Remove P224 - see mirage/mirage-crypto#209

mirleft · Mar 21, 2024 · 26de99b · 26de99b
1 parent f3cdac6
commit 26de99b
Show file tree

Hide file tree

Showing 7 changed files with 6 additions and 29 deletions.
diff --git a/lib/algorithm.ml b/lib/algorithm.ml
@@ -12,10 +12,9 @@ open Asn_grammars
  *)
 
 type ec_curve =
-  [ `SECP224R1 | `SECP256R1 | `SECP384R1 | `SECP521R1 ]
+  [ `SECP256R1 | `SECP384R1 | `SECP521R1 ]
 
 let ec_curve_to_string = function
-  | `SECP224R1 -> "SECP224R1"
   | `SECP256R1 -> "SECP256R1"
   | `SECP384R1 -> "SECP384R1"
   | `SECP521R1 -> "SECP521R1"
@@ -218,13 +217,11 @@ let curve_of_oid, curve_to_oid =
   let open Registry.ANSI_X9_62 in
   (let default oid = Asn.(S.parse_error "Unknown algorithm %a" OID.pp oid) in
    case_of_oid ~default [
-     (secp224r1, `SECP224R1) ;
      (secp256r1, `SECP256R1) ;
      (secp384r1, `SECP384R1) ;
      (secp521r1, `SECP521R1) ;
    ]),
   (function
-    | `SECP224R1 -> secp224r1
     | `SECP256R1 -> secp256r1
     | `SECP384R1 -> secp384r1
     | `SECP521R1 -> secp521r1)

diff --git a/lib/key_type.ml b/lib/key_type.ml
@@ -1,7 +1,7 @@
-type t = [ `RSA | `ED25519 | `P224 | `P256 | `P384 | `P521  ]
+type t = [ `RSA | `ED25519 | `P256 | `P384 | `P521  ]
 
 let strings =
-  [ ("rsa", `RSA) ; ("ed25519", `ED25519) ; ("p224", `P224) ;
+  [ ("rsa", `RSA) ; ("ed25519", `ED25519) ;
     ("p256", `P256) ; ("p384", `P384) ; ("p521", `P521) ]
 
 let to_string kt = fst (List.find (fun (_, k) -> kt = k) strings)
@@ -29,7 +29,7 @@ let supports_signature_scheme key_typ scheme =
   match key_typ, scheme with
   | `RSA, (`RSA_PSS | `RSA_PKCS1) -> true
   | `ED25519, `ED25519 -> true
-  | (`P224 | `P256 | `P384 | `P521), `ECDSA -> true
+  | (`P256 | `P384 | `P521), `ECDSA -> true
   | _ -> false
 
 let opt_signature_scheme ?scheme kt =
@@ -38,7 +38,7 @@ let opt_signature_scheme ?scheme kt =
   | None -> match kt with
     | `RSA -> `RSA_PSS
     | `ED25519 -> `ED25519
-    | `P224 | `P256 | `P384 | `P521 -> `ECDSA
+    | `P256 | `P384 | `P521 -> `ECDSA
 
 (* the default of RSA keys should be PSS, but most deployed certificates still
    use PKCS1 (and this library uses pkcs1 by default as well) *)

diff --git a/lib/private_key.ml b/lib/private_key.ml
@@ -1,7 +1,6 @@
 let ( let* ) = Result.bind
 
