Annotation of embedaddon/strongswan/src/libstrongswan/plugins/curve25519/curve25519_public_key.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2018 Tobias Brunner
! 3: * Copyright (C) 2016 Andreas Steffen
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #include "curve25519_public_key.h"
! 18: #include "ref10/ref10.h"
! 19:
! 20: #include <asn1/asn1.h>
! 21: #include <asn1/asn1_parser.h>
! 22: #include <asn1/oid.h>
! 23:
! 24: typedef struct private_curve25519_public_key_t private_curve25519_public_key_t;
! 25:
! 26: /**
! 27: * Private data structure with signing context.
! 28: */
! 29: struct private_curve25519_public_key_t {
! 30: /**
! 31: * Public interface for this signer.
! 32: */
! 33: curve25519_public_key_t public;
! 34:
! 35: /**
! 36: * Ed25519 public key
! 37: */
! 38: chunk_t pubkey;
! 39:
! 40: /**
! 41: * Reference counter
! 42: */
! 43: refcount_t ref;
! 44: };
! 45:
! 46: METHOD(public_key_t, get_type, key_type_t,
! 47: private_curve25519_public_key_t *this)
! 48: {
! 49: return KEY_ED25519;
! 50: }
! 51:
! 52: /* L = 2^252+27742317777372353535851937790883648493 in little-endian form */
! 53: static chunk_t curve25519_order = chunk_from_chars(
! 54: 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
! 55: 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
! 56: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
! 57: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10);
! 58:
! 59: METHOD(public_key_t, verify, bool,
! 60: private_curve25519_public_key_t *this, signature_scheme_t scheme,
! 61: void *params, chunk_t data, chunk_t signature)
! 62: {
! 63: hasher_t *hasher;
! 64: uint8_t d = 0, k[HASH_SIZE_SHA512], r[32], *sig;
! 65: int i;
! 66: ge_p3 A;
! 67: ge_p2 R;
! 68:
! 69: if (scheme != SIGN_ED25519)
! 70: {
! 71: DBG1(DBG_LIB, "signature scheme %N not supported by Ed25519",
! 72: signature_scheme_names, scheme);
! 73: return FALSE;
! 74: }
! 75:
! 76: if (signature.len != 64)
! 77: {
! 78: DBG1(DBG_LIB, "size of Ed25519 signature is not 64 bytes");
! 79: return FALSE;
! 80: }
! 81: sig = signature.ptr;
! 82:
! 83: if (sig[63] & 0xe0)
! 84: {
! 85: DBG1(DBG_LIB, "the three most significant bits of Ed25519 signature "
! 86: "are not zero");
! 87: return FALSE;
! 88: }
! 89:
! 90: if (ge_frombytes_negate_vartime(&A, this->pubkey.ptr) != 0)
! 91: {
! 92: return FALSE;
! 93: }
! 94:
! 95: /* check for all-zeroes public key */
! 96: for (i = 0; i < 32; i++)
! 97: {
! 98: d |= this->pubkey.ptr[i];
! 99: }
! 100: if (!d)
! 101: {
! 102: return FALSE;
! 103: }
! 104: /* make sure 0 <= s < L, as per RFC 8032, section 5.1.7 to prevent signature
! 105: * malleability. Due to the three-bit check above (forces s < 2^253) there
! 106: * is not that much room, but adding L once works with most signatures */
! 107: for (i = 31; ; i--)
! 108: {
! 109: if (sig[i+32] < curve25519_order.ptr[i])
! 110: {
! 111: break;
! 112: }
! 113: else if (sig[i+32] > curve25519_order.ptr[i] || i == 0)
! 114: {
! 115: return FALSE;
! 116: }
! 117: }
! 118:
! 119: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
! 120: if (!hasher)
! 121: {
! 122: return FALSE;
! 123: }
! 124: if (!hasher->get_hash(hasher, chunk_create(sig, 32), NULL) ||
! 125: !hasher->get_hash(hasher, this->pubkey, NULL) ||
! 126: !hasher->get_hash(hasher, data, k))
! 127: {
! 128: hasher->destroy(hasher);
! 129: return FALSE;
! 130: }
! 131: hasher->destroy(hasher);
! 132:
! 133: sc_reduce(k);
! 134: ge_double_scalarmult_vartime(&R, k, &A, sig + 32);
! 135: ge_tobytes(r, &R);
! 136:
! 137: return memeq_const(sig, r, 32);
! 138: }
! 139:
