WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5976 from SparkiDev/eccsi_hash_check 

ECCSI: hash function must have output size as curve size
pull/5993/head
David Garske 2023-01-19 17:50:44 -08:00 committed by GitHub
parent f0c9f5f9f0 11ea6a10e8
commit e72ec4e876
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
wolfcrypt/src/eccsi.c
View File

@ -1618,6 +1618,7 @@ int wc_ValidateEccsiPvt(EccsiKey* key, const ecc_point* pvt, int* valid)
* @param [out] hashSz Length of hash data in bytes. * @param [out] hashSz Length of hash data in bytes.
* @return 0 on success. * @return 0 on success.
* @return BAD_FUNC_ARG when key, id, pvt, hash or hashSz is NULL. * @return BAD_FUNC_ARG when key, id, pvt, hash or hashSz is NULL.
* @return BAD_FUNC_ARG when hash size doesn't match curve size.
* @return BAD_STATE_E when public key not set. * @return BAD_STATE_E when public key not set.
* @return MEMORY_E when dynamic memory allocation fails. * @return MEMORY_E when dynamic memory allocation fails.
* @return Other -ve value when an internal operation fails. * @return Other -ve value when an internal operation fails.
@ -1626,6 +1627,8 @@ int wc_HashEccsiId(EccsiKey* key, enum wc_HashType hashType, const byte* id,
word32 idSz, ecc_point* pvt, byte* hash, byte* hashSz) word32 idSz, ecc_point* pvt, byte* hash, byte* hashSz)
{ {
int err = 0; int err = 0;
int dgstSz = -1;
int curveSz = -1;
if ((key == NULL) || (id == NULL) || (pvt == NULL) || (hash == NULL) || if ((key == NULL) || (id == NULL) || (pvt == NULL) || (hash == NULL) ||
(hashSz == NULL)) { (hashSz == NULL)) {
@ -1635,6 +1638,22 @@ int wc_HashEccsiId(EccsiKey* key, enum wc_HashType hashType, const byte* id,
(key->ecc.type != ECC_PUBLICKEY)) { (key->ecc.type != ECC_PUBLICKEY)) {
err = BAD_STATE_E; err = BAD_STATE_E;
} }
/* Ensure digest output size matches curve size (RFC 6507 4.1). */
if (err == 0) {
dgstSz = wc_HashGetDigestSize(hashType);
if (dgstSz < 0) {
err = dgstSz;
}
}
if (err == 0) {
curveSz = wc_ecc_get_curve_size_from_id(key->ecc.dp->id);
if (curveSz < 0) {
err = curveSz;
}
}
if ((err == 0) && (dgstSz != curveSz)) {
err = BAD_FUNC_ARG;
}
/* Load the curve parameters for operations */ /* Load the curve parameters for operations */
if (err == 0) { if (err == 0) {
err = eccsi_load_ecc_params(key); err = eccsi_load_ecc_params(key);

6
wolfcrypt/test/test.c
View File

@ -33273,6 +33273,12 @@ static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
byte msg[] = { 0x00 }; byte msg[] = { 0x00 };
word32 msgSz = sizeof(msg); word32 msgSz = sizeof(msg);
#ifdef WOLFSSL_SHA384
ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
&hashSz);
if (ret != BAD_FUNC_ARG)
return -10174;
#endif
ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv, ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
&hashSz); &hashSz);
if (ret != 0) if (ret != 0)