 type ecdsa = [
-  | `P224 of Mirage_crypto_ec.P224.Dsa.priv
   | `P256 of Mirage_crypto_ec.P256.Dsa.priv
   | `P384 of Mirage_crypto_ec.P384.Dsa.priv
   | `P521 of Mirage_crypto_ec.P521.Dsa.priv
@@ -16,7 +15,6 @@ type t = [
 let key_type = function
   | `RSA _ -> `RSA
   | `ED25519 _ -> `ED25519
-  | `P224 _ -> `P224
   | `P256 _ -> `P256
   | `P384 _ -> `P384
   | `P521 _ -> `P521
@@ -29,7 +27,6 @@ let generate ?seed ?(bits = 4096) typ =
   match typ with
   | `RSA -> `RSA (Mirage_crypto_pk.Rsa.generate ?g ~bits ())
   | `ED25519 -> `ED25519 (fst (Mirage_crypto_ec.Ed25519.generate ?g ()))
-  | `P224 -> `P224 (fst (Mirage_crypto_ec.P224.Dsa.generate ?g ()))
   | `P256 -> `P256 (fst (Mirage_crypto_ec.P256.Dsa.generate ?g ()))
   | `P384 -> `P384 (fst (Mirage_crypto_ec.P384.Dsa.generate ?g ()))
   | `P521 -> `P521 (fst (Mirage_crypto_ec.P521.Dsa.generate ?g ()))
@@ -46,9 +43,6 @@ let of_cstruct data =
   | `ED25519 ->
     let* k = ec_err (Ed25519.priv_of_cstruct data) in
     Ok (`ED25519 k)
-  | `P224 ->
-    let* k = ec_err (P224.Dsa.priv_of_cstruct data) in
-    Ok (`P224 k)
   | `P256 ->
     let* k = ec_err (P256.Dsa.priv_of_cstruct data) in
     Ok (`P256 k)
@@ -77,7 +71,6 @@ let of_string ?seed_or_data ?bits typ data =
 let public = function
   | `RSA priv -> `RSA (Mirage_crypto_pk.Rsa.pub_of_priv priv)
   | `ED25519 priv -> `ED25519 (Mirage_crypto_ec.Ed25519.pub_of_priv priv)
-  | `P224 priv -> `P224 (Mirage_crypto_ec.P224.Dsa.pub_of_priv priv)
   | `P256 priv -> `P256 (Mirage_crypto_ec.P256.Dsa.pub_of_priv priv)
   | `P384 priv -> `P384 (Mirage_crypto_ec.P384.Dsa.pub_of_priv priv)
   | `P521 priv -> `P521 (Mirage_crypto_ec.P521.Dsa.pub_of_priv priv)
@@ -106,7 +99,6 @@ let sign hash ?scheme key data =
     | #ecdsa as key, `ECDSA ->
       let* d = hashed () in
       Ok (ecdsa_to_cs (match key with
-          | `P224 key -> P224.Dsa.(sign ~key (Public_key.trunc byte_length d))
           | `P256 key -> P256.Dsa.(sign ~key (Public_key.trunc byte_length d))
           | `P384 key -> P384.Dsa.(sign ~key (Public_key.trunc byte_length d))
           | `P521 key -> P521.Dsa.(sign ~key (Public_key.trunc byte_length d))))
@@ -197,7 +189,6 @@ module Asn = struct
   let reparse_ec_private curve priv =
     let open Mirage_crypto_ec in
     match curve with
-    | `SECP224R1 -> let* p = P224.Dsa.priv_of_cstruct priv in Ok (`P224 p)
     | `SECP256R1 -> let* p = P256.Dsa.priv_of_cstruct priv in Ok (`P256 p)
     | `SECP384R1 -> let* p = P384.Dsa.priv_of_cstruct priv in Ok (`P384 p)
     | `SECP521R1 -> let* p = P521.Dsa.priv_of_cstruct priv in Ok (`P521 p)
@@ -243,7 +234,6 @@ module Asn = struct
       match p with
       | `RSA pk -> RSA, rsa_priv_to_cs pk
       | `ED25519 pk -> ED25519, ed25519_to_cs (Ed25519.priv_to_cstruct pk)
-      | `P224 pk -> EC_pub `SECP224R1, ec_to_cs (P224.Dsa.priv_to_cstruct pk)
       | `P256 pk -> EC_pub `SECP256R1, ec_to_cs (P256.Dsa.priv_to_cstruct pk)
       | `P384 pk -> EC_pub `SECP384R1, ec_to_cs (P384.Dsa.priv_to_cstruct pk)
       | `P521 pk -> EC_pub `SECP521R1, ec_to_cs (P521.Dsa.priv_to_cstruct pk)

diff --git a/lib/public_key.ml b/lib/public_key.ml
@@ -1,7 +1,6 @@
 let ( let* ) = Result.bind
 
