TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 461d416892d77efe44b8bb073d80043c2c531064 / . / library / ecdsa.c
blob: 3ab6921108a378e7484899cc8a8bea126b2ff882 [file] [log] [blame]
Manuel Pégourié-Gonnard2aea1412013-01-26 16:33:44 +0100[diff] [blame]1/*
2 * Elliptic curve DSA
3 *
4 * Copyright (C) 2006-2013, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26/*
27 * References:
28 *
29 * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
30 */
31
32#include "polarssl/config.h"
33
34#if defined(POLARSSL_ECDSA_C)
35
36#include "polarssl/ecdsa.h"
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]37#include "polarssl/asn1write.h"
Manuel Pégourié-Gonnard2aea1412013-01-26 16:33:44 +0100[diff] [blame]38
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100[diff] [blame^]39#if defined(POLARSSL_ECDSA_DETERMINISTIC)
40#include "polarssl/md.h"
41#endif
42
43/*
44 * If using deterministic ECDSA (RFC 6979), we need HMAC_DRBG.
45 * Actually a simplified version is enough, so we implement it below.
46 */
47#if defined(POLARSSL_ECDSA_DETERMINISTIC)
48/*
49 * Simplified HMAC_DRBG context.
50 * No reseed counter, no prediction resistance flag.
51 */
52typedef struct
53{
54 md_context_t md_ctx;
55 unsigned char V[POLARSSL_MD_MAX_SIZE];
56 unsigned char K[POLARSSL_MD_MAX_SIZE];
57} hmac_drbg_context;
58
59/*
60 * Simplified HMAC_DRBG initialisation.
61 *
62 * Uses an entropy buffer rather than callback,
63 * assumes personalisation is not null,
64 * assumes md_info is not NULL and valid.
65 */
66static int hmac_drbg_init( hmac_drbg_context *ctx,
67 const md_info_t * md_info,
68 const unsigned char *entropy, size_t entropy_len,
69 const unsigned char *pers, size_t pers_len )
70{
71 unsigned char sep[1];
72 size_t md_len = md_info->size;
73
74 memset( ctx, 0, sizeof( hmac_drbg_context ) );
75 md_init_ctx( &ctx->md_ctx, md_info );
76
77 memset( ctx->V, 0x01, md_len );
78 /* ctx->K is already 0 */
79
80 sep[0] = 0x00;
81 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
82 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
83 md_hmac_update( &ctx->md_ctx, sep, 1 );
84 md_hmac_update( &ctx->md_ctx, entropy, entropy_len );
85 md_hmac_update( &ctx->md_ctx, pers, pers_len );
86 md_hmac_finish( &ctx->md_ctx, ctx->K );
87
88 /* Step e */
89 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
90 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
91 md_hmac_finish( &ctx->md_ctx, ctx->V );
92
93 /* Step f */
94 sep[0] = 0x01;
95 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
96 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
97 md_hmac_update( &ctx->md_ctx, sep, 1 );
98 md_hmac_update( &ctx->md_ctx, entropy, entropy_len );
99 md_hmac_update( &ctx->md_ctx, pers, pers_len );
100 md_hmac_finish( &ctx->md_ctx, ctx->K );
101
102 /* Step g */
103 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
104 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
105 md_hmac_finish( &ctx->md_ctx, ctx->V );
106
107 return( 0 );
108}
109
110/*
111 * Simplified HMAC_DRBG random function
112 */
113static int hmac_drbg_random( void *state,
114 unsigned char *output, size_t out_len )
115{
116 hmac_drbg_context *ctx = (hmac_drbg_context *) state;
117 unsigned char sep[1] = { 0 };
118 size_t md_len = ctx->md_ctx.md_info->size;
119 size_t left = out_len;
120 unsigned char *out = output;
121
122 while( left != 0 )
123 {
124 size_t use_len = left > md_len ? md_len : left;
125
126 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
127 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
128 md_hmac_finish( &ctx->md_ctx, ctx->V );
129
130 memcpy( out, ctx->V, use_len );
131 out += use_len;
132 left -= use_len;
133 }
134
135 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
136 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
137 md_hmac_update( &ctx->md_ctx, sep, 1 );
138 md_hmac_finish( &ctx->md_ctx, ctx->K );
139
140 md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
141 md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
142 md_hmac_finish( &ctx->md_ctx, ctx->V );
143
144 return( 0 );
145}
146
147static void hmac_drbg_free( hmac_drbg_context *ctx )
148{
149 if( ctx == NULL )
150 return;
151
152 md_free_ctx( &ctx->md_ctx );
153
