@@ -1,8 +1,30 @@
|
||||
// Copyright 2005 Google Inc. All Rights Reserved.
|
||||
// Author: mschilder@google.com (Marius Schilder)
|
||||
|
||||
#ifndef SECURITY_UTIL_LITE_SHA1_H__
|
||||
#define SECURITY_UTIL_LITE_SHA1_H__
|
||||
/*
|
||||
* Copyright 2005 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "hash-internal.h"
|
||||
@@ -27,4 +49,4 @@ const uint8_t* SHA_hash(const void* data, int len, uint8_t* digest);
|
||||
}
|
||||
#endif // __cplusplus
|
||||
|
||||
#endif // SECURITY_UTIL_LITE_SHA1_H__
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
|
||||
|
||||
@@ -1,8 +1,31 @@
|
||||
// Copyright 2011 Google Inc. All Rights Reserved.
|
||||
// Author: mschilder@google.com (Marius Schilder)
|
||||
/*
|
||||
* Copyright 2011 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_UTIL_LITE_SHA256_H__
|
||||
#define SECURITY_UTIL_LITE_SHA256_H__
|
||||
#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
|
||||
#define SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "hash-internal.h"
|
||||
@@ -26,4 +49,4 @@ const uint8_t* SHA256_hash(const void* data, int len, uint8_t* digest);
|
||||
}
|
||||
#endif // __cplusplus
|
||||
|
||||
#endif // SECURITY_UTIL_LITE_SHA256_H__
|
||||
#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
|
||||
|
||||
@@ -0,0 +1,373 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
// This is an implementation of the P256 elliptic curve group. It's written to
|
||||
// be portable 32-bit, although it's still constant-time.
|
||||
//
|
||||
// WARNING: Implementing these functions in a constant-time manner is far from
|
||||
// obvious. Be careful when touching this code.
|
||||
//
|
||||
// See http://www.imperialviolet.org/2010/12/04/ecc.html ([1]) for background.
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
const p256_int SECP256r1_n = // curve order
|
||||
{{0xfc632551, 0xf3b9cac2, 0xa7179e84, 0xbce6faad, -1, -1, 0, -1}};
|
||||
|
||||
const p256_int SECP256r1_p = // curve field size
|
||||
{{-1, -1, -1, 0, 0, 0, 1, -1 }};
|
||||
|
||||
const p256_int SECP256r1_b = // curve b
|
||||
{{0x27d2604b, 0x3bce3c3e, 0xcc53b0f6, 0x651d06b0,
|
||||
0x769886bc, 0xb3ebbd55, 0xaa3a93e7, 0x5ac635d8}};
|
||||
|
||||
void p256_init(p256_int* a) {
|
||||
memset(a, 0, sizeof(*a));
|
||||
}
|
||||
|
||||
void p256_clear(p256_int* a) { p256_init(a); }
|
||||
|
||||
int p256_get_bit(const p256_int* scalar, int bit) {
|
||||
return (P256_DIGIT(scalar, bit / P256_BITSPERDIGIT)
|
||||
>> (bit & (P256_BITSPERDIGIT - 1))) & 1;
|
||||
}
|
||||
|
||||
int p256_is_zero(const p256_int* a) {
|
||||
int i, result = 0;
|
||||
for (i = 0; i < P256_NDIGITS; ++i) result |= P256_DIGIT(a, i);
|
||||
return !result;
|
||||
}
|
||||
|
||||
// top, c[] += a[] * b
|
||||
// Returns new top
|
||||
static p256_digit mulAdd(const p256_int* a,
|
||||
p256_digit b,
|
||||
p256_digit top,
|
||||
p256_digit* c) {
|
||||
int i;
|
||||
p256_ddigit carry = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += *c;
|
||||
carry += (p256_ddigit)P256_DIGIT(a, i) * b;
|
||||
*c++ = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return top + (p256_digit)carry;
|
||||
}
|
||||
|
||||
// top, c[] -= top_a, a[]
|
||||
static p256_digit subTop(p256_digit top_a,
|
||||
const p256_digit* a,
|
||||
p256_digit top_c,
|
||||
p256_digit* c) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += *c;
|
||||
borrow -= *a++;
|
||||
*c++ = (p256_digit)borrow;
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
borrow += top_c;
|
||||
borrow -= top_a;
|
||||
top_c = (p256_digit)borrow;
|
||||
assert((borrow >> P256_BITSPERDIGIT) == 0);
|
||||
return top_c;
|
||||
}
|
||||
|
||||
// top, c[] -= MOD[] & mask (0 or -1)
|
||||
// returns new top.
|
||||
static p256_digit subM(const p256_int* MOD,
|
||||
p256_digit top,
|
||||
p256_digit* c,
|
||||
p256_digit mask) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += *c;
|
||||
borrow -= P256_DIGIT(MOD, i) & mask;
|
||||
*c++ = (p256_digit)borrow;
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return top + (p256_digit)borrow;
|
||||
}
|
||||
|
||||
// top, c[] += MOD[] & mask (0 or -1)
|
||||
// returns new top.
|
||||
static p256_digit addM(const p256_int* MOD,
|
||||
p256_digit top,
|
||||
p256_digit* c,
|
||||
p256_digit mask) {
|
||||
int i;
|
||||
p256_ddigit carry = 0;
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += *c;
|
||||
carry += P256_DIGIT(MOD, i) & mask;
|
||||
*c++ = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return top + (p256_digit)carry;
|
||||
}
|
||||
|
||||
// c = a * b mod MOD. c can be a and/or b.
|
||||
void p256_modmul(const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
const p256_digit top_b,
|
||||
const p256_int* b,
|
||||
p256_int* c) {
|
||||
p256_digit tmp[P256_NDIGITS * 2 + 1] = { 0 };
|
||||
p256_digit top = 0;
|
||||
int i;
|
||||
|
||||
// Multiply/add into tmp.
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
if (i) tmp[i + P256_NDIGITS - 1] = top;
|
||||
top = mulAdd(a, P256_DIGIT(b, i), 0, tmp + i);
|
||||
}
|
||||
|
||||
// Multiply/add top digit
|
||||
tmp[i + P256_NDIGITS - 1] = top;
|
||||
top = mulAdd(a, top_b, 0, tmp + i);
|
||||
|
||||
// Reduce tmp, digit by digit.
|
||||
for (; i >= 0; --i) {
|
||||
p256_digit reducer[P256_NDIGITS] = { 0 };
|
||||
p256_digit top_reducer;
|
||||
|
||||
// top can be any value at this point.
|
||||
// Guestimate reducer as top * MOD, since msw of MOD is -1.
|
||||
top_reducer = mulAdd(MOD, top, 0, reducer);
|
||||
|
||||
// Subtract reducer from top | tmp.
|
||||
top = subTop(top_reducer, reducer, top, tmp + i);
|
||||
|
||||
// top is now either 0 or 1. Make it 0, fixed-timing.
|
||||
assert(top <= 1);
|
||||
|
||||
top = subM(MOD, top, tmp + i, ~(top - 1));
|
||||
|
||||
assert(top == 0);
|
||||
|
||||
// We have now reduced the top digit off tmp. Fetch new top digit.
|
||||
top = tmp[i + P256_NDIGITS - 1];
|
||||
}
|
||||
|
||||
// tmp might still be larger than MOD, yet same bit length.
|
||||
// Make sure it is less, fixed-timing.
