Skip to content

Commit

Permalink
Merge branch 'main' into slh-dsa
Browse files Browse the repository at this point in the history
  • Loading branch information
@fpseverino
fpseverino authored Nov 22, 2024
2 parents dee8cae + ff0f781 commit da39d26
Show file tree
Hide file tree
Showing 31 changed files with 4,075 additions and 30 deletions.
13 changes: 12 additions & 1 deletion Package.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,18 @@ let package = Package(
],
swiftSettings: swiftSettings
),
.testTarget(name: "_CryptoExtrasTests", dependencies: ["_CryptoExtras"]),
.testTarget(
name: "_CryptoExtrasTests",
dependencies: ["_CryptoExtras"],
resources: [
.copy("ECToolbox/H2CVectors/P256_XMD-SHA-256_SSWU_RO_.json"),
.copy("ECToolbox/H2CVectors/P384_XMD-SHA-384_SSWU_RO_.json"),
.copy("OPRFs/OPRFVectors/OPRFVectors-VOPRFDraft8.json"),
.copy("OPRFs/OPRFVectors/OPRFVectors-VOPRFDraft19.json"),
.copy("OPRFs/OPRFVectors/OPRFVectors-edgecases.json"),
],
swiftSettings: swiftSettings
),
.testTarget(name: "CryptoBoringWrapperTests", dependencies: ["CryptoBoringWrapper"]),
],
cxxLanguageStandard: .cxx11
Expand Down
14 changes: 14 additions & 0 deletions Sources/CCryptoBoringSSLShims/include/CCryptoBoringSSLShims.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,20 @@ int CCryptoBoringSSLShims_EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, void *out,
size_t *out_len, const void *in,
size_t in_len);

int CCryptoBoringSSLShims_EC_hash_to_curve_p256_xmd_sha256_sswu(const EC_GROUP *group, EC_POINT *out,
const void *dst, size_t dst_len,
const void *msg, size_t msg_len);

int CCryptoBoringSSLShims_EC_hash_to_curve_p384_xmd_sha384_sswu(const EC_GROUP *group, EC_POINT *out,
const void *dst, size_t dst_len,
const void *msg, size_t msg_len);

size_t CCryptoBoringSSLShims_EC_POINT_point2oct(const EC_GROUP *group,
const EC_POINT *point,
point_conversion_form_t form,
void *buf, size_t max_out,
BN_CTX *ctx);

#if defined(__cplusplus)
}
#endif // defined(__cplusplus)
Expand Down
20 changes: 20 additions & 0 deletions Sources/CCryptoBoringSSLShims/shims.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,3 +168,23 @@ int CCryptoBoringSSLShims_EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, void *out,
size_t in_len) {
return CCryptoBoringSSL_EVP_PKEY_decrypt(ctx, out, out_len, in, in_len);
}

int CCryptoBoringSSLShims_EC_hash_to_curve_p256_xmd_sha256_sswu(const EC_GROUP *group, EC_POINT *out,
const void *dst, size_t dst_len,
const void *msg, size_t msg_len) {
return CCryptoBoringSSL_EC_hash_to_curve_p256_xmd_sha256_sswu(group, out, dst, dst_len, msg, msg_len);
}

int CCryptoBoringSSLShims_EC_hash_to_curve_p384_xmd_sha384_sswu(const EC_GROUP *group, EC_POINT *out,
const void *dst, size_t dst_len,
const void *msg, size_t msg_len) {
return CCryptoBoringSSL_EC_hash_to_curve_p384_xmd_sha384_sswu(group, out, dst, dst_len, msg, msg_len);
}

size_t CCryptoBoringSSLShims_EC_POINT_point2oct(const EC_GROUP *group,
const EC_POINT *point,
point_conversion_form_t form,
void *buf, size_t max_out,
BN_CTX *ctx) {
return CCryptoBoringSSL_EC_POINT_point2oct(group, point, form, buf, max_out, ctx);
}
4 changes: 2 additions & 2 deletions Sources/Crypto/HPKE/Ciphersuite/HPKE-AEAD.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,9 @@ extension HPKE {
internal func seal<D: DataProtocol, AD: DataProtocol>(_ message: D, authenticating aad: AD, nonce: Data, using key: SymmetricKey) throws -> Data {
switch self {
case .chaChaPoly:
return try ChaChaPoly.seal(message, using: key, nonce: ChaChaPoly.Nonce(data: nonce), authenticating: aad).combined.suffix(from: nonce.count)
return try ChaChaPoly.seal(message, using: key, nonce: ChaChaPoly.Nonce(data: nonce), authenticating: aad).combined.dropFirst(nonce.count)
default:
return try AES.GCM.seal(message, using: key, nonce: AES.GCM.Nonce(data: nonce), authenticating: aad).combined!.suffix(from: nonce.count)
return try AES.GCM.seal(message, using: key, nonce: AES.GCM.Nonce(data: nonce), authenticating: aad).combined!.dropFirst(nonce.count)
}
}

