diff options
author | Richard Levitte <levitte@openssl.org> | 2020-03-31 17:20:24 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-04-07 11:16:56 +0200 |
commit | 2d956b320c910a90528e9a3aeb4cf48221dba246 (patch) | |
tree | 6ee6505a2a2cafca60982cf245a56ac3d77e130b /crypto/ec | |
parent | 8c555803476a2af366938161d1186a0d746910ea (diff) |
PROV: Add DERlib support for ECDSA and EC keys
This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/build.info | 2 | ||||
-rw-r--r-- | crypto/ec/ecdsa_aid.c | 105 |
2 files changed, 1 insertions, 106 deletions
diff --git a/crypto/ec/build.info b/crypto/ec/build.info index 4494ce7a66..8f12e2e39e 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -51,7 +51,7 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \ curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ - $ECASM ecdsa_aid.c ec_backend.c ecx_backend.c + $ECASM ec_backend.c ecx_backend.c SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \ ec_err.c ecdh_kdf.c eck_prn.c ec_evp_lib.c SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/ec/ecdsa_aid.c b/crypto/ec/ecdsa_aid.c deleted file mode 100644 index 01bca40f8c..0000000000 --- a/crypto/ec/ecdsa_aid.c +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdlib.h> - -#include <openssl/objects.h> -#include "crypto/ec.h" - -#define ASN1_SEQUENCE 0x30 -#define ASN1_OID 0x06 -#define OID_FIRST(a, b) a * 40 + b -#define DER_840() 0x86, 0x48 /* DER encoding of number 840 is 2 bytes */ -#define DER_10045() 0xCE, 0x3D /* DER encoding of number 10045 is 2 bytes */ -#define SHA1_SZ 7 -#define SHA2_SZ 8 -#define SHA3_SZ 9 - -/* - * -- RFC 3279 - * ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 10045 } - * id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) } - * - * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } - */ -#define ENCODE_ALGORITHMIDENTIFIER_SHA1(name) \ -static const unsigned char algorithmidentifier_##name##_der[] = { \ - ASN1_SEQUENCE, 2 + SHA1_SZ, \ - ASN1_OID, SHA1_SZ, OID_FIRST(1, 2), DER_840(), DER_10045(), 4, 1 \ -} - -/* - * -- RFC 5758 - * - * ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 } - * - * ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } - * - * ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } - * - * ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - * us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 } - */ -#define ENCODE_ALGORITHMIDENTIFIER_SHA2(name, n) \ -static const unsigned char algorithmidentifier_##name##_der[] = { \ - ASN1_SEQUENCE, 2 + SHA2_SZ, \ - ASN1_OID, SHA2_SZ, OID_FIRST(1, 2), DER_840(), DER_10045(), 4, 3, n \ -} - -/* - * https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration - * - * sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 } - * - * id-ecdsa-with-sha3-224 ::= { sigAlgs 9 } - * id-ecdsa-with-sha3-256 ::= { sigAlgs 10 } - * id-ecdsa-with-sha3-384 ::= { sigAlgs 11 } - * id-ecdsa-with-sha3-512 ::= { sigAlgs 12 } - */ -#define ENCODE_ALGORITHMIDENTIFIER_SHA3(name, n) \ -static const unsigned char algorithmidentifier_##name##_der[] = { \ - ASN1_SEQUENCE, 2 + SHA3_SZ, \ - ASN1_OID, SHA3_SZ, OID_FIRST(2, 16), DER_840(), 1, 101, 3, 4, 3, n \ -} - -ENCODE_ALGORITHMIDENTIFIER_SHA1(sha1); -ENCODE_ALGORITHMIDENTIFIER_SHA2(sha224, 1); -ENCODE_ALGORITHMIDENTIFIER_SHA2(sha256, 2); -ENCODE_ALGORITHMIDENTIFIER_SHA2(sha384, 3); -ENCODE_ALGORITHMIDENTIFIER_SHA2(sha512, 4); -ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_224, 9); -ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_256, 10); -ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_384, 11); -ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_512, 12); -/* TODO - Add SHAKE OIDS when they are standardized */ - -#define MD_CASE(name) \ - case NID_##name: \ - *len = sizeof(algorithmidentifier_##name##_der); \ - return algorithmidentifier_##name##_der - -const unsigned char *ecdsa_algorithmidentifier_encoding(int md_nid, size_t *len) -{ - switch (md_nid) { - MD_CASE(sha1); - MD_CASE(sha224); - MD_CASE(sha256); - MD_CASE(sha384); - MD_CASE(sha512); - MD_CASE(sha3_224); - MD_CASE(sha3_256); - MD_CASE(sha3_384); - MD_CASE(sha3_512); - default: - return NULL; - } -} |