[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / ecdsa / ecdsa.go

diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index 65911e737acee5ce1066ce8d6ef938eedea223c3..e4e580fada7930a4ca4642f655c0f2507954de63 100644 (file)
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -39,6 +39,11 @@ import (
        "math/big"
 )
 
+import (
+       "crypto/internal/boring"
+       "unsafe"
+)
+
 // A invertible implements fast inverse mod Curve.Params().N
 type invertible interface {
        // Inverse returns the inverse of k in GF(P)
@@ -58,12 +63,16 @@ const (
 type PublicKey struct {
        elliptic.Curve
        X, Y *big.Int
+
+       boring unsafe.Pointer
 }
 
 // PrivateKey represents an ECDSA private key.
 type PrivateKey struct {
        PublicKey
        D *big.Int
+
+       boring unsafe.Pointer
 }
 
 type ecdsaSignature struct {
@@ -83,6 +92,15 @@ func (priv *PrivateKey) Public() crypto.PublicKey {
 // where the private part is kept in, for example, a hardware module. Common
 // uses should use the Sign function in this package directly.
 func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
+       if boring.Enabled && rand == boring.RandReader {
+               b, err := boringPrivateKey(priv)
+               if err != nil {
+                       return nil, err
+               }
+               return boring.SignMarshalECDSA(b, digest)
+       }
+       boring.UnreachableExceptTests()
+
        r, s, err := Sign(rand, priv, digest)
        if err != nil {
                return nil, err
@@ -112,6 +130,15 @@ func randFieldElement(c elliptic.Curve, rand io.Reader) (k *big.Int, err error)
 
 // GenerateKey generates a public and private key pair.
 func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) {
+       if boring.Enabled && rand == boring.RandReader {
+               x, y, d, err := boring.GenerateKeyECDSA(c.Params().Name)
+               if err != nil {
+                       return nil, err
+               }
+               return &PrivateKey{PublicKey: PublicKey{Curve: c, X: x, Y: y}, D: d}, nil
+       }
+       boring.UnreachableExceptTests()
+
        k, err := randFieldElement(c, rand)
        if err != nil {
                return nil, err
@@ -165,6 +192,15 @@ var errZeroParam = errors.New("zero parameter")
 func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
        randutil.MaybeReadByte(rand)
 
+       if boring.Enabled && rand == boring.RandReader {
+               b, err := boringPrivateKey(priv)
+               if err != nil {
+                       return nil, nil, err
+               }
+               return boring.SignECDSA(b, hash)
+       }
+       boring.UnreachableExceptTests()
+
        // Get min(log2(q) / 2, 256) bits of entropy from rand.
        entropylen := (priv.Curve.Params().BitSize + 7) / 16
        if entropylen > 32 {
@@ -241,6 +277,15 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
 // Verify verifies the signature in r, s of hash using the public key, pub. Its
 // return value records whether the signature is valid.
 func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
+       if boring.Enabled {
+               b, err := boringPublicKey(pub)
+               if err != nil {
+                       return false
+               }
+               return boring.VerifyECDSA(b, hash, r, s)
+       }
+       boring.UnreachableExceptTests()
+
        // See [NSA] 3.4.2
        c := pub.Curve
        N := c.Params().N