 type ecdsa = [
-  | `P224 of Mirage_crypto_ec.P224.Dsa.pub
   | `P256 of Mirage_crypto_ec.P256.Dsa.pub
   | `P384 of Mirage_crypto_ec.P384.Dsa.pub
   | `P521 of Mirage_crypto_ec.P521.Dsa.pub
@@ -47,7 +46,6 @@ module Asn = struct
     function
     | (RSA      , cs) -> `RSA (rsa_pub_of_cs cs)
     | (ED25519  , cs) -> `ED25519 (to_err (Ed25519.pub_of_cstruct cs))
-    | (EC_pub `SECP224R1, cs) -> `P224 (to_err (P224.Dsa.pub_of_cstruct cs))
     | (EC_pub `SECP256R1, cs) -> `P256 (to_err (P256.Dsa.pub_of_cstruct cs))
     | (EC_pub `SECP384R1, cs) -> `P384 (to_err (P384.Dsa.pub_of_cstruct cs))
     | (EC_pub `SECP521R1, cs) -> `P521 (to_err (P521.Dsa.pub_of_cstruct cs))
@@ -59,7 +57,6 @@ module Asn = struct
     function
     | `RSA pk    -> (RSA, rsa_pub_to_cs pk)
     | `ED25519 pk -> (ED25519, Ed25519.pub_to_cstruct pk)
-    | `P224 pk -> (EC_pub `SECP224R1, P224.Dsa.pub_to_cstruct pk)
     | `P256 pk -> (EC_pub `SECP256R1, P256.Dsa.pub_to_cstruct pk)
     | `P384 pk -> (EC_pub `SECP384R1, P384.Dsa.pub_to_cstruct pk)
     | `P521 pk -> (EC_pub `SECP521R1, P521.Dsa.pub_to_cstruct pk)
@@ -78,7 +75,6 @@ let id k =
   let data = match k with
     | `RSA p -> Asn.rsa_public_to_cstruct p
     | `ED25519 pk -> Mirage_crypto_ec.Ed25519.pub_to_cstruct pk
-    | `P224 pk -> Mirage_crypto_ec.P224.Dsa.pub_to_cstruct pk
     | `P256 pk -> Mirage_crypto_ec.P256.Dsa.pub_to_cstruct pk
     | `P384 pk -> Mirage_crypto_ec.P384.Dsa.pub_to_cstruct pk
     | `P521 pk -> Mirage_crypto_ec.P521.Dsa.pub_to_cstruct pk
@@ -91,7 +87,6 @@ let fingerprint ?(hash = `SHA256) pub =
 let key_type = function
   | `RSA _ -> `RSA
   | `ED25519 _ -> `ED25519
-  | `P224 _ -> `P224
   | `P256 _ -> `P256
   | `P384 _ -> `P384
   | `P521 _ -> `P521
@@ -147,7 +142,6 @@ let verify hash ?scheme ~signature key data =
     let* s = ecdsa_of_cs signature in
     ok_if_true
       (match key with
-       | `P224 key -> P224.Dsa.verify ~key s (trunc P224.Dsa.byte_length d)
        | `P256 key -> P256.Dsa.verify ~key s (trunc P256.Dsa.byte_length d)
        | `P384 key -> P384.Dsa.verify ~key s (trunc P384.Dsa.byte_length d)
        | `P521 key -> P521.Dsa.verify ~key s (trunc P521.Dsa.byte_length d))

diff --git a/lib/signing_request.ml b/lib/signing_request.ml
@@ -164,7 +164,6 @@ let encode_pem v =
 let digest_of_key = function
   | `RSA _ -> `SHA256
   | `ED25519 _ -> `SHA512
-  | `P224 _ -> `SHA224
   | `P256 _ -> `SHA256
   | `P384 _ -> `SHA384
   | `P521 _ -> `SHA512

diff --git a/lib/x509.mli b/lib/x509.mli
@@ -72,7 +72,7 @@ end
 (** Types of keys *)
 module Key_type : sig
   (** The polymorphic variant of key types. *)
-  type t = [ `RSA | `ED25519 | `P224 | `P256 | `P384 | `P521 ]
+  type t = [ `RSA | `ED25519 | `P256 | `P384 | `P521 ]
 
   val strings : (string * t) list
   (** [strings] is an associative list of string and key_type pairs. Useful for
@@ -112,7 +112,6 @@ module Public_key : sig
   type t = [
     | `RSA of Mirage_crypto_pk.Rsa.pub
     | `ED25519 of Mirage_crypto_ec.Ed25519.pub
-    | `P224 of Mirage_crypto_ec.P224.Dsa.pub
     | `P256 of Mirage_crypto_ec.P256.Dsa.pub
     | `P384 of Mirage_crypto_ec.P384.Dsa.pub
     | `P521 of Mirage_crypto_ec.P521.Dsa.pub
@@ -177,7 +176,6 @@ module Private_key : sig
   type t = [
     | `RSA of Mirage_crypto_pk.Rsa.priv
     | `ED25519 of Mirage_crypto_ec.Ed25519.priv
-    | `P224 of Mirage_crypto_ec.P224.Dsa.priv
     | `P256 of Mirage_crypto_ec.P256.Dsa.priv
     | `P384 of Mirage_crypto_ec.P384.Dsa.priv
     | `P521 of Mirage_crypto_ec.P521.Dsa.priv

diff --git a/tests/priv.ml b/tests/priv.ml
@@ -30,7 +30,6 @@ let test_ec (key_type, data) () =
 
 let ec_data = [
   `ED25519, "W0p4c4tBHtSaTj4zij4oARCjhFbIi8voYg+65bl7wLU=" ;
-  `P224, "Wjy6Nf4/xJSaaR/eeoQBUxJMA3PDP/c+8VkuPA==" ;
   `P256, "arvDmHpdTdzbc0uo+KCXoArmrmAs2GAvfk14D8gi6gM=" ;
   `P384, "UEZz/xVx2f3s7W8/cFy/w38LkjAq0xfMYJiXamdwgW9zwSK18+vrhKzgE23sFnyq" ;
   `P521, "AVb4DIpMO5hzyfX1n4qi4xtj/JBDCTCwyOLasKnnVS6FHW2hEZbGwd1c2J4rwpNKZqTKNsKu3dVJAmlp3EFhqv5T" ;