1 // Copyright 2019 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/subtle/ed25519_sign_boringssl.h"
18
19 #include <algorithm>
20 #include <iterator>
21 #include <memory>
22 #include <string>
23 #include <utility>
24
25 #include "absl/memory/memory.h"
26 #include "absl/status/status.h"
27 #include "absl/strings/str_format.h"
28 #include "absl/strings/string_view.h"
29 #include "openssl/evp.h"
30 #include "tink/internal/ec_util.h"
31 #include "tink/internal/ssl_unique_ptr.h"
32 #include "tink/internal/util.h"
33 #include "tink/public_key_sign.h"
34 #include "tink/util/statusor.h"
35
36 namespace crypto {
37 namespace tink {
38 namespace subtle {
39
40 constexpr int kEd25519SignatureLenInBytes = 64;
41
42 // static
New(util::SecretData private_key)43 util::StatusOr<std::unique_ptr<PublicKeySign>> Ed25519SignBoringSsl::New(
44 util::SecretData private_key) {
45 auto status = internal::CheckFipsCompatibility<Ed25519SignBoringSsl>();
46 if (!status.ok()) return status;
47
48 // OpenSSL/BoringSSL consider the ED25519's private key to be: private_key ||
49 // public_key.
50 const int kSslPrivateKeySize =
51 internal::Ed25519KeyPrivKeySize() + internal::Ed25519KeyPubKeySize();
52
53 if (private_key.size() != kSslPrivateKeySize) {
54 return util::Status(
55 absl::StatusCode::kInvalidArgument,
56 absl::StrFormat("Invalid ED25519 private key size (%d). "
57 "The only valid size is %d.",
58 private_key.size(), kSslPrivateKeySize));
59 }
60
61 internal::SslUniquePtr<EVP_PKEY> ssl_priv_key(EVP_PKEY_new_raw_private_key(
62 EVP_PKEY_ED25519, /*unused=*/nullptr, private_key.data(),
63 internal::Ed25519KeyPrivKeySize()));
64 if (ssl_priv_key == nullptr) {
65 return util::Status(absl::StatusCode::kInternal,
66 "EVP_PKEY_new_raw_private_key failed");
67 }
68
69 return {absl::WrapUnique(new Ed25519SignBoringSsl(std::move(ssl_priv_key)))};
70 }
71
Sign(absl::string_view data) const72 util::StatusOr<std::string> Ed25519SignBoringSsl::Sign(
73 absl::string_view data) const {
74 data = internal::EnsureStringNonNull(data);
75
76 uint8_t out_sig[kEd25519SignatureLenInBytes];
77 std::fill(std::begin(out_sig), std::end(out_sig), 0);
78
79 internal::SslUniquePtr<EVP_MD_CTX> md_ctx(EVP_MD_CTX_create());
80 size_t sig_len = kEd25519SignatureLenInBytes;
81 // type must be set to nullptr with Ed25519.
82 // See https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSignInit.html.
83 if (EVP_DigestSignInit(md_ctx.get(), /*pctx=*/nullptr, /*type=*/nullptr,
84 /*e=*/nullptr, priv_key_.get()) != 1 ||
85 EVP_DigestSign(md_ctx.get(), out_sig, &sig_len,
86 /*data=*/reinterpret_cast<const uint8_t *>(data.data()),
87 data.size()) != 1) {
88 return util::Status(absl::StatusCode::kInternal, "Signing failed.");
89 }
90
91 return std::string(reinterpret_cast<char *>(out_sig),
92 kEd25519SignatureLenInBytes);
93 }
94
95 } // namespace subtle
96 } // namespace tink
97 } // namespace crypto
98