From af5e42aba4294ce09a263573febe840e804cf1ed Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 21 Apr 2019 21:13:30 +0200 Subject: nettle: vendor in Curve448 and Ed448 implementation Signed-off-by: Daiki Ueno --- .gitignore | 1 + .gitlab-ci.yml | 2 +- .gitmodules | 3 + bootstrap.conf | 4 +- configure.ac | 10 +++ devel/import-curve448-from-nettle.sh | 154 +++++++++++++++++++++++++++++++++++ devel/nettle | 1 + lib/nettle/Makefile.am | 50 ++++++++++++ 8 files changed, 223 insertions(+), 2 deletions(-) create mode 100755 devel/import-curve448-from-nettle.sh create mode 160000 devel/nettle diff --git a/.gitignore b/.gitignore index 2f1a40a95b..34d9af38a5 100644 --- a/.gitignore +++ b/.gitignore @@ -231,6 +231,7 @@ lib/minitasn1/libminitasn1.la lib/minitasn1/Makefile lib/minitasn1/Makefile.in lib/nettle/libcrypto.la +lib/nettle/curve448 lib/opencdk/libminiopencdk.la lib/opencdk/Makefile lib/opencdk/Makefile.in diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e72c39527d..2f569debc0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,7 +33,7 @@ variables: FEDORA_BUILD: buildenv-fedora31 MINGW_BUILD: buildenv-mingw ALPINE_BASE_BUILD: buildenv-alpine-base - CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" + CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions -i lib/nettle/curve448 --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" ################################################## diff --git a/.gitmodules b/.gitmodules index dd05bd67df..672f483a31 100644 --- a/.gitmodules +++ b/.gitmodules @@ -13,3 +13,6 @@ [submodule "gnulib"] path = gnulib url = https://gitlab.com/libidn/gnulib-mirror.git +[submodule "devel/nettle"] + path = devel/nettle + url = https://gitlab.com/gnutls/nettle.git diff --git a/bootstrap.conf b/bootstrap.conf index 33f19e7890..38f199a22c 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -23,7 +23,7 @@ gnulib_tool_option_extras="--with-tests --avoid=alignof-tests --avoid=lock-tests use_libtool=1 checkout_only_file= local_gl_dir=gl/override/ -required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng" +required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle" # Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf warnings @@ -101,4 +101,6 @@ bootstrap_post_import_hook () # Automake requires that ChangeLog exist. touch ChangeLog || return 1 + + devel/import-curve448-from-nettle.sh } diff --git a/configure.ac b/configure.ac index 8aa72f443b..2e73a904d6 100644 --- a/configure.ac +++ b/configure.ac @@ -650,6 +650,16 @@ LIBS="$LIBS $NETTLE_LIBS" AC_CHECK_FUNCS(nettle_streebog512_update) LIBS=$save_LIBS +# Check for Curve448 and Ed448 +have_curve448=no +save_LIBS=$LIBS +LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS([nettle_curve448_mul nettle_ed448_shake256_sign], + [AC_DEFINE([HAVE_CURVE448], 1, [Enable Curve448]) + have_curve448=yes]) +LIBS=$save_LIBS +AM_CONDITIONAL(NEED_CURVE448, test "$have_curve448" != "yes") + AC_MSG_CHECKING([whether to build libdane]) AC_ARG_ENABLE(libdane, AS_HELP_STRING([--disable-libdane], diff --git a/devel/import-curve448-from-nettle.sh b/devel/import-curve448-from-nettle.sh new file mode 100755 index 0000000000..7cd974302a --- /dev/null +++ b/devel/import-curve448-from-nettle.sh @@ -0,0 +1,154 @@ +#!/bin/sh + +# This script copies the Curve448 and Ed448 implementation from the +# nettle upstream, with necessary adjustments for bundling in GnuTLS. + +set +e + +: ${srcdir=.} +SRC=$srcdir/devel/nettle +DST=$srcdir/lib/nettle/curve448 + +IMPORTS=" +cnd-copy.c +curve448-eh-to-x.c +curve448.h +curve448-mul.c +curve448-mul-g.c +eccdata.c +ecc-curve448.c +ecc-add-eh.c +ecc-add-ehh.c +ecc-a-to-j.c +ecc-dup-eh.c +ecc-eh-to-a.c +ecc-internal.h +ecc-mod-arith.c +ecc-mod.c +ecc-mod-inv.c +ecc-mul-a-eh.c +ecc-mul-g-eh.c +ecc-mul-m.c +ed448-shake256.c +ed448-shake256-pubkey.c +ed448-shake256-sign.c +ed448-shake256-verify.c +eddsa-compress.c +eddsa-decompress.c +eddsa-expand.c +eddsa.h +eddsa-hash.c +eddsa-internal.h +eddsa-pubkey.c +eddsa-sign.c +eddsa-verify.c +gmp-glue.h +gmp-glue.c +nettle-write.h +sec-add-1.c +sec-tabselect.c +sha3.c +sha3.h +sha3-256.c +sha3-internal.h +sha3-permute.c +shake256.c +" + +PUBLIC=" +bignum.h +ecc-curve.h +ecc.h +macros.h +memxor.h +nettle-meta.h +nettle-types.h +" + +test -d $DST || mkdir $DST + +for f in $IMPORTS; do + src=$SRC/$f + dst=$DST/$f + if test -f $src; then + if test -f $dst; then + echo "Replacing $dst (existing file backed up in $dst~)" + mv $dst $dst~ + else + echo "Copying file $dst" + fi + cp $src $dst + # Use for public headers. + for h in $PUBLIC; do + p=$(echo $h | sed 's/\./\\./g') + if grep '^#include "'$p'"' $dst 2>&1 >/dev/null; then + sed 's!^#include "'$p'"!#include !' $dst > $dst-t && \ + mv $dst-t $dst + fi + done + # Remove unused . + if grep '^#include ' $dst 2>&1 >/dev/null; then + if ! grep 'assert *(' $dst 2>&1 >/dev/null; then + sed '/^#include /d' $dst > $dst-t && mv $dst-t $dst + fi + fi + case $dst in + *.h) + # Rename header guard so as not to conflict with the public ones. + if grep '^#ifndef NETTLE_.*_H\(_INCLUDED\)*' $dst 2>&1 >/dev/null; then + g=$(sed -n 's/^#ifndef NETTLE_\(.*_H\(_INCLUDED\)*\)/\1/p' $dst) + sed 's/\(NETTLE_'$g'\)/GNUTLS_LIB_NETTLE_CURVE448_\1/' $dst > $dst-t && \ + mv $dst-t $dst + fi + ;; + esac + case $dst in + *.h) + # Add prefix to function symbols avoid clashing with the public ones. + sed -e 's/^#define \(.*\) nettle_\1/#define \1 gnutls_nettle_curve448_\1/' \ + -e 's/^#define \(.*\) _nettle_\1/#define \1 _gnutls_nettle_curve448_\1/' $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + case $dst in + */eccdata.c) + sed 's/^#include "mini-gmp.c"/#include /' $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + case $dst in + */ecc-curve448.c) + # The generated file is arch dependent, conditionalize the + # inclusion. + sed '/^#include "ecc-curve448\.h"/ { i\ +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)\ +# pragma GCC diagnostic ignored "-Wunused-const-variable"\ +#endif\ +#if GMP_NUMB_BITS == 32\ +#include "curve448/ecc-curve448-32.h"\ +#elif GMP_NUMB_BITS == 64\ +#include "curve448/ecc-curve448-64.h"\ +#else\ +#error unsupported configuration\ +#endif +; d +}' $dst > $dst-t && mv $dst-t $dst + ;; + esac + case $dst in + */eddsa-hash.c) + # Known to be unnecessary. + sed '/^#include "nettle-internal\.h"/d' $dst > $dst-t && mv $dst-t $dst + ;; + esac + case $dst in + */ecc-add-eh*.c) + # Suppress whitespace errors in 'make syntax-check'. + sed 's/ * / /g' $dst > $dst-t && mv $dst-t $dst + ;; + esac + else + echo "Error: $src not found" 1>&2 + exit 1 + fi +done diff --git a/devel/nettle b/devel/nettle new file mode 160000 index 0000000000..d1dbba1e7f --- /dev/null +++ b/devel/nettle @@ -0,0 +1 @@ +Subproject commit d1dbba1e7fcf4ad54e5d3435e381ae336c36cf2a diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index c1ac2b2125..8c1a2d17ee 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -97,3 +97,53 @@ libcrypto_la_SOURCES += \ libcrypto_la_SOURCES += gost_keywrap.c endif + +if NEED_CURVE448 +curve448_generated_headers = \ + curve448/ecc-curve448-32.h curve448/ecc-curve448-64.h + +BUILT_SOURCES = $(curve448_generated_headers) +EXTRA_DIST = $(curve448_generated_headers) curve448/eccdata.stamp + +noinst_PROGRAMS = curve448/eccdata$(EXEEXT) + +curve448_eccdata_SOURCES = curve448/eccdata.c +curve448_eccdata_CFLAGS = $(GMP_CFLAGS) +curve448_eccdata_LDADD = $(GMP_LIBS) ../../gl/libgnu.la + +curve448/eccdata.stamp: $(curve448_eccdata_SOURCES) + $(AM_V_GEN)$(MAKE) $(AM_MAKEFLAGS) curve448/eccdata$(EXEEXT) && touch $@ + +curve448/ecc-curve448-32.h: curve448/eccdata.stamp + $(AM_V_GEN)curve448/eccdata$(EXEEXT) curve448 38 6 32 > $@T && mv $@T $@ + +curve448/ecc-curve448-64.h: curve448/eccdata.stamp + $(AM_V_GEN)curve448/eccdata$(EXEEXT) curve448 38 6 64 > $@T && mv $@T $@ + +libcrypto_la_SOURCES += \ + curve448/nettle-write.h curve448/gmp-glue.h curve448/gmp-glue.c + +libcrypto_la_SOURCES += \ + curve448/sha3.c curve448/sha3.h curve448/sha3-256.c \ + curve448/sha3-permute.c curve448/sha3-internal.h \ + curve448/shake256.c + +libcrypto_la_SOURCES += \ + curve448/ecc-internal.h \ + curve448/ecc-add-eh.c curve448/ecc-add-ehh.c curve448/ecc-dup-eh.c \ + curve448/ecc-eh-to-a.c curve448/ecc-mul-a-eh.c curve448/ecc-mul-g-eh.c \ + curve448/ecc-mul-m.c curve448/ecc-mod.c curve448/ecc-mod-arith.c \ + curve448/ecc-mod-inv.c \ + curve448/ecc-a-to-j.c \ + curve448/sec-tabselect.c curve448/cnd-copy.c curve448/sec-add-1.c \ + curve448/ecc-curve448.c $(curve448_genereated_headers) \ + curve448/curve448-eh-to-x.c curve448/curve448.h curve448/curve448-mul.c \ + curve448/curve448-mul-g.c + +libcrypto_la_SOURCES += \ + curve448/eddsa.h curve448/eddsa-compress.c curve448/eddsa-decompress.c \ + curve448/eddsa-expand.c curve448/eddsa-hash.c curve448/eddsa-internal.h \ + curve448/eddsa-pubkey.c curve448/eddsa-sign.c curve448/eddsa-verify.c \ + curve448/ed448-shake256.c curve448/ed448-shake256-pubkey.c \ + curve448/ed448-shake256-sign.c curve448/ed448-shake256-verify.c +endif -- cgit v1.2.1 From 07596231f2e4b3c28d1587907ce51fe15c2d990a Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 22 Apr 2019 08:27:43 +0200 Subject: algorithms: implement X448 key exchange and Ed448 signature scheme Signed-off-by: Daiki Ueno --- NEWS | 3 + devel/libdane-latest-x86_64.abi | 16 ++- devel/libgnutls-latest-x86_64.abi | 16 ++- doc/cha-crypto.texi | 2 +- doc/cha-gtls-app.texi | 4 +- doc/credentials/x509/cert-ed448.pem | 16 +++ doc/credentials/x509/clicert-ed448.pem | 16 +++ doc/credentials/x509/clikey-ed448.pem | 28 +++++ doc/credentials/x509/key-ed448.pem | 28 +++++ lib/algorithms.h | 7 +- lib/algorithms/ecc.c | 16 +++ lib/algorithms/groups.c | 7 ++ lib/algorithms/mac.c | 8 ++ lib/algorithms/publickey.c | 5 + lib/algorithms/sign.c | 11 ++ lib/auth/ecdhe.c | 17 ++- lib/ext/key_share.c | 14 ++- lib/includes/gnutls/gnutls.h.in | 28 ++++- lib/nettle/pk.c | 205 +++++++++++++++++++++++++++----- lib/pk.c | 1 + lib/priority.c | 14 ++- lib/privkey.c | 1 + lib/pubkey.c | 22 +++- lib/x509/common.h | 1 + lib/x509/key_decode.c | 5 + lib/x509/key_encode.c | 6 +- lib/x509/mpi.c | 4 +- lib/x509/output.c | 1 + lib/x509/privkey.c | 12 +- lib/x509/privkey_pkcs8.c | 13 +- lib/x509/x509_int.h | 2 + src/certtool-args.def | 2 +- src/certtool-common.c | 6 +- src/certtool-common.h | 2 +- src/certtool.c | 1 + tests/gnutls-strcodes.c | 2 + tests/privkey-keygen.c | 32 ++--- tests/suite/testcompat-common | 6 + tests/suite/testcompat-tls13-openssl.sh | 32 ++++- 39 files changed, 528 insertions(+), 84 deletions(-) create mode 100644 doc/credentials/x509/cert-ed448.pem create mode 100644 doc/credentials/x509/clicert-ed448.pem create mode 100644 doc/credentials/x509/clikey-ed448.pem create mode 100644 doc/credentials/x509/key-ed448.pem diff --git a/NEWS b/NEWS index fdc94fc88d..3b977c6c20 100644 --- a/NEWS +++ b/NEWS @@ -27,6 +27,9 @@ See the end for copying conditions. enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. +** libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 + signature algorithm (RFC 8032) under TLS (#984). + ** libgnutls: The min-verification-profile from system configuration applies for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. diff --git a/devel/libdane-latest-x86_64.abi b/devel/libdane-latest-x86_64.abi index ad8a136352..9e66a95bee 100644 --- a/devel/libdane-latest-x86_64.abi +++ b/devel/libdane-latest-x86_64.abi @@ -321,6 +321,8 @@ + + @@ -439,6 +441,7 @@ + @@ -480,7 +483,9 @@ - + + + @@ -496,7 +501,9 @@ - + + + @@ -551,7 +558,8 @@ - + + @@ -1711,6 +1719,8 @@ + + diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi index bf45d3c5b1..cab31da9a8 100644 --- a/devel/libgnutls-latest-x86_64.abi +++ b/devel/libgnutls-latest-x86_64.abi @@ -1563,6 +1563,8 @@ + + @@ -1680,6 +1682,7 @@ + @@ -1731,7 +1734,9 @@ - + + + @@ -1747,7 +1752,9 @@ - + + + @@ -1802,7 +1809,8 @@ - + + @@ -2963,6 +2971,8 @@ + + diff --git a/doc/cha-crypto.texi b/doc/cha-crypto.texi index da2ce20528..5fad4fdf6e 100644 --- a/doc/cha-crypto.texi +++ b/doc/cha-crypto.texi @@ -90,7 +90,7 @@ structures functions such as @funcref{gnutls_privkey_set_pin_function}. @subsection Key generation -All supported key types (including RSA, DSA, ECDSA, Ed25519) can be generated +All supported key types (including RSA, DSA, ECDSA, Ed25519, Ed448) can be generated with GnuTLS. They can be generated with the simpler @funcref{gnutls_privkey_generate} or with the more advanced @funcref{gnutls_privkey_generate2}. diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 75ac509e34..ab82f14aad 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1462,7 +1462,7 @@ Shortcut which enables secure GOST algorithms is SIGN-GOST-ALL. This option is only considered for TLS 1.2 and later. @item Groups @tab -GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, +GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, and GROUP-FFDHE8192. Groups include both elliptic curve groups, e.g., SECP256R1, as well as @@ -1473,7 +1473,7 @@ to finite fields (DH), GOST curves and generic elliptic curves. @item Elliptic curves (legacy) @tab CURVE-SECP192R1, CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, -CURVE-SECP521R1, and CURVE-X25519. +CURVE-SECP521R1, CURVE-X25519, and CURVE-X448. Catch all which enables all curves from NORMAL priority is CURVE-ALL. Note that the CURVE keyword is kept for backwards compatibility only, for new applications see the GROUP keyword above. diff --git a/doc/credentials/x509/cert-ed448.pem b/doc/credentials/x509/cert-ed448.pem new file mode 100644 index 0000000000..5633c1c2a7 --- /dev/null +++ b/doc/credentials/x509/cert-ed448.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChjCCAT6gAwIBAgIUcXZDPNExk2Hd9zkOd9c1QTud7Y0wDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0EwIBcNMTkwNDI0MTQ1NjU4WhgP +OTk5OTEyMzEyMzU5NTlaMAAwQzAFBgMrZXEDOgCa3d5h9mjy28CsJIdK20eiqmrV +n6iIvcXUMHBe0HlqjDMHgrUYYHhb5j/Xmxx89Y/XKLK/PXc5UQCjgY0wgYowDAYD +VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUYBo0B3El7CNa5XG8lewb +i5oZ3PswHwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcN +AQELBQADggExAC/syIXeeAirbS7Xwp8E4btQc/z1FbBIpTkMm+Bv9n/9SrIIoifn +aBs3KN7UGaTSdv8dpgIGhz0eB/x8i/fceBDJxmaT0xk8pne37uMdFdVZKNnZf0zC +bnkAr93cYWjrLpY53dZMmxBpTQWE11wDY/HjbXnYLrVAJ7g/l7Xql1t4XZ9zAPST +Y5kTNvkh74LcFvSallzpzniFSH9b/32O3rVwgSQ5jtKqYfNrVGGsJ/Yf7DXmItK4 +7x2UR44pcIcunzZTuuhPl6LNelInuPovoJp8zsHecA8se2oYO3I0fBF3CpwdLBjE +NKdYWrdY/y982nCqeKSJBlXuv1KJvxgKbwhRokdZlgbZDgFyWz9+dOlqL1QApB44 +A2ygsrT4MxZMGwwAp32EozNEMZZQmpnySt0= +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clicert-ed448.pem b/doc/credentials/x509/clicert-ed448.pem new file mode 100644 index 0000000000..1040542fb7 --- /dev/null +++ b/doc/credentials/x509/clicert-ed448.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChzCCAT+gAwIBAgIUIQqoC9+469QU4oVvjLFOlEXj1dowDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0EwIBcNMjAwMTEzMTAyMzQwWhgP +OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDmVkMjU1MTkgY2xpZW50MEMwBQYD +K2VxAzoAbUzL5LCjH5iTXzngBUzpalQzDhz4lUsOpQvWiXG5/MusIzLkIDc8CrQK +xBQh6UgFC7nWVrQrQB4Ao3YwdDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG +AQUFBwMCMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFIsD4KoMJwNc+Cq6lEuC +tINDOBwDMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3 +DQEBCwUAA4IBMQAGt8G7QHCEsYix0G5keG8FRtbrTdPmb7FobrRp2Mxq8LOKykap +LuCQjenVO/KOYseFGvn76NSrOpMdVef2cu4rvBdDq7Mer6bgRABugBOBTlhfrTOF +6XjNkVjSIpOZjumD1rtYmeTGWGC437FtqDOgbVHBnIrOyxduLr6NrbtC7nnRr3px +DTmeUG0Pa+AG9jGH25tRug+AI7Si9wTFEE1UZJdsyyliL3Rm+Br/XnYaVN/p97hL +MUeOIgdHS6ejPiYL281zjN3H6uRbG/9Hzv2X52uAHnRWIzJDGVL1E1jt025txW/q +toEoBRGN30M6xf1YYy7hBt6DYgZAzTdljeKPMMO/6QpiGF678uc+xoVBMlTn1bhb +/rWiMWo03Ee1W8Ymx2H3Aj2maD8h9ovps2wx +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clikey-ed448.pem b/doc/credentials/x509/clikey-ed448.pem new file mode 100644 index 0000000000..3ccb704b5d --- /dev/null +++ b/doc/credentials/x509/clikey-ed448.pem @@ -0,0 +1,28 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed448) + Key Security Level: Ultra (456 bits) + +curve: Ed448 +private key: + f0:c4:7b:22:dd:ef:95:e4:67:bb:d7:49:43:7f:12:56 + 44:7a:2c:53:a2:7d:1a:33:83:2f:2a:7c:54:aa:02:b5 + ed:ad:68:39:5b:6a:e6:3a:fc:9e:7f:de:08:47:a4:9c + f2:ec:bc:a1:2c:04:ad:71:fa: + +x: + 6d:4c:cb:e4:b0:a3:1f:98:93:5f:39:e0:05:4c:e9:6a + 54:33:0e:1c:f8:95:4b:0e:a5:0b:d6:89:71:b9:fc:cb + ac:23:32:e4:20:37:3c:0a:b4:0a:c4:14:21:e9:48:05 + 0b:b9:d6:56:b4:2b:40:1e:00: + + +Public Key PIN: + pin-sha256:2Rn8YAmzw19rFmh80LoUYPsqLZq7UQWpxDmGYO+J994= +Public