! 140: METHOD(public_key_t, encrypt_, bool,
! 141: private_curve25519_public_key_t *this, encryption_scheme_t scheme,
! 142: chunk_t plain, chunk_t *crypto)
! 143: {
! 144: DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
! 145: scheme);
! 146: return FALSE;
! 147: }
! 148:
! 149: METHOD(public_key_t, get_keysize, int,
! 150: private_curve25519_public_key_t *this)
! 151: {
! 152: return 8 * ED25519_KEY_LEN;
! 153: }
! 154:
! 155: METHOD(public_key_t, get_encoding, bool,
! 156: private_curve25519_public_key_t *this, cred_encoding_type_t type,
! 157: chunk_t *encoding)
! 158: {
! 159: bool success = TRUE;
! 160:
! 161: *encoding = curve25519_public_key_info_encode(this->pubkey);
! 162:
! 163: if (type != PUBKEY_SPKI_ASN1_DER)
! 164: {
! 165: chunk_t asn1_encoding = *encoding;
! 166:
! 167: success = lib->encoding->encode(lib->encoding, type,
! 168: NULL, encoding, CRED_PART_EDDSA_PUB_ASN1_DER,
! 169: asn1_encoding, CRED_PART_END);
! 170: chunk_clear(&asn1_encoding);
! 171: }
! 172: return success;
! 173: }
! 174:
! 175: METHOD(public_key_t, get_fingerprint, bool,
! 176: private_curve25519_public_key_t *this, cred_encoding_type_t type,
! 177: chunk_t *fp)
! 178: {
! 179: bool success;
! 180:
! 181: if (lib->encoding->get_cache(lib->encoding, type, this, fp))
! 182: {
! 183: return TRUE;
! 184: }
! 185: success = curve25519_public_key_fingerprint(this->pubkey, type, fp);
! 186: if (success)
! 187: {
! 188: lib->encoding->cache(lib->encoding, type, this, *fp);
! 189: }
! 190: return success;
! 191: }
! 192:
! 193: METHOD(public_key_t, get_ref, public_key_t*,
! 194: private_curve25519_public_key_t *this)
! 195: {
! 196: ref_get(&this->ref);
! 197: return &this->public.key;
! 198: }
! 199:
! 200: METHOD(public_key_t, destroy, void,
! 201: private_curve25519_public_key_t *this)
! 202: {
! 203: if (ref_put(&this->ref))
! 204: {
! 205: lib->encoding->clear_cache(lib->encoding, this);
! 206: free(this->pubkey.ptr);
! 207: free(this);
! 208: }
! 209: }
! 210:
! 211: /**
! 212: * ASN.1 definition of an Ed25519 public key
! 213: */
! 214: static const asn1Object_t pubkeyObjects[] = {
! 215: { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
! 216: { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
! 217: { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */
! 218: { 0, "exit", ASN1_EOC, ASN1_EXIT }
! 219: };
! 220:
! 221: #define ED25519_SUBJECT_PUBLIC_KEY_ALGORITHM 1
! 222: #define ED25519_SUBJECT_PUBLIC_KEY 2
! 223:
! 224: /**
! 225: * Parse the ASN.1-encoded subjectPublicKeyInfo
! 226: */
! 227: static bool parse_public_key_info(private_curve25519_public_key_t *this,
! 228: chunk_t blob)
! 229: {
! 230: asn1_parser_t *parser;
! 231: chunk_t object;
! 232: bool success = FALSE;
! 233: int objectID, oid;
! 234:
! 235: parser = asn1_parser_create(pubkeyObjects, blob);
! 236:
! 237: while (parser->iterate(parser, &objectID, &object))
! 238: {
! 239: switch (objectID)
! 240: {
! 241: case ED25519_SUBJECT_PUBLIC_KEY_ALGORITHM:
! 242: {
! 243: oid = asn1_parse_algorithmIdentifier(object,
! 244: parser->get_level(parser) + 1, NULL);
! 245: if (oid != OID_ED25519)
! 246: {
! 247: goto end;
! 248: }
! 249: break;
! 250: }
! 251: case ED25519_SUBJECT_PUBLIC_KEY:
! 252: {
! 253: /* encoded as an ASN1 BIT STRING */
! 254: if (object.len != 1 + ED25519_KEY_LEN)
! 255: {
! 256: goto end;
! 257: }
! 258: this->pubkey = chunk_clone(chunk_skip(object, 1));
! 259: break;
! 260: }
! 261: }
! 262: }
! 263: success = parser->success(parser);
! 264:
! 265: end:
! 266: parser->destroy(parser);
! 267: return success;
! 268: }
! 269:
! 270: /**
! 271: * See header.
