wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ed25519 Certificates

Browse Source
This commit is contained in:
Sean Parkinson
2017-05-25 09:04:05 +10:00
parent 1be0b2aa30
commit 4beda52dcd
6 changed files with 783 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

839
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

29
wolfcrypt/src/ed25519.c
View File

@@ -210,7 +210,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
res will be 1 on successful verify and 0 on unsuccessful res will be 1 on successful verify and 0 on unsuccessful
return 0 and res of 1 on success return 0 and res of 1 on success
*/ */
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, int wc_ed25519_verify_msg(const byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* res, ed25519_key* key) word32 msglen, int* res, ed25519_key* key)
{ {
byte rcheck[ED25519_KEY_SIZE]; byte rcheck[ED25519_KEY_SIZE];
@@ -407,6 +407,25 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
} }
/*
For importing a private key.
*/
int wc_ed25519_import_private_only(const byte* priv, word32 privSz,
ed25519_key* key)
{
/* sanity check on arguments */
if (priv == NULL || key == NULL)
return BAD_FUNC_ARG;
/* key size check */
if (privSz < ED25519_KEY_SIZE)
return BAD_FUNC_ARG;
XMEMCPY(key->k, priv, ED25519_KEY_SIZE);
return 0;
}
/* /*
For importing a private key and its associated public key. For importing a private key and its associated public key.
*/ */
@@ -508,6 +527,14 @@ int wc_ed25519_export_key(ed25519_key* key,
#endif /* HAVE_ED25519_KEY_EXPORT */ #endif /* HAVE_ED25519_KEY_EXPORT */
/* check the private and public keys match */
int wc_ed25519_check_key(ed25519_key* key)
{
/* TODO: Perform check of private and public key */
(void)key;
return 0;
}
/* returns the private key size (secret only) in bytes */ /* returns the private key size (secret only) in bytes */
int wc_ed25519_size(ed25519_key* key) int wc_ed25519_size(ed25519_key* key)

19
wolfssl/wolfcrypt/asn.h
View File

@@ -239,10 +239,11 @@ enum Block_Sum {
enum Key_Sum { enum Key_Sum {
DSAk = 515, DSAk = 515,
RSAk = 645, RSAk = 645,
NTRUk = 274, NTRUk = 274,
ECDSAk = 518 ECDSAk = 518,
ED25519k = 256
}; };
@@ -434,10 +435,13 @@ struct SignatureCtx {
#endif #endif
union { union {
#ifndef NO_RSA #ifndef NO_RSA
struct RsaKey* rsa; struct RsaKey* rsa;
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
struct ecc_key* ecc; struct ecc_key* ecc;
#endif
#ifdef HAVE_ED25519
struct ed25519_key* ed25519;
#endif #endif
void* ptr; void* ptr;
} key; } key;
@@ -814,7 +818,8 @@ enum cert_enums {
EMAIL_JOINT_LEN = 9, EMAIL_JOINT_LEN = 9,
RSA_KEY = 10, RSA_KEY = 10,
NTRU_KEY = 11, NTRU_KEY = 11,
ECC_KEY = 12 ECC_KEY = 12,
ED25519_KEY = 13
}; };
#ifndef WOLFSSL_PEMCERT_TODER_DEFINED #ifndef WOLFSSL_PEMCERT_TODER_DEFINED

