NSS_EDDSA flag for optional compiling of code for EDDSA support.

include/crypt_hash.h

@@ -63,9 +63,9 @@ void crypt_hash_final_bytes(struct crypt_hash **hashp,
 
 struct crypt_mac crypt_hash_final_mac(struct crypt_hash **hashp);
 
+#ifdef NSS_EDDSA
 void crypt_mac_load(struct crypt_mac *container, chunk_t packet);
-
-
+#endif
 
 /*
  * Short cut for symkeys.

include/crypt_mac.h

@@ -36,7 +36,7 @@ struct crypt_mac {
 	/* size of the mac in bytes */
 	size_t len;
 	/* XXX: see note above about why this is called .ptr */
-	uint8_t ptr[2048/*see ike_alg_init() for size check*/];
+	uint8_t ptr[64/*see ike_alg_init() for size check*/];
 };
 
 extern const struct crypt_mac empty_mac;

include/ietf_constants.h

@@ -1658,7 +1658,9 @@ enum pubkey_alg {
 	PUBKEY_ALG_DSA = 1,
 	PUBKEY_ALG_RSA = 2,
 	PUBKEY_ALG_ECDSA = 3,
+#ifdef NSS_EDDSA
 	PUBKEY_ALG_EDDSA = 4,
+#endif
 };
 
 /*

include/ike_alg.h

@@ -489,8 +489,10 @@ struct hash_desc {
 	 */
 	shunk_t hash_asn1_blob_rsa;
 	shunk_t hash_asn1_blob_ecdsa;
-	shunk_t hash_asn1_blob_eddsa;
 
+#ifdef NSS_EDDSA
+	shunk_t hash_asn1_blob_eddsa;
+#endif
 	const struct hash_ops *hash_ops;
 };
 

include/ike_alg_hash.h

@@ -25,7 +25,9 @@ extern const struct hash_desc ike_alg_hash_sha2_384;
 extern const struct hash_desc ike_alg_hash_sha2_512;
 #endif
 
+#ifdef NSS_EDDSA
 extern const struct hash_desc ike_alg_hash_identity;
+#endif
 
 #ifdef USE_MD5
 extern const struct hash_desc ike_alg_hash_md5;

include/pluto_constants.h

@@ -102,7 +102,9 @@ enum keyword_authby {
 	AUTHBY_PSK,
 	AUTHBY_RSASIG,
 	AUTHBY_ECDSA,
+#ifdef NSS_EDDSA
 	AUTHBY_EDDSA,
+#endif
 	AUTHBY_NULL,
 };
 
@@ -849,7 +851,9 @@ enum sa_policy_bits {
 	POLICY_PSK_IX = 0,
 	POLICY_RSASIG_IX = 1,
 	POLICY_ECDSA_IX = 2,
+#ifdef NSS_EDDSA
 	POLICY_EDDSA_IX = 3,
+#endif
 	POLICY_AUTH_NEVER_IX,
 	POLICY_AUTH_NULL_IX,
 
@@ -936,7 +940,9 @@ enum sa_policy_bits {
 #define POLICY_PSK	LELEM(POLICY_PSK_IX)
 #define POLICY_RSASIG	LELEM(POLICY_RSASIG_IX)
 #define POLICY_ECDSA   LELEM(POLICY_ECDSA_IX)
+#ifdef NSS_EDDSA
 #define POLICY_EDDSA   LELEM(POLICY_EDDSA_IX)
+#endif
 #define POLICY_AUTH_NEVER	LELEM(POLICY_AUTH_NEVER_IX)
 #define POLICY_AUTH_NULL LELEM(POLICY_AUTH_NULL_IX)
 #define POLICY_ENCRYPT	LELEM(POLICY_ENCRYPT_IX)	/* must be first of IPSEC policies */
@@ -997,22 +1003,27 @@ enum sa_policy_bits {
 #define NEGOTIATE_AUTH_HASH_SHA2_256		LELEM(IKEv2_HASH_ALGORITHM_SHA2_256)	/* rfc7427 does responder support SHA2-256? */
 #define NEGOTIATE_AUTH_HASH_SHA2_384		LELEM(IKEv2_HASH_ALGORITHM_SHA2_384)	/* rfc7427 does responder support SHA2-384? */
 #define NEGOTIATE_AUTH_HASH_SHA2_512		LELEM(IKEv2_HASH_ALGORITHM_SHA2_512)	/* rfc7427 does responder support SHA2-512? */
+#ifdef NSS_EDDSA
 #define NEGOTIATE_AUTH_HASH_IDENTITY		LELEM(IKEv2_HASH_ALGORITHM_IDENTITY)	/* rfc4307-bis does responder support IDENTITY? */
+#endif
 
 enum sighash_policy_bits {
 	POL_SIGHASH_SHA2_256_IX,
 	POL_SIGHASH_SHA2_384_IX,
 	POL_SIGHASH_SHA2_512_IX,
+#ifdef NSS_EDDSA
 	POL_SIGHASH_IDENTITY_IX,
+#endif
 };
 
 extern const struct enum_names sighash_policy_bit_names;
 