|
||||
addM(MOD, 0, tmp, subM(MOD, 0, tmp, -1));
|
||||
|
||||
memcpy(c, tmp, P256_NBYTES);
|
||||
}
|
||||
int p256_is_odd(const p256_int* a) { return P256_DIGIT(a, 0) & 1; }
|
||||
int p256_is_even(const p256_int* a) { return !(P256_DIGIT(a, 0) & 1); }
|
||||
|
||||
p256_digit p256_shl(const p256_int* a, int n, p256_int* b) {
|
||||
int i;
|
||||
p256_digit top = P256_DIGIT(a, P256_NDIGITS - 1);
|
||||
|
||||
n %= P256_BITSPERDIGIT;
|
||||
for (i = P256_NDIGITS - 1; i > 0; --i) {
|
||||
p256_digit accu = (P256_DIGIT(a, i) << n);
|
||||
accu |= (P256_DIGIT(a, i - 1) >> (P256_BITSPERDIGIT - n));
|
||||
P256_DIGIT(b, i) = accu;
|
||||
}
|
||||
P256_DIGIT(b, i) = (P256_DIGIT(a, i) << n);
|
||||
|
||||
top = (p256_digit)((((p256_ddigit)top) << n) >> P256_BITSPERDIGIT);
|
||||
|
||||
return top;
|
||||
}
|
||||
|
||||
void p256_shr(const p256_int* a, int n, p256_int* b) {
|
||||
int i;
|
||||
|
||||
n %= P256_BITSPERDIGIT;
|
||||
for (i = 0; i < P256_NDIGITS - 1; ++i) {
|
||||
p256_digit accu = (P256_DIGIT(a, i) >> n);
|
||||
accu |= (P256_DIGIT(a, i + 1) << (P256_BITSPERDIGIT - n));
|
||||
P256_DIGIT(b, i) = accu;
|
||||
}
|
||||
P256_DIGIT(b, i) = (P256_DIGIT(a, i) >> n);
|
||||
}
|
||||
|
||||
static void p256_shr1(const p256_int* a, int highbit, p256_int* b) {
|
||||
int i;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS - 1; ++i) {
|
||||
p256_digit accu = (P256_DIGIT(a, i) >> 1);
|
||||
accu |= (P256_DIGIT(a, i + 1) << (P256_BITSPERDIGIT - 1));
|
||||
P256_DIGIT(b, i) = accu;
|
||||
}
|
||||
P256_DIGIT(b, i) = (P256_DIGIT(a, i) >> 1) |
|
||||
(highbit << (P256_BITSPERDIGIT - 1));
|
||||
}
|
||||
|
||||
// Return -1, 0, 1 for a < b, a == b or a > b respectively.
|
||||
int p256_cmp(const p256_int* a, const p256_int* b) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
p256_digit notzero = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += (p256_sddigit)P256_DIGIT(a, i) - P256_DIGIT(b, i);
|
||||
// Track whether any result digit is ever not zero.
|
||||
// Relies on !!(non-zero) evaluating to 1, e.g., !!(-1) evaluating to 1.
|
||||
notzero |= !!((p256_digit)borrow);
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)borrow | notzero;
|
||||
}
|
||||
|
||||
// c = a - b. Returns borrow: 0 or -1.
|
||||
int p256_sub(const p256_int* a, const p256_int* b, p256_int* c) {
|
||||
int i;
|
||||
p256_sddigit borrow = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
borrow += (p256_sddigit)P256_DIGIT(a, i) - P256_DIGIT(b, i);
|
||||
if (c) P256_DIGIT(c, i) = (p256_digit)borrow;
|
||||
borrow >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)borrow;
|
||||
}
|
||||
|
||||
// c = a + b. Returns carry: 0 or 1.
|
||||
int p256_add(const p256_int* a, const p256_int* b, p256_int* c) {
|
||||
int i;
|
||||
p256_ddigit carry = 0;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += (p256_ddigit)P256_DIGIT(a, i) + P256_DIGIT(b, i);
|
||||
if (c) P256_DIGIT(c, i) = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)carry;
|
||||
}
|
||||
|
||||
// b = a + d. Returns carry, 0 or 1.
|
||||
int p256_add_d(const p256_int* a, p256_digit d, p256_int* b) {
|
||||
int i;
|
||||
p256_ddigit carry = d;
|
||||
|
||||
for (i = 0; i < P256_NDIGITS; ++i) {
|
||||
carry += (p256_ddigit)P256_DIGIT(a, i);
|
||||
if (b) P256_DIGIT(b, i) = (p256_digit)carry;
|
||||
carry >>= P256_BITSPERDIGIT;
|
||||
}
|
||||
return (int)carry;
|
||||
}
|
||||
|
||||
// b = 1/a mod MOD, binary euclid.
|
||||
void p256_modinv_vartime(const p256_int* MOD,
|
||||
const p256_int* a,
|
||||
p256_int* b) {
|
||||
p256_int R = P256_ZERO;
|
||||
p256_int S = P256_ONE;
|
||||
p256_int U = *MOD;
|
||||
p256_int V = *a;
|
||||
|
||||
for (;;) {
|
||||
if (p256_is_even(&U)) {
|
||||
p256_shr1(&U, 0, &U);
|
||||
if (p256_is_even(&R)) {
|
||||
p256_shr1(&R, 0, &R);
|
||||
} else {
|
||||
// R = (R+MOD)/2
|
||||
p256_shr1(&R, p256_add(&R, MOD, &R), &R);
|
||||
}
|
||||
} else if (p256_is_even(&V)) {
|
||||
p256_shr1(&V, 0, &V);
|
||||
if (p256_is_even(&S)) {
|
||||
p256_shr1(&S, 0, &S);
|
||||
} else {
|
||||
// S = (S+MOD)/2
|
||||
p256_shr1(&S, p256_add(&S, MOD, &S) , &S);
|
||||
}
|
||||
} else { // U,V both odd.
