Constants for EDDSA.

libreswan · Aug 20, 2021 · c204d65 · c204d65
1 parent a312e7b
commit c204d65
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/include/ietf_constants.h b/include/ietf_constants.h
@@ -1951,6 +1951,13 @@ enum ikev2_hash_algorithm {
 
 #define LEN_ECDSA_SHA2_BLOB ASN1_SHA2_ECDSA_SIZE
 
+#define ASN1_IDENTITY_EDDSA_SIZE 7
+
+#define EDDSA_IDENTITY_BLOB \
+	0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70
+
+#define LEN_EDDSA_IDENTITY_BLOB ASN1_IDENTITY_EDDSA_SIZE
+
 /* Limits on size of RSA moduli.
  * The upper bound matches that of DNSSEC (see RFC 2537).
  * The lower bound must be more than 11 octets for certain

diff --git a/include/ike_alg.h b/include/ike_alg.h
@@ -489,6 +489,7 @@ struct hash_desc {
 	 */
 	shunk_t hash_asn1_blob_rsa;
 	shunk_t hash_asn1_blob_ecdsa;
+	shunk_t hash_asn1_blob_eddsa;
 
 	const struct hash_ops *hash_ops;
 };

diff --git a/lib/libswan/ike_alg_sha2.c b/lib/libswan/ike_alg_sha2.c
@@ -185,6 +185,8 @@ const struct hash_desc ike_alg_hash_sha2_384 = {
 	.hash_asn1_blob_ecdsa = THING_AS_HUNK(asn1_blob_ecdsa_sha2_384),
 };
 
+static const uint8_t asn1_blob_eddsa_identity[] = { LEN_EDDSA_IDENTITY_BLOB, EDDSA_IDENTITY_BLOB };
+
 const struct hash_desc ike_alg_hash_identity = {
 	.common = {
 		.fqn = "IDENTITY_HASH",
@@ -195,7 +197,7 @@ const struct hash_desc ike_alg_hash_identity = {
 		},
 		.fips = false,
 	},
-
+    .hash_asn1_blob_eddsa = THING_AS_HUNK(asn1_blob_eddsa_identity),
 };
 
 const struct prf_desc ike_alg_prf_sha2_384 = {