1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00

Define algorithms for EdDSA

Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2021-02-24 21:52:21 +01:00
parent 67546802fe
commit 3a1101a122
4 changed files with 109 additions and 12 deletions

View File

@ -170,6 +170,18 @@ Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256
asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
Asymmetric signature: pure EdDSA
#depends_on:PSA_WANT_ALG_EDDSA
asymmetric_signature_algorithm:PSA_ALG_PURE_EDDSA:0
Asymmetric signature: Ed25519ph
#depends_on:PSA_WANT_ALG_EDDSA
asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN
Asymmetric signature: Ed448ph
#depends_on:PSA_WANT_ALG_EDDSA
asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN
Asymmetric signature: RSA PKCS#1 v1.5 with wildcard hash
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
asymmetric_signature_wildcard:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PKCS1V15_SIGN

View File

@ -30,16 +30,17 @@
#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 11 )
#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 12 )
#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 13 )
#define ALG_IS_HASH_AND_SIGN ( 1u << 14 )
#define ALG_IS_RSA_OAEP ( 1u << 15 )
#define ALG_IS_HKDF ( 1u << 16 )
#define ALG_IS_FFDH ( 1u << 17 )
#define ALG_IS_ECDH ( 1u << 18 )
#define ALG_IS_WILDCARD ( 1u << 19 )
#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 )
#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 21 )
#define ALG_IS_TLS12_PRF ( 1u << 22 )
#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 23 )
#define ALG_IS_HASH_EDDSA ( 1u << 14 )
#define ALG_IS_HASH_AND_SIGN ( 1u << 15 )
#define ALG_IS_RSA_OAEP ( 1u << 16 )
#define ALG_IS_HKDF ( 1u << 17 )
#define ALG_IS_FFDH ( 1u << 18 )
#define ALG_IS_ECDH ( 1u << 19 )
#define ALG_IS_WILDCARD ( 1u << 20 )
#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 21 )
#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 22 )
#define ALG_IS_TLS12_PRF ( 1u << 23 )
#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 24 )
/* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@ -97,6 +98,7 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_EDDSA, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );