/* rfc4492#section-5.4 */
void
dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size,
- const unsigned char *sign_hash, size_t sign_hash_size,
- uint32_t point_r[9], uint32_t point_s[9]) {
- uint8_t privateKey[32];
- uint8_t hashValue[32];
- uint8_t sign[64];
+ const unsigned char *sign_hash, size_t sign_hash_size,
+ uint32_t point_r[9], uint32_t point_s[9])
+{
+ uint8_t sign[64];
+ // Check the buffers
+ if (priv_key == NULL || key_size < 32)
+ return 0;
+ if (sign_hash == NULL || sign_hash_size < 32)
+ return 0;
- uECC_sign(privateKey, hashValue, sign);
- memcpy(point_r, sign, 32);
- memcpy(point_s, sign + 32, 32);
+ uECC_sign(priv_key, sign_hash, sign);
+ memcpy(point_r, sign, 32);
+ memcpy(point_s, sign + 32, 32);
}
void
/* rfc4492#section-5.4 */
int
dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x,
- const unsigned char *pub_key_y, size_t key_size,
- const unsigned char *sign_hash, size_t sign_hash_size,
- unsigned char *result_r, unsigned char *result_s) {
-
- uint8_t publicKey[64];
- uint8_t hashValue[32];
- uint8_t sign[64];
-
- memcpy(publicKey, pub_key_x, 32);
- memcpy(publicKey + 32, pub_key_y, 32);
- return uECC_verify(publicKey, hashValue, sign);
+ const unsigned char *pub_key_y, size_t key_size,
+ const unsigned char *sign_hash, size_t sign_hash_size,
+ unsigned char *result_r, unsigned char *result_s)
+{
+ uint8_t publicKey[64];
+ uint8_t sign[64];
+
+ // Check the buffers
+ if (pub_key_x == NULL || pub_key_y == NULL || key_size < 32)
+ return 0;
+ if (sign_hash == NULL || sign_hash_size < 32)
+ return 0;
+ if (result_r == NULL || result_s == NULL)
+ return 0;
+
+ // Copy the public key into a single buffer
+ memcpy(publicKey, pub_key_x, 32);
+ memcpy(publicKey + 32, pub_key_y, 32);
+
+ // Copy the signature into a single buffer
+ memcpy(sign, result_r, 32);
+ memcpy(sign + 32, result_s, 32);
+
+ return uECC_verify(publicKey, sign_hash, sign);
}
int
dtls_hash_finalize(sha256hash, &hs_hash);
ret = dtls_ecdsa_verify_sig_hash(config->keyx.ecc.other_pub_x, config->keyx.ecc.other_pub_y,
- sizeof(config->keyx.ecc.other_pub_x),
- sha256hash, sizeof(sha256hash),
- result_r, result_s);
+ sizeof(config->keyx.ecc.other_pub_x),
+ sha256hash, sizeof(sha256hash),
+ result_r, result_s);
- if (ret < 0) {
+ if (ret <= 0) {
dtls_alert("wrong signature err: %i\n", ret);
return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
}
data_length -= ret;
ret = dtls_ecdsa_verify_sig(config->keyx.ecc.other_pub_x, config->keyx.ecc.other_pub_y,
- sizeof(config->keyx.ecc.other_pub_x),
- config->tmp.random.client, DTLS_RANDOM_LENGTH,
- config->tmp.random.server, DTLS_RANDOM_LENGTH,
- key_params,
- 1 + 2 + 1 + 1 + (2 * DTLS_EC_KEY_SIZE),
- result_r, result_s);
-
- if (ret < 0) {
+ sizeof(config->keyx.ecc.other_pub_x),
+ config->tmp.random.client, DTLS_RANDOM_LENGTH,
+ config->tmp.random.server, DTLS_RANDOM_LENGTH,
+ key_params,
+ 1 + 2 + 1 + 1 + (2 * DTLS_EC_KEY_SIZE),
+ result_r, result_s);
+
+ if (ret <= 0) {
dtls_alert("wrong signature\n");
return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
}