154 memset( ctx, 0, sizeof( hmac_drbg_context ) );
155}
156#endif
157
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]158/*
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]159 * Derive a suitable integer for group grp from a buffer of length len
160 * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
161 */
162static int derive_mpi( const ecp_group *grp, mpi *x,
163 const unsigned char *buf, size_t blen )
164{
Manuel Pégourié-Gonnarde7072f82014-01-03 12:55:15 +0100[diff] [blame]165 int ret;
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]166 size_t n_size = (grp->nbits + 7) / 8;
Manuel Pégourié-Gonnarde7072f82014-01-03 12:55:15 +0100[diff] [blame]167 size_t use_size = blen > n_size ? n_size : blen;
168
169 MPI_CHK( mpi_read_binary( x, buf, use_size ) );
170 if( use_size * 8 > grp->nbits )
171 MPI_CHK( mpi_shift_r( x, use_size * 8 - grp->nbits ) );
172
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100[diff] [blame^]173 /* While at it, reduce modulo N */
174 if( mpi_cmp_mpi( x, &grp->N ) >= 0 )
175 MPI_CHK( mpi_sub_mpi( x, x, &grp->N ) );
176
Manuel Pégourié-Gonnarde7072f82014-01-03 12:55:15 +0100[diff] [blame]177cleanup:
178 return( ret );
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]179}
180
181/*
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]182 * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
183 * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
184 */
Manuel Pégourié-Gonnard161ef962013-09-17 19:13:10 +0200[diff] [blame]185int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]186 const mpi *d, const unsigned char *buf, size_t blen,
187 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
188{
189 int ret, key_tries, sign_tries;
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]190 ecp_point R;
191 mpi k, e;
192
Manuel Pégourié-Gonnard97871ef2013-12-04 20:52:04 +0100[diff] [blame]193 /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
194 if( grp->N.p == NULL )
195 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
196
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]197 ecp_point_init( &R );
198 mpi_init( &k );
199 mpi_init( &e );
200
201 sign_tries = 0;
202 do
203 {
204 /*
205 * Steps 1-3: generate a suitable ephemeral keypair
Manuel Pégourié-Gonnard178d9ba2013-10-29 10:45:28 +0100[diff] [blame]206 * and set r = xR mod n
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]207 */
208 key_tries = 0;
209 do
210 {
211 MPI_CHK( ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
Manuel Pégourié-Gonnard178d9ba2013-10-29 10:45:28 +0100[diff] [blame]212 MPI_CHK( mpi_mod_mpi( r, &R.X, &grp->N ) );
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]213
214 if( key_tries++ > 10 )
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]215 {
Manuel Pégourié-Gonnard456d3b92013-09-16 18:04:38 +0200[diff] [blame]216 ret = POLARSSL_ERR_ECP_RANDOM_FAILED;
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]217 goto cleanup;
218 }
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]219 }
220 while( mpi_cmp_int( r, 0 ) == 0 );
221
222 /*
223 * Step 5: derive MPI from hashed message
224 */
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]225 MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]226
227 /*
228 * Step 6: compute s = (e + r * d) / k mod n
229 */
230 MPI_CHK( mpi_mul_mpi( s, r, d ) );
231 MPI_CHK( mpi_add_mpi( &e, &e, s ) );
232 MPI_CHK( mpi_inv_mod( s, &k, &grp->N ) );
233 MPI_CHK( mpi_mul_mpi( s, s, &e ) );
234 MPI_CHK( mpi_mod_mpi( s, s, &grp->N ) );
235
236 if( sign_tries++ > 10 )
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]237 {
Manuel Pégourié-Gonnard456d3b92013-09-16 18:04:38 +0200[diff] [blame]238 ret = POLARSSL_ERR_ECP_RANDOM_FAILED;
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]239 goto cleanup;
240 }
Manuel Pégourié-Gonnardb309ab22013-01-26 17:24:59 +0100[diff] [blame]241 }
242 while( mpi_cmp_int( s, 0 ) == 0 );
243
244cleanup:
245 ecp_point_free( &R );
246 mpi_free( &k );
247 mpi_free( &e );
248
249 return( ret );
250}
Manuel Pégourié-Gonnard2aea1412013-01-26 16:33:44 +0100[diff] [blame]251
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]252/*
253 * Verify ECDSA signature of hashed message (SEC1 4.1.4)
254 * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
