diff --git a/rustls-libssl/src/evp_pkey.rs b/rustls-libssl/src/evp_pkey.rs index c32e45c..7665a1f 100644 --- a/rustls-libssl/src/evp_pkey.rs +++ b/rustls-libssl/src/evp_pkey.rs @@ -170,6 +170,27 @@ impl EvpScheme for RsaPss { unsafe impl Sync for RsaPss {} unsafe impl Send for RsaPss {} +pub fn ed25519() -> Box { + Box::new(Ed25519) +} + +#[derive(Debug)] +struct Ed25519; + +impl EvpScheme for Ed25519 { + fn digest(&self) -> *mut EVP_MD { + // "When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the + // digest type parameter MUST be set to NULL." + // + ptr::null_mut() + } + + fn configure_ctx(&self, _: &mut SignCtx) -> Option<()> { + // "No additional parameters can be set during one-shot signing or verification." + Some(()) + } +} + /// Owning wrapper for a signing `EVP_MD_CTX` pub(crate) struct SignCtx { md_ctx: *mut EVP_MD_CTX, diff --git a/rustls-libssl/src/sign.rs b/rustls-libssl/src/sign.rs index c852587..0e69408 100644 --- a/rustls-libssl/src/sign.rs +++ b/rustls-libssl/src/sign.rs @@ -10,7 +10,7 @@ use rustls::{SignatureAlgorithm, SignatureScheme}; use crate::error; use crate::evp_pkey::{ - rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, rsa_pss_sha256, rsa_pss_sha384, + ed25519, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, rsa_pss_sha256, rsa_pss_sha384, rsa_pss_sha512, EvpPkey, EvpScheme, }; use crate::x509::OwnedX509Stack; @@ -205,6 +205,17 @@ impl sign::SigningKey for OpenSslKey { None } + SignatureAlgorithm::ED25519 => { + if offered.contains(&SignatureScheme::ED25519) { + return Some(Box::new(OpenSslSigner { + pkey: self.0.clone(), + pscheme: ed25519(), + scheme: SignatureScheme::ED25519, + })); + } + + None + } _ => None, } } diff --git a/rustls-libssl/test-ca/ed25519/ca.cert b/rustls-libssl/test-ca/ed25519/ca.cert new file mode 100644 index 0000000..c8a6223 --- /dev/null +++ b/rustls-libssl/test-ca/ed25519/ca.cert @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 +MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU +OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y +tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ed25519/server.cert b/rustls-libssl/test-ca/ed25519/server.cert new file mode 100644 index 0000000..f1d9cbe --- /dev/null +++ b/rustls-libssl/test-ca/ed25519/server.cert @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx +MjE3MjMxNVowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBG +aQQnDqqVjKAWWubCZJrG6S2ZZcI9/ZO65doj0GcDBqOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUmyF3DidQEKhYUCk+ITezcqPhqAsw +RAYDVR0jBD0wO4AUxwg1gMsAfyEa6sLP1y4o71kifi6hIKQeMBwxGjAYBgNVBAMM +EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t +hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC +CWxvY2FsaG9zdDAFBgMrZXADQQA5X4Gdwo2e2TmhjgMcFB5SVbo/IPh3i8FaqKYc +k+O941Y4S0aBC/7zGZDZx2m0VAThR0eHsyGGnsKUB/uH1MoG +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD +DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh +AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU +xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha +hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn +jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 +MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU +OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y +tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ed25519/server.key b/rustls-libssl/test-ca/ed25519/server.key new file mode 100644 index 0000000..58a361d --- /dev/null +++ b/rustls-libssl/test-ca/ed25519/server.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIFAeJeUKTXguiUHfGJmqh5nG8AdqjNDKQy9nctnekBE3 +-----END PRIVATE KEY----- diff --git a/rustls-libssl/tests/runner.rs b/rustls-libssl/tests/runner.rs index 2b64c34..c2a1255 100644 --- a/rustls-libssl/tests/runner.rs +++ b/rustls-libssl/tests/runner.rs @@ -401,6 +401,7 @@ fn server_key_algorithms() { server_with_key_algorithm("rsa", "rsa_pkcs1_sha256", "-tls1_2"); server_with_key_algorithm("rsa", "rsa_pkcs1_sha384", "-tls1_2"); server_with_key_algorithm("rsa", "rsa_pkcs1_sha512", "-tls1_2"); + server_with_key_algorithm("ed25519", "ed25519", "-tls1_3"); } const NGINX_LOG_LEVEL: &str = "info";