mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Teach EdDSA signature algorithms about AlgorithmIdentifiers

Browse Source 
The other signature algorithms know how to create their own
AlgorithmIdentifiers, but the EdDSA algorithms missed this.

Fixes #11875

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
This commit is contained in:
Matt Caswell 2020-09-15 16:20:51 +01:00
parent 991a6bb581
commit d12a2fe4e7
8 changed files with 188 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -54,10 +54,12 @@ doc/man1/openssl-*.pod
providers/common/der/der_digests_gen.c
providers/common/der/der_dsa_gen.c
providers/common/der/der_ec_gen.c
providers/common/der/der_ecx_gen.c
providers/common/der/der_rsa_gen.c
providers/common/der/der_wrap_gen.c
providers/common/include/prov/der_dsa.h
providers/common/include/prov/der_ec.h
providers/common/include/prov/der_ecx.h
providers/common/include/prov/der_rsa.h
providers/common/include/prov/der_digests.h
providers/common/include/prov/der_wrap.h

11
providers/common/der/ECX.asn1 Normal file
View File

@ -0,0 +1,11 @@
-- -------------------------------------------------------------------
-- Taken from RFC 8410, 9 ASN.1 Module
-- (https://tools.ietf.org/html/rfc8410#section-9)
id-edwards-curve-algs OBJECT IDENTIFIER ::= { 1 3 101 }
id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 }
id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 }
id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 }
id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 }

17
providers/common/der/build.info
View File

@ -50,6 +50,19 @@ DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H
GENERATE[$DER_EC_H]=der_ec.h.in
DEPEND[$DER_EC_H]=oids_to_c.pm
#----- ECX
$DER_ECX_H=../include/prov/der_ecx.h
$DER_ECX_GEN=der_ecx_gen.c
$DER_ECX_AUX=der_ecx_key.c
GENERATE[$DER_ECX_GEN]=der_ecx_gen.c.in
DEPEND[$DER_ECX_GEN]=oids_to_c.pm
DEPEND[${DER_ECX_AUX/.c/.o}]=$DER_ECX_H
DEPEND[${DER_ECX_GEN/.c/.o}]=$DER_ECX_H
GENERATE[$DER_ECX_H]=der_ecx.h.in
DEPEND[$DER_ECX_H]=oids_to_c.pm
#----- KEY WRAP
$DER_WRAP_H=../include/prov/der_wrap.h
$DER_WRAP_GEN=der_wrap_gen.c
@ -73,5 +86,9 @@ $COMMON=\
$DER_DIGESTS_GEN \
$DER_WRAP_GEN
IF[{- !$disabled{ec} -}]
$COMMON = $COMMON $DER_ECX_GEN $DER_ECX_AUX
ENDIF
SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE
SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE

23
providers/common/der/der_ecx.h.in Normal file
View File

@ -0,0 +1,23 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/der.h"
#include "crypto/ecx.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/ECX.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_H });
-}
int DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec);
int DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec);
int DER_w_algorithmIdentifier_X25519(WPACKET *pkt, int cont, ECX_KEY *ec);
int DER_w_algorithmIdentifier_X448(WPACKET *pkt, int cont, ECX_KEY *ec);

17
providers/common/der/der_ecx_gen.c.in Normal file
View File

@ -0,0 +1,17 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ecx.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/ECX.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}

48
providers/common/der/der_ecx_key.c Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_ecx.h"
int DER_w_algorithmIdentifier_X25519(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_X25519,
sizeof(der_oid_id_X25519))
&& DER_w_end_sequence(pkt, cont);
}
int DER_w_algorithmIdentifier_X448(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_X448,
sizeof(der_oid_id_X448))
&& DER_w_end_sequence(pkt, cont);
}
int DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_Ed25519,
sizeof(der_oid_id_Ed25519))
&& DER_w_end_sequence(pkt, cont);
}
int DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_Ed448,
sizeof(der_oid_id_Ed448))
&& DER_w_end_sequence(pkt, cont);
}