43
wolfssl/wolfcrypt/asn_public.h
View File

@@ -35,6 +35,10 @@
typedef struct ecc_key ecc_key; typedef struct ecc_key ecc_key;
#define WC_ECCKEY_TYPE_DEFINED #define WC_ECCKEY_TYPE_DEFINED
#endif #endif
#ifndef WC_ED25519KEY_TYPE_DEFINED
typedef struct ed25519_key ed25519_key;
#define WC_ED25519KEY_TYPE_DEFINED
#endif
#ifndef WC_RSAKEY_TYPE_DEFINED #ifndef WC_RSAKEY_TYPE_DEFINED
typedef struct RsaKey RsaKey; typedef struct RsaKey RsaKey;
#define WC_RSAKEY_TYPE_DEFINED #define WC_RSAKEY_TYPE_DEFINED
@@ -61,7 +65,8 @@ enum CertType {
PUBLICKEY_TYPE, PUBLICKEY_TYPE,
RSA_PUBLICKEY_TYPE, RSA_PUBLICKEY_TYPE,
ECC_PUBLICKEY_TYPE, ECC_PUBLICKEY_TYPE,
TRUSTED_PEER_TYPE TRUSTED_PEER_TYPE,
ED25519_TYPE
}; };
@@ -79,7 +84,8 @@ enum Ctc_SigType {
CTC_SHA384wRSA = 656, CTC_SHA384wRSA = 656,
CTC_SHA384wECDSA = 525, CTC_SHA384wECDSA = 525,
CTC_SHA512wRSA = 657, CTC_SHA512wRSA = 657,
CTC_SHA512wECDSA = 526 CTC_SHA512wECDSA = 526,
CTC_ED25519 = 256
}; };
enum Ctc_Encoding { enum Ctc_Encoding {
@@ -174,14 +180,21 @@ typedef struct Cert {
keyType = RSA_KEY (default) keyType = RSA_KEY (default)
*/ */
WOLFSSL_API void wc_InitCert(Cert*); WOLFSSL_API void wc_InitCert(Cert*);
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
int keyType, void* key, WC_RNG* rng);
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
ecc_key*, WC_RNG*); ecc_key*, WC_RNG*);
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
int, void*);
WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
RsaKey*, ecc_key*); RsaKey*, ecc_key*);
#endif #endif
WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
word32 buffSz, int keyType, void* key,
WC_RNG* rng);
WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
word32 derSz, RsaKey*, ecc_key*, WC_RNG*); word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
WC_RNG*); WC_RNG*);
WOLFSSL_API int wc_SetIssuer(Cert*, const char*); WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
@@ -195,10 +208,14 @@ WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType,
void* key);
WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
ecc_key *eckey); ecc_key *eckey);
WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType,
void* key);
WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
ecc_key *eckey); ecc_key *eckey);
WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
@@ -267,6 +284,24 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
#endif #endif
#endif #endif
#ifdef HAVE_ED25519
/* private key helpers */
WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*,
ed25519_key*, word32);
WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output,
word32 inLen);
/* public key helper */
WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*,
ed25519_key*, word32);
#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output,
word32 inLen, int with_AlgCurve);
#endif
#endif
/* DER encode signature */ /* DER encode signature */
WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
word32 digSz, int hashOID); word32 digSz, int hashOID);

17
wolfssl/wolfcrypt/ed25519.h
View File

@@ -54,8 +54,14 @@
/* both private and public key */ /* both private and public key */
#define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE) #define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE)
#ifndef WC_ED25519KEY_TYPE_DEFINED
typedef struct ed25519_key ed25519_key;
#define WC_ED25519KEY_TYPE_DEFINED
#endif
/* An ED25519 Key */ /* An ED25519 Key */
typedef struct { struct ed25519_key {
byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */ byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */ byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */
#ifdef FREESCALE_LTC_ECC #ifdef FREESCALE_LTC_ECC
@@ -63,7 +69,7 @@ typedef struct {
byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */ byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
#endif #endif
} ed25519_key; };
WOLFSSL_API WOLFSSL_API
@@ -72,7 +78,7 @@ WOLFSSL_API
int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
word32 *outlen, ed25519_key* key); word32 *outlen, ed25519_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, int wc_ed25519_verify_msg(const byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* stat, ed25519_key* key); word32 msglen, int* stat, ed25519_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ed25519_init(ed25519_key* key); int wc_ed25519_init(ed25519_key* key);
@@ -81,6 +87,9 @@ void wc_ed25519_free(ed25519_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
WOLFSSL_API WOLFSSL_API
int wc_ed25519_import_private_only(const byte* priv, word32 privSz,
ed25519_key* key);
WOLFSSL_API
int wc_ed25519_import_private_key(const byte* priv, word32 privSz, int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, ed25519_key* key); const byte* pub, word32 pubSz, ed25519_key* key);
WOLFSSL_API WOLFSSL_API
@@ -94,6 +103,8 @@ int wc_ed25519_export_key(ed25519_key* key,
byte* priv, word32 *privSz, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz); byte* pub, word32 *pubSz);
int wc_ed25519_check_key(ed25519_key* key);
/* size helper */ /* size helper */
WOLFSSL_API WOLFSSL_API
int wc_ed25519_size(ed25519_key* key); int wc_ed25519_size(ed25519_key* key);

1
wolfssl/wolfcrypt/types.h
View File

@@ -416,6 +416,7 @@
DYNAMIC_TYPE_ASYNC_NUMA = 67, DYNAMIC_TYPE_ASYNC_NUMA = 67,
DYNAMIC_TYPE_ASYNC_NUMA64 = 68, DYNAMIC_TYPE_ASYNC_NUMA64 = 68,
DYNAMIC_TYPE_CURVE25519 = 69, DYNAMIC_TYPE_CURVE25519 = 69,
DYNAMIC_TYPE_ED25519 = 70,
}; };
/* max error buffer string size */ /* max error buffer string size */