Hash input before signing it with ECDSA.

This commit is contained in:
Guus Sliepen 2011-07-08 18:17:34 +02:00
parent 8132be8fbd
commit 73863fab8a

View file

@ -70,13 +70,17 @@ size_t ecdsa_size(ecdsa_t *ecdsa) {
return ECDSA_size(*ecdsa); return ECDSA_size(*ecdsa);
} }
// TODO: hash first, standardise output format? // TODO: standardise output format?
bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) { bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
unsigned int siglen = ECDSA_size(*ecdsa); unsigned int siglen = ECDSA_size(*ecdsa);
char hash[SHA512_DIGEST_LENGTH];
SHA512(in, len, hash);
memset(sig, 0, siglen); memset(sig, 0, siglen);
if(!ECDSA_sign(0, in, len, sig, &siglen, *ecdsa)) { if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, *ecdsa)) {
logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL)); logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
return false; return false;
} }
@ -91,7 +95,10 @@ bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) { bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
unsigned int siglen = ECDSA_size(*ecdsa); unsigned int siglen = ECDSA_size(*ecdsa);
if(!ECDSA_verify(0, in, len, sig, siglen, *ecdsa)) { char hash[SHA512_DIGEST_LENGTH];
SHA512(in, len, hash);
if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) {
logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL)); logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
return false; return false;
} }