Add custom ASN.1 sign and verify
authorDr. Stephen Henson <steve@openssl.org>
Fri, 7 Apr 2017 00:17:40 +0000 (01:17 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 30 May 2017 19:38:20 +0000 (20:38 +0100)
Since ED25519 doesn't have an associated digest it needs custom sign/verify
routines to handle ASN.1 signatures.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)

crypto/ec/ecx_meth.c

index dbd53e00a7108176efb9938caf4a799cfcd0d099..b9046b3b87247d8fb899895088d7409a47b09522 100644 (file)
@@ -339,6 +339,38 @@ static int ecd_size(const EVP_PKEY *pkey)
     return ED25519_SIGSIZE;
 }
 
+static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *str,
+                           EVP_PKEY *pkey)
+{
+    const ASN1_OBJECT *obj;
+    int ptype;
+
+    X509_ALGOR_get0(&obj, &ptype, NULL, sigalg);
+    /* Sanity check: make sure it is ED25519 with absent parameters */
+    if (OBJ_obj2nid(obj) != NID_ED25519 || ptype != V_ASN1_UNDEF) {
+        ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+        return 0;
+
+    return 2;
+}
+
+static int ecd_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                         X509_ALGOR *alg1, X509_ALGOR *alg2,
+                         ASN1_BIT_STRING *str)
+{
+    /* Set algorithms identifiers */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    if (alg2)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    /* Algorithm idetifiers set: carry on as normal */
+    return 3;
+}
+
 const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
     NID_ED25519,
     NID_ED25519,
@@ -366,7 +398,9 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
     ecx_free,
     0,
     NULL,
-    NULL
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign
 };
 
 static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)