| blob | db76c50a15e10c25f7c7cb947408c7ae87549f9f |
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
10 // TODO(eroman): There is no intention to implement this for non-OpenSSL. Remove
11 // this branch once the migration is complete. This could have been done as a
12 // conditional file (_openssl.cc) in the build file instead, but that is likely
13 // not worth the effort at this point.
15 #if !defined(USE_OPENSSL)
25 }
29 #else
31 #include <openssl/digest.h>
32 #include <openssl/ec.h>
33 #include <openssl/ec_key.h>
34 #include <openssl/evp.h>
35 #include <openssl/rsa.h>
36 #include <openssl/x509.h>
49 // Converts a DigestAlgorithm to an equivalent EVP_MD*.
66 }
69 }
71 // Sets the RSASSA-PSS parameters on |pctx|. Returns true on success.
74 // BoringSSL takes a signed int for the salt length, and interprets
75 // negative values in a special manner. Make sure not to silently underflow.
88 }
90 // TODO(eroman): This function is not strict enough. It accepts BER, other RSA
91 // OIDs, and does not check id-rsaEncryption parameters.
103 }
106 }
108 // Parses an RSA public key from SPKI to an EVP_PKEY.
109 //
110 // Returns true on success.
111 //
112 // There are two flavors of RSA public key that this function should recognize
113 // from RFC 5912 (however note that pk-rsaSSA-PSS is not supported in the
114 // current implementation).
115 // TODO(eroman): Support id-RSASSA-PSS and its associated parameters.
116 //
117 // pk-rsa PUBLIC-KEY ::= {
118 // IDENTIFIER rsaEncryption
119 // KEY RSAPublicKey
120 // PARAMS TYPE NULL ARE absent
121 // -- Private key format not in this module --
122 // CERT-KEY-USAGE {digitalSignature, nonRepudiation,
123 // keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
124 // }
125 //
126 // ...
127 //
128 // pk-rsaSSA-PSS PUBLIC-KEY ::= {
129 // IDENTIFIER id-RSASSA-PSS
130 // KEY RSAPublicKey
131 // PARAMS TYPE RSASSA-PSS-params ARE optional
132 // -- Private key format not in this module --
133 // CERT-KEY-USAGE { nonRepudiation, digitalSignature,
134 // keyCertSign, cRLSign }
135 // }
136 //
137 // Any RSA signature algorithm can accept a "pk-rsa" (rsaEncryption). However a
138 // "pk-rsaSSA-PSS" key is only accepted if the signature algorithm was for PSS
139 // mode:
140 //
141 // sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= {
142 // IDENTIFIER id-RSASSA-PSS
143 // PARAMS TYPE RSASSA-PSS-params ARE required
144 // HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384
145 // | mda-sha512 }
146 // PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS }
147 // SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS }
148 // }
149 //
150 // Moreover, if a "pk-rsaSSA-PSS" key was used and it optionally provided
151 // parameters for the algorithm, they must match those of the signature
152 // algorithm.
153 //
154 // COMPATIBILITY NOTE: RFC 5912 and RFC 3279 are in disagreement on the value
155 // of parameters for rsaEncryption. Whereas RFC 5912 says they must be absent,
156 // RFC 3279 says they must be NULL:
157 //
158 // The rsaEncryption OID is intended to be used in the algorithm field
159 // of a value of type AlgorithmIdentifier. The parameters field MUST
160 // have ASN.1 type NULL for this algorithm identifier.
161 //
162 // Following RFC 3279 in this case.
166 }
168 // Does signature verification using either RSA or ECDSA.
177 // For the supported algorithms the signature value must be a whole
178 // number of bytes.
195 // Set the RSASSA-PSS specific options.
199 }
204 }
209 }
211 // Returns true if the given curve is allowed for ECDSA. The input is a
212 // BoringSSL NID.
213 //
214 // TODO(eroman): Extract policy decisions such as allowed curves, hashes, RSA
215 // modulus size, to somewhere more central.
222 }
224 }
226 // Parses an EC public key from SPKI to an EVP_PKEY.
227 //
228 // Returns true on success.
229 //
230 // RFC 5912 describes all the ECDSA signature algorithms as requiring a public
231 // key of type "pk-ec":
232 //
233 // pk-ec PUBLIC-KEY ::= {
234 // IDENTIFIER id-ecPublicKey
235 // KEY ECPoint
236 // PARAMS TYPE ECParameters ARE required
237 // -- Private key format not in this module --
238 // CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
239 // keyCertSign, cRLSign }
240 // }
241 //
242 // Moreover RFC 5912 stipulates what curves are allowed. The ECParameters
243 // MUST NOT use an implicitCurve or specificCurve for PKIX:
244 //
245 // ECParameters ::= CHOICE {
246 // namedCurve CURVE.&id({NamedCurve})
247 // -- implicitCurve NULL
248 // -- implicitCurve MUST NOT be used in PKIX
249 // -- specifiedCurve SpecifiedCurve
250 // -- specifiedCurve MUST NOT be used in PKIX
251 // -- Details for specifiedCurve can be found in [X9.62]
252 // -- Any future additions to this CHOICE should be coordinated
253 // -- with ANSI X.9.
254 // }
255 // -- If you need to be able to decode ANSI X.9 parameter structures,
256 // -- uncomment the implicitCurve and specifiedCurve above, and also
257 // -- uncomment the following:
258 // --(WITH COMPONENTS {namedCurve PRESENT})
259 //
260 // The namedCurves are extensible. The ones described by RFC 5912 are:
261 //
262 // NamedCurve CURVE ::= {
263 // { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
264 // { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
265 // { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
266 // { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
267 // { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
268 // ... -- Extensible
269 // }
275 // Enforce policy on allowed curves in case ImportPkeyFromSpki() were to
276 // recognize and allow use of a weak curve.
283 }
293 // Parse the SPKI to an EVP_PKEY appropriate for the signature algorithm.
304 }
308 }
312 #endif