Merge remote-tracking branch 'upstream-public/pr/1027' into development

2018-01-09 10:42:03 +00:00 · 2018-01-09 10:42:03 +00:00 · 35285cca67
commit 35285cca67
parent ec9c626b75 314adb6baa
4 changed files with 24 additions and 0 deletions
--- a/6
+++ b/6
@ -22,6 +22,12 @@ Features
     MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs.
   * Add support for alternative implementations of GCM, selected by the
     configuration flag MBEDTLS_GCM_ALT.
+   * Add support for alternative implementations for ECDSA, controlled by new
+     configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
+     MBEDTLS_ECDSDA_GENKEY_AT in config.h.
+     The following functions from the ECDSA module can be replaced
+     with alternative implementation:
+     mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().

 New deprecations
   * Deprecate usage of RSA primitives with non-matching key-type
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -332,6 +332,9 @@
 //#define MBEDTLS_AES_SETKEY_DEC_ALT
 //#define MBEDTLS_AES_ENCRYPT_ALT
 //#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT

 /**
 * \def MBEDTLS_ECP_INTERNAL_ALT
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -65,6 +65,7 @@ cleanup:
    return( ret );
 }

+#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
 * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
 * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
@ -157,6 +158,7 @@ cleanup:

    return( ret );
 }
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */

 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 /*
@ -196,6 +198,7 @@ cleanup:
 }
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */

+#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
 /*
 * Verify ECDSA signature of hashed message (SEC1 4.1.4)
 * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
@ -281,6 +284,7 @@ cleanup:

    return( ret );
 }
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */

 /*
 * Convert a signature (given by context) to ASN.1
@ -406,6 +410,7 @@ cleanup:
    return( ret );
 }

+#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
 /*
 * Generate key pair
 */
@ -415,6 +420,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
    return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
            mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
 }
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */

 /*
 * Set context from an mbedtls_ecp_keypair
--- a/library/version_features.c
+++ b/library/version_features.c
@ -177,6 +177,15 @@ static const char *features[] = {
 #if defined(MBEDTLS_AES_DECRYPT_ALT)
    "MBEDTLS_AES_DECRYPT_ALT",
 #endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+    "MBEDTLS_ECDSA_VERIFY_ALT",
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+    "MBEDTLS_ECDSA_SIGN_ALT",
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+    "MBEDTLS_ECDSA_GENKEY_ALT",
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
    "MBEDTLS_ECP_INTERNAL_ALT",
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */