From: Guus Sliepen Date: Thu, 7 Jul 2011 20:27:17 +0000 (+0200) Subject: Implement ECDSA sign and verify operations. X-Git-Tag: release-1.1pre2~24 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=03582eb669494cb778ebea7b0fe3b1b841335750;p=tinc Implement ECDSA sign and verify operations. Very basic at the moment, doesn't hash the input first, and uses OpenSSL's DER encoded signature as output. --- diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c index 84fe8fd9..000bfaa5 100644 --- a/src/openssl/ecdsa.c +++ b/src/openssl/ecdsa.c @@ -70,12 +70,31 @@ size_t ecdsa_size(ecdsa_t *ecdsa) { return ECDSA_size(*ecdsa); } +// TODO: hash first, standardise output format? + bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) { - logger(LOG_ERR, "Unable to perform ECDSA signature: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; + unsigned int siglen = ECDSA_size(*ecdsa); + memset(sig, 0, siglen); + + if(!ECDSA_sign(0, in, len, sig, &siglen, *ecdsa)) { + logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + if(siglen != ECDSA_size(*ecdsa)) { + logger(LOG_ERR, "Signature length %d != %d", siglen, ECDSA_size(*ecdsa)); + } + + return true; } bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) { - logger(LOG_ERR, "Unable to perform ECDSA verification: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; + unsigned int siglen = ECDSA_size(*ecdsa); + + if(!ECDSA_verify(0, in, len, sig, siglen, *ecdsa)) { + logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + return true; }