diff options
author | Atul Luykx <aluykx@google.com> | 2022-02-14 16:19:26 -0800 |
---|---|---|
committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-03-30 23:34:01 +0000 |
commit | 459f597e80773422b7250898cdad511aafc16b32 (patch) | |
tree | b6739c74ccb091dde0dcdc962fa2647727d3208d | |
parent | 5691d655d2d0e8cd92d0a3b851b1d318cd92e224 (diff) | |
download | open-dice-459f597e80773422b7250898cdad511aafc16b32.tar.gz |
Split BoringSSL ops into hash+kdf and ed25519
Done in preparation to support ECDSA P-384.
Change-Id: If85d54a46ba23b32776f97e6bca3b5a071d4e06b
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/84500
Reviewed-by: Andrew Scull <ascull@google.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
Commit-Queue: Atul Luykx <aluykx@google.com>
-rw-r--r-- | BUILD.gn | 12 | ||||
-rw-r--r-- | src/boringssl_ed25519_ops.c (renamed from src/boringssl_hash_kdf_sign_ops.c) | 26 | ||||
-rw-r--r-- | src/boringssl_hash_kdf_ops.c | 43 |
3 files changed, 53 insertions, 28 deletions
@@ -66,7 +66,8 @@ pw_static_library("dice_with_boringssl_ops") { ] sources = [ "src/boringssl_cert_op.c", - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/clear_memory.c", "src/dice.c", "src/utils.c", @@ -104,7 +105,8 @@ pw_static_library("dice_with_cbor_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/cbor_cert_op.c", "src/clear_memory.c", "src/dice.c", @@ -123,7 +125,8 @@ pw_static_library("dice_with_cbor_template_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/clear_memory.c", "src/dice.c", "src/template_cbor_cert_op.c", @@ -141,7 +144,8 @@ pw_static_library("dice_with_x509_template_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/clear_memory.c", "src/dice.c", "src/template_cert_op.c", diff --git a/src/boringssl_hash_kdf_sign_ops.c b/src/boringssl_ed25519_ops.c index 9198b4a..a1b9797 100644 --- a/src/boringssl_hash_kdf_sign_ops.c +++ b/src/boringssl_ed25519_ops.c @@ -1,4 +1,4 @@ -// Copyright 2020 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of @@ -12,8 +12,7 @@ // License for the specific language governing permissions and limitations under // the License. -// This is an implementation of the crypto operations that uses boringssl. The -// algorithms used are SHA512, HKDF-SHA512, and Ed25519-SHA512. +// An implementation of the ed25519 signature operations using boringssl. #include <stdint.h> @@ -21,9 +20,6 @@ #include "dice/ops.h" #include "openssl/curve25519.h" #include "openssl/evp.h" -#include "openssl/hkdf.h" -#include "openssl/is_boringssl.h" -#include "openssl/sha.h" #if DICE_PRIVATE_KEY_SEED_SIZE != 32 #error "Private key seed is expected to be 32 bytes." @@ -38,24 +34,6 @@ #error "Ed25519 needs 64 bytes to store the signature." #endif -DiceResult DiceHash(void* context_not_used, const uint8_t* input, - size_t input_size, uint8_t output[DICE_HASH_SIZE]) { - (void)context_not_used; - SHA512(input, input_size, output); - return kDiceResultOk; -} - -DiceResult DiceKdf(void* context_not_used, size_t length, const uint8_t* ikm, - size_t ikm_size, const uint8_t* salt, size_t salt_size, - const uint8_t* info, size_t info_size, uint8_t* output) { - (void)context_not_used; - if (!HKDF(output, length, EVP_sha512(), ikm, ikm_size, salt, salt_size, info, - info_size)) { - return kDiceResultPlatformError; - } - return kDiceResultOk; -} - DiceResult DiceKeypairFromSeed(void* context_not_used, const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE], uint8_t public_key[DICE_PUBLIC_KEY_SIZE], diff --git a/src/boringssl_hash_kdf_ops.c b/src/boringssl_hash_kdf_ops.c new file mode 100644 index 0000000..657276a --- /dev/null +++ b/src/boringssl_hash_kdf_ops.c @@ -0,0 +1,43 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// An implementation of the hash and kdf crypto operations using boringssl. The +// algorithms used are SHA512 and HKDF-SHA512. + +#include <stdint.h> + +#include "dice/dice.h" +#include "dice/ops.h" +#include "openssl/evp.h" +#include "openssl/hkdf.h" +#include "openssl/is_boringssl.h" +#include "openssl/sha.h" + +DiceResult DiceHash(void* context_not_used, const uint8_t* input, + size_t input_size, uint8_t output[DICE_HASH_SIZE]) { + (void)context_not_used; + SHA512(input, input_size, output); + return kDiceResultOk; +} + +DiceResult DiceKdf(void* context_not_used, size_t length, const uint8_t* ikm, + size_t ikm_size, const uint8_t* salt, size_t salt_size, + const uint8_t* info, size_t info_size, uint8_t* output) { + (void)context_not_used; + if (!HKDF(output, length, EVP_sha512(), ikm, ikm_size, salt, salt_size, info, + info_size)) { + return kDiceResultPlatformError; + } + return kDiceResultOk; +} |