Key ID: + sha256:d919fc6009b3c35f6b16687cd0ba1460fb2a2d9abb5105a9c4398660ef89f7de + sha1:8b03e0aa0c27035cf82aba944b82b48343381c03 + +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOfDEeyLd75XkZ7vXSUN/ElZEeixTon0aM4MvKnxUqgK1 +7a1oOVtq5jr8nn/eCEeknPLsvKEsBK1x+g== +-----END PRIVATE KEY----- diff --git a/doc/credentials/x509/key-ed448.pem b/doc/credentials/x509/key-ed448.pem new file mode 100644 index 0000000000..9f15dbdb74 --- /dev/null +++ b/doc/credentials/x509/key-ed448.pem @@ -0,0 +1,28 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed448) + Key Security Level: Ultra (456 bits) + +curve: Ed448 +private key: + 0c:f8:7e:b0:94:bf:46:d1:61:bd:e3:b9:9d:1d:32:85 + 6f:ec:fa:e0:14:23:92:cd:98:c0:91:db:20:6d:17:4b + bf:8e:f4:76:a9:cf:74:6d:94:30:6c:56:5f:97:ac:50 + 79:6f:02:1e:ff:8d:77:9c:a5: + +x: + 9a:dd:de:61:f6:68:f2:db:c0:ac:24:87:4a:db:47:a2 + aa:6a:d5:9f:a8:88:bd:c5:d4:30:70:5e:d0:79:6a:8c + 33:07:82:b5:18:60:78:5b:e6:3f:d7:9b:1c:7c:f5:8f + d7:28:b2:bf:3d:77:39:51:00: + + +Public Key PIN: + pin-sha256:tZSB72Ha+TK+0mlTzgErm+T+WcmLAXNCqpjSbzFC8JE= +Public Key ID: + sha256:b59481ef61daf932bed26953ce012b9be4fe59c98b017342aa98d26f3142f091 + sha1:601a34077125ec235ae571bc95ec1b8b9a19dcfb + +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOQz4frCUv0bRYb3juZ0dMoVv7PrgFCOSzZjAkdsgbRdL +v470dqnPdG2UMGxWX5esUHlvAh7/jXecpQ== +-----END PRIVATE KEY----- diff --git a/lib/algorithms.h b/lib/algorithms.h index fadf269871..c68a266cc9 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -44,7 +44,9 @@ ((x)==GNUTLS_PK_GOST_12_256)|| \ ((x)==GNUTLS_PK_GOST_12_512)) -#define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)||((x)==GNUTLS_PK_ECDH_X25519)||((x)==GNUTLS_PK_EDDSA_ED25519)) +#define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)|| \ + ((x)==GNUTLS_PK_ECDH_X25519)||((x)==GNUTLS_PK_EDDSA_ED25519)|| \ + ((x)==GNUTLS_PK_ECDH_X448)||((x)==GNUTLS_PK_EDDSA_ED448)) #define SIG_SEM_PRE_TLS12 (1<<1) #define SIG_SEM_TLS13 (1<<2) @@ -450,7 +452,8 @@ inline static int _curve_is_eddsa(const gnutls_ecc_curve_entry_st * e) { if (unlikely(e == NULL)) return 0; - if (e->pk == GNUTLS_PK_EDDSA_ED25519) + if (e->pk == GNUTLS_PK_EDDSA_ED25519 || + e->pk == GNUTLS_PK_EDDSA_ED448) return 1; return 0; } diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index 8b4b78f67d..14351b87ad 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -96,6 +96,22 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { .sig_size = 64, .supported = 1, }, + { + .name = "X448", + .id = GNUTLS_ECC_CURVE_X448, + .pk = GNUTLS_PK_ECDH_X448, + .size = 56, + .supported = 1, + }, + { + .name = "Ed448", + .oid = SIG_ED448_OID, + .id = GNUTLS_ECC_CURVE_ED448, + .pk = GNUTLS_PK_EDDSA_ED448, + .size = 57, + .sig_size = 114, + .supported = 1, + }, #if ENABLE_GOST /* Curves for usage in GOST digital signature algorithm (GOST R * 34.10-2001/-2012) and key agreement (VKO GOST R 34.10-2001/-2012). diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c index 6e1326666a..d4b77beb2a 100644 --- a/lib/algorithms/groups.c +++ b/lib/algorithms/groups.c @@ -125,6 +125,13 @@ static const gnutls_group_entry_st supported_groups[] = { .tls_id = 40, }, #endif + { + .name = "X448", + .id = GNUTLS_GROUP_X448, + .curve = GNUTLS_ECC_CURVE_X448, + .tls_id = 30, + .pk = GNUTLS_PK_ECDH_X448 + }, #ifdef ENABLE_DHE { .name = "FFDHE2048", diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 376c76df06..edd6e10acc 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -183,6 +183,14 @@ mac_entry_st hash_algorithms[] = { .key_size = 32, .block_size = 8, .flags = GNUTLS_MAC_FLAG_CONTINUOUS_MAC}, + {.name = "SHAKE-128", + .oid = HASH_OID_SHAKE_128, + .id = GNUTLS_MAC_SHAKE_128, + .block_size = 168}, + {.name = "SHAKE-256", + .oid = HASH_OID_SHAKE_256, + .id = GNUTLS_MAC_SHAKE_256, + .block_size = 136}, {.name = "MAC-NULL", .id = GNUTLS_MAC_NULL}, {0, 0, 0, 0, 0, 0, 0, 0, 0} diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index dc535c2f65..c298a38936 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -51,6 +51,7 @@ static const gnutls_pk_map pk_mappings[] = { {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EDDSA_ED25519, CIPHER_SIGN}, + {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EDDSA_ED448, CIPHER_SIGN}, {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA_PSS, CIPHER_SIGN}, {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA_PSS, CIPHER_SIGN}, @@ -141,10 +142,14 @@ static const gnutls_pk_entry pk_algorithms[] = { .curve = GNUTLS_ECC_CURVE_INVALID }, { .name = "EdDSA (Ed25519)", .oid = SIG_EDDSA_SHA512_OID, .id = GNUTLS_PK_EDDSA_ED25519, .curve = GNUTLS_ECC_CURVE_ED25519, .no_prehashed = 1 }, + { .name = "EdDSA (Ed448)", .oid = SIG_ED448_OID, .id = GNUTLS_PK_EDDSA_ED448, + .curve = GNUTLS_ECC_CURVE_ED448, .no_prehashed = 1 }, { .name = "DH", .oid = NULL, .id = GNUTLS_PK_DH, .curve = GNUTLS_ECC_CURVE_INVALID }, { .name = "ECDH (X25519)", .oid = "1.3.101.110", .id = GNUTLS_PK_ECDH_X25519, .curve = GNUTLS_ECC_CURVE_X25519 }, + { .name = "ECDH (X448)", .oid = "1.3.101.111", .id = GNUTLS_PK_ECDH_X448, + .curve = GNUTLS_ECC_CURVE_X448 }, { .name = "UNKNOWN", .oid = NULL, .id = GNUTLS_PK_UNKNOWN, .curve = GNUTLS_ECC_CURVE_INVALID }, {0, 0, 0, 0} diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 167c5fb51b..9c95e388ae 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -125,6 +125,17 @@ gnutls_sign_entry_st sign_algorithms[] = { .flags = GNUTLS_SIGN_FLAG_TLS13_OK, .aid = {{8, 7}, SIG_SEM_DEFAULT}}, + /* Ed448: The hash algorithm here is set to be SHAKE256, although that is + * an internal detail of Ed448; we set it, because CMS/PKCS#7 requires + * that mapping. */ + {.name = "EdDSA-Ed448", + .oid = SIG_ED448_OID, + .id = GNUTLS_SIGN_EDDSA_ED448, + .pk = GNUTLS_PK_EDDSA_ED448, + .hash = GNUTLS_DIG_SHAKE_256, + .flags = GNUTLS_SIGN_FLAG_TLS13_OK, + .aid = {{8, 8}, SIG_SEM_DEFAULT}}, + /* ECDSA */ /* The following three signature algorithms * have different semantics when used under TLS 1.2 diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 8c20d6c1cc..883f6cd046 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -172,7 +172,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, gnutls_assert(); goto cleanup; } - } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519) { + } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || + ecurve->pk == GNUTLS_PK_ECDH_X448) { if (ecurve->size != point_size) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); @@ -183,7 +184,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, goto cleanup; } - /* RFC7748 requires to mask the MSB in the final byte */ + /* RFC7748 requires to mask the MSB in the final byte + * for X25519 (not X448) */ if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f; } @@ -282,7 +284,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, gnutls_assert(); goto cleanup; } - } else if (pk == GNUTLS_PK_ECDH_X25519) { + } else if (pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448) { ret = _gnutls_buffer_append_data_prefix(data, 8, session->key.proto.tls12.ecdh.params.raw_pub.data, @@ -382,7 +384,8 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519) { + } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || + ecurve->pk == GNUTLS_PK_ECDH_X448) { if (ecurve->size != point_size) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); @@ -391,7 +394,8 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - /* RFC7748 requires to mask the MSB in the final byte */ + /* RFC7748 requires to mask the MSB in the final byte + * for X25519 (not X448) */ if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f; } @@ -462,7 +466,8 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { ret = _gnutls_buffer_append_data_prefix(data, 8, session->key.proto.tls12.ecdh.params.raw_pub.data, diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c index 4ae12c96b5..41dd1b7326 100644 --- a/lib/ext/key_share.c +++ b/lib/ext/key_share.c @@ -75,6 +75,7 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent int ret; if (group->pk != GNUTLS_PK_EC && group->pk != GNUTLS_PK_ECDH_X25519 && + group->pk != GNUTLS_PK_ECDH_X448 && group->pk != GNUTLS_PK_DH) { _gnutls_debug_log("Cannot send key share for group %s!