New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: ED25519 support. #3361

Closed
wants to merge 16 commits into
base: master
from

Conversation

Projects
None yet
1 participant
@snhenson
Contributor

snhenson commented May 2, 2017

Checklist
  • documentation is added or updated
  • tests are added or updated

This adds support for Ed25519 sign and verify including ASN.1 sign/verify

The low level code is taken from the code we initially cut out from the BoringSSL import, modified slightly to fit the current curve25519.c and to make the API a little more consistent with the X25519 version.

WIP because this uses a new technique for signing (pass the message to be signed directly to EVP_PKEY_sign) and the low level code needs some more scrutiny.

snhenson added some commits Apr 4, 2017

Add Ed25519 algorithm.
Reinstate Ed25519 algorithm to curv25519.c this is largely just a copy of
the code from BoringSSL with some adjustments so it compiles under OpenSSL.
Make Ed25519 consistent with X25519
Rename and change ED25519_keypair_from_seed to ED25519_public_from_private
to be consistent with X25519 API.

Modidy ED25519_sign to take separate public key argument instead of
requiring it to follow the private key.
Add ED25519 ASN.1 method
Make X25519 key method more flexible by removing hard coding of NID_X25519
OID. Since the parameters and key syntax between ED25519 and X25519 are
almost identical they can share a lot of common code.
Add custom ASN.1 sign and verify
Since ED25519 doesn't use EVP_Digest* it needs custom sign/verify routines
to handle ASN.1 signatures.
Add Ed25519 verify test.
Add Ed25519 certificate verify test using certificate from
draft-ietf-curdle-pkix-04 and custom generated root certificate.
@snhenson

This comment has been minimized.

Contributor

snhenson commented May 2, 2017

Note: I'll look into adding a message sign/verify version of this which will avoid the special cases. Updated PR coming soon...

@snhenson

This comment has been minimized.

Contributor

snhenson commented May 2, 2017

Note: TLS support will be a separate PR.

@snhenson

This comment has been minimized.

Contributor

snhenson commented May 8, 2017

Closing this for now.. will open a new PR with a different approach.

@snhenson snhenson closed this May 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment