-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X25519 improvements 2 in PKCS11-tool, PKCS15 routines and tools and openpgp #3090
base: master
Are you sure you want to change the base?
Changes from 1 commit
dcc7346
c060f7d
d85b52c
43d58d4
a633845
584e7cc
2a63099
f8ce754
f83208b
556c0cc
e8bbf37
732eda2
c9e1de3
a1c1fb6
ad86f56
61df246
b428eb0
5fe507f
1c8bff8
82b7213
80effc1
fba9f26
3042e6b
491977c
70d2496
1493774
7e84589
a4543d4
58ccef4
a4265fd
e0800ed
4d454fc
19b56b3
7f5931e
2dfbe4d
95696f0
57c1f6f
a45ab3e
064b805
30ec795
8ef8507
64a7100
2009bfc
fc7c6d2
818d26a
be1e3d9
17834c5
97a8d3a
9c7c398
9b1d102
951567b
8f55e45
d8546f2
8550203
bb099fb
5df6fc8
3215bcf
4856c56
42b82bf
d0da85d
1f2ada9
3fa1d48
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-prkey.c modified: libopensc/pkcs15-pubkey.c
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -542,13 +542,6 @@ static struct sc_asn1_entry c_asn1_ec_pointQ[C_ASN1_EC_POINTQ_SIZE] = { | |
{ NULL, 0, 0, 0, NULL, NULL } | ||
}; | ||
|
||
#define C_ASN1_EDDSA_PUBKEY_SIZE 2 | ||
static struct sc_asn1_entry c_asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE] = { | ||
{ "pubkey", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_ALLOC, NULL, NULL }, | ||
{ NULL, 0, 0, 0, NULL, NULL } | ||
}; | ||
|
||
|
||
int | ||
sc_pkcs15_decode_pubkey_rsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_rsa *key, | ||
const u8 *buf, size_t buflen) | ||
|
@@ -690,47 +683,27 @@ sc_pkcs15_encode_pubkey_ec(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key, | |
} | ||
|
||
/* | ||
* EdDSA keys are just byte strings. For now only | ||
* for Ed25519 keys 32B length are supported | ||
all "ec" keys uses same pubkey format, keep this external entrypoint | ||
* keys are just byte strings. | ||
*/ | ||
int | ||
sc_pkcs15_decode_pubkey_eddsa(sc_context_t *ctx, | ||
struct sc_pkcs15_pubkey_eddsa *key, | ||
struct sc_pkcs15_pubkey_ec *key, | ||
const u8 *buf, size_t buflen) | ||
{ | ||
int r; | ||
u8 * pubkey = NULL; | ||
size_t pubkey_len; | ||
struct sc_asn1_entry asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE]; | ||
|
||
LOG_FUNC_CALLED(ctx); | ||
sc_copy_asn1_entry(c_asn1_eddsa_pubkey, asn1_eddsa_pubkey); | ||
sc_format_asn1_entry(asn1_eddsa_pubkey + 0, &pubkey, &pubkey_len, 1); | ||
r = sc_asn1_decode(ctx, asn1_eddsa_pubkey, buf, buflen, NULL, NULL); | ||
if (r < 0) | ||
LOG_TEST_RET(ctx, r, "ASN.1 decoding failed"); | ||
|
||
key->pubkey.len = pubkey_len; | ||
key->pubkey.value = pubkey; | ||
|
||
LOG_FUNC_RETURN(ctx, SC_SUCCESS); | ||
return sc_pkcs15_decode_pubkey_ec(ctx, key, buf, buflen); | ||
} | ||
|
||
/* | ||
* all "ec" keys uses same pubkey format, keep this external entrypoint | ||
*/ | ||
int | ||
sc_pkcs15_encode_pubkey_eddsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_eddsa *key, | ||
sc_pkcs15_encode_pubkey_eddsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key, | ||
u8 **buf, size_t *buflen) | ||
{ | ||
struct sc_asn1_entry asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE]; | ||
|
||
LOG_FUNC_CALLED(ctx); | ||
sc_copy_asn1_entry(c_asn1_eddsa_pubkey, asn1_eddsa_pubkey); | ||
sc_format_asn1_entry(asn1_eddsa_pubkey + 0, key->pubkey.value, &key->pubkey.len, 1); | ||
|
||
LOG_FUNC_RETURN(ctx, | ||
sc_asn1_encode(ctx, asn1_eddsa_pubkey, buf, buflen)); | ||
return sc_pkcs15_encode_pubkey_ec(ctx, key, buf, buflen); | ||
} | ||
|
||
|
||
int | ||
sc_pkcs15_encode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key, | ||
u8 **buf, size_t *len) | ||
|
@@ -739,11 +712,8 @@ sc_pkcs15_encode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key, | |
return sc_pkcs15_encode_pubkey_rsa(ctx, &key->u.rsa, buf, len); | ||
if (key->algorithm == SC_ALGORITHM_GOSTR3410) | ||
return sc_pkcs15_encode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len); | ||