|
||||
if (!p256_sub(&V, &U, NULL)) {
|
||||
p256_sub(&V, &U, &V);
|
||||
if (p256_sub(&S, &R, &S)) p256_add(&S, MOD, &S);
|
||||
if (p256_is_zero(&V)) break; // done.
|
||||
} else {
|
||||
p256_sub(&U, &V, &U);
|
||||
if (p256_sub(&R, &S, &R)) p256_add(&R, MOD, &R);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
p256_mod(MOD, &R, b);
|
||||
}
|
||||
|
||||
void p256_mod(const p256_int* MOD,
|
||||
const p256_int* in,
|
||||
p256_int* out) {
|
||||
if (out != in) *out = *in;
|
||||
addM(MOD, 0, P256_DIGITS(out), subM(MOD, 0, P256_DIGITS(out), -1));
|
||||
}
|
||||
|
||||
// Verify y^2 == x^3 - 3x + b mod p
|
||||
// and 0 < x < p and 0 < y < p
|
||||
int p256_is_valid_point(const p256_int* x, const p256_int* y) {
|
||||
p256_int y2, x3;
|
||||
|
||||
if (p256_cmp(&SECP256r1_p, x) <= 0 ||
|
||||
p256_cmp(&SECP256r1_p, y) <= 0 ||
|
||||
p256_is_zero(x) ||
|
||||
p256_is_zero(y)) return 0;
|
||||
|
||||
p256_modmul(&SECP256r1_p, y, 0, y, &y2); // y^2
|
||||
|
||||
p256_modmul(&SECP256r1_p, x, 0, x, &x3); // x^2
|
||||
p256_modmul(&SECP256r1_p, x, 0, &x3, &x3); // x^3
|
||||
if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3); // x^3 - x
|
||||
if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3); // x^3 - 2x
|
||||
if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3); // x^3 - 3x
|
||||
if (p256_add(&x3, &SECP256r1_b, &x3)) // x^3 - 3x + b
|
||||
p256_sub(&x3, &SECP256r1_p, &x3);
|
||||
|
||||
return p256_cmp(&y2, &x3) == 0;
|
||||
}
|
||||
|
||||
void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst) {
|
||||
int i;
|
||||
const uint8_t* p = &src[0];
|
||||
|
||||
for (i = P256_NDIGITS - 1; i >= 0; --i) {
|
||||
P256_DIGIT(dst, i) =
|
||||
(p[0] << 24) |
|
||||
(p[1] << 16) |
|
||||
(p[2] << 8) |
|
||||
p[3];
|
||||
p += 4;
|
||||
}
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,56 @@
|
||||
/*
|
||||
* Copyright 2013 The Android Open Source Project
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of Google Inc. nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "mincrypt/p256_ecdsa.h"
|
||||
#include "mincrypt/p256.h"
|
||||
|
||||
int p256_ecdsa_verify(const p256_int* key_x, const p256_int* key_y,
|
||||
const p256_int* message,
|
||||
const p256_int* r, const p256_int* s) {
|
||||
p256_int u, v;
|
||||
|
||||
// Check public key.
|
||||
if (!p256_is_valid_point(key_x, key_y)) return 0;
|
||||
|
||||
// Check r and s are != 0 % n.
|
||||
p256_mod(&SECP256r1_n, r, &u);
|
||||
p256_mod(&SECP256r1_n, s, &v);
|
||||
if (p256_is_zero(&u) || p256_is_zero(&v)) return 0;
|
||||
|
||||
p256_modinv_vartime(&SECP256r1_n, s, &v);
|
||||
p256_modmul(&SECP256r1_n, message, 0, &v, &u); // message / s % n
|
||||
p256_modmul(&SECP256r1_n, r, 0, &v, &v); // r / s % n
|
||||
|
||||
p256_points_mul_vartime(&u, &v,
|
||||
key_x, key_y,
|
||||
&u, &v);
|
||||
|
||||
p256_mod(&SECP256r1_n, &u, &u); // (x coord % p) % n
|
||||
return p256_cmp(r, &u) == 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user