 #define POL_SIGHASH_SHA2_256 LELEM(POL_SIGHASH_SHA2_256_IX)
 #define POL_SIGHASH_SHA2_384 LELEM(POL_SIGHASH_SHA2_384_IX)
 #define POL_SIGHASH_SHA2_512 LELEM(POL_SIGHASH_SHA2_512_IX)
+#ifdef NSS_EDDSA
 #define POL_SIGHASH_IDENTITY LELEM(POL_SIGHASH_IDENTITY_IX)
-
+#endif
 /* Default policy for now is using RSA - this might change to ECC */
 #define POLICY_DEFAULT POLICY_RSASIG
 

include/secrets.h

@@ -167,7 +167,9 @@ struct pubkey_type {
 
 extern const struct pubkey_type pubkey_type_rsa;
 extern const struct pubkey_type pubkey_type_ecdsa;
+#ifdef NSS_EDDSA
 extern const struct pubkey_type pubkey_type_eddsa;
+#endif
 
 const struct pubkey_type *pubkey_alg_type(enum pubkey_alg alg);
 

lib/libipsecconf/confread.c

@@ -179,13 +179,21 @@ static void ipsecconf_default_values(struct starter_config *cfg)
 	d->ike_version = IKEv2;
 	d->policy =
 		POLICY_TUNNEL |
-		POLICY_ECDSA | POLICY_EDDSA | POLICY_RSASIG | POLICY_RSASIG_v1_5 | /* authby= */
+		POLICY_ECDSA  | POLICY_RSASIG | POLICY_RSASIG_v1_5 | /* authby= */
 		POLICY_ENCRYPT | POLICY_PFS |
 		POLICY_IKE_FRAG_ALLOW |      /* ike_frag=yes */
 		POLICY_ESN_NO;      	     /* esn=no */
 
+#ifdef NSS_EDDSA
+    d->policy |= POLICY_EDDSA;
+#endif
+
 	d->sighash_policy =
-		POL_SIGHASH_SHA2_256 | POL_SIGHASH_SHA2_384 | POL_SIGHASH_SHA2_512| POL_SIGHASH_IDENTITY;
+		POL_SIGHASH_SHA2_256 | POL_SIGHASH_SHA2_384 | POL_SIGHASH_SHA2_512;
+
+#ifdef NSS_EDDSA
+    d->sighash_policy |= POL_SIGHASH_IDENTITY;
+#endif
 
 	d->left.host_family = &ipv4_info;
 	d->left.addr = ipv4_info.address.any;
@@ -1486,9 +1494,11 @@ static bool load_conn(struct starter_conn *conn,
 			} else if (streq(val, "ecdsa-sha1")) {
 				starter_error_append(perrl, "authby=ecdsa cannot use sha1, only sha2");
 				return TRUE;
+#ifdef NSS_EDDSA
 			} else if (streq(val, "eddsa") || streq(val, "eddsa-identity")) {
 				conn->policy |= POLICY_EDDSA;
 				conn->sighash_policy |= POL_SIGHASH_IDENTITY;
+#endif
 			} else {
 				starter_error_append(perrl, "connection authby= value is unknown");
 				return TRUE;

lib/libswan/crypt_hash.c

@@ -105,12 +105,14 @@ void crypt_hash_final_bytes(struct crypt_hash **hashp,
 	*hashp = hash = NULL;
 }
 
+#ifdef NSS_EDDSA
 void crypt_mac_load(struct crypt_mac *container, chunk_t packet){
     for(size_t i = 0; i < packet.len; i++){
-        (container->y)[i + container->len] = (packet.ptr)[i];
+        (container->ptr)[i + container->len] = (packet.ptr)[i];
     }
     container->len += packet.len;
 }
+#endif
 
 
 struct crypt_mac crypt_hash_final_mac(struct crypt_hash **hashp)

lib/libswan/ike_alg_sha2.c

@@ -185,6 +185,7 @@ const struct hash_desc ike_alg_hash_sha2_384 = {
 	.hash_asn1_blob_ecdsa = THING_AS_HUNK(asn1_blob_ecdsa_sha2_384),
 };
 
+#ifdef NSS_EDDSA
 static const uint8_t asn1_blob_eddsa_identity[] = { LEN_EDDSA_IDENTITY_BLOB, EDDSA_IDENTITY_BLOB };
 
 const struct hash_desc ike_alg_hash_identity = {
@@ -199,6 +200,7 @@ const struct hash_desc ike_alg_hash_identity = {
 	},
     .hash_asn1_blob_eddsa = THING_AS_HUNK(asn1_blob_eddsa_identity),
 };
+#endif
 
 const struct prf_desc ike_alg_prf_sha2_384 = {
 	.common = {

lib/libswan/secrets.c

@@ -503,6 +503,7 @@ const struct pubkey_type pubkey_type_ecdsa = {
 	.extract_pubkey_content = EC_extract_pubkey_content,
 };
 