if (key->algorithm == SC_ALGORITHM_EC) | ||
if (key->algorithm == SC_ALGORITHM_EC || key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA) | ||
return sc_pkcs15_encode_pubkey_ec(ctx, &key->u.ec, buf, len); | ||
if (key->algorithm == SC_ALGORITHM_EDDSA || | ||
key->algorithm == SC_ALGORITHM_XEDDSA) /* XXX encoding is the same here */ | ||
return sc_pkcs15_encode_pubkey_eddsa(ctx, &key->u.eddsa, buf, len); | ||
|
||
sc_log(ctx, "Encoding of public key type %lu not supported", key->algorithm); | ||
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); | ||
|
@@ -789,6 +759,8 @@ sc_pkcs15_encode_pubkey_as_spki(sc_context_t *ctx, struct sc_pkcs15_pubkey *pubk | |
|
||
switch (pubkey->algorithm) { | ||
case SC_ALGORITHM_EC: | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
/* | ||
* most keys, but not EC have only one encoding. | ||
* For a SPKI, the ecpoint is placed directly in the | ||
|
@@ -826,14 +798,6 @@ sc_pkcs15_encode_pubkey_as_spki(sc_context_t *ctx, struct sc_pkcs15_pubkey *pubk | |
r = sc_pkcs15_encode_pubkey(ctx, pubkey, &pkey.value, &pkey.len); | ||
key_len = pkey.len * 8; | ||
break; | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
/* For a SPKI, the pubkey is placed directly in the BIT STRING */ | ||
pkey.value = malloc(pubkey->u.eddsa.pubkey.len); | ||
memcpy(pkey.value, pubkey->u.eddsa.pubkey.value, pubkey->u.eddsa.pubkey.len); | ||
// Should be pkey.len = 0 there? | ||
key_len = pubkey->u.eddsa.pubkey.len * 8; | ||
break; | ||
default: | ||
r = sc_pkcs15_encode_pubkey(ctx, pubkey, &pkey.value, &pkey.len); | ||
key_len = pkey.len * 8; | ||
|
@@ -865,11 +829,8 @@ sc_pkcs15_decode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key, | |
return sc_pkcs15_decode_pubkey_rsa(ctx, &key->u.rsa, buf, len); | ||
if (key->algorithm == SC_ALGORITHM_GOSTR3410) | ||
return sc_pkcs15_decode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len); | ||
if (key->algorithm == SC_ALGORITHM_EC) | ||
if (key->algorithm == SC_ALGORITHM_EC || key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA) | ||
return sc_pkcs15_decode_pubkey_ec(ctx, &key->u.ec, buf, len); | ||
if (key->algorithm == SC_ALGORITHM_EDDSA || | ||
key->algorithm == SC_ALGORITHM_XEDDSA) | ||
return sc_pkcs15_decode_pubkey_eddsa(ctx, &key->u.eddsa, buf, len); | ||
|
||
sc_log(ctx, "Decoding of public key type %lu not supported", key->algorithm); | ||
return SC_ERROR_NOT_SUPPORTED; | ||
|
@@ -1030,29 +991,20 @@ sc_pkcs15_pubkey_from_prvkey(struct sc_context *ctx, struct sc_pkcs15_prkey *prv | |
case SC_ALGORITHM_GOSTR3410: | ||
break; | ||
case SC_ALGORITHM_EC: | ||
pubkey->u.ec.ecpointQ.value = malloc(prvkey->u.ec.ecpointQ.len); | ||
if (!pubkey->u.ec.ecpointQ.value) { | ||
sc_pkcs15_free_pubkey(pubkey); | ||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); | ||
} | ||
memcpy(pubkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.len); | ||
pubkey->u.ec.ecpointQ.len = prvkey->u.ec.ecpointQ.len; | ||
break; | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
/* Copy pubkey */ | ||
if (prvkey->u.eddsa.pubkey.value == NULL || prvkey->u.eddsa.pubkey.len <= 0) { | ||
if (prvkey->u.ec.ecpointQ.value == NULL || prvkey->u.ec.ecpointQ.len <= 0) { | ||
sc_pkcs15_free_pubkey(pubkey); | ||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); | ||
} | ||
pubkey->u.eddsa.pubkey.value = malloc(prvkey->u.eddsa.pubkey.len); | ||
if (!pubkey->u.eddsa.pubkey.value) { | ||
pubkey->u.ec.ecpointQ.value = malloc(prvkey->u.ec.ecpointQ.len); | ||
if (!pubkey->u.ec.ecpointQ.value) { | ||
sc_pkcs15_free_pubkey(pubkey); | ||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); | ||
} | ||
memcpy(pubkey->u.eddsa.pubkey.value, prvkey->u.eddsa.pubkey.value, prvkey->u.eddsa.pubkey.len); | ||
pubkey->u.eddsa.pubkey.len = prvkey->u.eddsa.pubkey.len; | ||
|
||
