aboutsummaryrefslogtreecommitdiffstats
path: root/libparc/parc/security
diff options
context:
space:
mode:
authorAlberto Compagno <acompagn+fdio@cisco.com>2018-04-16 15:28:53 +0000
committerGerrit Code Review <gerrit@fd.io>2018-04-16 15:28:53 +0000
commit07d0a90b6f52fa920ab3a4a9984b0ba1fbb7f9f8 (patch)
treef3810af54c63c0f1bb5226e84897411c41b40d03 /libparc/parc/security
parentd609ef19bac231a47b65cf5a6a797c142ebc625d (diff)
parent799484812a3fdd9d5d6e71c5fc4b483043347bca (diff)
Merge "Added method to retrieve the signature length from the signer. Fixed bug on parc-publickey" into cframework/master
Diffstat (limited to 'libparc/parc/security')
-rw-r--r--libparc/parc/security/command-line/parc-publickey.c10
-rwxr-xr-xlibparc/parc/security/parc_CryptoSuite.c24
-rwxr-xr-xlibparc/parc/security/parc_CryptoSuite.h17
-rw-r--r--libparc/parc/security/parc_PublicKeySigner.c43
-rw-r--r--libparc/parc/security/parc_Signer.c8
-rwxr-xr-xlibparc/parc/security/parc_Signer.h27
-rw-r--r--libparc/parc/security/parc_SymmetricKeySigner.c13
-rw-r--r--libparc/parc/security/test/test_parc_PublicKeyECSigner.c12
-rw-r--r--libparc/parc/security/test/test_parc_PublicKeySigner.c13
-rw-r--r--libparc/parc/security/test/test_parc_SymmetricKeySigner.c11
10 files changed, 132 insertions, 46 deletions
diff --git a/libparc/parc/security/command-line/parc-publickey.c b/libparc/parc/security/command-line/parc-publickey.c
index e88e94b6..56d35935 100644
--- a/libparc/parc/security/command-line/parc-publickey.c
+++ b/libparc/parc/security/command-line/parc-publickey.c
@@ -36,17 +36,17 @@ parcPublicKey_Create(PARCArrayList *args)
char *fileName = parcArrayList_Get(args, 2);
char *password = parcArrayList_Get(args, 3);
char *subjectName = parcArrayList_Get(args, 4);
- PARCSigningAlgorithm signAlgo = *(int *)parcArrayList_Get(args, 5);
-
+ PARCSigningAlgorithm signAlgo = PARCSigningAlgorithm_RSA;
+
if (parcArrayList_Size(args) > 5) {
- keyLength = (unsigned int) strtoul(parcArrayList_Get(args, 6), NULL, 10);
+ keyLength = (unsigned int) strtoul(parcArrayList_Get(args, 5), NULL, 10);
}
if (parcArrayList_Size(args) > 6) {
- validityDays = (unsigned int) strtoul(parcArrayList_Get(args, 7), NULL, 10);
+ validityDays = (unsigned int) strtoul(parcArrayList_Get(args, 6), NULL, 10);
}
- bool result = parcPkcs12KeyStore_CreateFile(fileName, password, subjectName, keyLength, validityDays, signAlgo);
+ bool result = parcPkcs12KeyStore_CreateFile(fileName, password, subjectName, signAlgo, keyLength, validityDays);
if (!result) {
printf("Error: %s %s", fileName, strerror(errno));
return;
diff --git a/libparc/parc/security/parc_CryptoSuite.c b/libparc/parc/security/parc_CryptoSuite.c
index 7bd0a7bf..43339121 100755
--- a/libparc/parc/security/parc_CryptoSuite.c
+++ b/libparc/parc/security/parc_CryptoSuite.c
@@ -45,30 +45,6 @@ parcCryptoSuite_GetCryptoHash(PARCCryptoSuite suite)
}
int
-parcCryptoSuite_GetSignatureSizeBits(PARCCryptoSuite suite, int keyLengthBits)
-{
- switch (suite) {
- case PARCCryptoSuite_DSA_SHA256: // fallthrough
- case PARCCryptoSuite_RSA_SHA256: // fallthrough
- case PARCCryptoSuite_RSA_SHA512:
- return keyLengthBits;
-
- case PARCCryptoSuite_ECDSA_SHA256:
- return keyLengthBits*2 + 64; //Overhead added by ECDSA
-
- case PARCCryptoSuite_HMAC_SHA256: // fallthrough
- case PARCCryptoSuite_HMAC_SHA512: // fallthrough
- return 512;
-
- case PARCCryptoSuite_NULL_CRC32C:
- return 32;
-
- default:
- trapIllegalValue(suite, "Unknown crypto suite: %d", suite);
- }
-}
-
-int
parcCryptoSuite_GetSignatureSizeBytes(PARCCryptoSuite suite, int keyLengthBits)
{
int keyLengthBytes = keyLengthBits >> 3;
diff --git a/libparc/parc/security/parc_CryptoSuite.h b/libparc/parc/security/parc_CryptoSuite.h
index 0276287b..366bcb11 100755
--- a/libparc/parc/security/parc_CryptoSuite.h
+++ b/libparc/parc/security/parc_CryptoSuite.h
@@ -60,23 +60,6 @@ typedef enum {
PARCCryptoHashType parcCryptoSuite_GetCryptoHash(PARCCryptoSuite suite);
/**
- * Given a PARCCryptoSuite value and the key length, return the expected length in bits of the signature.
