Age | Commit message (Collapse) | Author |
|
The stock assert() implementation turns out to be problematic in the
stm32 environment, due to the lack of an output device, which makes
"assert(foo)" equivalent to "if (!foo) abort()", leading to silent
hangs.
We probably ought to reimplement assert() to do something more useful,
but, for now, avoid using it for "impossible" conditions which we do
seem to be triggering anyway, like the occasional point-not-on-curve
errors we get for points we ourselves have picked when testing
multiple ECDSA clients in parallel. This should never happen, and we
need to figure out what's causing it, but hanging the HSM when it
happens does not help very much.
assert() is somewhat problematic in an embedded environment in any
case, since anything that can go wrong really should have some kind of
recovery action, but in some of the low-probability cases it's far
from obvious what sane recovery action we could possibly take.
|
|
libhal and PKCS #11 have slightly different models of private keys: in
libhal, a "private key" object is really a keypair, while in PKCS #11
a private key really is a naked private key. This was a deliberate
design decision in libhal, both for simplicity and to better support
user interfaces other than PKCS #11, so we'd rather not change it.
This difference doesn't matter very much for RSA keys in PKCS #11,
where the private key components are a superset of the public key
components anyway, but the PKCS #11 template for ECDSA private keys
doesn't allow setting public key components with C_CreateObject().
Fortunately, computing the public components of an ECDSA key pair from
the private key is straightforward, so we just do that when needed.
|
|
|
|
|
|
|
|
which was using the old (pre-hal_core_t) calling sequence.
|
|
|
|
|
|
|
|
the simpler format which PKCS #11 uses, since we have to support the
latter in any case and it's not worth the complexity of supporting both.
|
|
public key extraction functions on hold pending ASN.1 cleanup.
|
|
|
|
|
|
|
|
Compiles, not yet tested.
|
|
bit more obvious when we've forgotten to do this than when we've
forgotten to call fp_init() or memset(). Convert rsa.c to use the
one-element-array idiom so we can get stop prefixing every bignum
reference with "&".
|
|
|
|
mixed Jacobian-affine addition, so go with that. Minor additional
clean-up and comments.
|
|
mixed Jacobian-affine coordinates, per a suggestion from Pavel. Old
code still present under compile time conditional for easy comparison,
but will probably go away soon along with a bit of minor cleanup.
|
|
|
|
than necessary when writing private key to DER.
|
|
|
|
|
|
RSA code; use simpler model (pointer to incomplete structure) used in
ECDSA code. Refactor RSA code to use shared ASN.1 routines.
|
|
and code comments.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
a few bits that didn't pass self-review.
|
|
hyperelliptic.org formula database. Compiles, still not tested.
|
|
ecdsa_verify(). Untested. Point addition and doubling algorithms are
the ones from libtomcrypt, main point of this commit is to save those
before replacing them with faster algorithms from hyperelliptic.org.
|