\n", group->name); return GNUTLS_E_INT_RET_0; @@ -115,7 +116,8 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { gnutls_pk_params_release(&session->key.kshare.ecdhx_params); gnutls_pk_params_init(&session->key.kshare.ecdhx_params); @@ -195,6 +197,7 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent int ret; if (group->pk != GNUTLS_PK_EC && group->pk != GNUTLS_PK_ECDH_X25519 && + group->pk != GNUTLS_PK_ECDH_X448 && group->pk != GNUTLS_PK_DH) { _gnutls_debug_log("Cannot send key share for group %s!\n", group->name); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; @@ -224,7 +227,8 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { ret = _gnutls_buffer_append_data_prefix(extdata, 16, session->key.kshare.ecdhx_params.raw_pub.data, @@ -300,7 +304,8 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { gnutls_pk_params_st pub; gnutls_pk_params_release(&session->key.kshare.ecdhx_params); @@ -438,7 +443,8 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { gnutls_pk_params_st pub; curve = _gnutls_ecc_curve_get_params(group->curve); diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 1d0f924c26..3f6faa2ec0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -294,6 +294,8 @@ typedef enum { * @GNUTLS_MAC_SHA3_384: Reserved; unimplemented. * @GNUTLS_MAC_SHA3_512: Reserved; unimplemented. * @GNUTLS_MAC_GOST28147_TC26Z_IMIT: The GOST 28147-89 working in IMIT mode with TC26 Z S-box. + * @GNUTLS_MAC_SHAKE_128: Reserved; unimplemented. + * @GNUTLS_MAC_SHAKE_256: Reserved; unimplemented. * * Enumeration of different Message Authentication Code (MAC) * algorithms. @@ -328,6 +330,8 @@ typedef enum { GNUTLS_MAC_AES_GMAC_192 = 206, GNUTLS_MAC_AES_GMAC_256 = 207, GNUTLS_MAC_GOST28147_TC26Z_IMIT = 208, + GNUTLS_MAC_SHAKE_128 = 209, + GNUTLS_MAC_SHAKE_256 = 210 } gnutls_mac_algorithm_t; /** @@ -350,6 +354,8 @@ typedef enum { * @GNUTLS_DIG_GOSTR_94: GOST R 34.11-94 algorithm. * @GNUTLS_DIG_STREEBOG_256: GOST R 34.11-2001 (Streebog) algorithm, 256 bit. * @GNUTLS_DIG_STREEBOG_512: GOST R 34.11-2001 (Streebog) algorithm, 512 bit. + * @GNUTLS_DIG_SHAKE_128: Reserved; unimplemented. + * @GNUTLS_DIG_SHAKE_256: Reserved; unimplemented. * * Enumeration of different digest (hash) algorithms. */ @@ -371,7 +377,9 @@ typedef enum { GNUTLS_DIG_MD5_SHA1 = GNUTLS_MAC_MD5_SHA1, GNUTLS_DIG_GOSTR_94 = GNUTLS_MAC_GOSTR_94, GNUTLS_DIG_STREEBOG_256 = GNUTLS_MAC_STREEBOG_256, - GNUTLS_DIG_STREEBOG_512 = GNUTLS_MAC_STREEBOG_512 + GNUTLS_DIG_STREEBOG_512 = GNUTLS_MAC_STREEBOG_512, + GNUTLS_DIG_SHAKE_128 = GNUTLS_MAC_SHAKE_128, + GNUTLS_DIG_SHAKE_256 = GNUTLS_MAC_SHAKE_256 /* If you add anything here, make sure you align with gnutls_mac_algorithm_t. */ } gnutls_digest_algorithm_t; @@ -833,6 +841,8 @@ typedef enum gnutls_certificate_print_formats { * @GNUTLS_PK_GOST_01: GOST R 34.10-2001 algorithm per rfc5832. * @GNUTLS_PK_GOST_12_256: GOST R 34.10-2012 algorithm, 256-bit key per rfc7091. * @GNUTLS_PK_GOST_12_512: GOST R 34.10-2012 algorithm, 512-bit key per rfc7091. + * @GNUTLS_PK_ECDH_X448: Elliptic curve algorithm, restricted to ECDH as per rfc7748. + * @GNUTLS_PK_EDDSA_ED448: Edwards curve Digital signature algorithm. Used with SHAKE256 on signatures. * * Enumeration of different public-key algorithms. */ @@ -848,7 +858,9 @@ typedef enum { GNUTLS_PK_GOST_01 = 8, GNUTLS_PK_GOST_12_256 = 9, GNUTLS_PK_GOST_12_512 = 10, - GNUTLS_PK_MAX = GNUTLS_PK_GOST_12_512 + GNUTLS_PK_ECDH_X448 = 11, + GNUTLS_PK_EDDSA_ED448 = 12, + GNUTLS_PK_MAX = GNUTLS_PK_EDDSA_ED448 } gnutls_pk_algorithm_t; @@ -912,6 +924,7 @@ const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm); * @GNUTLS_SIGN_GOST_94: Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-94 * @GNUTLS_SIGN_GOST_256: Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 256 bit * @GNUTLS_SIGN_GOST_512: Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 512 bit + * @GNUTLS_SIGN_EDDSA_ED448: Digital signature algorithm EdDSA with Ed448 curve. * * Enumeration of different digital signature algorithms. */ @@ -968,7 +981,8 @@ typedef enum { GNUTLS_SIGN_GOST_94 = 43, GNUTLS_SIGN_GOST_256 = 44, GNUTLS_SIGN_GOST_512 = 45, - GNUTLS_SIGN_MAX = GNUTLS_SIGN_GOST_512 + GNUTLS_SIGN_EDDSA_ED448 = 46, + GNUTLS_SIGN_MAX = GNUTLS_SIGN_EDDSA_ED448 } gnutls_sign_algorithm_t; /** @@ -993,6 +1007,8 @@ typedef enum { * @GNUTLS_ECC_CURVE_GOST256B: GOST R 34.10 TC26 256 B curve * @GNUTLS_ECC_CURVE_GOST256C: GOST R 34.10 TC26 256 C curve * @GNUTLS_ECC_CURVE_GOST256D: GOST R 34.10 TC26 256 D curve + * @GNUTLS_ECC_CURVE_X448: the X448 curve (ECDH only) + * @GNUTLS_ECC_CURVE_ED448: the Ed448 curve * * Enumeration of ECC curves. */ @@ -1017,7 +1033,9 @@ typedef enum { GNUTLS_ECC_CURVE_GOST256B, GNUTLS_ECC_CURVE_GOST256C, GNUTLS_ECC_CURVE_GOST256D, - GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_GOST256D + GNUTLS_ECC_CURVE_X448, + GNUTLS_ECC_CURVE_ED448, + GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_ED448 } gnutls_ecc_curve_t; /** @@ -1041,6 +1059,7 @@ typedef enum { * @GNUTLS_GROUP_FFDHE4096: the FFDHE4096 group * @GNUTLS_GROUP_FFDHE6144: the FFDHE6144 group * @GNUTLS_GROUP_FFDHE8192: the FFDHE8192 group + * @GNUTLS_GROUP_X448: the X448 curve group * * Enumeration of supported groups. It is intended to be backwards * compatible with the enumerations in %gnutls_ecc_curve_t for the groups @@ -1054,6 +1073,7 @@ typedef enum { GNUTLS_GROUP_SECP384R1 = GNUTLS_ECC_CURVE_SECP384R1, GNUTLS_GROUP_SECP521R1 = GNUTLS_ECC_CURVE_SECP521R1, GNUTLS_GROUP_X25519 = GNUTLS_ECC_CURVE_X25519, + GNUTLS_GROUP_X448 = GNUTLS_ECC_CURVE_X448, GNUTLS_GROUP_GC256A = GNUTLS_ECC_CURVE_GOST256A, GNUTLS_GROUP_GC256B = GNUTLS_ECC_CURVE_GOST256B, diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 823c9b9809..4be8dc7eda 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -48,6 +48,12 @@ #include #include #include +#if HAVE_CURVE448 +#include +#else +#include "curve448/curve448.h" +#include "curve448/eddsa.h" +#endif #include #include #if ENABLE_GOST @@ -235,6 +241,22 @@ ecc_shared_secret(struct ecc_scalar *private_key, */ #define DH_EXPONENT_SIZE(p_size) (2*_gnutls_pk_bits_to_subgroup_bits(p_size)) +static inline int +edwards_curve_mul(gnutls_pk_algorithm_t algo, + uint8_t *q, const uint8_t *n, const uint8_t *p) +{ + switch (algo) { + case GNUTLS_PK_ECDH_X25519: + curve25519_mul(q, n, p); + return 0; + case GNUTLS_PK_ECDH_X448: + curve448_mul(q, n, p); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); + } +} + /* This is used for DH or ECDH key derivation. In DH for example * it is given the peers Y and our x, and calculates Y^x */ @@ -388,6 +410,7 @@ dh_cleanup: break; } case GNUTLS_PK_ECDH_X25519: + case GNUTLS_PK_ECDH_X448: { unsigned size = gnutls_ecc_curve_get_size(priv->curve); @@ -407,7 +430,9 @@ dh_cleanup: out->size = size; - curve25519_mul(out->data, priv->raw_priv.data, pub->raw_pub.data); + ret = edwards_curve_mul(algo, out->data, priv->raw_priv.data, pub->raw_pub.data); + if (ret < 0) + goto cleanup; if (_gnutls_mem_is_zero(out->data, out->size)) { gnutls_free(out->data); @@ -739,11 +764,43 @@ _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig, return ret; } +static inline gnutls_ecc_curve_t +get_eddsa_curve(gnutls_pk_algorithm_t algo) +{ + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + return GNUTLS_ECC_CURVE_ED25519; + case GNUTLS_PK_EDDSA_ED448: + return GNUTLS_ECC_CURVE_ED448; + default: + return gnutls_assert_val(GNUTLS_ECC_CURVE_INVALID); + } +} + +static inline int +eddsa_sign(gnutls_pk_algorithm_t algo, + const uint8_t *pub, + const uint8_t *priv, + size_t length, const uint8_t *msg, + uint8_t *signature) +{ + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + ed25519_sha512_sign(pub, priv, length, msg, signature); + return 0; + case GNUTLS_PK_EDDSA_ED448: + ed448_shake256_sign(pub, priv, length, msg, signature); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + } +} + /* This is the lower-level part of privkey_sign_raw_data(). * * It accepts data in the appropriate hash form, i.e., DigestInfo * for PK_RSA, hash for PK_ECDSA, PK_DSA, PK_RSA_PSS, and raw data - * for Ed25519. + * for Ed25519 and Ed448. * * in case of EC/DSA, signed data are encoded into r,s values */ @@ -774,10 +831,11 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_EDDSA_ED25519: /* we do EdDSA */ + case GNUTLS_PK_EDDSA_ED448: { const gnutls_ecc_curve_entry_st *e; - if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519) + if (unlikely(get_eddsa_curve(algo) != pk_params->curve)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); e = _gnutls_ecc_curve_get_params(pk_params->curve); @@ -792,12 +850,18 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, signature->size = e->sig_size; - if (pk_params->raw_pub.size != e->size || pk_params->raw_priv.size != e->size) - return gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED); + if (pk_params->raw_pub.size != e->size || pk_params->raw_priv.size != e->size) { + ret = gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED); + goto cleanup; + } - ed25519_sha512_sign(pk_params->raw_pub.data, - pk_params->raw_priv.data, - vdata->size, vdata->data, signature->data); + ret = eddsa_sign(algo, + pk_params->raw_pub.data, + pk_params->raw_priv.data, + vdata->size, vdata->data, + signature->data); + if (ret < 0) + goto cleanup; break; } @@ -1130,6 +1194,30 @@ _rsa_pss_verify_digest(gnutls_digest_algorithm_t dig, return verify_func(pub, salt_size, digest, s); } +static inline int +eddsa_verify(gnutls_pk_algorithm_t algo, + const uint8_t *pub, + size_t length, const uint8_t *msg, + const uint8_t *signature) +{ + int ret; + + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + ret = ed25519_sha512_verify(pub, length, msg, signature); + if (ret == 0) + return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); + return 0; + case GNUTLS_PK_EDDSA_ED448: + ret = ed448_shake256_verify(pub, length, msg, signature); + if (ret == 0) + return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + } +} + static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, const gnutls_datum_t * vdata, @@ -1149,10 +1237,11 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_EDDSA_ED25519: /* we do EdDSA */ + case GNUTLS_PK_EDDSA_ED448: { const gnutls_ecc_curve_entry_st *e; - if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519) + if (unlikely(get_eddsa_curve(algo) != pk_params->curve)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); e = _gnutls_ecc_curve_get_params(pk_params->curve); @@ -1165,13 +1254,10 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, if (pk_params->raw_pub.size != e->size) return gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED); - ret = ed25519_sha512_verify(pk_params->raw_pub.data, vdata->size, vdata->data, signature->data); - if (ret == 0) { - gnutls_assert(); - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - } else { - ret = 0; - } + ret = eddsa_verify(algo, + pk_params->raw_pub.data, + vdata->size, vdata->data, + signature->data); break; } #if ENABLE_GOST @@ -1431,6 +1517,8 @@ static int _wrap_nettle_pk_curve_exists(gnutls_ecc_curve_t curve) switch (curve) { case GNUTLS_ECC_CURVE_ED25519: case GNUTLS_ECC_CURVE_X25519: + case GNUTLS_ECC_CURVE_ED448: + case GNUTLS_ECC_CURVE_X448: return 1; default: return ((get_supported_nist_curve(curve)!=NULL || @@ -1556,6 +1644,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA: case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: #if ENABLE_GOST case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: @@ -1914,6 +2003,7 @@ gnutls_x509_spki_st spki; FALLTHROUGH; case GNUTLS_PK_EC: /* we only do keys for ECDSA */ case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_DSA: case GNUTLS_PK_RSA_PSS: case GNUTLS_PK_GOST_01: @@ -1934,6 +2024,7 @@ gnutls_x509_spki_st spki; break; case GNUTLS_PK_DH: case GNUTLS_PK_ECDH_X25519: + case GNUTLS_PK_ECDH_X448: ret = 0; goto cleanup; default: @@ -1953,6 +2044,38 @@ cleanup: } #endif +static inline int +eddsa_public_key(gnutls_pk_algorithm_t algo, + uint8_t *pub, const uint8_t *priv) +{ + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + ed25519_sha512_public_key(pub, priv); + return 0; + case GNUTLS_PK_EDDSA_ED448: + ed448_shake256_public_key(pub, priv); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + } +} + +static inline int +edwards_curve_mul_g(gnutls_pk_algorithm_t algo, + uint8_t *q, const uint8_t *n) +{ + switch (algo) { + case GNUTLS_PK_ECDH_X25519: + curve25519_mul_g(q, n); + return 0; + case GNUTLS_PK_ECDH_X448: + curve448_mul_g(q, n); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); + } +} + /* To generate a DH key either q must be set in the params or * level should be set to the number of required bits. */ @@ -2190,13 +2313,14 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, break; } case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: { unsigned size = gnutls_ecc_curve_get_size(level); if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (level != GNUTLS_ECC_CURVE_ED25519) + if (unlikely(get_eddsa_curve(algo) != level)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); if (size == 0) @@ -2222,7 +2346,11 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->raw_pub.size = size; params->raw_priv.size = size; - ed25519_sha512_public_key(params->raw_pub.data, params->raw_priv.data); + ret = eddsa_public_key(algo, + params->raw_pub.data, + params->raw_priv.data); + if (ret < 0) + goto fail; break; } @@ -2335,6 +2463,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, } #endif case GNUTLS_PK_ECDH_X25519: + case GNUTLS_PK_ECDH_X448: { unsigned size = gnutls_ecc_curve_get_size(level); @@ -2361,7 +2490,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->raw_pub.size = size; params->raw_priv.size = size; - curve25519_mul_g(params->raw_pub.data, params->raw_priv.data); + ret = edwards_curve_mul_g(algo, params->raw_pub.data, params->raw_priv.data); + if (ret < 0) + goto fail; break; } default: @@ -2595,18 +2726,29 @@ wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo, mpz_clear(y2); } break; - case GNUTLS_PK_EDDSA_ED25519: { - uint8_t pub[32]; + case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: { + gnutls_ecc_curve_t curve; + const gnutls_ecc_curve_entry_st *e; + uint8_t pub[57]; /* can accommodate both curves */ + + curve = get_eddsa_curve(algo); + e = _gnutls_ecc_curve_get_params(curve); + if (e == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (params->raw_pub.data == NULL) { return 0; /* nothing to verify */ } - if (params->raw_pub.size != 32) + if (params->raw_pub.size != e->size) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); - ed25519_sha512_public_key(pub, params->raw_priv.data); - if (memcmp(params->raw_pub.data, pub, 32) != 0) + ret = eddsa_public_key(algo, pub, params->raw_priv.data); + if (ret < 0) + return ret; + + if (memcmp(params->raw_pub.data, pub, e->size) != 0) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ret = 0; @@ -2707,6 +2849,7 @@ wrap_nettle_pk_verify_pub_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA_PSS: case GNUTLS_PK_DSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return 0; case GNUTLS_PK_ECDSA: { @@ -2892,8 +3035,9 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, if (ret == 0) { return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); } - } else if (algo == GNUTLS_PK_EDDSA_ED25519) { - if (params->curve != GNUTLS_ECC_CURVE_ED25519) + } else if (algo == GNUTLS_PK_EDDSA_ED25519 || + algo == GNUTLS_PK_EDDSA_ED448) { + if (unlikely(get_eddsa_curve(algo) != params->curve)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); if (params->raw_priv.data == NULL) @@ -2906,7 +3050,14 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, if (params->raw_pub.data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - ed25519_sha512_public_key(params->raw_pub.data, params->raw_priv.data); + ret = eddsa_public_key(algo, + params->raw_pub.data, + params->raw_priv.data); + if (ret < 0) { + gnutls_free(params->raw_pub.data); + return ret; + } + params->raw_pub.size = params->raw_priv.size; } else if (algo == GNUTLS_PK_RSA_PSS) { if (params->params_nr < RSA_PRIVATE_PARAMS - 3) diff --git a/lib/pk.c b/lib/pk.c index debcc2ac09..24f808000a 100644 --- a/lib/pk.c +++ b/lib/pk.c @@ -1215,6 +1215,7 @@ pk_prepare_hash(gnutls_pk_algorithm_t pk, case GNUTLS_PK_DSA: case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: diff --git a/lib/priority.c b/lib/priority.c index bcabee9018..ad99459adb 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -132,7 +132,8 @@ static const int _supported_groups_ecdh[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ 0 }; @@ -153,7 +154,8 @@ static