There is no hard dependency in the Thread specification which requires
the use of deterministic signatures. On the contrary, looking at the
tinycrypt implementation, that one issues randomized ECDSA signatures
and seems to be quite happy with that.
This change does not change the default behaviour, which is to use
deterministic ECDSA when using the default MbedTLS backend. It does
however make it possible for platforms which have qualified hardware
entropy to select 'plain' ECDSA instead, which gives both a performance
and code size improvement on those platforms.
This commit updates `kMessage` in `test_ecdsa.cpp` function which
verifies the signature generation to be an array of char instead of a
`char *`. This ensures that the use of `sizeof(kMessage)` correctly
gives the length of the message string (which is used during hash
calculation).
This commit updates `VerifyOrQuit()` and `SuccessOrQuit()` macros to
include the failed condition in the error message that is printed on
a failure (in addition to function name and line number where the
error happened). This commit also changes the second parameter
(`aMessage`) to in these macros to be optional.
This commit also updates unit tests to remove the second `aMessage`
string in cases where the failure can be inferred from the condition
itself.
This commit adds a new core header files `common/error.hpp` which
defines `ot::Error` (mirroring `otError`) and `kError{Name}` constants
(mirroring the public `OT_ERROR_{NAME}` definitions). The new (C++
style) definitions are used by core modules. This commit also moves
`otThreadErrorToString()` (from `logging.hpp` to `error.hpp`) and
renames it to `ErrorToString()` which is used as the internal (to
core) function to covert an `Error` to a string.
This commit updates `Sha256` and `HmacSha256` classes adding new
flavors of `Update()` method which inputs bytes from a given buffer,
or from an object, or read from a `Message` for hash calculation.
This commit also updates unit test to add more test-cases (from RFC
4231) for HMAC and adds new set of test-cases for SHA-256. The test
also covers calculating hash over data read directly from a `Message`.
Per Sec 4 of RFC 6605:
"ECDSA public keys consist of a single value, called "Q" in FIPS
186-3. In DNSSEC keys, Q is a simple bit string that represents the
uncompressed form of a curve point, "x | y"."
The bit string of the two curve points (X, Y) should have a fixed
length of 64 bytes and the additional `1` byte prefix should not be
included, because only uncompressed form is allowed.
This commit adds support for ECDSA using NIST P-256 curve and SHA-256
hash. `KeyPair` type is added which represents a set of public and
private keys. It provides methods for generation a new key-pair and
getting a DER format byte sequence representation of the key-pair.
This commit also adds methods to calculate ECDSA signature and verify
a signature for a hashed message. The underlying implementation uses
`mbedtls` APIs.
It also adds a unit-test `test-ecdsa` to cover behavior of the newly
added types and methods. The unit test also verifies the signature
calculation using the test vector example from RFC 6979.