- * For ECDSA the result is the maximum length
- *
- * @param [in] suite A PARCCryptoSuite value.
- *
- * @return A PARCCryptoHashType value
- *
- * Example:
- * @code
- * {
- * int bits = parcCryptoSuite_GetSignatureSizeBits(PARCCryptoSuite_RSA_SHA256, 1024);
- * }
- * @endcode
- */
-int parcCryptoSuite_GetSignatureSizeBits(PARCCryptoSuite suite, int keyLengthBits);
-
-/**
* Given a PARCCryptoSuite value and the key length, return the expected length in bytes of the signature.
* For ECDSA the result is the maximum length
*
diff --git a/libparc/parc/security/parc_PublicKeySigner.c b/libparc/parc/security/parc_PublicKeySigner.c
index 04b76655..4122b992 100644
--- a/libparc/parc/security/parc_PublicKeySigner.c
+++ b/libparc/parc/security/parc_PublicKeySigner.c
@@ -268,10 +268,53 @@ _SignDigest(PARCPublicKeySigner *signer, const PARCCryptoHash *digestToSign)
return signature;
}
+static size_t
+_GetSignatureSize(PARCPublicKeySigner *signer)
+{
+ assertNotNull(signer, "Parameter must be non-null CCNxFileKeystore");
+
+ // TODO: what is the best way to expose this?
+ PARCKeyStore *keyStore = signer->keyStore;
+ PARCBuffer *privateKeyBuffer = parcKeyStore_GetDEREncodedPrivateKey(keyStore);
+
+ size_t size = 0;
+ switch (signer->signingAlgorithm) {
+ case PARCSigningAlgorithm_RSA:
+ {
+ EVP_PKEY *privateKey = NULL;
+ uint8_t *bytes = parcBuffer_Overlay(privateKeyBuffer, parcBuffer_Limit(privateKeyBuffer));
+ privateKey = d2i_PrivateKey(EVP_PKEY_RSA, &privateKey, (const unsigned char **) &bytes, parcBuffer_Limit(privateKeyBuffer));
+
+ RSA *rsa = EVP_PKEY_get1_RSA(privateKey);
+
+ size = RSA_size(rsa);
+ RSA_free(rsa);
+ break;
+ }
+ case PARCSigningAlgorithm_ECDSA:
+ {
+ EVP_PKEY *privateKey = NULL;
+ size_t keySize = parcBuffer_Remaining(privateKeyBuffer);
+ uint8_t *bytes = parcBuffer_Overlay(privateKeyBuffer, keySize);
+ privateKey = d2i_PrivateKey(EVP_PKEY_EC, &privateKey, (const unsigned char **) &bytes, keySize);
+
+ EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(privateKey);
+
+ size = ECDSA_size(ec_key);
+ EC_KEY_free(ec_key);
+ break;
+ }
+ }
+ parcBuffer_Release(&privateKeyBuffer);
+
+ return size;
+}
+
PARCSigningInterface *PARCPublicKeySignerAsSigner = &(PARCSigningInterface) {
.GetCryptoHasher = (PARCCryptoHasher * (*)(void *))_GetCryptoHasher,
.SignDigest = (PARCSignature * (*)(void *, const PARCCryptoHash *))_SignDigest,
.GetSigningAlgorithm = (PARCSigningAlgorithm (*)(void *))_GetSigningAlgorithm,