memcpy(pubkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.len); | ||
pubkey->u.ec.ecpointQ.len = prvkey->u.ec.ecpointQ.len; | ||
break; | ||
default: | ||
sc_log(ctx, "Unsupported private key algorithm"); | ||
|
@@ -1111,6 +1063,8 @@ sc_pkcs15_dup_pubkey(struct sc_context *ctx, struct sc_pkcs15_pubkey *key, struc | |
case SC_ALGORITHM_GOSTR3410: | ||
break; | ||
case SC_ALGORITHM_EC: | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
pubkey->u.ec.ecpointQ.value = malloc(key->u.ec.ecpointQ.len); | ||
if (!pubkey->u.ec.ecpointQ.value) { | ||
rv = SC_ERROR_OUT_OF_MEMORY; | ||
|
@@ -1137,18 +1091,6 @@ sc_pkcs15_dup_pubkey(struct sc_context *ctx, struct sc_pkcs15_pubkey *key, struc | |
rv = SC_ERROR_NOT_SUPPORTED; | ||
} | ||
|
||
break; | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
/* Copy pubkey */ | ||
pubkey->u.eddsa.pubkey.value = malloc(key->u.eddsa.pubkey.len); | ||
if (!pubkey->u.eddsa.pubkey.value) { | ||
rv = SC_ERROR_OUT_OF_MEMORY; | ||
break; | ||
} | ||
memcpy(pubkey->u.eddsa.pubkey.value, key->u.eddsa.pubkey.value, key->u.eddsa.pubkey.len); | ||
pubkey->u.eddsa.pubkey.len = key->u.eddsa.pubkey.len; | ||
|
||
break; | ||
default: | ||
sc_log(ctx, "Unsupported private key algorithm"); | ||
|
@@ -1187,19 +1129,15 @@ sc_pkcs15_erase_pubkey(struct sc_pkcs15_pubkey *key) | |
free(key->u.gostr3410.xy.data); | ||
break; | ||
case SC_ALGORITHM_EC: | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
if (key->u.ec.params.der.value) | ||
free(key->u.ec.params.der.value); | ||
if (key->u.ec.params.named_curve) | ||
free(key->u.ec.params.named_curve); | ||
if (key->u.ec.ecpointQ.value) | ||
free(key->u.ec.ecpointQ.value); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. needless if(x) free(x). Please remove the needless There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just following the coding style in the routine which does the same for RSA, GOST and EC.
I can remove all the needless There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes please. This was common antipatern in the past and in a lot of places, probably making people feel safer, but there is not a single case when this would be useful for anything |
||
break; | ||
case SC_ALGORITHM_EDDSA: | ||
case SC_ALGORITHM_XEDDSA: | ||
free(key->u.eddsa.pubkey.value); | ||
key->u.eddsa.pubkey.value = NULL; | ||
key->u.eddsa.pubkey.len = 0; | ||
break; | ||
} | ||
sc_mem_clear(key, sizeof(*key)); | ||
} | ||
|
@@ -1402,9 +1340,9 @@ sc_pkcs15_pubkey_from_spki_fields(struct sc_context *ctx, struct sc_pkcs15_pubke | |
} else if (pk_alg.algorithm == SC_ALGORITHM_EDDSA || | ||
pk_alg.algorithm == SC_ALGORITHM_XEDDSA) { | ||
/* EDDSA/XEDDSA public key is not encapsulated into BIT STRING -- it's a BIT STRING */ | ||
pubkey->u.eddsa.pubkey.value = malloc(pk.len); | ||
memcpy(pubkey->u.eddsa.pubkey.value, pk.value, pk.len); | ||
pubkey->u.eddsa.pubkey.len = pk.len; | ||
pubkey->u.ec.ecpointQ.value = malloc(pk.len); | ||
memcpy(pubkey->u.ec.ecpointQ.value, pk.value, pk.len); | ||
pubkey->u.ec.ecpointQ.len = pk.len; | ||
} else { | ||
/* Public key is expected to be encapsulated into BIT STRING */ | ||
r = sc_pkcs15_decode_pubkey(ctx, pubkey, pk.value, pk.len); | ||
|
@@ -1511,11 +1449,14 @@ static struct ec_curve_info { | |
|
||
{"ed25519", "1.3.6.1.4.1.11591.15.1", "06092B06010401DA470F01", 255}, | ||
{"curve25519", "1.3.6.1.4.1.3029.1.5.1", "060A2B060104019755010501", 255}, | ||
{"Ed25519", "1.3.101.112", "06032b6570", 255}, | ||
{"X25519", "1.3.101.110", "06032b656e", 255}, | ||
|
||
{NULL, NULL, NULL, 0}, /* Do not touch this */ | ||
}; | ||
|
||
|
||
/* TODO DEE add changes for mapping */ | ||
int | ||
sc_pkcs15_fix_ec_parameters(struct sc_context *ctx, struct sc_ec_parameters *ecparams) | ||
{ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please put this comment into a new line