! 272: */
! 273: curve25519_public_key_t *curve25519_public_key_load(key_type_t type,
! 274: va_list args)
! 275: {
! 276: private_curve25519_public_key_t *this;
! 277: chunk_t asn1 = chunk_empty, blob = chunk_empty;
! 278:
! 279: while (TRUE)
! 280: {
! 281: switch (va_arg(args, builder_part_t))
! 282: {
! 283: case BUILD_BLOB_ASN1_DER:
! 284: asn1 = va_arg(args, chunk_t);
! 285: continue;
! 286: case BUILD_EDDSA_PUB:
! 287: blob = va_arg(args, chunk_t);
! 288: continue;
! 289: case BUILD_END:
! 290: break;
! 291: default:
! 292: return NULL;
! 293: }
! 294: break;
! 295: }
! 296:
! 297: INIT(this,
! 298: .public = {
! 299: .key = {
! 300: .get_type = _get_type,
! 301: .verify = _verify,
! 302: .encrypt = _encrypt_,
! 303: .equals = public_key_equals,
! 304: .get_keysize = _get_keysize,
! 305: .get_fingerprint = _get_fingerprint,
! 306: .has_fingerprint = public_key_has_fingerprint,
! 307: .get_encoding = _get_encoding,
! 308: .get_ref = _get_ref,
! 309: .destroy = _destroy,
! 310: },
! 311: },
! 312: .ref = 1,
! 313: );
! 314:
! 315: if (blob.len == ED25519_KEY_LEN)
! 316: {
! 317: this->pubkey = chunk_clone(blob);
! 318: }
! 319: else if (!asn1.len || !parse_public_key_info(this, asn1))
! 320: {
! 321: destroy(this);
! 322: return NULL;
! 323: }
! 324: return &this->public;
! 325: }
! 326:
! 327: /**
! 328: * See header.
! 329: */
! 330: chunk_t curve25519_public_key_info_encode(chunk_t pubkey)
! 331: {
! 332: return asn1_wrap(ASN1_SEQUENCE, "mm",
! 333: asn1_wrap(ASN1_SEQUENCE, "m",
! 334: asn1_build_known_oid(OID_ED25519)),
! 335: asn1_bitstring("c", pubkey));
! 336: }
! 337:
! 338: /**
! 339: * See header.
! 340: */
! 341: bool curve25519_public_key_fingerprint(chunk_t pubkey,
! 342: cred_encoding_type_t type, chunk_t *fp)
! 343: {
! 344: hasher_t *hasher;
! 345: chunk_t key;
! 346:
! 347: switch (type)
! 348: {
! 349: case KEYID_PUBKEY_SHA1:
! 350: key = chunk_clone(pubkey);
! 351: break;
! 352: case KEYID_PUBKEY_INFO_SHA1:
! 353: key = curve25519_public_key_info_encode(pubkey);
! 354: break;
! 355: default:
! 356: return FALSE;
! 357: }
! 358:
! 359: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
! 360: if (!hasher || !hasher->allocate_hash(hasher, key, fp))
! 361: {
! 362: DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
! 363: "fingerprinting failed");
! 364: DESTROY_IF(hasher);
! 365: free(key.ptr);
! 366: return FALSE;
! 367: }
! 368: hasher->destroy(hasher);
! 369: free(key.ptr);
! 370: return TRUE;
! 371: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to curve25519_public_key.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / curve25519