From a5f7941f49160021506ecae0da090f0b204b75ea Mon Sep 17 00:00:00 2001 From: Olivier Roques Date: Thu, 17 Nov 2022 11:26:23 +0000 Subject: feat(auth): add support for ED25519 and ED448 Ref: HICN-818 Signed-off-by: Olivier Roques Change-Id: I8672f022b74be387e16496660a78edf3c1da4bf1 --- libtransport/src/auth/signer.cc | 118 +++++++++++++--------------------------- 1 file changed, 37 insertions(+), 81 deletions(-) (limited to 'libtransport/src/auth/signer.cc') diff --git a/libtransport/src/auth/signer.cc b/libtransport/src/auth/signer.cc index 484180108..5fcb242be 100644 --- a/libtransport/src/auth/signer.cc +++ b/libtransport/src/auth/signer.cc @@ -86,87 +86,47 @@ void Signer::signPacket(PacketPtr packet) { } } -void Signer::signBuffer(const std::vector &buffer) { - DCHECK(key_ != nullptr); - CryptoHashEVP hash_evp = CryptoHash::getEVP(getHashType()); - - if (hash_evp == nullptr) { - throw errors::RuntimeException("Unknown hash type"); - } - - std::shared_ptr mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); +void Signer::signBuffer(const uint8_t *buffer, std::size_t len) { + const EVP_MD *hash_md = getMD(suite_); - if (mdctx == nullptr) { - throw errors::RuntimeException("Digest context allocation failed"); + std::shared_ptr md_ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free); + if (md_ctx == nullptr) { + throw errors::RuntimeException("Signature context allocation failed"); } - if (EVP_DigestSignInit(mdctx.get(), nullptr, (*hash_evp)(), nullptr, - key_.get()) != 1) { - throw errors::RuntimeException("Digest initialization failed"); - } - - if (EVP_DigestSignUpdate(mdctx.get(), buffer.data(), buffer.size()) != 1) { - throw errors::RuntimeException("Digest update failed"); + if (EVP_DigestSignInit(md_ctx.get(), nullptr, hash_md, nullptr, key_.get()) != + 1) { + throw errors::RuntimeException("Signature initialization failed"); } - if (EVP_DigestSignFinal(mdctx.get(), nullptr, &signature_len_) != 1) { - throw errors::RuntimeException("Digest computation failed"); - } + if (EVP_DigestSign(md_ctx.get(), nullptr, &signature_len_, buffer, len) != + 1) { + throw errors::RuntimeException("Signature length computation failed"); + }; DCHECK(signature_len_ <= signature_->tailroom()); signature_->setLength(signature_len_); - if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(), - &signature_len_) != 1) { - throw errors::RuntimeException("Digest computation failed"); - } + if (EVP_DigestSign(md_ctx.get(), signature_->writableData(), &signature_len_, + buffer, len) != 1) { + throw errors::RuntimeException("Signature computation failed"); + }; DCHECK(signature_len_ <= signature_->tailroom()); signature_->setLength(signature_len_); } -void Signer::signBuffer(const utils::MemBuf *buffer) { - DCHECK(key_ != nullptr); - CryptoHashEVP hash_evp = CryptoHash::getEVP(getHashType()); - - if (hash_evp == nullptr) { - throw errors::RuntimeException("Unknown hash type"); - } - - const utils::MemBuf *p = buffer; - std::shared_ptr mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); - - if (mdctx == nullptr) { - throw errors::RuntimeException("Digest context allocation failed"); - } - - if (EVP_DigestSignInit(mdctx.get(), nullptr, (*hash_evp)(), nullptr, - key_.get()) != 1) { - throw errors::RuntimeException("Digest initialization failed"); - } - - do { - if (EVP_DigestSignUpdate(mdctx.get(), p->data(), p->length()) != 1) { - throw errors::RuntimeException("Digest update failed"); - } - - p = p->next(); - } while (p != buffer); - - if (EVP_DigestSignFinal(mdctx.get(), nullptr, &signature_len_) != 1) { - throw errors::RuntimeException("Digest computation failed"); - } - - DCHECK(signature_len_ <= signature_->tailroom()); - signature_->setLength(signature_len_); +void Signer::signBuffer(const std::vector &buffer) { + signBuffer(buffer.data(), buffer.size()); +} - if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(), - &signature_len_) != 1) { - throw errors::RuntimeException("Digest computation failed"); +void Signer::signBuffer(const utils::MemBuf *buffer) { + if (buffer->isChained()) { + throw errors::RuntimeException( + "Signature of chained membuf is not supported."); } - DCHECK(signature_len_ <= signature_->tailroom()); - signature_->setLength(signature_len_); + signBuffer(buffer->data(), buffer->length()); } const utils::MemBuf::Ptr &Signer::getSignature() const { return signature_; } @@ -208,6 +168,8 @@ void Signer::display() { // --------------------------------------------------------- void VoidSigner::signPacket(PacketPtr packet) {} +void VoidSigner::signBuffer(const uint8_t *buffer, std::size_t len) {} + void VoidSigner::signBuffer(const std::vector &buffer) {} void VoidSigner::signBuffer(const utils::MemBuf *buffer) {} @@ -258,20 +220,12 @@ void AsymmetricSigner::setKey(CryptoSuite suite, std::shared_ptr key, signature_len_ = EVP_PKEY_size(key_.get()); DCHECK(signature_len_ <= signature_->tailroom()); - signature_->setLength(signature_len_); - size_t enc_pbk_len = i2d_PublicKey(pub_key.get(), nullptr); - DCHECK(enc_pbk_len >= 0); - - uint8_t *enc_pbkey_raw = nullptr; - i2d_PublicKey(pub_key.get(), &enc_pbkey_raw); - DCHECK(enc_pbkey_raw != nullptr); - + // Key ID is not supported yet. + uint8_t id[8] = {0}; key_id_ = CryptoHash(getHashType()); - key_id_.computeDigest(enc_pbkey_raw, enc_pbk_len); - - OPENSSL_free(enc_pbkey_raw); + key_id_.computeDigest(id, 8); } size_t AsymmetricSigner::getSignatureFieldSize() const { @@ -296,18 +250,20 @@ SymmetricSigner::SymmetricSigner(CryptoSuite suite, (const unsigned char *)passphrase.c_str(), passphrase.size()), EVP_PKEY_free); - key_id_ = CryptoHash(getHashType()); - - CryptoHashEVP hash_evp = CryptoHash::getEVP(getHashType()); - if (hash_evp == nullptr) { + const EVP_MD *hash_md = getMD(suite_); + if (hash_md == nullptr) { throw errors::RuntimeException("Unknown hash type"); } - signature_len_ = EVP_MD_size((*hash_evp)()); + signature_len_ = EVP_MD_size(hash_md); DCHECK(signature_len_ <= signature_->tailroom()); signature_->setLength(signature_len_); - key_id_.computeDigest((uint8_t *)passphrase.c_str(), passphrase.size()); + + // Key ID is not supported yet. + uint8_t id[8] = {0}; + key_id_ = CryptoHash(getHashType()); + key_id_.computeDigest(id, 8); } } // namespace auth -- cgit 1.2.3-korg