Merge pull request #10135 from lealem47/nid_ED

Add Ed25519/Ed448 support to EVP layer

Author: JacobBarthelmeh

src/internal.c

@@ -13957,9 +13957,30 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             }
 
             wolfSSL_EVP_PKEY_free(x509->key.pkey);
-            if (!(x509->key.pkey = wolfSSL_d2i_PUBKEY(NULL,
-                                                      &dCert->publicKey,
-                                                      dCert->pubKeySize))) {
+            x509->key.pkey = NULL;
+
+            switch (dCert->keyOID) {
+            #ifdef HAVE_ED25519
+                case ED25519k:
+                    x509->key.pkey = wolfSSL_EVP_PKEY_new_raw_public_key(
+                        WC_EVP_PKEY_ED25519, NULL, dCert->publicKey,
+                        dCert->pubKeySize);
+                    break;
+            #endif
+            #ifdef HAVE_ED448
+                case ED448k:
+                    x509->key.pkey = wolfSSL_EVP_PKEY_new_raw_public_key(
+                        WC_EVP_PKEY_ED448, NULL, dCert->publicKey,
+                        dCert->pubKeySize);
+                    break;
+            #endif
+                default:
+                    x509->key.pkey = wolfSSL_d2i_PUBKEY(NULL,
+                        &dCert->publicKey, dCert->pubKeySize);
+                    break;
+            }
+
+            if (x509->key.pkey == NULL) {
                 ret = PUBLIC_KEY_E;
                 WOLFSSL_ERROR_VERBOSE(ret);
             }

src/pk.c

@@ -5511,6 +5511,60 @@ int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
 
 #endif /* OPENSSL_EXTRA && HAVE_ED25519 */
 
+#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
+    defined(HAVE_ED25519)
+/* Allocate and initialize a new ed25519_key.
+ *
+ * @param [in] heap   Heap hint for memory allocation.
+ * @param [in] devId  Device identifier for crypto callbacks.
+ * @return  Allocated and initialized ed25519_key on success.
+ * @return  NULL on failure.
+ */
+ed25519_key* wolfSSL_ED25519_new(void* heap, int devId)
+{
+    ed25519_key* key;
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_new");
+
+#ifndef WC_NO_CONSTRUCTORS
+    key = wc_ed25519_new(heap, devId, NULL);
+#else
+    key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
+        DYNAMIC_TYPE_ED25519);
+    if (key == NULL) {
+        WOLFSSL_ERROR_MSG("wolfSSL_ED25519_new malloc failure");
+    }
+    else if (wc_ed25519_init_ex(key, heap, devId) != 0) {
+        WOLFSSL_ERROR_MSG("wolfSSL_ED25519_new init failure");
+        XFREE(key, heap, DYNAMIC_TYPE_ED25519);
+        key = NULL;
+    }
+#endif
+
+    return key;
+}
+
+/* Free an ed25519_key allocated with wolfSSL_ED25519_new.
+ *
+ * @param [in] key  ed25519_key to free. May be NULL.
+ */
+void wolfSSL_ED25519_free(ed25519_key* key)
+{
+    if (key != NULL) {
+        WOLFSSL_ENTER("wolfSSL_ED25519_free");
+    #ifndef WC_NO_CONSTRUCTORS
+        wc_ed25519_delete(key, NULL);
+    #else
+        {
+            void* heap = key->heap;
+            wc_ed25519_free(key);
+            XFREE(key, heap, DYNAMIC_TYPE_ED25519);
+        }
+    #endif
+    }
+}
+#endif /* (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) && HAVE_ED25519 */
+
 /*******************************************************************************
  * END OF ED25519 API
  ******************************************************************************/
@@ -5964,6 +6018,61 @@ int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz,
 }
 #endif /* OPENSSL_EXTRA && HAVE_ED448 */
 
