LibTLS: Add support for parsing curve25519 and curve448

This commit is contained in:
stelar7 2024-10-28 10:26:15 +01:00 committed by Andreas Kling
parent 944f00c489
commit 5e98c3f763
Notes: github-actions[bot] 2024-10-31 08:53:37 +00:00
2 changed files with 48 additions and 11 deletions

View file

@ -202,15 +202,23 @@ static ErrorOr<AlgorithmIdentifier> parse_algorithm_identifier(Crypto::ASN1::Dec
return AlgorithmIdentifier(algorithm);
}
// https://www.ietf.org/rfc/rfc5758.txt
// When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
// ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
// as an AlgorithmIdentifier, the encoding MUST omit the parameters
// field.
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
// For all of the OIDs, the parameters MUST be absent.
Array<Array<int, 7>, 8> no_parameter_algorithms = {
ecdsa_with_sha224_encryption_oid,
ecdsa_with_sha256_encryption_oid,
ecdsa_with_sha384_encryption_oid,
ecdsa_with_sha512_encryption_oid,
x25519_oid,
x448_oid,
ed25519_oid,
ed448_oid
};
bool is_no_parameter_algorithm = false;
@ -379,10 +387,22 @@ ErrorOr<SubjectPublicKey> parse_subject_public_key_info(Crypto::ASN1::Decoder& d
return public_key;
}
if (public_key.algorithm.identifier.span() == ec_public_key_encryption_oid.span()) {
// Note: Raw key is already stored, so we can just exit out at this point.
EXIT_SCOPE();
return public_key;
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
// For all of the OIDs, the parameters MUST be absent.
Array<Array<int, 7>, 5> no_parameter_algorithms = {
ec_public_key_encryption_oid,
x25519_oid,
x448_oid,
ed25519_oid,
ed448_oid
};
for (auto const& inner : no_parameter_algorithms) {
if (public_key.algorithm.identifier.span() == inner.span()) {
// Note: Raw key is already stored, so we can just exit out at this point.
EXIT_SCOPE();
return public_key;
}
}
String algo_oid = TRY(String::join("."sv, public_key.algorithm.identifier));
@ -426,10 +446,22 @@ ErrorOr<PrivateKey> parse_private_key_info(Crypto::ASN1::Decoder& decoder, Vecto
return private_key;
}
if (private_key.algorithm.identifier.span() == ec_public_key_encryption_oid.span()) {
// Note: Raw key is already stored, so we can just exit out at this point.
EXIT_SCOPE();
return private_key;
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
// For all of the OIDs, the parameters MUST be absent.
Array<Array<int, 7>, 5> no_parameter_algorithms = {
ec_public_key_encryption_oid,
x25519_oid,
x448_oid,
ed25519_oid,
ed448_oid
};
for (auto const& inner : no_parameter_algorithms) {
if (private_key.algorithm.identifier.span() == inner.span()) {
// Note: Raw key is already stored, so we can just exit out at this point.
EXIT_SCOPE();
return private_key;
}
}
String algo_oid = TRY(String::join("."sv, private_key.algorithm.identifier));

View file

@ -31,9 +31,13 @@ constexpr static Array<int, 7>
ecdsa_with_sha256_encryption_oid { 1, 2, 840, 10045, 4, 3, 2 },
ecdsa_with_sha384_encryption_oid { 1, 2, 840, 10045, 4, 3, 3 },
ecdsa_with_sha512_encryption_oid { 1, 2, 840, 10045, 4, 3, 4 },
ec_public_key_encryption_oid { 1, 2, 840, 10045, 2, 1 };
ec_public_key_encryption_oid { 1, 2, 840, 10045, 2, 1 },
x25519_oid { 1, 3, 101, 110 },
x448_oid { 1, 3, 101, 111 },
ed25519_oid { 1, 3, 101, 112 },
ed448_oid { 1, 3, 101, 113 };
constexpr static Array<Array<int, 7>, 9> known_algorithm_identifiers {
constexpr static Array<Array<int, 7>, 10> known_algorithm_identifiers {
rsa_encryption_oid,
rsa_md5_encryption_oid,
rsa_sha1_encryption_oid,
@ -42,7 +46,8 @@ constexpr static Array<Array<int, 7>, 9> known_algorithm_identifiers {
rsa_sha512_encryption_oid,
ecdsa_with_sha256_encryption_oid,
ecdsa_with_sha384_encryption_oid,
ec_public_key_encryption_oid
ec_public_key_encryption_oid,
x25519_oid
};
constexpr static Array<int, 7>