Revision control

Copy as Markdown

Other Tools

/*
* Copyright (c) 2021, [Ribose Inc](https://www.ribose.com).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <string>
#include <cassert>
#include "eddsa.h"
#include "ec.h"
#include "ec_ossl.h"
#include "utils.h"
#include "bn.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/err.h>
#include <openssl/ec.h>
rnp_result_t
eddsa_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret)
{
/* Not implemented in the OpenSSL, so just do basic size checks. */
if ((mpi_bytes(&key->p) != 33) || (key->p.mpi[0] != 0x40)) {
return RNP_ERROR_BAD_PARAMETERS;
}
if (secret && mpi_bytes(&key->x) > 32) {
return RNP_ERROR_BAD_PARAMETERS;
}
return RNP_SUCCESS;
}
rnp_result_t
eddsa_generate(rnp::RNG *rng, pgp_ec_key_t *key)
{
rnp_result_t ret = ec_generate(rng, key, PGP_PKA_EDDSA, PGP_CURVE_ED25519);
if (!ret) {
key->curve = PGP_CURVE_ED25519;
}
return ret;
}
rnp_result_t
eddsa_verify(const pgp_ec_signature_t *sig,
const uint8_t * hash,
size_t hash_len,
const pgp_ec_key_t * key)
{
if ((mpi_bytes(&sig->r) > 32) || (mpi_bytes(&sig->s) > 32)) {
RNP_LOG("Invalid EdDSA signature.");
return RNP_ERROR_BAD_PARAMETERS;
}
if ((mpi_bytes(&key->p) != 33) || (key->p.mpi[0] != 0x40)) {
RNP_LOG("Invalid EdDSA public key.");
return RNP_ERROR_BAD_PARAMETERS;
}
EVP_PKEY *evpkey = ec_load_key(key->p, NULL, PGP_CURVE_ED25519);
if (!evpkey) {
RNP_LOG("Failed to load key");
return RNP_ERROR_BAD_PARAMETERS;
}
rnp_result_t ret = RNP_ERROR_SIGNATURE_INVALID;
uint8_t sigbuf[64] = {0};
/* init context and sign */
EVP_PKEY_CTX *ctx = NULL;
EVP_MD_CTX * md = EVP_MD_CTX_new();
if (!md) {
RNP_LOG("Failed to allocate MD ctx: %lu", ERR_peek_last_error());
goto done;
}
if (EVP_DigestVerifyInit(md, &ctx, NULL, NULL, evpkey) <= 0) {
RNP_LOG("Failed to initialize signing: %lu", ERR_peek_last_error());
goto done;
}
mpi2mem(&sig->r, &sigbuf[32 - mpi_bytes(&sig->r)]);
mpi2mem(&sig->s, &sigbuf[64 - mpi_bytes(&sig->s)]);
if (EVP_DigestVerify(md, sigbuf, 64, hash, hash_len) > 0) {
ret = RNP_SUCCESS;
}
done:
/* line below will also free ctx */
EVP_MD_CTX_free(md);
EVP_PKEY_free(evpkey);
return ret;
}
rnp_result_t
eddsa_sign(rnp::RNG * rng,
pgp_ec_signature_t *sig,
const uint8_t * hash,
size_t hash_len,
const pgp_ec_key_t *key)
{
if (!mpi_bytes(&key->x)) {
RNP_LOG("private key not set");
return RNP_ERROR_BAD_PARAMETERS;
}
EVP_PKEY *evpkey = ec_load_key(key->p, &key->x, PGP_CURVE_ED25519);
if (!evpkey) {
RNP_LOG("Failed to load private key: %lu", ERR_peek_last_error());
return RNP_ERROR_BAD_PARAMETERS;
}
rnp_result_t ret = RNP_ERROR_GENERIC;
/* init context and sign */
EVP_PKEY_CTX *ctx = NULL;
EVP_MD_CTX * md = EVP_MD_CTX_new();
if (!md) {
RNP_LOG("Failed to allocate MD ctx: %lu", ERR_peek_last_error());
goto done;
}
if (EVP_DigestSignInit(md, &ctx, NULL, NULL, evpkey) <= 0) {
RNP_LOG("Failed to initialize signing: %lu", ERR_peek_last_error());
goto done;
}
static_assert((sizeof(sig->r.mpi) == PGP_MPINT_SIZE) && (PGP_MPINT_SIZE >= 64),
"invalid mpi type/size");
sig->r.len = PGP_MPINT_SIZE;
if (EVP_DigestSign(md, sig->r.mpi, &sig->r.len, hash, hash_len) <= 0) {
RNP_LOG("Signing failed: %lu", ERR_peek_last_error());
sig->r.len = 0;
goto done;
}
assert(sig->r.len == 64);
sig->r.len = 32;
sig->s.len = 32;
memcpy(sig->s.mpi, &sig->r.mpi[32], 32);
ret = RNP_SUCCESS;
done:
/* line below will also free ctx */
EVP_MD_CTX_free(md);
EVP_PKEY_free(evpkey);
return ret;
}