/*
+ * Copyright (C) 2020 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
#endif
#include <wolfssl/ssl.h>
+/* Special type used to handle EdDSA keys depending on config options */
+#if defined(HAVE_ED25519) || defined(HAVE_ED448)
+#ifdef HAVE_ED25519
+#include <wolfssl/wolfcrypt/ed25519.h>
+#endif
+#ifdef HAVE_ED448
+#include <wolfssl/wolfcrypt/ed448.h>
+#endif
+typedef union {
+#ifdef HAVE_ED25519
+ ed25519_key ed25519;
+#endif
+#ifdef HAVE_ED448
+ ed448_key ed448;
+#endif
+} wolfssl_ed_key;
+#endif /* HAVE_ED25519 || HAVE_ED448 */
+
#undef PARSE_ERROR
#undef ASN1_BOOLEAN
/*
+ * Copyright (C) 2020 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
#include "wolfssl_common.h"
-#ifdef HAVE_ED25519
+#if defined(HAVE_ED25519) || defined(HAVE_ED448)
#include "wolfssl_ed_private_key.h"
#include <utils/debug.h>
-#include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/asn.h>
typedef struct private_private_key_t private_private_key_t;
/**
* Key object
*/
- ed25519_key key;
+ wolfssl_ed_key key;
+
+ /**
+ * Key type
+ */
+ key_type_t type;
/**
* Reference count
};
/* from ed public key */
-bool wolfssl_ed_fingerprint(ed25519_key *key, cred_encoding_type_t type,
- chunk_t *fp);
+int wolfssl_ed_keysize(key_type_t type);
+bool wolfssl_ed_create(wolfssl_ed_key *key, key_type_t type);
+void wolfssl_ed_destroy(wolfssl_ed_key *key, key_type_t type);
+bool wolfssl_ed_public_key(wolfssl_ed_key *key, key_type_t type, chunk_t *raw);
+bool wolfssl_ed_fingerprint(wolfssl_ed_key *key, key_type_t key_type,
+ cred_encoding_type_t type, chunk_t *fp);
METHOD(private_key_t, sign, bool,
private_private_key_t *this, signature_scheme_t scheme,
{
word32 len;
byte dummy[1];
- int ret;
+ int ret = -1;
- if (scheme != SIGN_ED25519)
+ if ((this->type == KEY_ED25519 && scheme != SIGN_ED25519) ||
+ (this->type == KEY_ED448 && scheme != SIGN_ED448))
{
DBG1(DBG_LIB, "signature scheme %N not supported by %N key",
- signature_scheme_names, scheme, key_type_names, KEY_ED25519);
+ signature_scheme_names, scheme, key_type_names, this->type);
return FALSE;
}
data.ptr = dummy;
}
- len = ED25519_SIG_SIZE;
- *signature = chunk_alloc(len);
- ret = wc_ed25519_sign_msg(data.ptr, data.len, signature->ptr, &len,
- &this->key);
+ if (this->type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ len = ED25519_SIG_SIZE;
+ *signature = chunk_alloc(len);
+ ret = wc_ed25519_sign_msg(data.ptr, data.len, signature->ptr, &len,
+ &this->key.ed25519);
+#endif
+ }
+ else if (this->type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ len = ED448_SIG_SIZE;
+ *signature = chunk_alloc(len);
+ ret = wc_ed448_sign_msg(data.ptr, data.len, signature->ptr, &len,
+ &this->key.ed448, NULL, 0);
+#endif
+ }
return ret == 0;
}
METHOD(private_key_t, get_keysize, int,
private_private_key_t *this)
{
- return ED25519_KEY_SIZE * 8;
+ return wolfssl_ed_keysize(this->type);
}
METHOD(private_key_t, get_type, key_type_t,
