diff options
| author | Matt Caswell <matt@openssl.org> | 2020-03-18 08:40:33 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-03-18 08:40:33 +1000 |
| commit | 244bc29746c83e76e2fba542ca87552b8aef5c5f (patch) | |
| tree | 5e2391571abf8ea2d69d8f8c14c49ff044f49b7f /providers | |
| parent | b3e6d666e351d45e93d29fe3813245b92a0f5815 (diff) | |
Implement serializers for ED25519 and ED448
This is largely based on the existing X25519 and X448 serializers - but
a few adjustments were necessary so that we can identify what type of key
we are using. Previously we used the keylen for this but X25519 and
ED25519 have the same keylen.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11272)
Diffstat (limited to 'providers')
8 files changed, 109 insertions, 25 deletions
diff --git a/providers/defltprov.c b/providers/defltprov.c index f89363341a..2ec229e16b 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -504,6 +504,32 @@ static const OSSL_ALGORITHM deflt_serializer[] = { { "X448", "provider=default,format=pem,type=public", x448_pub_pem_serializer_functions }, + { "ED25519", "provider=default,fips=yes,format=text,type=private", + ed25519_priv_print_serializer_functions }, + { "ED25519", "provider=default,fips=yes,format=text,type=public", + ed25519_pub_print_serializer_functions }, + { "ED25519", "provider=default,fips=yes,format=der,type=private", + ed25519_priv_der_serializer_functions }, + { "ED25519", "provider=default,fips=yes,format=der,type=public", + ed25519_pub_der_serializer_functions }, + { "ED25519", "provider=default,fips=yes,format=pem,type=private", + ed25519_priv_pem_serializer_functions }, + { "ED25519", "provider=default,fips=yes,format=pem,type=public", + ed25519_pub_pem_serializer_functions }, + + { "ED448", "provider=default,format=text,type=private", + ed448_priv_print_serializer_functions }, + { "ED448", "provider=default,format=text,type=public", + ed448_pub_print_serializer_functions }, + { "ED448", "provider=default,format=der,type=private", + ed448_priv_der_serializer_functions }, + { "ED448", "provider=default,format=der,type=public", + ed448_pub_der_serializer_functions }, + { "ED448", "provider=default,format=pem,type=private", + ed448_priv_pem_serializer_functions }, + { "ED448", "provider=default,format=pem,type=public", + ed448_pub_pem_serializer_functions }, + { "EC", "provider=default,fips=yes,format=text,type=private", ec_priv_text_serializer_functions }, { "EC", "provider=default,fips=yes,format=text,type=public", diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 57a3122b13..9b5017a144 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -322,6 +322,20 @@ extern const OSSL_DISPATCH x448_pub_der_serializer_functions[]; extern const OSSL_DISPATCH x448_priv_pem_serializer_functions[]; extern const OSSL_DISPATCH x448_pub_pem_serializer_functions[]; +extern const OSSL_DISPATCH ed25519_priv_print_serializer_functions[]; +extern const OSSL_DISPATCH ed25519_pub_print_serializer_functions[]; +extern const OSSL_DISPATCH ed25519_priv_der_serializer_functions[]; +extern const OSSL_DISPATCH ed25519_pub_der_serializer_functions[]; +extern const OSSL_DISPATCH ed25519_priv_pem_serializer_functions[]; +extern const OSSL_DISPATCH ed25519_pub_pem_serializer_functions[]; + +extern const OSSL_DISPATCH