openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Teach EdDSA signature algorithms about AlgorithmIdentifiers 

The other signature algorithms know how to create their own
AlgorithmIdentifiers, but the EdDSA algorithms missed this.

Fixes #11875

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12884)
This commit is contained in:
Matt Caswell 2020-09-15 16:20:51 +01:00
parent 991a6bb581
commit d12a2fe4e7
8 changed files with 188 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -54,10 +54,12 @@ doc/man1/openssl-*.pod
providers/common/der/der_digests_gen.c
providers/common/der/der_dsa_gen.c
providers/common/der/der_ec_gen.c
providers/common/der/der_ecx_gen.c
providers/common/der/der_rsa_gen.c
providers/common/der/der_wrap_gen.c
providers/common/include/prov/der_dsa.h
providers/common/include/prov/der_ec.h
providers/common/include/prov/der_ecx.h
providers/common/include/prov/der_rsa.h
providers/common/include/prov/der_digests.h
providers/common/include/prov/der_wrap.h

11
providers/common/der/ECX.asn1 Normal file
View File

@ -0,0 +1,11 @@
-- -------------------------------------------------------------------
-- Taken from RFC 8410, 9 ASN.1 Module
-- (https://tools.ietf.org/html/rfc8410#section-9)
id-edwards-curve-algs OBJECT IDENTIFIER ::= { 1 3 101 }
id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 }
id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 }
id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 }
id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 }

17
providers/common/der/build.info
View File

@ -50,6 +50,19 @@ DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H
GENERATE[$DER_EC_H]=der_ec.h.in
DEPEND[$DER_EC_H]=oids_to_c.pm
#----- ECX
$DER_ECX_H=../include/prov/der_ecx.h
$DER_ECX_GEN=der_ecx_gen.c
$DER_ECX_AUX=der_ecx_key.c
GENERATE[$DER_ECX_GEN]=der_ecx_gen.c.in
DEPEND[$DER_ECX_GEN]=oids_to_c.pm
DEPEND[${DER_ECX_AUX/.c/.o}]=$DER_ECX_H
DEPEND[${DER_ECX_GEN/.c/.o}]=$DER_ECX_H
GENERATE[$DER_ECX_H]=der_ecx.h.in
DEPEND[$DER_ECX_H]=oids_to_c.pm
#----- KEY WRAP
$DER_WRAP_H=../include/prov/der_wrap.h
$DER_WRAP_GEN=der_wrap_gen.c
@ -73,5 +86,9 @@ $COMMON=\
$DER_DIGESTS_GEN \
$DER_WRAP_GEN
IF[{- !$disabled{ec} -}]
$COMMON = $COMMON $DER_ECX_GEN $DER_ECX_AUX
ENDIF
SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE
SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE

23
providers/common/der/der_ecx.h.in Normal file
View File

@ -0,0 +1,23 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/der.h"
#include "crypto/ecx.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/ECX.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_H });
-}
int DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec);
int DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec);
int DER_w_algorithmIdentifier_X25519(WPACKET *pkt, int cont, ECX_KEY *ec);
int DER_w_algorithmIdentifier_X448(WPACKET *pkt, int cont, ECX_KEY *ec);

17
providers/common/der/der_ecx_gen.c.in Normal file
View File

@ -0,0 +1,17 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ecx.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/ECX.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}

48
providers/common/der/der_ecx_key.c Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/obj_mac.h>
#include "internal/packet.h"
#include "prov/der_ecx.h"
int DER_w_algorithmIdentifier_X25519(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_X25519,
sizeof(der_oid_id_X25519))
&& DER_w_end_sequence(pkt, cont);
}
int DER_w_algorithmIdentifier_X448(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_X448,
sizeof(der_oid_id_X448))
&& DER_w_end_sequence(pkt, cont);
}
int DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_Ed25519,
sizeof(der_oid_id_Ed25519))
&& DER_w_end_sequence(pkt, cont);
}
int DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec)
{
return DER_w_begin_sequence(pkt, cont)
/* No parameters (yet?) */
&& DER_w_precompiled(pkt, -1, der_oid_id_Ed448,
sizeof(der_oid_id_Ed448))
&& DER_w_end_sequence(pkt, cont);
}