private_private_key_t *this)
{
- return KEY_ED25519;
+ return this->type;
}
METHOD(private_key_t, get_public_key, public_key_t*,
{
public_key_t *public;
chunk_t key;
- word32 len = ED25519_PUB_KEY_SIZE;
- key = chunk_alloca(len);
- if (wc_ed25519_export_public(&this->key, key.ptr, &len) != 0)
+ if (!wolfssl_ed_public_key(&this->key, this->type, &key))
{
return NULL;
}
- public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
+ public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, this->type,
BUILD_EDDSA_PUB, key, BUILD_END);
+ chunk_free(&key);
return public;
}
private_private_key_t *this, cred_encoding_type_t type,
chunk_t *fingerprint)
{
- return wolfssl_ed_fingerprint(&this->key, type, fingerprint);
+ return wolfssl_ed_fingerprint(&this->key, this->type, type, fingerprint);
}
METHOD(private_key_t, get_encoding, bool,
private_private_key_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
- int ret;
+ int ret = -1;
switch (type)
{
bool success = TRUE;
/* +4 is for the two octet strings */
- *encoding = chunk_alloc(ED25519_PRV_KEY_SIZE + 2 * MAX_SEQ_SZ +
- MAX_VERSION_SZ + MAX_ALGO_SZ + 4);
- ret = wc_Ed25519PrivateKeyToDer(&this->key, encoding->ptr,
- encoding->len);
+ *encoding = chunk_empty;
+ if (this->type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ *encoding = chunk_alloc(ED25519_PRV_KEY_SIZE + 2 * MAX_SEQ_SZ +
+ MAX_VERSION_SZ + MAX_ALGO_SZ + 4);
+ ret = wc_Ed25519PrivateKeyToDer(&this->key.ed25519,
+ encoding->ptr, encoding->len);
+#endif
+ }
+ else if (this->type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ *encoding = chunk_alloc(ED448_PRV_KEY_SIZE + 2 * MAX_SEQ_SZ +
+ MAX_VERSION_SZ + MAX_ALGO_SZ + 4);
+ ret = wc_Ed448PrivateKeyToDer(&this->key.ed448, encoding->ptr,
+ encoding->len);
+#endif
+ }
if (ret < 0)
{
chunk_free(encoding);
if (ref_put(&this->ref))
{
lib->encoding->clear_cache(lib->encoding, &this->key);
- wc_ed25519_free(&this->key);
+ wolfssl_ed_destroy(&this->key, this->type);
free(this);
}
}
/**
* Internal generic constructor
*/
-static private_private_key_t *create_internal()
+static private_private_key_t *create_internal(key_type_t type)
{
private_private_key_t *this;
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .type = type,
.ref = 1,
);
- if (wc_ed25519_init(&this->key) != 0)
+ if (!wolfssl_ed_create(&this->key, type))
{
free(this);
this = NULL;
{
private_private_key_t *this;
WC_RNG rng;
- int ret;
+ int ret = -1;
while (TRUE)
{
break;
}
- this = create_internal();
+ this = create_internal(type);
if (!this)
{
return NULL;
destroy(this);
return NULL;
}
- ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &this->key);
+
+ if (type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &this->key.ed25519);
+#endif
+ }
+ else if (type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &this->key.ed448);
+#endif
+ }
wc_FreeRng(&rng);
if (ret < 0)
{
int ret = 0;
- if (!this->key.pubKeySet)