ed448_priv_print_serializer_functions[]; +extern const OSSL_DISPATCH ed448_pub_print_serializer_functions[]; +extern const OSSL_DISPATCH ed448_priv_der_serializer_functions[]; +extern const OSSL_DISPATCH ed448_pub_der_serializer_functions[]; +extern const OSSL_DISPATCH ed448_priv_pem_serializer_functions[]; +extern const OSSL_DISPATCH ed448_pub_pem_serializer_functions[]; + extern const OSSL_DISPATCH ec_priv_text_serializer_functions[]; extern const OSSL_DISPATCH ec_pub_text_serializer_functions[]; extern const OSSL_DISPATCH ec_param_text_serializer_functions[]; diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index b078c6de58..6450fbb22e 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -35,22 +35,22 @@ static OSSL_OP_keymgmt_export_types_fn ecx_imexport_types; static void *x25519_new_key(void *provctx) { - return ecx_key_new(X25519_KEYLEN, 0); + return ecx_key_new(ECX_KEY_TYPE_X25519, 0); } static void *x448_new_key(void *provctx) { - return ecx_key_new(X448_KEYLEN, 0); + return ecx_key_new(ECX_KEY_TYPE_X448, 0); } static void *ed25519_new_key(void *provctx) { - return ecx_key_new(ED25519_KEYLEN, 0); + return ecx_key_new(ECX_KEY_TYPE_ED25519, 0); } static void *ed448_new_key(void *provctx) { - return ecx_key_new(ED448_KEYLEN, 0); + return ecx_key_new(ECX_KEY_TYPE_ED448, 0); } static int ecx_has(void *keydata, int selection) diff --git a/providers/implementations/serializers/serializer_common.c b/providers/implementations/serializers/serializer_common.c index 0b99f4939b..7c6b5afe18 100644 --- a/providers/implementations/serializers/serializer_common.c +++ b/providers/implementations/serializers/serializer_common.c @@ -14,6 +14,7 @@ #include <openssl/types.h> #include <openssl/x509.h> /* i2d_X509_PUBKEY_bio() */ #include "crypto/bn.h" /* bn_get_words() */ +#include "crypto/ecx.h" #include "prov/bio.h" /* ossl_prov_bio_printf() */ #include "prov/implementations.h" #include "prov/providercommonerr.h" /* PROV_R_READ_KEY */ diff --git a/providers/implementations/serializers/serializer_ecx.c b/providers/implementations/serializers/serializer_ecx.c index 589c6c25f5..78b6ec9691 100644 --- a/providers/implementations/serializers/serializer_ecx.c +++ b/providers/implementations/serializers/serializer_ecx.c @@ -26,6 +26,14 @@ void ecx_get_new_free_import(ECX_KEY_TYPE type, *ecx_new = ossl_prov_get_keymgmt_new(x448_keymgmt_functions); *ecx_free = ossl_prov_get_keymgmt_free(x448_keymgmt_functions); *ecx_import = ossl_prov_get_keymgmt_import(x448_keymgmt_functions); + } else if (type == ECX_KEY_TYPE_ED25519) { + *ecx_new = ossl_prov_get_keymgmt_new(ed25519_keymgmt_functions); + *ecx_free = ossl_prov_get_keymgmt_free(ed25519_keymgmt_functions); + *ecx_import = ossl_prov_get_keymgmt_import(ed25519_keymgmt_functions); + } else if (type == ECX_KEY_TYPE_ED448) { + *ecx_new = ossl_prov_get_keymgmt_new(ed448_keymgmt_functions); + *ecx_free = ossl_prov_get_keymgmt_free(ed448_keymgmt_functions); + *ecx_import = ossl_prov_get_keymgmt_import(ed448_keymgmt_functions); } else { *ecx_new = NULL; *ecx_free = NULL; @@ -40,23 +48,35 @@ int ossl_prov_print_ecx(BIO *out, ECX_KEY *ecxkey, enum ecx_print_type type) switch (type) { case ecx_print_priv: - switch (ecxkey->keylen) { - case X25519_KEYLEN: + switch (ecxkey->type) { + case