1
providers/implementations/signature/build.info
View File

@ -18,6 +18,7 @@ SOURCE[../../libnonfips.a]=rsa.c
DEPEND[rsa.o]=../../common/include/prov/der_rsa.h
DEPEND[dsa.o]=../../common/include/prov/der_dsa.h
DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h
DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h
SOURCE[../../libfips.a]=mac_legacy.c
SOURCE[../../libnonfips.a]=mac_legacy.c

69
providers/implementations/signature/eddsa.c
View File

@ -20,6 +20,7 @@
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
#include "prov/provider_ctx.h"
#include "prov/der_ecx.h"
#include "crypto/ecx.h"
static OSSL_FUNC_signature_newctx_fn eddsa_newctx;
@ -30,10 +31,17 @@ static OSSL_FUNC_signature_digest_verify_fn ed25519_digest_verify;
static OSSL_FUNC_signature_digest_verify_fn ed448_digest_verify;
static OSSL_FUNC_signature_freectx_fn eddsa_freectx;
static OSSL_FUNC_signature_dupctx_fn eddsa_dupctx;
static OSSL_FUNC_signature_get_ctx_params_fn eddsa_get_ctx_params;
static OSSL_FUNC_signature_gettable_ctx_params_fn eddsa_gettable_ctx_params;
typedef struct {
OPENSSL_CTX *libctx;
ECX_KEY *key;
/* The Algorithm Identifier of the signature algorithm */
unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
unsigned char *aid;
size_t aid_len;
} PROV_EDDSA_CTX;
static void *eddsa_newctx(void *provctx, const char *propq_unused)
@ -59,6 +67,8 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
ECX_KEY *edkey = (ECX_KEY *)vedkey;
WPACKET pkt;
int ret;
if (!ossl_prov_is_running())
return 0;
@ -73,6 +83,33 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
return 0;
}
/*
* TODO(3.0) Should we care about DER writing errors?
* All it really means is that for some reason, there's no
* AlgorithmIdentifier to be had, but the operation itself is
* still valid, just as long as it's not used to construct
* anything that needs an AlgorithmIdentifier.
*/
peddsactx->aid_len = 0;
ret = WPACKET_init_der(&pkt, peddsactx->aid_buf, sizeof(peddsactx->aid_buf));
switch (edkey->type) {
case ECX_KEY_TYPE_ED25519:
ret = ret && DER_w_algorithmIdentifier_ED25519(&pkt, -1, edkey);
break;
case ECX_KEY_TYPE_ED448:
ret = ret && DER_w_algorithmIdentifier_ED448(&pkt, -1, edkey);
break;
default:
/* Should never happen */
PROVerr(0, ERR_R_INTERNAL_ERROR);
return 0;
}
if (ret && WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &peddsactx->aid_len);
peddsactx->aid = WPACKET_get_curr(&pkt);
}
WPACKET_cleanup(&pkt);
peddsactx->key = edkey;
return 1;
@ -198,6 +235,32 @@ static void *eddsa_dupctx(void *vpeddsactx)
return NULL;
}
static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
OSSL_PARAM *p;
if (peddsactx == NULL || params == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
if (p != NULL && !OSSL_PARAM_set_octet_string(p, peddsactx->aid,
peddsactx->aid_len))
return 0;
return 1;
}
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_END
};
static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *provctx)
{
return known_gettable_ctx_params;
}
const OSSL_DISPATCH ed25519_signature_functions[] = {
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx },
{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
@ -210,6 +273,9 @@ const OSSL_DISPATCH ed25519_signature_functions[] = {
(void (*)(void))ed25519_digest_verify },
{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
(void (*)(void))eddsa_gettable_ctx_params },
{ 0, NULL }
};
@ -225,5 +291,8 @@ const OSSL_DISPATCH ed448_signature_functions[] = {
(void (*)(void))ed448_digest_verify },
{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx },
{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx },
{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params },
{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
(void (*)(void))eddsa_gettable_ctx_params },
{ 0, NULL }
};