+ if (this->type == KEY_ED25519)
{
- ret = wc_ed25519_make_public(&this->key, this->key.p,
- ED25519_PUB_KEY_SIZE);
- if (ret == 0)
+#ifdef HAVE_ED25519
+ if (!this->key.ed25519.pubKeySet)
{
- /* put public key after private key in the same buffer */
- memmove(this->key.k + ED25519_KEY_SIZE, this->key.p,
- ED25519_PUB_KEY_SIZE);
- this->key.pubKeySet = 1;
+ ret = wc_ed25519_make_public(&this->key.ed25519,
+ this->key.ed25519.p, ED25519_PUB_KEY_SIZE);
+ if (ret == 0)
+ {
+ /* put public key after private key in the same buffer */
+ memmove(this->key.ed25519.k + ED25519_KEY_SIZE,
+ this->key.ed25519.p, ED25519_PUB_KEY_SIZE);
+ this->key.ed25519.pubKeySet = 1;
+ }
+ }
+#endif
+ }
+ else if (this->type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ if (!this->key.ed448.pubKeySet)
+ {
+ ret = wc_ed448_make_public(&this->key.ed448, this->key.ed448.p,
+ ED448_PUB_KEY_SIZE);
+ if (ret == 0)
+ {
+ /* put public key after private key in the same buffer */
+ memmove(this->key.ed448.k + ED448_KEY_SIZE,
+ this->key.ed448.p, ED448_PUB_KEY_SIZE);
+ this->key.ed448.pubKeySet = 1;
+ }
}
+#endif
}
return ret;
}
}
break;
}
- this = create_internal();
+ this = create_internal(type);
if (!this)
{
return NULL;
}
- if (priv.len)
+ if (type == KEY_ED25519)
{
- /* check for ASN.1 wrapped key (Octet String == 0x04) */
- if (priv.len == ED25519_KEY_SIZE + 2 && priv.ptr[0] == 0x04 &&
- priv.ptr[1] == ED25519_KEY_SIZE)
+#ifdef HAVE_ED25519
+ if (priv.len)
+ { /* check for ASN.1 wrapped key (Octet String == 0x04) */
+ if (priv.len == ED25519_KEY_SIZE + 2 &&
+ priv.ptr[0] == 0x04 && priv.ptr[1] == ED25519_KEY_SIZE)
+ {
+ priv = chunk_skip(priv, 2);
+ }
+ ret = wc_ed25519_import_private_only(priv.ptr, priv.len,
+ &this->key.ed25519);
+ }
+ else if (blob.len)
{
- priv = chunk_skip(priv, 2);
+ idx = 0;
+ ret = wc_Ed25519PrivateKeyDecode(blob.ptr, &idx, &this->key.ed25519,
+ blob.len);
}
- ret = wc_ed25519_import_private_only(priv.ptr, priv.len, &this->key);
+#endif
}
- else if (blob.len)
+ else if (type == KEY_ED448)
{
- idx = 0;
- ret = wc_Ed25519PrivateKeyDecode(blob.ptr, &idx, &this->key, blob.len);
+#ifdef HAVE_ED448
+ if (priv.len)
+ { /* check for ASN.1 wrapped key (Octet String == 0x04) */
+ if (priv.len == ED448_KEY_SIZE + 2 &&
+ priv.ptr[0] == 0x04 && priv.ptr[1] == ED448_KEY_SIZE)
+ {
+ priv = chunk_skip(priv, 2);
+ }
+ ret = wc_ed448_import_private_only(priv.ptr, priv.len,
+ &this->key.ed448);
+ }
+ else if (blob.len)
+ {
+ idx = 0;
+ ret = wc_Ed448PrivateKeyDecode(blob.ptr, &idx, &this->key.ed448,
+ blob.len);
+ }
+#endif
}
+
if (ret == 0)
{
ret = set_public_key(this);
/**
* Generate an EdDSA private key using wolfSSL.
*
- * @param type type of the key, must be KEY_ED25519
+ * @param type type of the key, must be KEY_ED25519 or KEY_ED448
* @param args builder_part_t argument list
* @return generated key, NULL on failure
*/
*
* Accepts a BUILD_BLOB_ASN1_DER argument.
*
- * @param type type of the key, must be KEY_ED25519
+ * @param type type of the key, must be KEY_ED25519 or KEY_ED448
* @param args builder_part_t argument list
* @return loaded key, NULL on failure
*/
/*
+ * Copyright (C) 2020 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
#include "wolfssl_common.h"
-#ifdef HAVE_ED25519
+#if defined(HAVE_ED25519) || defined(HAVE_ED448)
#include "wolfssl_ed_public_key.h"
#include <utils/debug.h>
#include <asn1/asn1.h>
+#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
+#endif
+#ifdef HAVE_ED448
+#include <wolfssl/wolfcrypt/ed448.h>
+#endif
+
#include <wolfssl/wolfcrypt/asn.h>
typedef struct private_public_key_t private_public_key_t;
/**
* Key object
*/
- ed25519_key key;
+ wolfssl_ed_key key;
+
+ /**
+ * Key type
+ */
+ key_type_t type;
/**
* Reference count
METHOD(public_key_t, get_type, key_type_t,
private_public_key_t *this)
{
- return KEY_ED25519;
+ return this->type;
}
METHOD(public_key_t, verify, bool,
void *params, chunk_t data, chunk_t signature)
{
byte dummy[1];
- int ret, res;
+ int ret = -1, res = 0;
- if (scheme != SIGN_ED25519)
+ if ((this->type == KEY_ED25519 && scheme != SIGN_ED25519) ||
+ (this->type == KEY_ED448 && scheme != SIGN_ED448))
{
DBG1(DBG_LIB, "signature scheme %N not supported by %N key",
- signature_scheme_names, scheme, key_type_names, KEY_ED25519);
+ signature_scheme_names, scheme, key_type_names, this->type);
return FALSE;
}
data.ptr = dummy;
}
- ret = wc_ed25519_verify_msg(signature.ptr, signature.len, data.ptr,
- data.len, &res, &this->key);
+ if (this->type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ ret = wc_ed25519_verify_msg(signature.ptr, signature.len, data.ptr,
+ data.len, &res, &this->key.ed25519);
+#endif
+ }
+ else if (this->type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ ret = wc_ed448_verify_msg(signature.ptr, signature.len, data.ptr,
+ data.len, &res, &this->key.ed448, NULL, 0);
+#endif
+ }
return ret == 0 && res == 1;
}
return FALSE;
}
+/**
+ * Returns the key size in bytes for the given type, also used in private key.
+ */
+int wolfssl_ed_keysize(key_type_t type)
+{
+ if (type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ return ED25519_KEY_SIZE * 8;
+#endif
+ }
+ else if (type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ return ED448_KEY_SIZE * 8;
+#endif
+ }
+ return 0;
+}
+
METHOD(public_key_t, get_keysize, int,
private_public_key_t *this)
{
- return ED25519_KEY_SIZE * 8;
+ return wolfssl_ed_keysize(this->type);
}
/**
* Encode the given public key as ASN.1 DER with algorithm identifier
*/
-static bool encode_pubkey(ed25519_key *key, chunk_t *encoding)
+static bool encode_pubkey(wolfssl_ed_key *key, key_type_t type,
+ chunk_t *encoding)
{
- int ret;
+ int ret = -1;
/* account for algorithmIdentifier/bitString */
- *encoding = chunk_alloc(ED25519_PUB_KEY_SIZE + 2 * MAX_SEQ_SZ +
- MAX_ALGO_SZ + TRAILING_ZERO);
- ret = wc_Ed25519PublicKeyToDer(key, encoding->ptr, encoding->len, 1);
+ if (type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ *encoding = chunk_alloc(ED25519_PUB_KEY_SIZE + 2 * MAX_SEQ_SZ +
+ MAX_ALGO_SZ + TRAILING_ZERO);
+ ret = wc_Ed25519PublicKeyToDer(&key->ed25519, encoding->ptr,
+ encoding->len, 1);
+#endif
+ }
+ else if (type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ *encoding = chunk_alloc(ED448_PUB_KEY_SIZE + 2 * MAX_SEQ_SZ +
+ MAX_ALGO_SZ + TRAILING_ZERO);
+ ret = wc_Ed448PublicKeyToDer(&key->ed448, encoding->ptr,
+ encoding->len, 1);
+#endif
+ }
if (ret < 0)
{
return FALSE;
return TRUE;
}
+/**
+ * Export the raw public key of the given key, also used in ed private key.