+#ifdef NSS_EDDSA
 const struct pubkey_type pubkey_type_eddsa = {
 	.alg = PUBKEY_ALG_EDDSA,
 	.name = "EDDSA",
@@ -515,14 +516,17 @@ const struct pubkey_type pubkey_type_eddsa = {
 	.sign_hash = EC_sign_hash,
 	.extract_pubkey_content = EC_extract_pubkey_content,
 };
+#endif
 
 
 const struct pubkey_type *pubkey_alg_type(enum pubkey_alg alg)
 {
 	static const struct pubkey_type *pubkey_types[] = {
 		[PUBKEY_ALG_RSA] = &pubkey_type_rsa,
 		[PUBKEY_ALG_ECDSA] = &pubkey_type_ecdsa,
+#ifdef NSS_EDDSA
 		[PUBKEY_ALG_EDDSA] = &pubkey_type_eddsa,
+#endif
 	};
 	passert(alg < elemsof(pubkey_types));
 	const struct pubkey_type *type = pubkey_types[alg];
@@ -541,7 +545,9 @@ const keyid_t *pubkey_keyid(const struct pubkey *pk)
 	switch (pk->type->alg) {
 	case PUBKEY_ALG_RSA:
 	case PUBKEY_ALG_ECDSA:
+#ifdef NSS_EDDSA
 	case PUBKEY_ALG_EDDSA:
+#endif
 		return &pk->keyid;
 	default:
 		bad_case(pk->type->alg);
@@ -569,7 +575,9 @@ const keyid_t *secret_keyid(const struct secret *secret)
 		switch (secret->pks.pubkey_type->alg) {
 		case PUBKEY_ALG_RSA:
 		case PUBKEY_ALG_ECDSA:
+#ifdef NSS_EDDSA
 		case PUBKEY_ALG_EDDSA:
+#endif
 			return &secret->pks.keyid;
 		default:
 			bad_case(secret->pks.pubkey_type->alg);
@@ -584,7 +592,9 @@ unsigned pubkey_size(const struct pubkey *pk)
 	switch (pk->type->alg) {
 	case PUBKEY_ALG_RSA:
 	case PUBKEY_ALG_ECDSA:
+#ifdef NSS_EDDSA
 	case PUBKEY_ALG_EDDSA:
+#endif
 		return pk->size;
 	default:
 		bad_case(pk->type->alg);
@@ -1550,9 +1560,11 @@ static const struct pubkey_type *pubkey_type_nss(SECKEYPublicKey *pubk)
 	case rsaKey:
 		return &pubkey_type_rsa;
 	case ecKey:
+#ifdef NSS_EDDSA
 	    if (pk11_ECGetPubkeyEncoding(pubk) == ECPoint_XOnly)
             return &pubkey_type_eddsa;
         else
+#endif
             return &pubkey_type_ecdsa;
 	default:
 		return NULL;
@@ -1566,12 +1578,14 @@ static const struct pubkey_type *private_key_type_nss(SECKEYPrivateKey *private_
 	case rsaKey:
 		return &pubkey_type_rsa;
 	case ecKey:
+#ifdef NSS_EDDSA
 	    SECKEYPublicKey *pubk = SECKEY_ConvertToPublicKey(private_key);
 	    if(pubk == NULL)
 	        return NULL;
 	    if (pk11_ECGetPubkeyEncoding(pubk) == ECPoint_XOnly)
 	        return &pubkey_type_eddsa;
 	    else
+#endif
 	        return &pubkey_type_ecdsa;
 	default:
 		return NULL;

mk/config.mk

@@ -731,6 +731,12 @@ ifeq ($(USE_NSS_KDF),true)
 USERLAND_CFLAGS += -DUSE_NSS_KDF
 endif
 
+NSS_EDDSA ?= true
+ifeq ($(NSS_EDDSA),true)
+USERLAND_CFLAGS += -DNSS_EDDSA
+endif
+
+
 USERLAND_CFLAGS += -DDEFAULT_RUNDIR=\"$(FINALRUNDIR)\"
 USERLAND_CFLAGS += -DIPSEC_CONF=\"$(FINALCONFFILE)\"
 USERLAND_CFLAGS += -DIPSEC_CONFDDIR=\"$(FINALCONFDDIR)\"

programs/pluto/Makefile

@@ -219,6 +219,9 @@ endif
 OBJS += ikev2.o ikev2_parent.o ikev2_child.o ikev2_spdb_struct.o
 OBJS += ikev2_states.o
 OBJS += ikev2_ecdsa.o ikev2_rsa.o ikev2_psk.o ikev2_ppk.o ikev2_crypto.o
+ifeq ($(NSS_EDDSA),true)
+OBJS += ikev2_eddsa.o
+endif
 OBJS += ikev2_redirect.o
 OBJS += cert_decode_helper.o
 OBJS += kernel.o