PROV: Add DERlib support for ECDSA and EC keys

This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11450)

2 files changed, 1 insertions, 106 deletions

diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 4494ce7a66..8f12e2e39e 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -51,7 +51,7 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
         ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
         curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
         curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
-        $ECASM ecdsa_aid.c ec_backend.c ecx_backend.c
+        $ECASM ec_backend.c ecx_backend.c
 SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
                         ec_err.c ecdh_kdf.c eck_prn.c ec_evp_lib.c
 SOURCE[../../providers/libfips.a]=$COMMON
diff --git a/crypto/ec/ecdsa_aid.c b/crypto/ec/ecdsa_aid.c
deleted file mode 100644
index 01bca40f8c..0000000000
--- a/crypto/ec/ecdsa_aid.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdlib.h>
-
-#include <openssl/objects.h>
-#include "crypto/ec.h"
-
-#define ASN1_SEQUENCE 0x30
-#define ASN1_OID 0x06
-#define OID_FIRST(a, b) a * 40 + b
-#define DER_840() 0x86, 0x48    /* DER encoding of number 840 is 2 bytes */
-#define DER_10045() 0xCE, 0x3D  /* DER encoding of number 10045 is 2 bytes */
-#define SHA1_SZ 7
-#define SHA2_SZ 8
-#define SHA3_SZ 9
-
-/*
- * -- RFC 3279
- * ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 10045 }
- * id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
- *
- * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
- */
-#define ENCODE_ALGORITHMIDENTIFIER_SHA1(name)                                  \
-static const unsigned char algorithmidentifier_##name##_der[] = {              \
-    ASN1_SEQUENCE, 2 + SHA1_SZ,                                                \
-    ASN1_OID, SHA1_SZ, OID_FIRST(1, 2), DER_840(), DER_10045(), 4, 1           \
-}
-
-/*
- * -- RFC 5758
- *
- * ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
- *
- * ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
- *
- * ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
- *
- * ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
- */
-#define ENCODE_ALGORITHMIDENTIFIER_SHA2(name, n)                               \
-static const unsigned char algorithmidentifier_##name##_der[] = {              \
-    ASN1_SEQUENCE, 2 + SHA2_SZ,                                                \
-    ASN1_OID, SHA2_SZ, OID_FIRST(1, 2), DER_840(), DER_10045(), 4, 3, n        \
-}
-
-/*
- * https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
- *
- * sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 }
- *
- * id-ecdsa-with-sha3-224 ::= { sigAlgs 9 }
- * id-ecdsa-with-sha3-256 ::= { sigAlgs 10 }
- * id-ecdsa-with-sha3-384 ::= { sigAlgs 11 }
- * id-ecdsa-with-sha3-512 ::= { sigAlgs 12 }
- */
-#define ENCODE_ALGORITHMIDENTIFIER_SHA3(name, n)                               \
-static const unsigned char algorithmidentifier_##name##_der[] = {              \
-    ASN1_SEQUENCE, 2 + SHA3_SZ,                                                \
-    ASN1_OID, SHA3_SZ, OID_FIRST(2, 16), DER_840(), 1, 101, 3, 4, 3, n         \
-}
-
-ENCODE_ALGORITHMIDENTIFIER_SHA1(sha1);
-ENCODE_ALGORITHMIDENTIFIER_SHA2(sha224, 1);
-ENCODE_ALGORITHMIDENTIFIER_SHA2(sha256, 2);
-ENCODE_ALGORITHMIDENTIFIER_SHA2(sha384, 3);
-ENCODE_ALGORITHMIDENTIFIER_SHA2(sha512, 4);
-ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_224, 9);
-ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_256, 10);
-ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_384, 11);
-ENCODE_ALGORITHMIDENTIFIER_SHA3(sha3_512, 12);
-/* TODO - Add SHAKE OIDS when they are standardized */
-
-#define MD_CASE(name)                                                   \
-    case NID_##name:                                                    \
-        *len = sizeof(algorithmidentifier_##name##_der);                \
-        return algorithmidentifier_##name##_der
-
-const unsigned char *ecdsa_algorithmidentifier_encoding(int md_nid, size_t *len)
-{
-    switch (md_nid) {
-        MD_CASE(sha1);
-        MD_CASE(sha224);
-        MD_CASE(sha256);
-        MD_CASE(sha384);
-        MD_CASE(sha512);
-        MD_CASE(sha3_224);
-        MD_CASE(sha3_256);
-        MD_CASE(sha3_384);
-        MD_CASE(sha3_512);
-    default:
-        return NULL;
-    }
-}