+ */
+bool wolfssl_ed_public_key(wolfssl_ed_key *key, key_type_t type, chunk_t *raw)
+{
+ word32 len;
+
+ *raw = chunk_empty;
+ if (type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ len = ED25519_PUB_KEY_SIZE;
+ *raw = chunk_alloc(len);
+ if (wc_ed25519_export_public(&key->ed25519, raw->ptr, &len) != 0)
+ {
+ chunk_free(raw);
+ return FALSE;
+ }
+#endif
+ }
+ else if (type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ len = ED448_PUB_KEY_SIZE;
+ *raw = chunk_alloc(len);
+ if (wc_ed448_export_public(&key->ed448, raw->ptr, &len) != 0)
+ {
+ chunk_free(raw);
+ return FALSE;
+ }
+#endif
+ }
+ return TRUE;
+}
+
/**
* Calculate fingerprint from an EdDSA key, also used in ed private key.
*/
-bool wolfssl_ed_fingerprint(ed25519_key *key, cred_encoding_type_t type,
- chunk_t *fp)
+bool wolfssl_ed_fingerprint(wolfssl_ed_key *key, key_type_t key_type,
+ cred_encoding_type_t type, chunk_t *fp)
{
hasher_t *hasher;
chunk_t blob;
- word32 len;
bool success = FALSE;
if (lib->encoding->get_cache(lib->encoding, type, key, fp))
switch (type)
{
case KEYID_PUBKEY_SHA1:
- len = ED25519_PUB_KEY_SIZE;
- blob = chunk_alloc(len);
- if (wc_ed25519_export_public(key, blob.ptr, &len) != 0)
+ if (!wolfssl_ed_public_key(key, key_type, &blob))
{
return FALSE;
}
break;
case KEYID_PUBKEY_INFO_SHA1:
- if (!encode_pubkey(key, &blob))
+ if (!encode_pubkey(key, key_type, &blob))
{
return FALSE;
}
METHOD(public_key_t, get_fingerprint, bool,
private_public_key_t *this, cred_encoding_type_t type, chunk_t *fingerprint)
{
- return wolfssl_ed_fingerprint(&this->key, type, fingerprint);
+ return wolfssl_ed_fingerprint(&this->key, this->type, type, fingerprint);
}
METHOD(public_key_t, get_encoding, bool,
{
bool success = TRUE;
- if (!encode_pubkey(&this->key, encoding))
+ if (!encode_pubkey(&this->key, this->type, encoding))
{
return FALSE;
}
return &this->public;
}
+/**
+ * Destroy an EdDSA key of the given type, also used by ed private key.
+ */
+void wolfssl_ed_destroy(wolfssl_ed_key *key, key_type_t type)
+{
+ if (type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ wc_ed25519_free(&key->ed25519);
+#endif
+ }
+ else if (type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ wc_ed448_free(&key->ed448);
+#endif
+ }
+}
+
METHOD(public_key_t, destroy, void,
private_public_key_t *this)
{
if (ref_put(&this->ref))
{
lib->encoding->clear_cache(lib->encoding, &this->key);
- wc_ed25519_free(&this->key);
+ wolfssl_ed_destroy(&this->key, this->type);
free(this);
}
}
+/**
+ * Initialized an EdDSA key of the given type, also used by ed private key.
