diff options
author | Jack Lloyd <[email protected]> | 2017-08-02 16:53:38 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-08-02 16:53:38 -0400 |
commit | 230b7ad5a259631dba617aba596ce7619a24ca17 (patch) | |
tree | 36a2141cc63d3715d3c7c654eebe3fcf291ad182 /src/lib/prov/bearssl | |
parent | 5a9b5c2c2f32909ab7963307291827ed7bd2d102 (diff) | |
parent | 825c23811f480d3c3646ded125c9e7b7dc9feb8f (diff) |
Merge GH #1094 Add initial BearSSL provider
Diffstat (limited to 'src/lib/prov/bearssl')
-rw-r--r-- | src/lib/prov/bearssl/bearssl.h | 50 | ||||
-rw-r--r-- | src/lib/prov/bearssl/bearssl_ec.cpp | 209 | ||||
-rw-r--r-- | src/lib/prov/bearssl/bearssl_hash.cpp | 120 | ||||
-rw-r--r-- | src/lib/prov/bearssl/info.txt | 13 |
4 files changed, 392 insertions, 0 deletions
diff --git a/src/lib/prov/bearssl/bearssl.h b/src/lib/prov/bearssl/bearssl.h new file mode 100644 index 000000000..1ba7d2dc6 --- /dev/null +++ b/src/lib/prov/bearssl/bearssl.h @@ -0,0 +1,50 @@ +/* +* Utils for calling BearSSL +* (C) 2015,2016 Jack Lloyd +* (C) 2017 Patrick Wildt +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_INTERNAL_BEARSSL_H__ +#define BOTAN_INTERNAL_BEARSSL_H__ + +#include <botan/pk_ops_fwd.h> +#include <botan/secmem.h> +#include <botan/exceptn.h> +#include <memory> +#include <string> + +namespace Botan { + +class HashFunction; + +class BearSSL_Error : public Exception + { + public: + BearSSL_Error(const std::string& what) : + Exception(what + " failed") {} + }; + +/* Hash */ + +std::unique_ptr<HashFunction> +make_bearssl_hash(const std::string& name); + +/* ECDSA */ + +#if defined(BOTAN_HAS_ECDSA) + +class ECDSA_PublicKey; +class ECDSA_PrivateKey; + +std::unique_ptr<PK_Ops::Verification> +make_bearssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params); +std::unique_ptr<PK_Ops::Signature> +make_bearssl_ecdsa_sig_op(const ECDSA_PrivateKey& key, const std::string& params); + +#endif + +} + +#endif diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp new file mode 100644 index 000000000..fe661f357 --- /dev/null +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -0,0 +1,209 @@ +/* +* ECDSA via BearSSL +* (C) 2015,2016 Jack Lloyd +* (C) 2017 Patrick Wildt +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/exceptn.h> +#include <botan/hash.h> +#include <botan/scan_name.h> +#include <botan/internal/bearssl.h> + +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + #include <botan/der_enc.h> + #include <botan/pkcs8.h> + #include <botan/oids.h> + #include <botan/internal/pk_ops_impl.h> +#endif + +#if defined(BOTAN_HAS_ECDSA) + #include <botan/ecdsa.h> +#endif + +extern "C" { + #include <bearssl_hash.h> + #include <bearssl_ec.h> +} + +namespace Botan { + +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + +namespace { + +int BearSSL_EC_curve_for(const OID& oid) + { + if(oid.empty()) + return -1; + + const std::string name = OIDS::lookup(oid); + + if(name == "secp256r1") + return BR_EC_secp256r1; + if(name == "secp384r1") + return BR_EC_secp384r1; + if(name == "secp521r1") + return BR_EC_secp521r1; + + return -1; + } + +const br_hash_class *BearSSL_hash_class_for(const std::string& emsa) + { + if (emsa == "EMSA1(SHA-1)") + return &br_sha1_vtable; + if (emsa == "EMSA1(SHA-224)") + return &br_sha224_vtable; + if (emsa == "EMSA1(SHA-256)") + return &br_sha256_vtable; + if (emsa == "EMSA1(SHA-384)") + return &br_sha384_vtable; + if (emsa == "EMSA1(SHA-512)") + return &br_sha512_vtable; + + return nullptr; + } +} + +#endif + +#if