Merge pull request #342

7914a6e Make lax_der_privatekey_parsing.h not depend on internal code (Pieter Wuille)
This commit is contained in:
Pieter Wuille 2015-10-26 19:47:33 +01:00
commit d7eb1ae96d
No known key found for this signature in database
GPG Key ID: DBA1A67379A1A931
2 changed files with 23 additions and 53 deletions

View File

@ -73,12 +73,11 @@ static SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_import_der(
size_t privkeylen size_t privkeylen
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
static int secp256k1_eckey_privkey_parse(secp256k1_scalar *key, const unsigned char *privkey, size_t privkeylen) { static int secp256k1_ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
unsigned char c[32] = {0};
const unsigned char *end = privkey + privkeylen; const unsigned char *end = privkey + privkeylen;
int lenb = 0; int lenb = 0;
int len = 0; int len = 0;
int overflow = 0; memset(out32, 0, 32);
/* sequence header */ /* sequence header */
if (end < privkey+1 || *privkey != 0x30) { if (end < privkey+1 || *privkey != 0x30) {
return 0; return 0;
@ -110,18 +109,21 @@ static int secp256k1_eckey_privkey_parse(secp256k1_scalar *key, const unsigned c
if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) { if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) {
return 0; return 0;
} }
memcpy(c + 32 - privkey[1], privkey + 2, privkey[1]); memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]);
secp256k1_scalar_set_b32(key, c, &overflow); if (!secp256k1_ec_seckey_verify(ctx, out32)) {
memset(c, 0, 32); memset(out32, 0, 32);
return !overflow; return 0;
}
return 1;
} }
static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context *ctx, unsigned char *privkey, size_t *privkeylen, const secp256k1_scalar *key, int compressed) { static int secp256k1_ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
secp256k1_gej rp; secp256k1_pubkey pubkey;
secp256k1_ge r;
size_t pubkeylen = 0; size_t pubkeylen = 0;
secp256k1_ecmult_gen(ctx, &rp, key); if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
secp256k1_ge_set_gej(&r, &rp); *privkeylen = 0;
return 0;
}
if (compressed) { if (compressed) {
static const unsigned char begin[] = { static const unsigned char begin[] = {
0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20
@ -139,11 +141,9 @@ static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context
}; };
unsigned char *ptr = privkey; unsigned char *ptr = privkey;
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
secp256k1_scalar_get_b32(ptr, key); ptr += 32; memcpy(ptr, key32, 32); ptr += 32;
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
if (!secp256k1_eckey_pubkey_serialize(&r, ptr, &pubkeylen, 1)) { secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
return 0;
}
ptr += pubkeylen; ptr += pubkeylen;
*privkeylen = ptr - privkey; *privkeylen = ptr - privkey;
} else { } else {
@ -165,45 +165,13 @@ static int secp256k1_eckey_privkey_serialize(const secp256k1_ecmult_gen_context
}; };
unsigned char *ptr = privkey; unsigned char *ptr = privkey;
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin); memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
secp256k1_scalar_get_b32(ptr, key); ptr += 32; memcpy(ptr, key32, 32); ptr += 32;
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
if (!secp256k1_eckey_pubkey_serialize(&r, ptr, &pubkeylen, 0)) { secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
return 0;
}
ptr += pubkeylen; ptr += pubkeylen;
*privkeylen = ptr - privkey; *privkeylen = ptr - privkey;
} }
return 1; return 1;
} }
static int secp256k1_ec_privkey_export_der(const secp256k1_context* ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *seckey, int compressed) {
secp256k1_scalar key;
int ret = 0;
VERIFY_CHECK(ctx != NULL);
ARG_CHECK(seckey != NULL);
ARG_CHECK(privkey != NULL);
ARG_CHECK(privkeylen != NULL);
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
secp256k1_scalar_set_b32(&key, seckey, NULL);
ret = secp256k1_eckey_privkey_serialize(&ctx->ecmult_gen_ctx, privkey, privkeylen, &key, compressed);
secp256k1_scalar_clear(&key);
return ret;
}
static int secp256k1_ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *privkey, size_t privkeylen) {
secp256k1_scalar key;
int ret = 0;
ARG_CHECK(seckey != NULL);
ARG_CHECK(privkey != NULL);
(void)ctx;
ret = secp256k1_eckey_privkey_parse(&key, privkey, privkeylen);
if (ret) {
secp256k1_scalar_get_b32(seckey, &key);
}
secp256k1_scalar_clear(&key);
return ret;
}
#endif #endif

View File

@ -3410,13 +3410,13 @@ void run_ecdsa_edge_cases(void) {
} }
#ifdef ENABLE_OPENSSL_TESTS #ifdef ENABLE_OPENSSL_TESTS
EC_KEY *get_openssl_key(const secp256k1_scalar *key) { EC_KEY *get_openssl_key(const unsigned char *key32) {
unsigned char privkey[300]; unsigned char privkey[300];
size_t privkeylen; size_t privkeylen;
const unsigned char* pbegin = privkey; const unsigned char* pbegin = privkey;
int compr = secp256k1_rand_bits(1); int compr = secp256k1_rand_bits(1);
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1);
CHECK(secp256k1_eckey_privkey_serialize(&ctx->ecmult_gen_ctx, privkey, &privkeylen, key, compr)); CHECK(secp256k1_ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr));
CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen));
CHECK(EC_KEY_check_key(ec_key)); CHECK(EC_KEY_check_key(ec_key));
return ec_key; return ec_key;
@ -3434,12 +3434,14 @@ void test_ecdsa_openssl(void) {
size_t secp_sigsize = 80; size_t secp_sigsize = 80;
unsigned char message[32]; unsigned char message[32];
unsigned char signature[80]; unsigned char signature[80];
unsigned char key32[32];
secp256k1_rand256_test(message); secp256k1_rand256_test(message);
secp256k1_scalar_set_b32(&msg, message, NULL); secp256k1_scalar_set_b32(&msg, message, NULL);
random_scalar_order_test(&key); random_scalar_order_test(&key);
secp256k1_scalar_get_b32(key32, &key);
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key);
secp256k1_ge_set_gej(&q, &qj); secp256k1_ge_set_gej(&q, &qj);
ec_key = get_openssl_key(&key); ec_key = get_openssl_key(key32);
CHECK(ec_key != NULL); CHECK(ec_key != NULL);
CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key));
CHECK(secp256k1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize)); CHECK(secp256k1_ecdsa_sig_parse(&sigr, &sigs, signature, sigsize));