arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-19 04:48:12 +00:00
Code Issues Releases Wiki Activity

test(crypto): use newer OpenSSL API

Browse Source 
[no changelog]
This commit is contained in:
Martin Milata 2023-04-17 14:39:16 +02:00
parent c9ae02442e
commit 56491a0530
1 changed files with 53 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
crypto/tests/test_openssl.c
View File

@ -24,11 +24,9 @@
/* OpenSSL's SHA256_CTX/SHA512_CTX conflicts with our own */ /* OpenSSL's SHA256_CTX/SHA512_CTX conflicts with our own */
#define SHA256_CTX _openssl_SHA256_CTX #define SHA256_CTX _openssl_SHA256_CTX
#define SHA512_CTX _openssl_SHA512_CTX #define SHA512_CTX _openssl_SHA512_CTX
#include <openssl/bn.h> #include <openssl/core_names.h>
#include <openssl/ecdsa.h> #include <openssl/ecdsa.h>
#include <openssl/obj_mac.h> #include <openssl/evp.h>
#include <openssl/opensslv.h>
#include <openssl/sha.h>
#undef SHA256_CTX #undef SHA256_CTX
#undef SHA512_CTX #undef SHA512_CTX
@ -46,12 +44,7 @@
#include "memzero.h" #include "memzero.h"
void openssl_check(unsigned int iterations, int nid, const ecdsa_curve *curve) { void openssl_check(unsigned int iterations, int nid, const ecdsa_curve *curve) {
uint8_t sig[64], pub_key33[33], pub_key65[65], priv_key[32], msg[256], uint8_t sig[64], pub_key33[33], pub_key65[65], priv_key[32], msg[256];
hash[32];
struct SHA256state_st sha256;
EC_GROUP *ecgroup;
ecgroup = EC_GROUP_new_by_curve_name(nid);
for (unsigned int iter = 0; iter < iterations; iter++) { for (unsigned int iter = 0; iter < iterations; iter++) {
// random message len between 1 and 256 // random message len between 1 and 256
@ -60,16 +53,40 @@ void openssl_check(unsigned int iterations, int nid, const ecdsa_curve *curve) {
random_buffer(msg, msg_len); random_buffer(msg, msg_len);
// new ECDSA key // new ECDSA key
EC_KEY *eckey = EC_KEY_new(); EVP_PKEY_CTX *pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
EC_KEY_set_group(eckey, ecgroup); if (!pkey_ctx) {
printf("EVP_PKEY_CTX_new_from_name failed\n");
return;
}
if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
printf("EVP_PKEY_keygen_init failed\n");
return;
}
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx, nid) <= 0) {
printf("EVP_PKEY_CTX_set_ec_paramgen_curve_nid failed\n");
return;
}
// generate the key // generate the key
EC_KEY_generate_key(eckey); EVP_PKEY *pkey = NULL;
if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
printf("EVP_PKEY_keygen failed\n");
return;
}
EVP_PKEY_CTX_free(pkey_ctx);
// copy key to buffer // copy key to buffer
const BIGNUM *K = EC_KEY_get0_private_key(eckey); BIGNUM *K = NULL;
if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &K)) {
printf("EVP_PKEY_get_bn_param failed\n");
return;
}
int bn_off = sizeof(priv_key) - BN_num_bytes(K); int bn_off = sizeof(priv_key) - BN_num_bytes(K);
memzero(priv_key, bn_off); memzero(priv_key, bn_off);
BN_bn2bin(K, priv_key + bn_off); BN_bn2bin(K, priv_key + bn_off);
BN_free(K);
// use our ECDSA signer to sign the message with the key // use our ECDSA signer to sign the message with the key
if (ecdsa_sign(curve, HASHER_SHA2, priv_key, msg, msg_len, sig, NULL, if (ecdsa_sign(curve, HASHER_SHA2, priv_key, msg, msg_len, sig, NULL,
@ -99,35 +116,40 @@ void openssl_check(unsigned int iterations, int nid, const ecdsa_curve *curve) {
return; return;
} }
// copy signature to the OpenSSL struct // convert signature to DER which OpenSSL understands
ECDSA_SIG *signature = ECDSA_SIG_new(); uint8_t sig_der[72] = {0};
#if OPENSSL_VERSION_NUMBER < 0x10100000L int sig_der_len = ecdsa_sig_to_der(sig, sig_der);
BN_bin2bn(sig, 32, signature->r);
BN_bin2bn(sig + 32, 32, signature->s);
#else
BIGNUM *R = BN_bin2bn(sig, 32, NULL);
BIGNUM *S = BN_bin2bn(sig + 32, 32, NULL);
ECDSA_SIG_set0(signature, R, S);
#endif
// compute the digest of the message // compute the digest of the message
// note: these are OpenSSL functions, not our own // note: these are OpenSSL functions, not our own
SHA256_Init(&sha256); EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
SHA256_Update(&sha256, msg, msg_len); if (!md_ctx) {
SHA256_Final(hash, &sha256); printf("EVP_MD_CTX_new failed\n");
return;
}
if (EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) <= 0) {
printf("EVP_DigestVerifyInit failed\n");
return;
}
if (EVP_DigestVerifyUpdate(md_ctx, msg, msg_len) <= 0) {
printf("EVP_DigestVerifyUpdate failed\n");
return;
}
// verify all went well, i.e. we can decrypt our signature with OpenSSL // verify all went well, i.e. we can decrypt our signature with OpenSSL
int v = ECDSA_do_verify(hash, 32, signature, eckey); int v = EVP_DigestVerifyFinal(md_ctx, sig_der, sig_der_len);
if (v != 1) { if (v != 1) {
printf("OpenSSL verification failed (%d)\n", v); printf("OpenSSL verification failed (%d)\n", v);
return; return;
} }
ECDSA_SIG_free(signature); EVP_MD_CTX_free(md_ctx);
EC_KEY_free(eckey); EVP_PKEY_free(pkey);
if (((iter + 1) % 100) == 0) printf("Passed ... %d\n", iter + 1); if (((iter + 1) % 100) == 0) printf("Passed ... %d\n", iter + 1);
} }
EC_GROUP_free(ecgroup);
printf("All OK\n"); printf("All OK\n");
} }