.GetCryptoHashType = (PARCCryptoHashType (*)(void *))_GetCryptoHashType,
.GetKeyStore = (PARCKeyStore * (*)(void *))_GetKeyStore,
+ .GetSignatureSize = (size_t (*)(void *))_GetSignatureSize
};
diff --git a/libparc/parc/security/parc_Signer.c b/libparc/parc/security/parc_Signer.c
index ec5b8a19..5287c97b 100644
--- a/libparc/parc/security/parc_Signer.c
+++ b/libparc/parc/security/parc_Signer.c
@@ -168,3 +168,11 @@ parcSigner_GetKeyStore(const PARCSigner *signer)
return signer->interface->GetKeyStore(signer->instance);
}
+
+size_t
+parcSigner_GetSignatureSize(const PARCSigner *signer)
+{
+ parcSigner_OptionalAssertValid(signer);
+
+ return signer->interface->GetSignatureSize(signer->instance);
+}
diff --git a/libparc/parc/security/parc_Signer.h b/libparc/parc/security/parc_Signer.h
index bd69c992..1e675c50 100755
--- a/libparc/parc/security/parc_Signer.h
+++ b/libparc/parc/security/parc_Signer.h
@@ -115,6 +115,15 @@ typedef struct parc_signer_interface {
* @return A PARCKeyStore instance.
*/
PARCKeyStore *(*GetKeyStore)(void *interfaceContext);
+
+ /**
+ * Return the key size for this Signer.
+ *
+ * @param [in] interfaceContext A pointer to a concrete PARCSigner instance.
+ *
+ * @return A size_t
+ */
+ size_t (*GetSignatureSize)(void *interfaceContext);
} PARCSigningInterface;
/**
@@ -384,4 +393,22 @@ PARCCryptoSuite parcSigner_GetCryptoSuite(const PARCSigner *signer);
* @endcode
*/
PARCKeyStore *parcSigner_GetKeyStore(const PARCSigner *signer);
+
+/**
+ * Given a `PARCSigner` instance, return the expected size of the signature.
+ *
+ * @param [in] signer A pointer to a `PARCSigner` instance.
+ *
+ * @return A size_t with the size of the key.
+ *
+ * Example:
+ * @code
+ * {
+ * PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCRSASignerAsSigner);
+ *
+ * PARCKeyStore *keyStore = parcSigner_GetKeyStore(signer);
+ * }
+ * @endcode
+ */
+size_t parcSigner_GetSignatureSize(const PARCSigner *signer);
#endif // libparc_parc_Signer_h
diff --git a/libparc/parc/security/parc_SymmetricKeySigner.c b/libparc/parc/security/parc_SymmetricKeySigner.c
index aeacb30f..5cde896b 100644
--- a/libparc/parc/security/parc_SymmetricKeySigner.c
+++ b/libparc/parc/security/parc_SymmetricKeySigner.c
@@ -240,6 +240,18 @@ _getKeyStore(PARCSymmetricKeySigner *signer)
return signer->generalKeyStore;
}
+static size_t
+_GetSignatureSize(PARCSymmetricKeySigner *signer)
+{
+ assertNotNull(signer, "Parameter must be non-null CCNxFileKeystore");
+
+ // TODO: what is the best way to expose this?
+ PARCSymmetricKeyStore *keyStore = signer->keyStore;
+ PARCBuffer *secretKeyBuffer = parcSymmetricKeyStore_GetKey(keyStore);
+
+ return parcBuffer_Limit(secretKeyBuffer);
+}
+
// ==================================================
// implementation
@@ -265,4 +277,5 @@ PARCSigningInterface *PARCSymmetricKeySignerAsSigner = &(PARCSigningInterface) {
.SignDigest = (PARCSignature * (*)(void *, const PARCCryptoHash *))_signDigest,
.GetSigningAlgorithm = (PARCSigningAlgorithm (*)(void *))_getSigningAlgorithm,
.GetKeyStore = (PARCKeyStore * (*)(void *))_getKeyStore,
+ .GetSignatureSize = (size_t (*)(void *))_GetSignatureSize
};
diff --git a/libparc/parc/security/test/test_parc_PublicKeyECSigner.c b/libparc/parc/security/test/test_parc_PublicKeyECSigner.c
index 417282a0..90ab1755 100644
--- a/libparc/parc/security/test/test_parc_PublicKeyECSigner.c
+++ b/libparc/parc/security/test/test_parc_PublicKeyECSigner.c
@@ -105,6 +105,7 @@ LONGBOW_TEST_FIXTURE(Object)
LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_HashCode);
LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_IsValid);
LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_ToString);
+ LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_SignatureSize);
}
LONGBOW_TEST_FIXTURE_SETUP(Object)
@@ -485,6 +486,17 @@ LONGBOW_TEST_CASE(Global, parcSigner_CreateKeyId)
parcSigner_Release(&signer);
}
+LONGBOW_TEST_CASE(Object, parcPublicKeySigner_SignatureSize)
+{
+ PARCPublicKeySigner *publicKeySigner = _createSigner("test_key_size");
+ PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
+
+ assertTrue(parcSigner_GetSignatureSize(signer) == 72, "Key size unexpected %lu ", parcSigner_GetSignatureSize(signer));
+ parcPublicKeySigner_Release(&publicKeySigner);
+ parcSigner_Release(&signer);
+}
+
+
int
main(int argc, char *argv[argc])
{
diff --git a/libparc/parc/security/test/test_parc_PublicKeySigner.c b/libparc/parc/security/test/test_parc_PublicKeySigner.c
index 49fd42c7..69fb7049 100644
--- a/libparc/parc/security/test/test_parc_PublicKeySigner.c
+++ b/libparc/parc/security/test/test_parc_PublicKeySigner.c
@@ -97,6 +97,7 @@ LONGBOW_TEST_FIXTURE(Object)
LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_HashCode);
LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_IsValid);
LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_ToString);
+ LONGBOW_RUN_TEST_CASE(Object, parcPublicKeySigner_SignatureSize);
}
LONGBOW_TEST_FIXTURE_SETUP(Object)
@@ -443,6 +444,18 @@ LONGBOW_TEST_CASE(Global, parcSigner_CreateKeyId)
parcSigner_Release(&signer);
}
+LONGBOW_TEST_CASE(Object, parcPublicKeySigner_SignatureSize)
+{
+ PARCPublicKeySigner *publicKeySigner = _createSigner("test_key_size");
+ PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
+
+
+ assertTrue(parcSigner_GetSignatureSize(signer) == 128, "Modulus size unexpected %lu ", parcSigner_GetSignatureSize(signer));
+ parcPublicKeySigner_Release(&publicKeySigner);
+ parcSigner_Release(&signer);
+}
+
+
int
main(int argc, char *argv[argc])
{
diff --git a/libparc/parc/security/test/test_parc_SymmetricKeySigner.c b/libparc/parc/security/test/test_parc_SymmetricKeySigner.c
index 562ba6c6..01874e75 100644
--- a/libparc/parc/security/test/test_parc_SymmetricKeySigner.c
+++ b/libparc/parc/security/test/test_parc_SymmetricKeySigner.c
@@ -237,6 +237,17 @@ LONGBOW_TEST_CASE(Specialization, test_hmac_sha512)
parcBuffer_Release(&output);
}
+LONGBOW_TEST_CASE(Global, parcSymmetricSigner_SignatureSize)
+{
+ PARCSymmetricKeySigner *symmetricSigner = _createSigner();
+
+ PARCSigner *signer = parcSigner_Create(symmetricSigner, PARCSymmetricKeySignerAsSigner);
+
+ assertTrue(parcSigner_GetSignatureSize(signer) == 32, "Key size unexpected %d ", parcSigner_GetSignatureSize(signer));
+ parcSigner_Release(&signer);
+ parcSymmetricKeySigner_Release(&symmetricSigner);
+}
+
int
main(int argc, char *argv[argc])
{