defined(BOTAN_HAS_ECDSA) + +namespace { + +class BearSSL_ECDSA_Verification_Operation : public PK_Ops::Verification + { + public: + BearSSL_ECDSA_Verification_Operation(const ECDSA_PublicKey& ecdsa, const std::string& emsa) : + m_order_bits(ecdsa.domain().get_order().bits()) + { + const int curve = BearSSL_EC_curve_for(ecdsa.domain().get_oid()); + if (curve < 0) + throw Lookup_Error("BearSSL ECDSA does not support this curve"); + + m_hash = BearSSL_hash_class_for(emsa); + if (m_hash == nullptr) + throw Lookup_Error("BearSSL ECDSA does not support EMSA " + emsa); + + const SCAN_Name req(emsa); + m_hf = make_bearssl_hash(req.arg(0)); + if (m_hf == nullptr) + throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); + + const secure_vector<uint8_t> enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); + m_key.qlen = enc.size(); + m_key.q = new uint8_t[m_key.qlen]; + memcpy(m_key.q, enc.data(), m_key.qlen); + m_key.curve = curve; + } + + void update(const uint8_t msg[], size_t msg_len) override + { + m_hf->update(msg, msg_len); + } + + bool is_valid_signature(const uint8_t sig[], size_t sig_len) override + { + const size_t order_bytes = (m_order_bits + 7) / 8; + if (sig_len != 2 * order_bytes) + return false; + secure_vector<uint8_t> msg = m_hf->final(); + + br_ecdsa_vrfy engine = br_ecdsa_vrfy_raw_get_default(); + if (!engine(&br_ec_prime_i31, msg.data(), msg.size(), &m_key, sig, sig_len)) + return false; + + return true; + } + + size_t max_input_bits() const { return m_order_bits; } + + ~BearSSL_ECDSA_Verification_Operation() + { + delete m_key.q; + } + + private: + br_ec_public_key m_key; + std::unique_ptr<HashFunction> m_hf; + const br_hash_class *m_hash; + size_t m_order_bits; + }; + +class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature + { + public: + BearSSL_ECDSA_Signing_Operation(const ECDSA_PrivateKey& ecdsa, const std::string& emsa) : + m_order_bits(ecdsa.domain().get_order().bits()) + { + const int curve = BearSSL_EC_curve_for(ecdsa.domain().get_oid()); + if(curve < 0) + throw Lookup_Error("BearSSL ECDSA does not support this curve"); + + m_hash = BearSSL_hash_class_for(emsa); + if (m_hash == nullptr) + throw Lookup_Error("BearSSL ECDSA does not support EMSA " + emsa); + + const SCAN_Name req(emsa); + m_hf = make_bearssl_hash(req.arg(0)); + if (m_hf == nullptr) + throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); + + m_key.xlen = ecdsa.private_value().bytes(); + m_key.x = new uint8_t[m_key.xlen]; + ecdsa.private_value().binary_encode(m_key.x); + m_key.curve = curve; + } + + void update(const uint8_t msg[], size_t msg_len) override + { + m_hf->update(msg, msg_len); + } + + secure_vector<uint8_t> sign(RandomNumberGenerator&) override + { + const size_t order_bytes = (m_order_bits + 7) / 8; + secure_vector<uint8_t> sigval(2*order_bytes); + + br_ecdsa_sign engine = br_ecdsa_sign_raw_get_default(); + size_t sign_len = engine(&br_ec_prime_i31, m_hash, m_hf->final().data(), &m_key, sigval.data()); + if (sign_len == 0) + throw BearSSL_Error("br_ecdsa_sign"); + + sigval.resize(sign_len); + return sigval; + } + + size_t max_input_bits() const { return m_order_bits; } + + ~BearSSL_ECDSA_Signing_Operation() + { + delete m_key.x; + } + + private: + br_ec_private_key m_key; + std::unique_ptr<HashFunction> m_hf; + const br_hash_class *m_hash; + size_t m_order_bits; + }; + +} + +std::unique_ptr<PK_Ops::Verification> +make_bearssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params) + { + return std::unique_ptr<PK_Ops::Verification>(new