+ */
+bool wolfssl_ed_create(wolfssl_ed_key *key, key_type_t type)
+{
+ if (type == KEY_ED25519)
+ {
+#ifdef HAVE_ED25519
+ if (wc_ed25519_init(&key->ed25519) != 0)
+ {
+ return FALSE;
+ }
+#endif
+ }
+ else if (type == KEY_ED448)
+ {
+#ifdef HAVE_ED448
+ if (wc_ed448_init(&key->ed448) != 0)
+ {
+ return FALSE;
+ }
+#endif
+ }
+ else
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
/**
* Generic private constructor
*/
-static private_public_key_t *create_empty()
+static private_public_key_t *create_empty(key_type_t type)
{
private_public_key_t *this;
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .type = type,
.ref = 1,
);
- if (wc_ed25519_init(&this->key) != 0)
+ if (!wolfssl_ed_create(&this->key, type))
{
free(this);
- return NULL;
+ this = NULL;
}
return this;
}
break;
}
- this = create_empty();
+ this = create_empty(type);
if (!this)
{
return NULL;
}
- if (pub.len)
+ if (type == KEY_ED25519)
{
- ret = wc_ed25519_import_public(pub.ptr, pub.len, &this->key);
+#ifdef HAVE_ED25519
+ if (pub.len)
+ {
+ ret = wc_ed25519_import_public(pub.ptr, pub.len,
+ &this->key.ed25519);
+ }
+ else if (blob.len)
+ {
+ idx = 0;
+ ret = wc_Ed25519PublicKeyDecode(blob.ptr, &idx, &this->key.ed25519,
+ blob.len);
+ }
+#endif
}
- else if (blob.len)
+ else if (type == KEY_ED448)
{
- idx = 0;
- ret = wc_Ed25519PublicKeyDecode(blob.ptr, &idx, &this->key, blob.len);
+#ifdef HAVE_ED448
+ if (pub.len)
+ {
+ ret = wc_ed448_import_public(pub.ptr, pub.len, &this->key.ed448);
+ }
+ else if (blob.len)
+ {
+ idx = 0;
+ ret = wc_Ed448PublicKeyDecode(blob.ptr, &idx, &this->key.ed448,
+ blob.len);
+ }
+#endif
}
+
if (ret != 0)
{
destroy(this);
*
* Accepts a BUILD_BLOB_ASN1_DER argument.
*
- * @param type type of the key, must be KEY_ED25519
+ * @param type type of the key, must be KEY_ED25519 or KEY_ED448
* @param args builder_part_t argument list
* @return loaded key, NULL on failure
*/
PLUGIN_PROVIDE(DH, CURVE_448),
#endif
#endif /* HAVE_CURVE25519 || HAVE_CURVE448 */
-#ifdef HAVE_ED25519
+#if defined(HAVE_ED25519) || defined(HAVE_ED448)
/* EdDSA private/public key loading */
PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE),
+ #ifdef HAVE_ED25519
PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
+ #endif
+ #ifdef HAVE_ED448
+ PLUGIN_PROVIDE(PUBKEY, KEY_ED448),
+ #endif
PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE),
+ #ifdef HAVE_ED25519
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
+ #endif
+ #ifdef HAVE_ED448
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ED448),
+ #endif
PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE),
+ #ifdef HAVE_ED25519
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
+ #endif
+ #ifdef HAVE_ED448
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED448),
+ #endif
#ifdef HAVE_ED25519_SIGN
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
#endif
#ifdef HAVE_ED25519_VERIFY
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
+ #endif
+ #ifdef HAVE_ED448_SIGN
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448),
+ #endif
+ #ifdef HAVE_ED448_VERIFY
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED448),
#endif
/* register a pro forma identity hasher, never instantiated */
PLUGIN_REGISTER(HASHER, return_null),
PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
-#endif /* HAVE_ED25519 */
+#endif /* HAVE_ED25519 || HAVE_ED448 */
#ifndef WC_NO_RNG
/* generic key loader */
PLUGIN_REGISTER(RNG, wolfssl_rng_create),
"signatures");
}
- /* malformed signature */
+ /* malformed signature (most significant 10 bits should always be zero) */
sig = chunk_from_thing(sig1);
memcpy(sig1, sig_tests[0].sig.ptr, sig_tests[0].sig.len);
- sig1[113] |= 0xFF;
+ sig1[112] |= 0xc0;
+ sig1[113] |= 0xff;
ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, sig_tests[0].msg,
sig));