255 */
Manuel Pégourié-Gonnard161ef962013-09-17 19:13:10 +0200[diff] [blame]256int ecdsa_verify( ecp_group *grp,
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]257 const unsigned char *buf, size_t blen,
258 const ecp_point *Q, const mpi *r, const mpi *s)
259{
260 int ret;
261 mpi e, s_inv, u1, u2;
262 ecp_point R, P;
263
264 ecp_point_init( &R ); ecp_point_init( &P );
265 mpi_init( &e ); mpi_init( &s_inv ); mpi_init( &u1 ); mpi_init( &u2 );
266
Manuel Pégourié-Gonnard97871ef2013-12-04 20:52:04 +0100[diff] [blame]267 /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
268 if( grp->N.p == NULL )
269 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
270
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]271 /*
272 * Step 1: make sure r and s are in range 1..n-1
273 */
274 if( mpi_cmp_int( r, 1 ) < 0 || mpi_cmp_mpi( r, &grp->N ) >= 0 ||
275 mpi_cmp_int( s, 1 ) < 0 || mpi_cmp_mpi( s, &grp->N ) >= 0 )
276 {
Manuel Pégourié-Gonnarddb771752013-08-27 15:11:23 +0200[diff] [blame]277 ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]278 goto cleanup;
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]279 }
280
281 /*
282 * Additional precaution: make sure Q is valid
283 */
284 MPI_CHK( ecp_check_pubkey( grp, Q ) );
285
286 /*
287 * Step 3: derive MPI from hashed message
288 */
289 MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
290
291 /*
292 * Step 4: u1 = e / s mod n, u2 = r / s mod n
293 */
294 MPI_CHK( mpi_inv_mod( &s_inv, s, &grp->N ) );
295
296 MPI_CHK( mpi_mul_mpi( &u1, &e, &s_inv ) );
297 MPI_CHK( mpi_mod_mpi( &u1, &u1, &grp->N ) );
298
299 MPI_CHK( mpi_mul_mpi( &u2, r, &s_inv ) );
300 MPI_CHK( mpi_mod_mpi( &u2, &u2, &grp->N ) );
301
302 /*
303 * Step 5: R = u1 G + u2 Q
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]304 *
305 * Since we're not using any secret data, no need to pass a RNG to
306 * ecp_mul() for countermesures.
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]307 */
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]308 MPI_CHK( ecp_mul( grp, &R, &u1, &grp->G, NULL, NULL ) );
309 MPI_CHK( ecp_mul( grp, &P, &u2, Q, NULL, NULL ) );
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]310 MPI_CHK( ecp_add( grp, &R, &R, &P ) );
311
312 if( ecp_is_zero( &R ) )
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]313 {
Manuel Pégourié-Gonnarddb771752013-08-27 15:11:23 +0200[diff] [blame]314 ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]315 goto cleanup;
316 }
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]317
318 /*
Manuel Pégourié-Gonnard178d9ba2013-10-29 10:45:28 +0100[diff] [blame]319 * Step 6: convert xR to an integer (no-op)
320 * Step 7: reduce xR mod n (gives v)
321 */
322 MPI_CHK( mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
323
324 /*
325 * Step 8: check if v (that is, R.X) is equal to r
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]326 */
327 if( mpi_cmp_mpi( &R.X, r ) != 0 )
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]328 {
Manuel Pégourié-Gonnarddb771752013-08-27 15:11:23 +0200[diff] [blame]329 ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
Paul Bakkercca998a2013-07-26 14:20:53 +0200[diff] [blame]330 goto cleanup;
331 }
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]332
333cleanup:
334 ecp_point_free( &R ); ecp_point_free( &P );
335 mpi_free( &e ); mpi_free( &s_inv ); mpi_free( &u1 ); mpi_free( &u2 );
336
337 return( ret );
338}
339
Manuel Pégourié-Gonnard7c8934e2013-06-27 12:54:02 +0200[diff] [blame]340/*
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]341 * RFC 4492 page 20:
342 *
343 * Ecdsa-Sig-Value ::= SEQUENCE {
344 * r INTEGER,
345 * s INTEGER
346 * }
347 *
348 * Size is at most
349 * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
350 * twice that + 1 (tag) + 2 (len) for the sequence
351 * (assuming ECP_MAX_BYTES is less than 126 for r and s,
352 * and less than 124 (total len <= 255) for the sequence)
353 */
354#if POLARSSL_ECP_MAX_BYTES > 124
355#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
356#endif
357#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
358
359/*
360 * Compute and write signature
361 */
362int ecdsa_write_signature( ecdsa_context *ctx,
363 const unsigned char *hash, size_t hlen,
