X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fec%2Fecx_meth.c;h=4f7cfec728c33f5c1112ade371b5726eb3e32103;hp=dbd53e00a7108176efb9938caf4a799cfcd0d099;hb=205fd6388175704bd7597dbfb571c84f868ce6da;hpb=42a3008aa406429394ff2ae03114d0ac47214e0a diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index dbd53e00a7..4f7cfec728 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -78,7 +78,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg, OPENSSL_free(xkey); return 0; } - if (id == NID_X25519) { + if (id == EVP_PKEY_X25519) { xkey->privkey[0] &= 248; xkey->privkey[31] &= 127; xkey->privkey[31] |= 64; @@ -86,7 +86,7 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg, } else { memcpy(xkey->privkey, p, X25519_KEYLEN); } - if (id == NID_X25519) + if (id == EVP_PKEY_X25519) X25519_public_from_private(xkey->pubkey, xkey->privkey); else ED25519_public_from_private(xkey->pubkey, xkey->privkey); @@ -220,7 +220,7 @@ static void ecx_free(EVP_PKEY *pkey) X25519_KEY *xkey = pkey->pkey.ptr; if (xkey) - OPENSSL_secure_free(xkey->privkey); + OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN); OPENSSL_free(xkey); } @@ -282,7 +282,8 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return ecx_key_op(pkey, NID_X25519, NULL, arg2, arg1, X25519_PUBLIC); + return ecx_key_op(pkey, EVP_PKEY_X25519, NULL, arg2, arg1, + X25519_PUBLIC); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: if (pkey->pkey.ptr != NULL) { @@ -305,8 +306,8 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { - NID_X25519, - NID_X25519, + EVP_PKEY_X25519, + EVP_PKEY_X25519, 0, "X25519", "OpenSSL X25519 algorithm", @@ -339,9 +340,49 @@ static int ecd_size(const EVP_PKEY *pkey) return ED25519_SIGSIZE; } +static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *sigalg, ASN1_BIT_STRING *str, + EVP_PKEY *pkey) +{ + const ASN1_OBJECT *obj; + int ptype; + + X509_ALGOR_get0(&obj, &ptype, NULL, sigalg); + /* Sanity check: make sure it is ED25519 with absent parameters */ + if (OBJ_obj2nid(obj) != NID_ED25519 || ptype != V_ASN1_UNDEF) { + ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING); + return 0; + } + + if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey)) + return 0; + + return 2; +} + +static int ecd_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *str) +{ + /* Set algorithms identifiers */ + X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); + if (alg2) + X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); + /* Algorithm idetifiers set: carry on as normal */ + return 3; +} + +static int ecd_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig) +{ + X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS, + X509_SIG_INFO_TLS); + return 1; +} + const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { - NID_ED25519, - NID_ED25519, + EVP_PKEY_ED25519, + EVP_PKEY_ED25519, 0, "ED25519", "OpenSSL ED25519 algorithm", @@ -366,7 +407,10 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { ecx_free, 0, NULL, - NULL + NULL, + ecd_item_verify, + ecd_item_sign, + ecd_sig_info_set }; static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) @@ -408,7 +452,7 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } const EVP_PKEY_METHOD ecx25519_pkey_meth = { - NID_X25519, + EVP_PKEY_X25519, 0, 0, 0, 0, 0, 0, 0, pkey_ecx_keygen, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -467,7 +511,7 @@ static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } const EVP_PKEY_METHOD ed25519_pkey_meth = { - NID_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, + EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 0, 0, 0, 0, 0, 0, pkey_ecx_keygen, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,