From 0e1d6ecf37ea33ad963249cdb5efebeb04299033 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 27 Feb 2018 10:12:02 +0000 Subject: [PATCH] Add X448/Ed448 support to libssl Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/5470) --- apps/s_cb.c | 3 +++ ssl/ssl_cert_table.h | 3 ++- ssl/ssl_lib.c | 6 ++++++ ssl/ssl_locl.h | 4 +++- ssl/t1_lib.c | 10 +++++++++- ssl/t1_trce.c | 2 ++ 6 files changed, 25 insertions(+), 3 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 2303109240..ae15f554f4 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -231,6 +231,9 @@ static const char *get_sigtype(int nid) case NID_ED25519: return "Ed25519"; + case NID_ED448: + return "Ed448"; + default: return NULL; } diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h index fd6a1ad1e8..1376441a81 100644 --- a/ssl/ssl_cert_table.h +++ b/ssl/ssl_cert_table.h @@ -18,5 +18,6 @@ static const SSL_CERT_LOOKUP ssl_cert_info [] = { {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */ {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ - {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */ + {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */ + {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */ }; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8804c52e78..accef0c0ce 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3258,6 +3258,12 @@ void ssl_set_masks(SSL *s) && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN && TLS1_get_version(s) == TLS1_2_VERSION) mask_a |= SSL_aECDSA; + + /* Allow Ed448 for TLS 1.2 if peer supports it */ + if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) + && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; #endif #ifndef OPENSSL_NO_EC diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0dd2a7b727..f179efa231 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -381,7 +381,8 @@ # define SSL_PKEY_GOST12_256 5 # define SSL_PKEY_GOST12_512 6 # define SSL_PKEY_ED25519 7 -# define SSL_PKEY_NUM 8 +# define SSL_PKEY_ED448 8 +# define SSL_PKEY_NUM 9 /* * Pseudo-constant. GOST cipher suites can use different certs for 1 * SSL_CIPHER. So let's see which one we have in fact. @@ -1962,6 +1963,7 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded #define TLSEXT_SIGALG_ed25519 0x0807 +#define TLSEXT_SIGALG_ed448 0x0808 /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 57f9559993..8b0d9aa309 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -165,6 +165,7 @@ static const TLS_GROUP_INFO nid_list[] = { {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */ + {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */ }; static const unsigned char ecformats_default[] = { @@ -177,6 +178,7 @@ static const unsigned char ecformats_default[] = { static const uint16_t eccurves_default[] = { 29, /* X25519 (29) */ 23, /* secp256r1 (23) */ + 30, /* X448 (30) */ 25, /* secp521r1 (25) */ 24, /* secp384r1 (24) */ }; @@ -622,6 +624,7 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp521r1_sha512, TLSEXT_SIGALG_ed25519, + TLSEXT_SIGALG_ed448, #endif TLSEXT_SIGALG_rsa_pss_pss_sha256, @@ -672,6 +675,9 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {"ed25519", TLSEXT_SIGALG_ed25519, NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, NID_undef, NID_undef}, + {"ed448", TLSEXT_SIGALG_ed448, + NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, + NID_undef, NID_undef}, {NULL, TLSEXT_SIGALG_ecdsa_sha224, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_ecdsa_with_SHA224, NID_undef}, @@ -764,7 +770,8 @@ static const uint16_t tls_default_sigalg[] = { TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */ TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */ TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */ - 0 /* SSL_PKEY_ED25519 */ + 0, /* SSL_PKEY_ED25519 */ + 0, /* SSL_PKEY_ED448 */ }; /* Lookup TLS signature algorithm */ @@ -2180,6 +2187,7 @@ void tls1_set_cert_validity(SSL *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); } /* User level utility function to check a chain is suitable */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index fa975be174..ba5225849b 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -515,6 +515,7 @@ static const ssl_trace_tbl ssl_groups_tbl[] = { {27, "brainpoolP384r1"}, {28, "brainpoolP512r1"}, {29, "ecdh_x25519"}, + {30, "ecdh_x448"}, {256, "ffdhe2048"}, {257, "ffdhe3072"}, {258, "ffdhe4096"}, @@ -544,6 +545,7 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"}, {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"}, {TLSEXT_SIGALG_ed25519, "ed25519"}, + {TLSEXT_SIGALG_ed448, "ed448"}, {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"}, {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"}, {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"},