+#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
+    defined(HAVE_ED448)
+/* Allocate and initialize a new ed448_key.
+ *
+ * @param [in] heap   Heap hint for memory allocation.
+ * @param [in] devId  Device identifier for crypto callbacks.
+ * @return  Allocated and initialized ed448_key on success.
+ * @return  NULL on failure.
+ */
+ed448_key* wolfSSL_ED448_new(void* heap, int devId)
+{
+    ed448_key* key;
+
+    WOLFSSL_ENTER("wolfSSL_ED448_new");
+
+#if !defined(WC_NO_CONSTRUCTORS) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
+    key = wc_ed448_new(heap, devId, NULL);
+#else
+    key = (ed448_key*)XMALLOC(sizeof(ed448_key), heap, DYNAMIC_TYPE_ED448);
+    if (key == NULL) {
+        WOLFSSL_ERROR_MSG("wolfSSL_ED448_new malloc failure");
+    }
+    else if (wc_ed448_init_ex(key, heap, devId) != 0) {
+        WOLFSSL_ERROR_MSG("wolfSSL_ED448_new init failure");
+        XFREE(key, heap, DYNAMIC_TYPE_ED448);
+        key = NULL;
+    }
+#endif
+
+    return key;
+}
+
+/* Free an ed448_key allocated with wolfSSL_ED448_new.
+ *
+ * @param [in] key  ed448_key to free. May be NULL.
+ */
+void wolfSSL_ED448_free(ed448_key* key)
+{
+    if (key != NULL) {
+        WOLFSSL_ENTER("wolfSSL_ED448_free");
+    #if !defined(WC_NO_CONSTRUCTORS) && \
+        (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
+        wc_ed448_delete(key, NULL);
+    #else
+        {
+            void* heap = key->heap;
+            wc_ed448_free(key);
+            XFREE(key, heap, DYNAMIC_TYPE_ED448);
+        }
+    #endif
+    }
+}
+#endif /* (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) && HAVE_ED448 */
+
 /*******************************************************************************
  * END OF ED448 API
  ******************************************************************************/
@@ -6272,6 +6381,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
             case DHk:
                 type = WC_EVP_PKEY_DH;
                 break;
+        #ifdef HAVE_ED25519
+            case ED25519k:
+                type = WC_EVP_PKEY_ED25519;
+                break;
+        #endif
+        #ifdef HAVE_ED448
+            case ED448k:
+                type = WC_EVP_PKEY_ED448;
+                break;
+        #endif
             default:
                 type = WOLFSSL_FATAL_ERROR;
                 break;
@@ -6419,6 +6538,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key,
             case DHk:
                 type = WC_EVP_PKEY_DH;
                 break;
+        #ifdef HAVE_ED25519
+            case ED25519k:
+                type = WC_EVP_PKEY_ED25519;
+                break;
+        #endif
+        #ifdef HAVE_ED448
+            case ED448k:
+                type = WC_EVP_PKEY_ED448;
+                break;
+        #endif
             default:
                 type = WOLFSSL_FATAL_ERROR;
                 break;

src/ssl.c

@@ -17724,6 +17724,14 @@ word32 nid2oid(int nid, int grp)
                     return CTC_SHA3_512wECDSA;
                 #endif
             #endif /* HAVE_ECC */
+            #ifdef HAVE_ED25519
+                case WC_NID_ED25519:
+                    return CTC_ED25519;
+            #endif /* HAVE_ED25519 */
+            #ifdef HAVE_ED448
+                case WC_NID_ED448:
+                    return CTC_ED448;
+            #endif /* HAVE_ED448 */
             }
             break;
 
@@ -17742,6 +17750,14 @@ word32 nid2oid(int nid, int grp)
                 case WC_NID_X9_62_id_ecPublicKey:
                     return ECDSAk;
             #endif /* HAVE_ECC */
+            #ifdef HAVE_ED25519
+                case WC_NID_ED25519:
+                    return ED25519k;
+            #endif /* HAVE_ED25519 */
+            #ifdef HAVE_ED448
+                case WC_NID_ED448:
+                    return ED448k;
+            #endif /* HAVE_ED448 */
             }
             break;
 
@@ -18100,6 +18116,14 @@ int oid2nid(word32 oid, int grp)
                     return WC_NID_ecdsa_with_SHA3_512;
                 #endif
             #endif /* HAVE_ECC */
+            #ifdef HAVE_ED25519
+                case CTC_ED25519:
+                    return WC_NID_ED25519;
+            #endif /* HAVE_ED25519 */
+            #ifdef HAVE_ED448
+                case CTC_ED448:
+                    return WC_NID_ED448;
+            #endif /* HAVE_ED448 */
             }
             break;
 
@@ -18122,6 +18146,14 @@ int oid2nid(word32 oid, int grp)
                 case ECDSAk:
                     return WC_NID_X9_62_id_ecPublicKey;
             #endif /* HAVE_ECC */
+            #ifdef HAVE_ED25519
+                case ED25519k:
+                    return WC_NID_ED25519;
+            #endif /* HAVE_ED25519 */
+            #ifdef HAVE_ED448
+                case ED448k:
+                    return WC_NID_ED448;
+            #endif /* HAVE_ED448 */
             }
             break;
 

src/ssl_load.c

@@ -5306,6 +5306,18 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
             WOLFSSL_MSG("populating ECC key");
             ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc);
             break;
+    #endif
+    #ifdef HAVE_ED25519
+        case WC_EVP_PKEY_ED25519:
+            /* DER is already stored in pkey->pkey.ptr by d2i_evp_pkey. */
+            WOLFSSL_MSG("populating Ed25519 key");
+            break;
+    #endif
+    #ifdef HAVE_ED448
+        case WC_EVP_PKEY_ED448:
+            /* DER is already stored in pkey->pkey.ptr by d2i_evp_pkey. */
+            WOLFSSL_MSG("populating Ed448 key");
+            break;
     #endif
         default:
             ret = 0;