Add support for Poly1305 in EVP_PKEY

Add Poly1305 as a "signed" digest. Reviewed-by: Andy Polyakov <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#2128)
pslacerda · Jan 24, 2017 · 52ad5b6 · 52ad5b6
1 parent 07afdf3
commit 52ad5b6
Show file tree

Hide file tree

Showing 20 changed files with 590 additions and 9 deletions.
diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h
@@ -41,7 +41,10 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
     &dhx_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_EC
-    &ecx25519_asn1_meth
+    &ecx25519_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_asn1_meth,
 #endif
 };
 
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -64,6 +64,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_POLY1305), "EVP_PKEY_get0_poly1305"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
     {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
     {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
@@ -114,6 +115,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
     {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
     {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_POLY1305_KEY), "expecting a poly1305 key"},
     {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
     {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
      "illegal scrypt parameters"},

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
@@ -249,6 +249,20 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
     return os->data;
 }
 
+#ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_POLY1305) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
 #ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
@@ -48,7 +48,10 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
     &ecx25519_pkey_meth,
 #endif
-    &hkdf_pkey_meth
+    &hkdf_pkey_meth,
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_pkey_meth,
+#endif
 };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,

diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
@@ -62,6 +62,8 @@ extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth;
+
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;

diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
@@ -87,6 +87,7 @@ extern const EVP_PKEY_METHOD rsa_pkey_meth;
 extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
 extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
 extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+extern const EVP_PKEY_METHOD poly1305_pkey_meth;
 
 struct evp_md_st {
     int type;

diff --git a/crypto/include/internal/poly1305.h b/crypto/include/internal/poly1305.h
@@ -9,7 +9,9 @@
 
 #include <stddef.h>
 
-#define POLY1305_BLOCK_SIZE 16
+#define POLY1305_BLOCK_SIZE  16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE    32
 
 typedef struct poly1305_context POLY1305;
 

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
@@ -963,7 +963,7 @@ static const unsigned char so[6765] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6753] OBJ_id_ct_xml */
 };
 
-#define NUM_NID 1061
+#define NUM_NID 1062
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2026,9 +2026,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6731]},
     {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6742]},
     {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6753]},
+    {"Poly1305", "poly1305", NID_poly1305},
 };
 
-#define NUM_SN 1052
+#define NUM_SN 1053
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2208,6 +2209,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      162,    /* "PBMAC1" */
      127,    /* "PKIX" */
      935,    /* "PSPECIFIED" */
+    1061,    /* "Poly1305" */
       98,    /* "RC2-40-CBC" */
      166,    /* "RC2-64-CBC" */
       37,    /* "RC2-CBC" */
@@ -3084,7 +3086,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      160,    /* "x509Crl" */
 };
 
-#define NUM_LN 1052
+#define NUM_LN 1053
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3866,6 +3868,7 @@ static const unsigned int ln_objs[NUM_LN] = {
       22,    /* "pkcs7-signedData" */
      151,    /* "pkcs8ShroudedKeyBag" */
       47,    /* "pkcs9" */
+    1061,    /* "poly1305" */
      862,    /* "postOfficeBox" */
      861,    /* "postalAddress" */
      661,    /* "postalCode" */

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
@@ -1058,3 +1058,4 @@ blake2s256		1057
 id_smime_ct_contentCollection		1058
 id_smime_ct_authEnvelopedData		1059
 id_ct_xml		1060
+poly1305		1061
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
@@ -1482,4 +1482,5 @@ id-pkinit 5                     : pkInitKDC             : Signing KDC Response
                             : AuthGOST12   : auth-gost12
                             : AuthSRP      : auth-srp
                             : AuthNULL     : auth-null
-
+# NID for Poly1305
+                            : Poly1305     : poly1305
diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info
@@ -1,5 +1,7 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
+        poly1305_pmeth.c \
+        poly1305_ameth.c \
         poly1305.c {- $target{poly1305_asm_src} -}
 
 GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl $(PERLASM_SCHEME)

diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2007-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "internal/asn1_int.h"
+#include "internal/poly1305.h"
+#include "poly1305_local.h"
+
+/*
+ * POLY1305 "ASN1" method. This is just here to indicate the maximum
+ * POLY1305 output length and to free up a POLY1305 key.
+ */
+
+static int poly1305_size(const EVP_PKEY *pkey)
+{
+    return POLY1305_DIGEST_SIZE;
+}
+
+static void poly1305_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing, (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+}
+
+const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_POLY1305,
+    0,
+
+    "POLY1305",
+    "OpenSSL POLY1305 method",
+
+    0, 0, poly1305_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    poly1305_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    poly1305_key_free,
+    poly1305_pkey_ctrl,
+    0, 0
+};