const int _supported_groups_normal[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ /* These should stay last as our default behavior * is to send key shares for two top types (GNUTLS_KEY_SHARE_TOP2) @@ -172,7 +174,8 @@ static const int _supported_groups_secure128[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ GNUTLS_GROUP_FFDHE2048, GNUTLS_GROUP_FFDHE3072, GNUTLS_GROUP_FFDHE4096, @@ -419,6 +422,8 @@ static const int _sign_priority_default[] = { GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, + GNUTLS_SIGN_EDDSA_ED448, + GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, @@ -455,6 +460,7 @@ static const int _sign_priority_secure128[] = { GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_RSA_SHA384, @@ -463,6 +469,8 @@ static const int _sign_priority_secure128[] = { GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, + GNUTLS_SIGN_EDDSA_ED448, + GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, diff --git a/lib/privkey.c b/lib/privkey.c index 425cc3e7c6..4114e2ca18 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -205,6 +205,7 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk, break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data, priv->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/pubkey.c b/lib/pubkey.c index 3b4d7f9003..eb7fdbaa82 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -61,6 +61,7 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st * params) return _gnutls_mpi_get_nbits(params->params[DSA_P]); case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: @@ -314,6 +315,12 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, if (hash) *hash = GNUTLS_DIG_SHA512; + ret = 0; + break; + case GNUTLS_PK_EDDSA_ED448: + if (hash) + *hash = GNUTLS_DIG_SHAKE_256; + ret = 0; break; case GNUTLS_PK_GOST_01: @@ -891,7 +898,8 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, if (curve) *curve = key->params.curve; - if (key->params.algo == GNUTLS_PK_EDDSA_ED25519) { + if (key->params.algo == GNUTLS_PK_EDDSA_ED25519 || + key->params.algo == GNUTLS_PK_EDDSA_ED448) { if (x) { ret = _gnutls_set_datum(x, key->params.raw_pub.data, key->params.raw_pub.size); if (ret < 0) @@ -1429,7 +1437,16 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, goto cleanup; } - key->params.algo = GNUTLS_PK_EDDSA_ED25519; + switch (curve) { + case GNUTLS_ECC_CURVE_ED25519: + key->params.algo = GNUTLS_PK_EDDSA_ED25519; + break; + case GNUTLS_ECC_CURVE_ED448: + key->params.algo = GNUTLS_PK_EDDSA_ED448; + break; + default: + break; + } key->params.curve = curve; key->bits = pubkey_to_bits(&key->params); @@ -2232,6 +2249,7 @@ pubkey_verify_data(const gnutls_sign_entry_st *se, break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: if (_gnutls_pk_verify(se->pk, data, signature, params, sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; diff --git a/lib/x509/common.h b/lib/x509/common.h index d36c263a58..498ccc4e97 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -98,6 +98,7 @@ #define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16" #define SIG_EDDSA_SHA512_OID "1.3.101.112" +#define SIG_ED448_OID "1.3.101.113" #define XMPP_OID "1.3.6.1.5.5.7.8.5" #define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2" diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index e42f5e0962..c79f6eee37 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -565,6 +565,9 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, case GNUTLS_PK_EDDSA_ED25519: ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED25519, der, dersize, params); break; + case GNUTLS_PK_EDDSA_ED448: + ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED448, der, dersize, params); + break; case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: @@ -590,6 +593,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_RSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return 0; case GNUTLS_PK_RSA_PSS: return _gnutls_x509_read_rsa_pss_params(der, dersize, ¶ms->spki); @@ -634,6 +638,7 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params) case GNUTLS_PK_DSA: case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index a589dd4f33..b9cbcff7bc 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -150,7 +150,8 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, if (params->raw_pub.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (params->curve != GNUTLS_ECC_CURVE_ED25519) + if (params->curve != GNUTLS_ECC_CURVE_ED25519 && + params->curve != GNUTLS_ECC_CURVE_ED448) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); @@ -252,6 +253,7 @@ _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params, case GNUTLS_PK_ECDSA: return _gnutls_x509_write_ecc_params(params->curve, der); case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: der->data = NULL; der->size = 0; @@ -278,6 +280,7 @@ _gnutls_x509_write_pubkey(const gnutls_pk_params_st * params, case GNUTLS_PK_ECDSA: return _gnutls_x509_write_ecc_pubkey(params, der); case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return _gnutls_x509_write_eddsa_pubkey(params, der); case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: @@ -1031,6 +1034,7 @@ int _gnutls_asn1_encode_privkey(ASN1_TYPE * c2, return _gnutls_asn1_encode_dsa(c2, params); case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return _gnutls_asn1_encode_ecc(c2, params); case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 1be3da484e..a0bdfab9f7 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -134,7 +134,9 @@ _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root, _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters"); - if (pk_algorithm != GNUTLS_PK_RSA && pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && pk_algorithm != GNUTLS_PK_ECDH_X25519) { + if (pk_algorithm != GNUTLS_PK_RSA && + pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && pk_algorithm != GNUTLS_PK_ECDH_X25519 && + pk_algorithm != GNUTLS_PK_EDDSA_ED448 && pk_algorithm != GNUTLS_PK_ECDH_X448) { /* RSA and EdDSA do not use parameters */ result = _gnutls_x509_read_value(asn, name, &tmp); if (pk_algorithm == GNUTLS_PK_RSA_PSS && diff --git a/lib/x509/output.c b/lib/x509/output.c index da45917753..2aa78b478b 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1406,6 +1406,7 @@ print_pubkey(gnutls_buffer_st * str, const char *key_name, break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_ECDSA: { gnutls_datum_t x, y; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index a9579914f8..b26295e51b 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1116,7 +1116,17 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, if (curve_is_eddsa(curve)) { unsigned size; - key->params.algo = GNUTLS_PK_EDDSA_ED25519; + switch (curve) { + case GNUTLS_ECC_CURVE_ED25519: + key->params.algo = GNUTLS_PK_EDDSA_ED25519; + break; + case GNUTLS_ECC_CURVE_ED448: + key->params.algo = GNUTLS_PK_EDDSA_ED448; + break; + default: + ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + goto cleanup; + } size = gnutls_ecc_curve_get_size(curve); if (x->size != size || k->size != size) { diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index bcc6dd24ec..f23008fbe5 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -69,6 +69,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) switch (pkey->params.algo) { case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: /* we encode as octet string (which is going to be stored inside * another octet string). No comments. */ ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, @@ -1115,7 +1116,16 @@ _decode_pkcs8_eddsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, const c return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); } gnutls_free(pkey->params.raw_priv.data); - pkey->params.algo = GNUTLS_PK_EDDSA_ED25519; + switch (curve) { + case GNUTLS_ECC_CURVE_ED25519: + pkey->params.algo = GNUTLS_PK_EDDSA_ED25519; + break; + case GNUTLS_ECC_CURVE_ED448: + pkey->params.algo = GNUTLS_PK_EDDSA_ED448; + break; + default: + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } pkey->params.raw_priv.data = tmp.data; pkey->params.raw_priv.size = tmp.size; pkey->params.curve = curve; @@ -1449,6 +1459,7 @@ decode_private_key_info(const gnutls_datum_t * der, result = _decode_pkcs8_ecc_key(pkcs8_asn, pkey); break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: result = _decode_pkcs8_eddsa_key(pkcs8_asn, pkey, oid); break; case GNUTLS_PK_GOST_01: diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 39a25307a0..050e95059e 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -48,6 +48,8 @@ #define HASH_OID_SHA3_256 "2.16.840.1.101.3.4.2.8" #define HASH_OID_SHA3_384 "2.16.840.1.101.3.4.2.9" #define HASH_OID_SHA3_512 "2.16.840.1.101.3.4.2.10" +#define HASH_OID_SHAKE_128 "2.16.840.1.101.3.4.2.11" +#define HASH_OID_SHAKE_256 "2.16.840.1.101.3.4.2.12" #define HASH_OID_GOST_R_3411_94 "1.2.643.2.2.9" #define HASH_OID_STREEBOG_256 "1.2.643.7.1.1.2.2" #define HASH_OID_STREEBOG_512 "1.2.643.7.1.1.2.3" diff --git a/src/certtool-args.def b/src/certtool-args.def index f10f57bdbb..645dc563cc 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -200,7 +200,7 @@ flag = { arg-type = string; descrip = "Specify the key type to use on key generation"; doc = "This option can be combined with --generate-privkey, to specify -the key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'dsa', 'ecdsa', and 'ed25519'. +the key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'dsa', 'ecdsa', 'ed25519, and 'ed448'.'