364 unsigned char *sig, size_t *slen,
365 int (*f_rng)(void *, unsigned char *, size_t),
366 void *p_rng )
367{
368 int ret;
Manuel Pégourié-Gonnard4cf06862013-09-16 12:07:45 +0200[diff] [blame]369 unsigned char buf[MAX_SIG_LEN];
370 unsigned char *p = buf + sizeof( buf );
Manuel Pégourié-Gonnardb694b482013-08-08 13:30:57 +0200[diff] [blame]371 size_t len = 0;
372
373 if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
374 hash, hlen, f_rng, p_rng ) ) != 0 )
375 {
376 return( ret );
377 }
378
379 ASN1_CHK_ADD( len, asn1_write_mpi( &p, buf, &ctx->s ) );
380 ASN1_CHK_ADD( len, asn1_write_mpi( &p, buf, &ctx->r ) );
381
382 ASN1_CHK_ADD( len, asn1_write_len( &p, buf, len ) );
383 ASN1_CHK_ADD( len, asn1_write_tag( &p, buf,
384 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
385
386 memcpy( sig, p, len );
387 *slen = len;
388
389 return( 0 );
390}
391
392/*
393 * Read and check signature
394 */
395int ecdsa_read_signature( ecdsa_context *ctx,
396 const unsigned char *hash, size_t hlen,
397 const unsigned char *sig, size_t slen )
398{
399 int ret;
400 unsigned char *p = (unsigned char *) sig;
401 const unsigned char *end = sig + slen;
402 size_t len;
403
404 if( ( ret = asn1_get_tag( &p, end, &len,
405 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
406 {
407 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret );
408 }
409
410 if( p + len != end )
411 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA +
412 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
413
414 if( ( ret = asn1_get_mpi( &p, end, &ctx->r ) ) != 0 ||
415 ( ret = asn1_get_mpi( &p, end, &ctx->s ) ) != 0 )
416 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret );
417
418 if( p != end )
419 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA +
420 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
421
422 return( ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &ctx->r, &ctx->s ) );
423}
424
425/*
Manuel Pégourié-Gonnard8eebd012013-08-09 16:21:34 +0200[diff] [blame]426 * Generate key pair
427 */
428int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid,
429 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
430{
431 return( ecp_use_known_dp( &ctx->grp, gid ) ||
432 ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
433}
434
Manuel Pégourié-Gonnardf4999932013-08-12 17:02:59 +0200[diff] [blame]435/*
436 * Set context from an ecp_keypair
437 */
438int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key )
439{
Manuel Pégourié-Gonnard1001e322013-10-27 14:53:48 +0100[diff] [blame]440 int ret;
Manuel Pégourié-Gonnardf4999932013-08-12 17:02:59 +0200[diff] [blame]441
Manuel Pégourié-Gonnard1001e322013-10-27 14:53:48 +0100[diff] [blame]442 if( ( ret = ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
443 ( ret = mpi_copy( &ctx->d, &key->d ) ) != 0 ||
444 ( ret = ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
445 {
Manuel Pégourié-Gonnardf4999932013-08-12 17:02:59 +0200[diff] [blame]446 ecdsa_free( ctx );
Manuel Pégourié-Gonnard1001e322013-10-27 14:53:48 +0100[diff] [blame]447 }
Manuel Pégourié-Gonnardf4999932013-08-12 17:02:59 +0200[diff] [blame]448
449 return( ret );
450}
Manuel Pégourié-Gonnard8eebd012013-08-09 16:21:34 +0200[diff] [blame]451
452/*
Manuel Pégourié-Gonnard7c8934e2013-06-27 12:54:02 +0200[diff] [blame]453 * Initialize context
454 */
455void ecdsa_init( ecdsa_context *ctx )
456{
457 ecp_group_init( &ctx->grp );
458 mpi_init( &ctx->d );
459 ecp_point_init( &ctx->Q );
460 mpi_init( &ctx->r );
461 mpi_init( &ctx->s );
Manuel Pégourié-Gonnard7c8934e2013-06-27 12:54:02 +0200[diff] [blame]462}
463
464/*
465 * Free context
466 */
467void ecdsa_free( ecdsa_context *ctx )
468{
469 ecp_group_free( &ctx->grp );
470 mpi_free( &ctx->d );
471 ecp_point_free( &ctx->Q );
472 mpi_free( &ctx->r );
473 mpi_free( &ctx->s );
Manuel Pégourié-Gonnard7c8934e2013-06-27 12:54:02 +0200[diff] [blame]474}
Manuel Pégourié-Gonnard3aeb5a72013-01-26 18:05:50 +0100[diff] [blame]475
Manuel Pégourié-Gonnard2aea1412013-01-26 16:33:44 +0100[diff] [blame]476#if defined(POLARSSL_SELF_TEST)
477
478/*
479 * Checkup routine
480 */
481int ecdsa_self_test( int verbose )
482{
483 return( verbose++ );
484}
485
486#endif
487
488#endif /* defined(POLARSSL_ECDSA_C) */