aboutsummaryrefslogtreecommitdiffstats
path: root/libtransport/src/auth/signer.cc
diff options
context:
space:
mode:
authorOlivier Roques <oroques@cisco.com>2022-11-17 11:26:23 +0000
committerOlivier Roques <oroques+fdio@cisco.com>2022-11-22 13:07:51 +0000
commita5f7941f49160021506ecae0da090f0b204b75ea (patch)
treefefbd3c7837c319deeae624c41b2280ecace8f4f /libtransport/src/auth/signer.cc
parentb72257cade6be6fb09738f228d3b961321ca25f3 (diff)
feat(auth): add support for ED25519 and ED448
Ref: HICN-818 Signed-off-by: Olivier Roques <oroques@cisco.com> Change-Id: I8672f022b74be387e16496660a78edf3c1da4bf1
Diffstat (limited to 'libtransport/src/auth/signer.cc')
-rw-r--r--libtransport/src/auth/signer.cc118
1 files changed, 37 insertions, 81 deletions
diff --git a/libtransport/src/auth/signer.cc b/libtransport/src/auth/signer.cc
index 484180108..5fcb242be 100644
--- a/libtransport/src/auth/signer.cc
+++ b/libtransport/src/auth/signer.cc
@@ -86,87 +86,47 @@ void Signer::signPacket(PacketPtr packet) {
}
}
-void Signer::signBuffer(const std::vector<uint8_t> &buffer) {
- DCHECK(key_ != nullptr);
- CryptoHashEVP hash_evp = CryptoHash::getEVP(getHashType());
-
- if (hash_evp == nullptr) {
- throw errors::RuntimeException("Unknown hash type");
- }
-
- std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free);
+void Signer::signBuffer(const uint8_t *buffer, std::size_t len) {
+ const EVP_MD *hash_md = getMD(suite_);
- if (mdctx == nullptr) {
- throw errors::RuntimeException("Digest context allocation failed");
+ std::shared_ptr<EVP_MD_CTX> md_ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free);
+ if (md_ctx == nullptr) {
+ throw errors::RuntimeException("Signature context allocation failed");
}
- if (EVP_DigestSignInit(mdctx.get(), nullptr, (*hash_evp)(), nullptr,
- key_.get()) != 1) {
- throw errors::RuntimeException("Digest initialization failed");
- }
-
- if (EVP_DigestSignUpdate(mdctx.get(), buffer.data(), buffer.size()) != 1) {
- throw errors::RuntimeException("Digest update failed");
+ if (EVP_DigestSignInit(md_ctx.get(), nullptr, hash_md, nullptr, key_.get()) !=
+ 1) {
+ throw errors::RuntimeException("Signature initialization failed");
}
- if (EVP_DigestSignFinal(mdctx.get(), nullptr, &signature_len_) != 1) {
- throw errors::RuntimeException("Digest computation failed");
- }
+ if (EVP_DigestSign(md_ctx.get(), nullptr, &signature_len_, buffer, len) !=
+ 1) {
+ throw errors::RuntimeException("Signature length computation failed");
+ };
DCHECK(signature_len_ <= signature_->tailroom());
signature_->setLength(signature_len_);
- if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(),
- &signature_len_) != 1) {
- throw errors::RuntimeException("Digest computation failed");
- }
+ if (EVP_DigestSign(md_ctx.get(), signature_->writableData(), &signature_len_,
+ buffer, len) != 1) {
+ throw errors::RuntimeException("Signature computation failed");
+ };
DCHECK(signature_len_ <= signature_->tailroom());
signature_->setLength(signature_len_);
}
-void Signer::signBuffer(const utils::MemBuf *buffer) {
- DCHECK(key_ != nullptr);
- CryptoHashEVP hash_evp = CryptoHash::getEVP(getHashType());
-
- if (hash_evp == nullptr) {
- throw errors::RuntimeException("Unknown hash type");
- }
-
- const utils::MemBuf *p = buffer;
