/*
* Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <config.h>
#if defined(OPENSSL) && \
(defined(HAVE_OPENSSL_ED25519) || defined(HAVE_OPENSSL_ED448))
#include <dns/keyvalues.h>
#include "dst_internal.h"
#include "dst_openssl.h"
#include "dst_parse.h"
#ifndef NID_ED25519
#error "Ed25519 group is not known (NID_ED25519)"
#endif
#ifndef NID_ED448
#error "Ed448 group is not known (NID_ED448)"
#endif
/* OpenSSL doesn't provide direct access to key values */
static const unsigned char ed25519_pub_prefix[] = {
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00
};
{
const unsigned char *p;
p = buf;
}
unsigned char *key)
{
unsigned char *p;
int len;
if ((len <= DNS_KEY_ED25519SIZE) ||
return (DST_R_OPENSSLFAILURE);
p = buf;
if ((len <= DNS_KEY_ED25519SIZE) ||
return (DST_R_OPENSSLFAILURE);
return (ISC_R_SUCCESS);
}
static const unsigned char ed448_pub_prefix[] = {
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x71, 0x03, 0x21, 0x00
};
{
const unsigned char *p;
p = buf;
}
unsigned char *key)
{
unsigned char *p;
int len;
if ((len <= DNS_KEY_ED448SIZE) ||
return (DST_R_OPENSSLFAILURE);
p = buf;
if ((len <= DNS_KEY_ED448SIZE) ||
return (DST_R_OPENSSLFAILURE);
return (ISC_R_SUCCESS);
}
static const unsigned char ed25519_priv_prefix[] = {
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20
};
{
const unsigned char *p;
p = buf;
}
unsigned char *key)
{
unsigned char *p;
int len;
if ((len <= DNS_KEY_ED25519SIZE) ||
return (DST_R_OPENSSLFAILURE);
p = buf;
if ((len <= DNS_KEY_ED25519SIZE) ||
return (DST_R_OPENSSLFAILURE);
return (ISC_R_SUCCESS);
}
static const unsigned char ed448_priv_prefix[] = {
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
0x03, 0x2b, 0x65, 0x71, 0x04, 0x22, 0x04, 0x20
};
{
const unsigned char *p;
p = buf;
}
unsigned char *key)
{
unsigned char *p;
int len;
if ((len <= DNS_KEY_ED448SIZE) ||
return (DST_R_OPENSSLFAILURE);
p = buf;
if ((len <= DNS_KEY_ED448SIZE) ||
return (DST_R_OPENSSLFAILURE);
return (ISC_R_SUCCESS);
}
isc_buffer_t *data);
static isc_result_t
return (result);
}
static void
}
static isc_result_t
isc_region_t r;
unsigned int length;
if (result == ISC_R_SUCCESS)
return (ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_usedregion(buf, &r);
(void) isc_buffer_copyregion(nbuf, &r);
return (ISC_R_SUCCESS);
}
static isc_result_t
return (ISC_R_NOMEMORY);
else
"EVP_DigestSignInit",
"EVP_DigestSign",
ret = ISC_R_SUCCESS;
err:
return (ret);
}
static isc_result_t
int status;
unsigned int siglen;
return (ISC_R_NOMEMORY);
else
return (DST_R_VERIFYFAILURE);
"EVP_DigestVerifyInit",
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
break;
case 0:
break;
default:
"EVP_DigestVerify",
break;
}
err:
return (ret);
}
static isc_boolean_t
int status;
return (ISC_TRUE);
return (ISC_FALSE);
if (status == 1)
return (ISC_TRUE);
return (ISC_FALSE);
}
static isc_result_t
nid = NID_ED25519;
} else {
}
return (dst__openssl_toresult2("EVP_PKEY_CTX_new_id",
if (status != 1)
if (status != 1)
ret = ISC_R_SUCCESS;
err:
return (ret);
}
static isc_boolean_t
int len;
unsigned long err;
return (ISC_FALSE);
if (len > 0)
return (ISC_TRUE);
/* can check if first error is EC_R_INVALID_PRIVATE_KEY */
while ((err = ERR_get_error()) != 0)
/**/;
return (ISC_FALSE);
}
static void
}
static isc_result_t
isc_region_t r;
case DST_ALG_ED25519:
if (r.length < DNS_KEY_ED25519SIZE)
return (ISC_R_NOSPACE);
if (result == ISC_R_SUCCESS)
return (result);
case DST_ALG_ED448:
if (r.length < DNS_KEY_ED448SIZE)
return (ISC_R_NOSPACE);
if (result == ISC_R_SUCCESS)
return (result);
default:
INSIST(0);
}
}
static isc_result_t
isc_region_t r;
unsigned int len;
if (r.length == 0)
return (ISC_R_SUCCESS);
return (DST_R_INVALIDPUBLICKEY);
} else {
return (DST_R_INVALIDPUBLICKEY);
}
return (dst__openssl_toresult(ISC_R_FAILURE));
return (ISC_R_SUCCESS);
}
static isc_result_t
unsigned int len;
return (DST_R_NULLKEY);
}
return (ISC_R_NOMEMORY);
if (ret != ISC_R_SUCCESS)
} else {
return (ISC_R_NOMEMORY);
if (ret != ISC_R_SUCCESS)
}
err:
return (ret);
}
static isc_result_t
{
return (ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
return (ISC_R_FAILURE);
}
static isc_result_t
unsigned int len;
/* read private key file */
if (ret != ISC_R_SUCCESS)
goto err;
return (ISC_R_SUCCESS);
}
} else {
}
}
ret = ISC_R_SUCCESS;
err:
return (ret);
}
NULL, /*%< createctx2 */
NULL, /*%< verify2 */
NULL, /*%< computesecret */
NULL, /*%< paramcompare */
NULL, /*%< cleanup */
NULL, /*%< fromlabel */
NULL, /*%< dump */
NULL, /*%< restore */
};
return (ISC_R_SUCCESS);
}
#else /* HAVE_OPENSSL_EDxxx */
#endif /* HAVE_OPENSSL_EDxxx */
/*! \file */