]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libstrongswan/plugins/curve25519/curve25519_private_key.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
kernel-pfroute: Set lower MTU on TUN devices
[people/ms/strongswan.git] / src / libstrongswan / plugins / curve25519 / curve25519_private_key.c
1 /*
2 * Copyright (C) 2016 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "curve25519_private_key.h"
17 #include "curve25519_public_key.h"
18 #include "ref10/ref10.h"
19
20 #include <asn1/asn1.h>
21 #include <asn1/oid.h>
22
23 #define _GNU_SOURCE
24 #include <stdlib.h>
25
26 typedef struct private_curve25519_private_key_t private_curve25519_private_key_t;
27
28 /**
29 * Private data of a curve25519_private_key_t object.
30 */
31 struct private_curve25519_private_key_t {
32 /**
33 * Public interface for this signer.
34 */
35 curve25519_private_key_t public;
36
37 /**
38 * Secret scalar s derived from private key.
39 */
40 uint8_t s[HASH_SIZE_SHA512];
41
42 /**
43 * Ed25519 private key
44 */
45 chunk_t key;
46
47 /**
48 * Ed25519 public key
49 */
50 chunk_t pubkey;
51
52 /**
53 * Reference count
54 */
55 refcount_t ref;
56 };
57
58 METHOD(private_key_t, get_type, key_type_t,
59 private_curve25519_private_key_t *this)
60 {
61 return KEY_ED25519;
62 }
63
64 METHOD(private_key_t, sign, bool,
65 private_curve25519_private_key_t *this, signature_scheme_t scheme,
66 void *params, chunk_t data, chunk_t *signature)
67 {
68 uint8_t r[HASH_SIZE_SHA512], k[HASH_SIZE_SHA512], sig[HASH_SIZE_SHA512];
69 hasher_t *hasher;
70 chunk_t prefix;
71 ge_p3 R;
72 bool success = FALSE;
73
74 if (scheme != SIGN_ED25519)
75 {
76 DBG1(DBG_LIB, "signature scheme %N not supported by Ed25519",
77 signature_scheme_names, scheme);
78 return FALSE;
79 }
80
81 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
82 if (!hasher)
83 {
84 return FALSE;
85 }
86 prefix = chunk_create(this->s + 32, 32);
87
88 if (!hasher->get_hash(hasher, prefix, NULL) ||
89 !hasher->get_hash(hasher, data, r))
90 {
91 goto end;
92 }
93 sc_reduce(r);
94 ge_scalarmult_base(&R, r);
95 ge_p3_tobytes(sig, &R);
96
97 if (!hasher->get_hash(hasher, chunk_create(sig, 32), NULL) ||
98 !hasher->get_hash(hasher, this->pubkey, NULL) ||
99 !hasher->get_hash(hasher, data, k))
100 {
101 goto end;
102 }
103 sc_reduce(k);
104 sc_muladd(sig + 32, k, this->s, r);
105
106 *signature = chunk_clone(chunk_create(sig, sizeof(sig)));
107 success = TRUE;
108
109 end:
110 hasher->destroy(hasher);
111 return success;
112 }
113
114 METHOD(private_key_t, decrypt, bool,
115 private_curve25519_private_key_t *this, encryption_scheme_t scheme,
116 chunk_t crypto, chunk_t *plain)
117 {
118 DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
119 scheme);
120 return FALSE;
121 }
122
123 METHOD(private_key_t, get_keysize, int,
124 private_curve25519_private_key_t *this)
125 {
126 return 8 * ED25519_KEY_LEN;
127 }
128
129 METHOD(private_key_t, get_public_key, public_key_t*,
130 private_curve25519_private_key_t *this)
131 {
132 public_key_t *public;
133 chunk_t pubkey;
134
135 pubkey = curve25519_public_key_info_encode(this->pubkey);
136 public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
137 BUILD_BLOB_ASN1_DER, pubkey, BUILD_END);
138 free(pubkey.ptr);
139
140 return public;
141 }
142
143 METHOD(private_key_t, get_encoding, bool,
144 private_curve25519_private_key_t *this, cred_encoding_type_t type,
145 chunk_t *encoding)
146 {
147 switch (type)
148 {
149 case PRIVKEY_ASN1_DER:
150 case PRIVKEY_PEM:
151 {
152 bool success = TRUE;
153
154 *encoding = asn1_wrap(ASN1_SEQUENCE, "cms",
155 ASN1_INTEGER_0,
156 asn1_algorithmIdentifier(OID_ED25519),
157 asn1_wrap(ASN1_OCTET_STRING, "s",
158 asn1_simple_object(ASN1_OCTET_STRING, this->key)
159 )
160 );
161 if (type == PRIVKEY_PEM)
162 {
163 chunk_t asn1_encoding = *encoding;
164
165 success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
166 NULL, encoding, CRED_PART_EDDSA_PRIV_ASN1_DER,
167 asn1_encoding, CRED_PART_END);