- std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free);
-
- if (mdctx == nullptr) {
- throw errors::RuntimeException("Digest context allocation failed");
- }
-
- if (EVP_DigestSignInit(mdctx.get(), nullptr, (*hash_evp)(), nullptr,
- key_.get()) != 1) {
- throw errors::RuntimeException("Digest initialization failed");
- }
-
- do {
- if (EVP_DigestSignUpdate(mdctx.get(), p->data(), p->length()) != 1) {
- throw errors::RuntimeException("Digest update failed");
- }
-
- p = p->next();
- } while (p != buffer);
-
- if (EVP_DigestSignFinal(mdctx.get(), nullptr, &signature_len_) != 1) {
- throw errors::RuntimeException("Digest computation failed");
- }
-
- DCHECK(signature_len_ <= signature_->tailroom());
- signature_->setLength(signature_len_);
+void Signer::signBuffer(const std::vector<uint8_t> &buffer) {
+ signBuffer(buffer.data(), buffer.size());
+}
- if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(),
- &signature_len_) != 1) {
- throw errors::RuntimeException("Digest computation failed");
+void Signer::signBuffer(const utils::MemBuf *buffer) {
+ if (buffer->isChained()) {
+ throw errors::RuntimeException(
+ "Signature of chained membuf is not supported.");
}
- DCHECK(signature_len_ <= signature_->tailroom());
- signature_->setLength(signature_len_);
+ signBuffer(buffer->data(), buffer->length());
}
const utils::MemBuf::Ptr &Signer::getSignature() const { return signature_; }
@@ -208,6 +168,8 @@ void Signer::display() {
// ---------------------------------------------------------
void VoidSigner::signPacket(PacketPtr packet) {}
+void VoidSigner::signBuffer(const uint8_t *buffer, std::size_t len) {}
+
void VoidSigner::signBuffer(const std::vector<uint8_t> &buffer) {}
void VoidSigner::signBuffer(const utils::MemBuf *buffer) {}
@@ -258,20 +220,12 @@ void AsymmetricSigner::setKey(CryptoSuite suite, std::shared_ptr<EVP_PKEY> key,
signature_len_ = EVP_PKEY_size(key_.get());
DCHECK(signature_len_ <= signature_->tailroom());
-
signature_->setLength(signature_len_);
- size_t enc_pbk_len = i2d_PublicKey(pub_key.get(), nullptr);
- DCHECK(enc_pbk_len >= 0);
-
- uint8_t *enc_pbkey_raw = nullptr;
- i2d_PublicKey(pub_key.get(), &enc_pbkey_raw);
- DCHECK(enc_pbkey_raw != nullptr);
-
+ // Key ID is not supported yet.
+ uint8_t id[8] = {0};
key_id_ = CryptoHash(getHashType());
- key_id_.computeDigest(enc_pbkey_raw, enc_pbk_len);
-
- OPENSSL_free(enc_pbkey_raw);
+ key_id_.computeDigest(id, 8);
}
size_t AsymmetricSigner::getSignatureFieldSize() const {
@@ -296,18 +250,20 @@ SymmetricSigner::SymmetricSigner(CryptoSuite suite,
(const unsigned char *)passphrase.c_str(),
passphrase.size()),
EVP_PKEY_free);
- key_id_ = CryptoHash(getHashType());
-
- CryptoHashEVP hash_evp = CryptoHash::getEVP(getHashType());
- if (hash_evp == nullptr) {
+ const EVP_MD *hash_md = getMD(suite_);
+ if (hash_md == nullptr) {
throw errors::RuntimeException("Unknown hash type");
}
- signature_len_ = EVP_MD_size((*hash_evp)());
+ signature_len_ = EVP_MD_size(hash_md);
DCHECK(signature_len_ <= signature_->tailroom());
signature_->setLength(signature_len_);
- key_id_.computeDigest((uint8_t *)passphrase.c_str(), passphrase.size());
+
+ // Key ID is not supported yet.
+ uint8_t id[8] = {0};
+ key_id_ = CryptoHash(getHashType());
+ key_id_.computeDigest(id, 8);
}
} // namespace auth