ECX_KEY_TYPE_X25519: type_label = "X25519 Private-Key"; break; - case X448_KEYLEN: + case ECX_KEY_TYPE_X448: type_label = "X448 Private-Key"; break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519 Private-Key"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448 Private-Key"; + break; } break; case ecx_print_pub: - switch (ecxkey->keylen) { - case X25519_KEYLEN: + switch (ecxkey->type) { + case ECX_KEY_TYPE_X25519: type_label = "X25519 Public-Key"; break; - case X448_KEYLEN: + case ECX_KEY_TYPE_X448: type_label = "X448 Public-Key"; break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519 Public-Key"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448 Public-Key"; + break; } break; } diff --git a/providers/implementations/serializers/serializer_ecx_priv.c b/providers/implementations/serializers/serializer_ecx_priv.c index 64dc594624..c746109424 100644 --- a/providers/implementations/serializers/serializer_ecx_priv.c +++ b/providers/implementations/serializers/serializer_ecx_priv.c @@ -13,12 +13,15 @@ #include <openssl/pem.h> #include <openssl/types.h> #include <openssl/params.h> +#include "crypto/ecx.h" #include "prov/bio.h" #include "prov/implementations.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn x25519_priv_newctx; static OSSL_OP_serializer_newctx_fn x448_priv_newctx; +static OSSL_OP_serializer_newctx_fn ed25519_priv_newctx; +static OSSL_OP_serializer_newctx_fn ed448_priv_newctx; static OSSL_OP_serializer_freectx_fn ecx_priv_freectx; static OSSL_OP_serializer_set_ctx_params_fn ecx_priv_set_ctx_params; static OSSL_OP_serializer_settable_ctx_params_fn ecx_priv_settable_ctx_params; @@ -65,6 +68,16 @@ static void *x448_priv_newctx(void *provctx) return ecx_priv_newctx(provctx, ECX_KEY_TYPE_X448); } +static void *ed25519_priv_newctx(void *provctx) +{ + return ecx_priv_newctx(provctx, ECX_KEY_TYPE_ED25519); +} + +static void *ed448_priv_newctx(void *provctx) +{ + return ecx_priv_newctx(provctx, ECX_KEY_TYPE_ED448); +} + static void ecx_priv_freectx(void *vctx) { struct ecx_priv_ctx_st *ctx = vctx; @@ -150,14 +163,13 @@ static int ecx_priv_der(void *vctx, void *vecxkey, BIO *out, struct ecx_priv_ctx_st *ctx = vctx; ECX_KEY *ecxkey = vecxkey; int ret; - int type = (ctx->type == ECX_KEY_TYPE_X25519) ? EVP_PKEY_X25519 - : EVP_PKEY_X448; + int nid = KEYTYPE2NID(ctx->type); ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; ret = ossl_prov_write_priv_der_from_obj(out, ecxkey, - type, + nid, NULL, ossl_prov_ecx_priv_to_der, &ctx->sc); @@ -194,14 +206,13 @@ static int ecx_priv_pem(void *vctx, void *ecxkey, BIO *out, { struct ecx_priv_ctx_st *ctx = vctx; int ret; - int type = (ctx->type == ECX_KEY_TYPE_X25519) ? EVP_PKEY_X25519 - : EVP_PKEY_X448; + int nid = KEYTYPE2NID(ctx->type); ctx->sc.cb = cb; ctx->sc.cbarg = cbarg; ret = ossl_prov_write_priv_pem_from_obj(out, ecxkey, - type, + nid, NULL, ossl_prov_ecx_priv_to_der, &ctx->sc); @@ -268,3 +279,5 @@ static int ecx_priv_print(void *ctx, void *ecxkey, BIO *out, MAKE_SERIALIZER_FUNCTIONS_GROUP(x25519) MAKE_SERIALIZER_FUNCTIONS_GROUP(x448) +MAKE_SERIALIZER_FUNCTIONS_GROUP(ed25519) +MAKE_SERIALIZER_FUNCTIONS_GROUP(ed448) diff --git a/providers/implementations/serializers/serializer_ecx_pub.c b/providers/implementations/serializers/serializer_ecx_pub.c index 384d75e6b3..cd09cd6abb 100644 --- a/providers/implementations/serializers/serializer_ecx_pub.c +++ b/providers/implementations/serializers/serializer_ecx_pub.c @@ -12,12 +12,15 @@ #include <openssl/pem.h> #include <openssl/types.h> #include <openssl/params.h> +#include "crypto/ecx.h" #include "prov/bio.h" #include "prov/implementations.