1
providers/implementations/signature/build.info
View File

@ -18,6 +18,7 @@ SOURCE[../../libnonfips.a]=rsa.c
DEPEND[rsa.o]=../../common/include/prov/der_rsa.h
DEPEND[dsa.o]=../../common/include/prov/der_dsa.h
DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h
DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h
SOURCE[../../libfips.a]=mac_legacy.c
SOURCE[../../libnonfips.a]=mac_legacy.c

69
providers/implementations/signature/eddsa.c
View File

@ -20,6 +20,7 @@
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
#include "prov/provider_ctx.h"
#include "prov/der_ecx.h"
#include "crypto/ecx.h"
static OSSL_FUNC_signature_newctx_fn eddsa_newctx;
@ -30,10 +31,17 @@ static OSSL_FUNC_signature_digest_verify_fn ed25519_digest_verify;
static OSSL_FUNC_signature_digest_verify_fn ed448_digest_verify;
static OSSL_FUNC_signature_freectx_fn eddsa_freectx;
static OSSL_FUNC_signature_dupctx_fn eddsa_dupctx;
static OSSL_FUNC_signature_get_ctx_params_fn eddsa_get_ctx_params;
static OSSL_FUNC_signature_gettable_ctx_params_fn eddsa_gettable_ctx_params;
typedef struct {
OPENSSL_CTX *libctx;
ECX_KEY *key;
/* The Algorithm Identifier of the signature algorithm */
unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
unsigned char *aid;
size_t aid_len;
} PROV_EDDSA_CTX;
static void *eddsa_newctx(void *provctx, const char *propq_unused)
@ -59,6 +67,8 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
ECX_KEY *edkey = (ECX_KEY *)vedkey;
WPACKET pkt;
int ret;
if (!ossl_prov_is_running())
return 0;
@ -73,6 +83,33 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
return 0;
}
/*
* TODO(3.0) Should we care about DER writing errors?
* All it really means is that for some reason, there's no
* AlgorithmIdentifier to be had, but the operation itself is
* still valid, just as long as it's not used to construct
* anything that needs an AlgorithmIdentifier.
*/
peddsactx->aid_len = 0;
ret = WPACKET_init_der(&pkt, peddsactx->aid_buf, sizeof(peddsactx->aid_buf));
switch (edkey->type) {
case ECX_KEY_TYPE_ED25519:
ret = ret && DER_w_algorithmIdentifier_ED25519(&pkt, -1, edkey);
break;
case ECX_KEY_TYPE_ED448:
ret = ret && DER_w_algorithmIdentifier_ED448(&pkt, -1, edkey);
break;
default:
/* Should never happen */
PROVerr(0, ERR_R_INTERNAL_ERROR);
return 0;
}
if (ret && WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &peddsactx->aid_len);
peddsactx->aid = WPACKET_get_curr(&pkt);
}
WPACKET_cleanup(&pkt);
peddsactx->key = edkey;
return 1;
@ -198,6 +235,32 @@ static void *eddsa_dupctx(void *vpeddsactx)
return NULL;
}
static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
OSSL_PARAM *p;
if (peddsactx == NULL || params == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
if (p != NULL && !OSSL_PARAM_set_octet_string(p, peddsactx->aid,
peddsactx->aid_len))
return 0;
return 1;
}
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_END
};
static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *provctx)
{
return known_gettable_ctx_params;
}
const OSSL_DISPATCH ed25519_signature_functions[] = {
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx },
{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
@ -210,6 +273,9 @@ const OSSL_DISPATCH ed25519_signature_functions[] = {
(void (*)(void))ed25519_digest_verify },
{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
(void (*)(void))eddsa_gettable_ctx_params },
{ 0, NULL }
};
@ -225,5 +291,8 @@ const OSSL_DISPATCH ed448_signature_functions[] = {
(void (*)(void))ed448_digest_verify },
{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
(void (*)(void))eddsa_gettable_ctx_params },
{ 0, NULL }
};