168 chunk_clear(&asn1_encoding);
169 }
170 return success;
171 }
172 default:
173 return FALSE;
174 }
175 }
176
177 METHOD(private_key_t, get_fingerprint, bool,
178 private_curve25519_private_key_t *this, cred_encoding_type_t type,
179 chunk_t *fp)
180 {
181 bool success;
182
183 if (lib->encoding->get_cache(lib->encoding, type, this, fp))
184 {
185 return TRUE;
186 }
187 success = curve25519_public_key_fingerprint(this->pubkey, type, fp);
188 if (success)
189 {
190 lib->encoding->cache(lib->encoding, type, this, *fp);
191 }
192 return success;
193 }
194
195 METHOD(private_key_t, get_ref, private_key_t*,
196 private_curve25519_private_key_t *this)
197 {
198 ref_get(&this->ref);
199 return &this->public.key;
200 }
201
202 METHOD(private_key_t, destroy, void,
203 private_curve25519_private_key_t *this)
204 {
205 if (ref_put(&this->ref))
206 {
207 lib->encoding->clear_cache(lib->encoding, this);
208 memwipe(this->s, HASH_SIZE_SHA512);
209 chunk_clear(&this->key);
210 chunk_free(&this->pubkey);
211 free(this);
212 }
213 }
214
215 /**
216 * Internal generic constructor
217 */
218 static private_curve25519_private_key_t *curve25519_private_key_create(chunk_t key)
219 {
220 private_curve25519_private_key_t *this;
221 hasher_t *hasher;
222 ge_p3 A;
223
224 /* derive public key from private key */
225 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
226 if (!hasher)
227 {
228 chunk_clear(&key);
229 return NULL;
230 }
231
232 INIT(this,
233 .public = {
234 .key = {
235 .get_type = _get_type,
236 .sign = _sign,
237 .decrypt = _decrypt,
238 .get_keysize = _get_keysize,
239 .get_public_key = _get_public_key,
240 .equals = private_key_equals,
241 .belongs_to = private_key_belongs_to,
242 .get_fingerprint = _get_fingerprint,
243 .has_fingerprint = private_key_has_fingerprint,
244 .get_encoding = _get_encoding,
245 .get_ref = _get_ref,
246 .destroy = _destroy,
247 },
248 },
249 .key = key,
250 .pubkey = chunk_alloc(ED25519_KEY_LEN),
251 .ref = 1,
252 );
253
254 /* derive secret scalar s from private key */
255 if (!hasher->get_hash(hasher, key, this->s))
256 {
257 destroy(this);
258 hasher->destroy(hasher);
259 return NULL;
260 }
261 hasher->destroy(hasher);
262
263 this->s[0] &= 0xf8;
264 this->s[31] &= 0x3f;
265 this->s[31] |= 0x40;
266
267 /* derive public key */
268 ge_scalarmult_base(&A, this->s);
269 ge_p3_tobytes(this->pubkey.ptr, &A);
270
271 return this;
272 }
273
274 /**
275 * See header.
276 */
277 curve25519_private_key_t *curve25519_private_key_gen(key_type_t type,
278 va_list args)
279 {
280 private_curve25519_private_key_t *this;
281 chunk_t key;
282 rng_t *rng;
283
284 while (TRUE)
285 {
286 switch (va_arg(args, builder_part_t))
287 {
288 case BUILD_KEY_SIZE:
289 /* key_size argument is not needed */
290 va_arg(args, u_int);
291 continue;
292 case BUILD_END:
293 break;
294 default:
295 return NULL;
296 }
297 break;
298 }
299
300 /* generate 256 bit true random private key */
301 rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
302 if (!rng || !rng->allocate_bytes(rng, ED25519_KEY_LEN, &key))
303 {
304 DESTROY_IF(rng);
305 return NULL;
306 }
307 rng->destroy(rng);
308
309 this = curve25519_private_key_create(key);
310
311 return this ? &this->public : NULL;
312 }
313
314 /**
315 * See header.
316 */
317 curve25519_private_key_t *curve25519_private_key_load(key_type_t type,
318 va_list args)
319 {
320 private_curve25519_private_key_t *this;
321 chunk_t key = chunk_empty;
322
323 while (TRUE)
324 {
325 switch (va_arg(args, builder_part_t))
326 {
327 case BUILD_EDDSA_PRIV_ASN1_DER:
328 key = va_arg(args, chunk_t);
329 continue;
330 case BUILD_END:
331 break;
332 default:
333 return NULL;
334 }
335 break;
336 }
337
338 if (!asn1_parse_simple_object(&key, ASN1_OCTET_STRING, 0, "EdPrivateKey") ||
339 key.len != ED25519_KEY_LEN)
340 {
341 return NULL;
342 }
343 this = curve25519_private_key_create(chunk_clone(key));
344
345 return this ? &this->public : NULL;
346 }
Michael's strongswan development tree