. When combined with certificate generation it can be used to specify an RSA-PSS certificate when an RSA key is given."; }; diff --git a/src/certtool-common.c b/src/certtool-common.c index 3fafa5977c..c76352c9d8 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -1287,7 +1287,9 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo, gnutls_free(q.data); gnutls_free(g.data); } - } else if (key_type == GNUTLS_PK_ECDSA || key_type == GNUTLS_PK_EDDSA_ED25519) { + } else if (key_type == GNUTLS_PK_ECDSA || + key_type == GNUTLS_PK_EDDSA_ED25519 || + key_type == GNUTLS_PK_EDDSA_ED448) { gnutls_datum_t y, x, k; gnutls_ecc_curve_t curve; @@ -1641,6 +1643,8 @@ gnutls_pk_algorithm_t figure_key_type(const char *key_type) return GNUTLS_PK_RSA_PSS; else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0) return GNUTLS_PK_EDDSA_ED25519; + else if (strcasecmp(key_type, "ed448") == 0) + return GNUTLS_PK_EDDSA_ED448; else if (strcasecmp(key_type, "dsa") == 0) return GNUTLS_PK_DSA; else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0) diff --git a/src/certtool-common.h b/src/certtool-common.h index bfeb66b2da..04c7a3e91a 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -90,7 +90,7 @@ void switch_to_pkcs8_when_needed(common_info_st *cinfo, gnutls_x509_privkey_t ke if (cinfo->pkcs8) return; - if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || + if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || key_type == GNUTLS_PK_EDDSA_ED448 || key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 || key_type == GNUTLS_PK_GOST_12_512) { if (cinfo->verbose) diff --git a/src/certtool.c b/src/certtool.c index 35438daafa..b65359c27c 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -168,6 +168,7 @@ generate_private_key_int(common_info_st * cinfo) if (key_type == GNUTLS_PK_ECDSA || key_type == GNUTLS_PK_EDDSA_ED25519 || + key_type == GNUTLS_PK_EDDSA_ED448 || key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 || key_type == GNUTLS_PK_GOST_12_512) { diff --git a/tests/gnutls-strcodes.c b/tests/gnutls-strcodes.c index 0d3f14b600..952fc5fbb4 100644 --- a/tests/gnutls-strcodes.c +++ b/tests/gnutls-strcodes.c @@ -129,6 +129,8 @@ void doit(void) check_unique_non_null(gnutls_ecc_curve_get_name(i)); if (i == GNUTLS_ECC_CURVE_X25519) continue; /* no oid yet */ + if (i == GNUTLS_ECC_CURVE_X448) + continue; /* no oid yet */ check_unique_non_null(gnutls_ecc_curve_get_oid(i)); } diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c index 7491e3cf33..31634bd095 100644 --- a/tests/privkey-keygen.c +++ b/tests/privkey-keygen.c @@ -65,36 +65,29 @@ static void sign_verify_data(gnutls_pk_algorithm_t algorithm, gnutls_x509_privke gnutls_datum_t signature; gnutls_digest_algorithm_t digest; - if (algorithm == GNUTLS_PK_EDDSA_ED25519) - digest = GNUTLS_DIG_SHA512; - else if (algorithm == GNUTLS_PK_GOST_01) - digest = GNUTLS_DIG_GOSTR_94; - else if (algorithm == GNUTLS_PK_GOST_12_256) - digest = GNUTLS_DIG_STREEBOG_256; - else if (algorithm == GNUTLS_PK_GOST_12_512) - digest = GNUTLS_DIG_STREEBOG_512; - else - digest = GNUTLS_DIG_SHA256; - - /* sign arbitrary data */ assert(gnutls_privkey_init(&privkey) >= 0); ret = gnutls_privkey_import_x509(privkey, pkey, 0); if (ret < 0) fail("gnutls_privkey_import_x509\n"); - ret = gnutls_privkey_sign_data(privkey, digest, 0, - &raw_data, &signature); - if (ret < 0) - fail("gnutls_x509_privkey_sign_data\n"); - - /* verify data */ assert(gnutls_pubkey_init(&pubkey) >= 0); ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); if (ret < 0) fail("gnutls_pubkey_import_privkey\n"); + ret = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &digest, NULL); + if (ret < 0) + fail("gnutls_pubkey_get_preferred_hash_algorithm\n"); + + /* sign arbitrary data */ + ret = gnutls_privkey_sign_data(privkey, digest, 0, + &raw_data, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data\n"); + + /* verify data */ ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),digest), 0, &raw_data, &signature); if (ret < 0) @@ -122,7 +115,8 @@ void doit(void) for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX; algorithm++) { if (algorithm == GNUTLS_PK_DH || - algorithm == GNUTLS_PK_ECDH_X25519) + algorithm == GNUTLS_PK_ECDH_X25519 || + algorithm == GNUTLS_PK_ECDH_X448) continue; if (algorithm == GNUTLS_PK_GOST_01 || diff --git a/tests/suite/testcompat-common b/tests/suite/testcompat-common index c351662319..6ed5dba27f 100644 --- a/tests/suite/testcompat-common +++ b/tests/suite/testcompat-common @@ -43,6 +43,9 @@ RSA_PSS_CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey-rsa-pss.pem" ED25519_CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert-ed25519.pem" ED25519_CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey-ed25519.pem" +ED448_CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert-ed448.pem" +ED448_CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey-ed448.pem" + RSA_PSS_CERT="${srcdir}/../../doc/credentials/x509/cert-rsa-pss.pem" RSA_PSS_KEY="${srcdir}/../../doc/credentials/x509/key-rsa-pss.pem" @@ -52,6 +55,9 @@ RSA_KEY="${srcdir}/../../doc/credentials/x509/key-rsa.pem" ED25519_CERT="${srcdir}/../../doc/credentials/x509/cert-ed25519.pem" ED25519_KEY="${srcdir}/../../doc/credentials/x509/key-ed25519.pem" +ED448_CERT="${srcdir}/../../doc/credentials/x509/cert-ed448.pem" +ED448_KEY="${srcdir}/../../doc/credentials/x509/key-ed448.pem" + ECC_CERT="${srcdir}/../../doc/credentials/x509/cert-ecc.pem" ECC_KEY="${srcdir}/../../doc/credentials/x509/key-ecc.pem" diff --git a/tests/suite/testcompat-tls13-openssl.sh b/tests/suite/testcompat-tls13-openssl.sh index 6d17941b8e..128873ab23 100755 --- a/tests/suite/testcompat-tls13-openssl.sh +++ b/tests/suite/testcompat-tls13-openssl.sh @@ -177,6 +177,18 @@ run_client_suite() { kill ${PID} wait + echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..." + eval "${GETPORT}" + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED448_KEY}" -cert "${ED448_CERT}" -CAfile "${CA_CERT}" + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --insecure >${OUTPUT} || \ + fail ${PID} "Failed" + + kill ${PID} + wait + echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..." eval "${GETPORT}" launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ECC_KEY}" -cert "${ECC_CERT}" -CAfile "${CA_CERT}" @@ -324,7 +336,8 @@ run_server_suite() { wait done - for i in GROUP-X25519 GROUP-SECP256R1 GROUP-SECP384R1 GROUP-SECP521R1;do + GROUPS="GROUP-X25519 GROUP-X448 GROUP-SECP256R1 GROUP-SECP384R1 GROUP-SECP521R1" + for i in $GROUPS;do echo_cmd "${PREFIX}Checking TLS 1.3 with ${i}..." eval "${GETPORT}" @@ -395,6 +408,10 @@ _EOF_ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED25519_CLI_CERT}" -key "${ED25519_CLI_KEY}" -CAfile "${CA_CERT}" &1 | grep "\:error\:" && \ fail ${PID} "Failed" + echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 client certificate..." + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED448_CLI_CERT}" -key "${ED448_CLI_KEY}" -CAfile "${CA_CERT}" &1 | grep "\:error\:" && \ + fail ${PID} "Failed" + kill ${PID} wait @@ -452,6 +469,19 @@ _EOF_ kill ${PID} wait + echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..." + + eval "${GETPORT}" + launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ED448_CERT}" --x509keyfile "${ED448_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + PID=$! + wait_server ${PID} + + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" &1 | grep "\:error\:" && \ + fail ${PID} "Failed" + + kill ${PID} + wait + echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..." eval "${GETPORT}" -- cgit v1.2.1 From 978773fccedb11d34e7c0f0fc022aa9d65a9ba3b Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 13 Jan 2020 11:35:15 +0100 Subject: .gitlab-ci.yml: add target to build against nettle master This is similar to the build/gnutls target in nettle's own gitlab CI. The only difference is that this will build/test all branches of GnuTLS against the master branch of nettle. Signed-off-by: Daiki Ueno --- .gitlab-ci.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2f569debc0..26a36ce3dc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -609,3 +609,34 @@ Debian.cross.mips-linux-gnu: Debian.cross.aarch64-linux-gnu: <<: *Debian_cross_template + +nettle-master.Fedora: + stage: stage1-testing + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD + script: + - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git + - export NETTLE_DIR=${PWD}/nettle + - pushd nettle-git + - ./.bootstrap + - ./configure --disable-documentation --prefix=$NETTLE_DIR + - make -j$(nproc) + - make -j$(nproc) install + - popd + - SUBMODULE_NOFETCH=1 ./bootstrap + - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile --disable-gost + - make -j$(nproc) + - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$(nproc) check + tags: + - shared + except: + - tags + artifacts: + expire_in: 1 week + when: on_failure + paths: + - ./*.log + - fuzz/*.log + - tests/*.log + - tests/*/*.log + - tests/suite/*/*.log + retry: 1 -- cgit v1.2.1 From 0f7baad9cf47e066d882b858f26bb539543dbc6e Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 19 Jan 2020 12:13:48 +0100 Subject: .gitlab-ci.yml: export LDFLAGS throughout the FreeBSD build Otherwise the build process wouldn't be able to find -lgmp. Signed-off-by: Daiki Ueno --- .gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 26a36ce3dc..cbc9303fa0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: # name to allow expiration of old caches. cache: - key: "$CI_JOB_NAME-ver13" + key: "$CI_JOB_NAME-ver14" paths: - cache/ @@ -436,7 +436,8 @@ FreeBSD.x86_64: script: - export CC="ccache clang" - ./bootstrap - - LIBS="-L/usr/local/lib" ./configure --disable-full-test-suite + - export LDFLAGS="-L/usr/local/lib" + - ./configure --disable-full-test-suite --cache-file cache/config.cache --disable-gcc-warnings --disable-guile --disable-doc - gmake -j$(sysctl hw.ncpu | awk '{print $2}') - gmake check -j$(sysctl hw.ncpu | awk '{print $2}') -- cgit v1.2.1 From 6071e02786305f48d33bb5989be8e5eb3d3baa14 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 20 Jan 2020 11:17:51 +0100 Subject: .gitlab-ci.yml: set WINEPATH to allow eccdata run under Wine Signed-off-by: Daiki Ueno --- .gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cbc9303fa0..12a56b8c05 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -298,6 +298,7 @@ MinGW32.DLLs: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" + - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw32-make -j$(nproc) - mingw32-make -C tests check -j$(nproc) @@ -337,6 +338,7 @@ MinGW64.DLLs: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw64-make -j$(nproc) - mingw64-make -C tests check -j$(nproc) @@ -374,6 +376,7 @@ MinGW64: script: - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build @@ -406,6 +409,7 @@ MinGW32: script: - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" + - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build -- cgit v1.2.1 From 198489c1bca7cd52a68bd3a1d2f6e0a649f70fd5 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 22 Jan 2020 05:25:19 +0100 Subject: tlsfuzzer: enable tests for X448 Signed-off-by: Daiki Ueno --- tests/suite/tls-fuzzer/gnutls-nocert-tls13.json | 11 +---------- tests/suite/tls-fuzzer/gnutls-nocert.json | 19 +------------------ 2 files changed, 2 insertions(+), 28 deletions(-) diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index 31f63e5398..e293b1ce78 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -43,16 +43,7 @@ {"name" : "test-tls13-ccs.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-crfg-curves.py", - "comment": "We do not support x448", - "arguments": ["-p", "@PORT@", - "-e", "empty x448 key share", - "-e", "sanity x448 with compression ansiX962_compressed_char2", - "-e", "sanity x448 with compression ansiX962_compressed_prime", - "-e", "sanity x448 with compression uncompressed", - "-e", "too big x448 key share", - "-e", "too small x448 key share", - "-e", "x448 key share of \"1\"", - "-e", "all zero x448 key share"]}, + "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-conversation.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-count-tickets.py", diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index bc3c7a88b2..bef461789f 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -42,15 +42,7 @@ "arguments" : ["-p", "@PORT@", "-e", "Encrypt-then-MAC renegotiation crash"]}, {"name" : "test-x25519.py", - "comment" : "x448 is not supported", - "arguments" : ["-p", "@PORT@", - "-e", "all zero x448 key share", - "-e", "empty x448 key share", - "-e", "sanity - negotiate x448", - "-e", "too big x448 key share", - "-e", "too small x448 key share", - "-e", "x448 key share of \"1\"" - ]}, + "arguments" : ["-p", "@PORT@"]}, {"name" : "test-cve-2016-7054.py", "arguments" : ["-p", "@PORT@", "-e", "sanity"]}, @@ -130,9 +122,6 @@ "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) with x448 group", - "-e", "Protocol (3, 2) with x448 group", - "-e", "Protocol (3, 3) with x448 group", "-e", "Protocol (3, 0)", "-z", "-n", "6"]}, @@ -144,9 +133,6 @@ "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) with x448 group", - "-e", "Protocol (3, 2) with x448 group", - "-e", "Protocol (3, 3) with x448 group", "-e", "Protocol (3, 0)", "-z", "-n", "6"]}, @@ -263,9 +249,6 @@ {"name" : "test-serverhello-random.py", "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) with x448 group", - "-e", "Protocol (3, 2) with x448 group", - "-e", "Protocol (3, 3) with x448 group", "-e", "Protocol (3, 0)", "-z", "-n", "6"]}, -- cgit v1.2.1 From 3cadae8ec935443f4d645168c56b662cfd380d99 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 23 Jan 2020 16:25:43 +0100 Subject: fuzz: import key, certificate, and traces using Ed448 Signed-off-by: Daiki Ueno --- .../5ef0df17445fb4098d15536a1195a47cb55b6845 | Bin 0 -> 430 bytes .../369ba35edf050d92fa31572bb3e98651112ea67e | Bin 0 -> 1199 bytes .../96c552adcacf4108c319533ea61c33f4240ad0fd | Bin 0 -> 1731 bytes .../db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 | Bin 0 -> 650 bytes 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 create mode 100644 fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e create mode 100644 fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd create mode 100644 fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 diff --git a/fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 b/fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 new file mode 100644 index 0000000000..45eede51d0 Binary files /dev/null and b/fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 differ diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e new file mode 100644 index 0000000000..7d3c0b3e6d Binary files /dev/null and b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e differ diff --git a/fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd b/fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd new file mode 100644 index 0000000000..feceb0a220 Binary files /dev/null and b/fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd differ diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 b/fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 new file mode 100644 index 0000000000..f64390741d Binary files /dev/null and b/fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 differ -- cgit v1.2.1