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn x25519_pub_newctx; static OSSL_OP_serializer_newctx_fn x448_pub_newctx; +static OSSL_OP_serializer_newctx_fn ed25519_pub_newctx; +static OSSL_OP_serializer_newctx_fn ed448_pub_newctx; static OSSL_OP_serializer_freectx_fn ecx_pub_freectx; static OSSL_OP_serializer_serialize_data_fn ecx_pub_der_data; static OSSL_OP_serializer_serialize_object_fn ecx_pub_der; @@ -57,6 +60,16 @@ static void *x448_pub_newctx(void *provctx) return ecx_pub_newctx(provctx, ECX_KEY_TYPE_X448); } +static void *ed25519_pub_newctx(void *provctx) +{ + return ecx_pub_newctx(provctx, ECX_KEY_TYPE_ED25519); +} + +static void *ed448_pub_newctx(void *provctx) +{ + return ecx_pub_newctx(provctx, ECX_KEY_TYPE_ED448); +} + static void ecx_pub_freectx(void *ctx) { OPENSSL_free(ctx); @@ -92,8 +105,7 @@ static int ecx_pub_der(void *vctx, void *ecxkey, BIO *out, struct ecx_pub_ctx_st *ctx = vctx; return ossl_prov_write_pub_der_from_obj(out, ecxkey, - ctx->type == ECX_KEY_TYPE_X25519 - ? EVP_PKEY_X25519 : EVP_PKEY_X448, + KEYTYPE2NID(ctx->type), NULL, ossl_prov_ecx_pub_to_der); } @@ -128,8 +140,7 @@ static int ecx_pub_pem(void *vctx, void *ecxkey, BIO *out, struct ecx_pub_ctx_st *ctx = vctx; return ossl_prov_write_pub_pem_from_obj(out, ecxkey, - ctx->type == ECX_KEY_TYPE_X25519 - ? EVP_PKEY_X25519 : EVP_PKEY_X448, + KEYTYPE2NID(ctx->type), NULL, ossl_prov_ecx_pub_to_der); @@ -182,3 +193,5 @@ static int ecx_pub_print(void *ctx, void *ecxkey, BIO *out, MAKE_SERIALIZER_FUNCTIONS_GROUP(x25519) MAKE_SERIALIZER_FUNCTIONS_GROUP(x448) +MAKE_SERIALIZER_FUNCTIONS_GROUP(ed25519) +MAKE_SERIALIZER_FUNCTIONS_GROUP(ed448) diff --git a/providers/implementations/serializers/serializer_local.h b/providers/implementations/serializers/serializer_local.h index 3125dc8f74..b1c36a2221 100644 --- a/providers/implementations/serializers/serializer_local.h +++ b/providers/implementations/serializers/serializer_local.h @@ -31,11 +31,6 @@ struct pkcs8_encrypt_ctx_st { void *cbarg; }; -typedef enum { - ECX_KEY_TYPE_X25519, - ECX_KEY_TYPE_X448 -} ECX_KEY_TYPE; - OSSL_OP_keymgmt_new_fn *ossl_prov_get_keymgmt_new(const OSSL_DISPATCH *fns); OSSL_OP_keymgmt_free_fn *ossl_prov_get_keymgmt_free(const OSSL_DISPATCH *fns); OSSL_OP_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns); @@ -64,12 +59,14 @@ int ossl_prov_prepare_dh_params(const void *dh, int nid, int ossl_prov_dh_pub_to_der(const void *dh, unsigned char **pder); int ossl_prov_dh_priv_to_der(const void *dh, unsigned char **pder); +#ifndef OPENSSL_NO_EC void ecx_get_new_free_import(ECX_KEY_TYPE type, OSSL_OP_keymgmt_new_fn **ecx_new, OSSL_OP_keymgmt_free_fn **ecx_free, OSSL_OP_keymgmt_import_fn **ecx_import); int ossl_prov_ecx_pub_to_der(const void *ecxkey, unsigned char **pder); int ossl_prov_ecx_priv_to_der(const void *ecxkey, unsigned char **pder); +#endif int ossl_prov_prepare_dsa_params(const void *dsa, int nid, void **pstr, int *pstrtype); |