Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-03-02 | Refactor to add P384 support. Untested. | Rob Austein | |
2017-01-26 | First attempt at using Pavel's ecdsa256 core. Not working yet. | Rob Austein | |
Attempts to use Pavel's ecdsa256 base point multiplier instead of software point multiplier when selecting new random points (that is, when generating P-256 keys or P-256 signatures). Resulting points pass the point validation test (point_is_on_curve()) but the resulting signatures are invalid. Don't know why yet. Seems like an odd combination, as one would expect random garbage to fail validation. In any case: this commit is intended to archive progress so far, and perhaps see if somebody else can spot what's wrong. As presently coded, this wouldn't be suitable for production use even if it worked. NB: As I understand it, the ecdsa256 core is *not* a general purpose point multiplier even just for the P-256 curve. Rather, it is strictly a base point multiplier: it takes a single scalar as input, and returns the X,Y affine coordinates of the curve's base point multiplied by that scalar. This is essentially the eliptic curve portion of the computation involved in picking a random point for key or signature generation, but is not useful for signature validation. See the README.md in Pavel's source repository for further details. | |||
2016-09-20 | Clean up the defines around rpc client, software hash cores, etc. | Paul Selkirk | |
2016-03-29 | Client-side rsa and ecdsa need to call remote get_random. | Paul Selkirk | |
2016-03-12 | Merge branch 'master' into rpc | Rob Austein | |
2016-03-12 | Disable ECDSA static-test-vectors hack, fix call to hal_get_random() | Rob Austein | |
which was using the old (pre-hal_core_t) calling sequence. | |||
2015-12-22 | Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format). | Rob Austein | |
2015-12-21 | Fix names of private key DER functions. | Rob Austein | |
2015-12-20 | Consolidating curve names broke the ASN.1 code. | Rob Austein | |
2015-12-20 | Drop support for the ASN.1-based ECDSA signature format in favor of | Rob Austein | |
the simpler format which PKCS #11 uses, since we have to support the latter in any case and it's not worth the complexity of supporting both. | |||
2015-12-20 | RPC server stuff mostly written. Compiles, not yet tested. RPC | Rob Austein | |
public key extraction functions on hold pending ASN.1 cleanup. | |||
2015-12-13 | whack copyrights | Paul Selkirk | |
2015-11-13 | Merge branch 'config_core_selector' | Paul Selkirk | |
2015-10-29 | Remove unused includes. | Paul Selkirk | |
2015-10-04 | Whack libhal API to use current configure_core_selector mechanism. | Rob Austein | |
Compiles, not yet tested. | |||
2015-10-03 | Use initializers for automatic variables of type fp_int because it's a | Rob Austein | |
bit more obvious when we've forgotten to do this than when we've forgotten to call fp_init() or memset(). Convert rsa.c to use the one-element-array idiom so we can get stop prefixing every bignum reference with "&". | |||
2015-10-02 | Impressive how much trouble one can get into with one uninitialized bignum. | Rob Austein | |
2015-10-02 | Testing shows that signature and verification are both faster with | Rob Austein | |
mixed Jacobian-affine addition, so go with that. Minor additional clean-up and comments. | |||
2015-10-02 | Revise point addition and point scalar multiplication routines to use | Rob Austein | |
mixed Jacobian-affine coordinates, per a suggestion from Pavel. Old code still present under compile time conditional for easy comparison, but will probably go away soon along with a bit of minor cleanup. | |||
2015-09-14 | Fencepost error in hal_ecdas_key_from_ecpoint(). | Rob Austein | |
2015-09-11 | Avoid gratuitous assertion failure if caller gives us a larger buffer | Rob Austein | |
than necessary when writing private key to DER. | |||
2015-09-06 | Add ECPoint I/O functions. ASN.1 cleanup. | Rob Austein | |
2015-09-02 | Add PKCS11 ECDSA signature format. | Rob Austein | |
2015-09-02 | Clean up excessively complicated handling of opaque types in hash and | Rob Austein | |
RSA code; use simpler model (pointer to incomplete structure) used in ECDSA code. Refactor RSA code to use shared ASN.1 routines. | |||
2015-08-27 | Add point validation check to hal_ecdsa_verify(). Update README.md | Rob Austein | |
and code comments. | |||
2015-08-26 | Signature works better if we read the entire hash. | Rob Austein | |
2015-08-25 | More ASN.1 fixes. | Rob Austein | |
2015-08-25 | Rework RFC 5915 ASN.1. | Rob Austein | |
2015-08-25 | ASN.1 bugfixes. | Rob Austein | |
2015-08-24 | First stumblings towards ECDSA test code. | Rob Austein | |
2015-08-22 | Rework point_scalar_multiply() to avoid a timing leak with small scalars. | Rob Austein | |
2015-08-22 | Add hal_ecdsa_verify(). Move hashing out of ECDSA routines. Clean up | Rob Austein | |
a few bits that didn't pass self-review. | |||
2015-08-21 | Updated point doubling and addition to use algorithms from the | Rob Austein | |
hyperelliptic.org formula database. Compiles, still not tested. | |||
2015-08-21 | Snapshot along the way to ECDSA. Code mostly written, except for | Rob Austein | |
ecdsa_verify(). Untested. Point addition and doubling algorithms are the ones from libtomcrypt, main point of this commit is to save those before replacing them with faster algorithms from hyperelliptic.org. |