BearSSL_ECDSA_Verification_Operation(key, params)); + } + +std::unique_ptr<PK_Ops::Signature> +make_bearssl_ecdsa_sig_op(const ECDSA_PrivateKey& key, const std::string& params) + { + return std::unique_ptr<PK_Ops::Signature>(new BearSSL_ECDSA_Signing_Operation(key, params)); + } + +#endif + +} diff --git a/src/lib/prov/bearssl/bearssl_hash.cpp b/src/lib/prov/bearssl/bearssl_hash.cpp new file mode 100644 index 000000000..9620d6d70 --- /dev/null +++ b/src/lib/prov/bearssl/bearssl_hash.cpp @@ -0,0 +1,120 @@ +/* +* BearSSL Hash Functions +* (C) 1999-2007,2015 Jack Lloyd +* (C) 2017 Patrick Wildt +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/hash.h> +#include <botan/internal/bearssl.h> +#include <unordered_map> + +extern "C" { + #include <bearssl_hash.h> +} + +namespace Botan { + +namespace { + +class BearSSL_HashFunction : public HashFunction + { + public: + void clear() override + { + m_ctx.vtable->init(&m_ctx.vtable); + } + + std::string provider() const override { return "bearssl"; } + std::string name() const override { return m_name; } + + HashFunction* clone() const override + { + return new BearSSL_HashFunction(m_ctx.vtable, m_name); + } + + std::unique_ptr<HashFunction> copy_state() const override + { + std::unique_ptr<BearSSL_HashFunction> copy(new BearSSL_HashFunction(m_ctx.vtable, m_name)); + memcpy(©->m_ctx, &m_ctx, sizeof(m_ctx)); + return std::move(copy); + } + + size_t output_length() const override + { + return (m_ctx.vtable->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK; + } + + size_t hash_block_size() const override + { + return 1 << ((m_ctx.vtable->desc >> BR_HASHDESC_LBLEN_OFF) & BR_HASHDESC_LBLEN_MASK); + } + + BearSSL_HashFunction(const br_hash_class *hash, const std::string name) + { + m_name = name; + hash->init(&m_ctx.vtable); + } + + ~BearSSL_HashFunction() + { + } + + private: + void add_data(const uint8_t input[], size_t length) override + { + m_ctx.vtable->update(&m_ctx.vtable, input, length); + } + + void final_result(uint8_t output[]) override + { + m_ctx.vtable->out(&m_ctx.vtable, output); + m_ctx.vtable->init(&m_ctx.vtable); + } + + std::string m_name; + br_hash_compat_context m_ctx; + }; + +} + +std::unique_ptr<HashFunction> +make_bearssl_hash(const std::string& name) + { +#define MAKE_BEARSSL_HASH(vtable) \ + std::unique_ptr<HashFunction>(new BearSSL_HashFunction(vtable, name)) + +#if defined(BOTAN_HAS_SHA2_32) + if(name == "SHA-224") + return MAKE_BEARSSL_HASH(&br_sha224_vtable); + if(name == "SHA-256") + return MAKE_BEARSSL_HASH(&br_sha256_vtable); +#endif + +#if defined(BOTAN_HAS_SHA2_64) + if(name == "SHA-384") + return MAKE_BEARSSL_HASH(&br_sha384_vtable); + if(name == "SHA-512") + return MAKE_BEARSSL_HASH(&br_sha512_vtable); +#endif + +#if defined(BOTAN_HAS_SHA1) + if(name == "SHA-160" || name == "SHA-1") + return MAKE_BEARSSL_HASH(&br_sha1_vtable); +#endif + +#if defined(BOTAN_HAS_MD5) + if(name == "MD5") + return MAKE_BEARSSL_HASH(&br_md5_vtable); +#endif + +#if defined(BOTAN_HAS_PARALLEL_HASH) + if(name == "Parallel(MD5,SHA-160)") + return MAKE_BEARSSL_HASH(&br_md5sha1_vtable); +#endif + + return nullptr; + } + +} diff --git a/src/lib/prov/bearssl/info.txt b/src/lib/prov/bearssl/info.txt new file mode 100644 index 000000000..cf38a1fe7 --- /dev/null +++ b/src/lib/prov/bearssl/info.txt @@ -0,0 +1,13 @@ +<defines> +BEARSSL -> 20170628 +</defines> + +load_on vendor + +<header:internal> +bearssl.h +</header:internal> + +<libs> +all!windows -> bearssl +</libs> |