Expand Down
18 changes: 9 additions & 9 deletions Sources/Crypto/Signatures/ECDSA.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ extension P256.Signing {
let combined = rawRepresentation
assert(combined.count % 2 == 0)
let half = combined.count / 2
return (combined.prefix(upTo: half), combined.suffix(from: half))
return (combined.prefix(half), combined.suffix(half))
}

/// Creates a P-256 digital signature from a Distinguished Encoding
Expand Down Expand Up @@ -115,8 +115,8 @@ extension P256.Signing {
#else
let raw = rawRepresentation
let half = raw.count / 2
let r = Array(raw.prefix(upTo: half))[...]
let s = Array(raw.suffix(from: half))[...]
let r = Array(raw.prefix(half))[...]
let s = Array(raw.suffix(half))[...]

let sig = ASN1.ECDSASignature(r: r, s: s)
var serializer = ASN1.Serializer()
Expand Down Expand Up @@ -229,7 +229,7 @@ extension P384.Signing {
let combined = rawRepresentation
assert(combined.count % 2 == 0)
let half = combined.count / 2
return (combined.prefix(upTo: half), combined.suffix(from: half))
return (combined.prefix(half), combined.suffix(half))
}

/// Creates a P-384 digital signature from a Distinguished Encoding
Expand Down Expand Up @@ -278,8 +278,8 @@ extension P384.Signing {
#else
let raw = rawRepresentation
let half = raw.count / 2
let r = Array(raw.prefix(upTo: half))[...]
let s = Array(raw.suffix(from: half))[...]
let r = Array(raw.prefix(half))[...]
let s = Array(raw.suffix(half))[...]

let sig = ASN1.ECDSASignature(r: r, s: s)
var serializer = ASN1.Serializer()
Expand Down Expand Up @@ -392,7 +392,7 @@ extension P521.Signing {
let combined = rawRepresentation
assert(combined.count % 2 == 0)
let half = combined.count / 2
return (combined.prefix(upTo: half), combined.suffix(from: half))
return (combined.prefix(half), combined.suffix(half))
}

/// Creates a P-521 digital signature from a Distinguished Encoding
Expand Down Expand Up @@ -441,8 +441,8 @@ extension P521.Signing {
#else
let raw = rawRepresentation
let half = raw.count / 2
let r = Array(raw.prefix(upTo: half))[...]
let s = Array(raw.suffix(from: half))[...]
let r = Array(raw.prefix(half))[...]
let s = Array(raw.suffix(half))[...]

let sig = ASN1.ECDSASignature(r: r, s: s)
var serializer = ASN1.Serializer()
Expand Down
6 changes: 3 additions & 3 deletions Sources/Crypto/Signatures/ECDSA.swift.gyb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ extension ${CURVE}.Signing {
let combined = rawRepresentation
assert(combined.count % 2 == 0)
let half = combined.count / 2
return (combined.prefix(upTo: half), combined.suffix(from: half))
return (combined.prefix(half), combined.suffix(half))
}

/// Creates a ${DISPLAY_CURVE} digital signature from a Distinguished Encoding
Expand Down Expand Up @@ -125,8 +125,8 @@ extension ${CURVE}.Signing {
#else
let raw = rawRepresentation
let half = raw.count / 2
let r = Array(raw.prefix(upTo: half))[...]
let s = Array(raw.suffix(from: half))[...]
let r = Array(raw.prefix(half))[...]
let s = Array(raw.suffix(half))[...]

let sig = ASN1.ECDSASignature(r: r, s: s)
var serializer = ASN1.Serializer()
Expand Down
26 changes: 25 additions & 1 deletion Sources/CryptoBoringWrapper/EC/EllipticCurve.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
/// A wrapper around BoringSSL's EC_GROUP object that handles reference counting and
/// liveness.
@usableFromInline
package class BoringSSLEllipticCurveGroup {
package final class BoringSSLEllipticCurveGroup {
/* private but usableFromInline */ @usableFromInline var _group: OpaquePointer

@usableFromInline
Expand Down Expand Up @@ -72,6 +72,16 @@ extension BoringSSLEllipticCurveGroup {
return try! ArbitraryPrecisionInteger(copying: baseOrder)
}

@usableFromInline
package var generator: EllipticCurvePoint {
get throws {
guard let generatorPtr = CCryptoBoringSSL_EC_GROUP_get0_generator(self._group) else {
throw CryptoBoringWrapperError.internalBoringSSLError()
}
return try EllipticCurvePoint(copying: generatorPtr, on: self)
}
}

/// An elliptic curve can be represented in a Weierstrass form: `y² = x³ + ax + b`. This
/// property provides the values of a and b on the curve.
@usableFromInline
Expand Down Expand Up @@ -102,6 +112,20 @@ extension BoringSSLEllipticCurveGroup {
case p384
case p521
}

@usableFromInline
var curveName: CurveName? {
switch CCryptoBoringSSL_EC_GROUP_get_curve_name(self._group) {
case NID_X9_62_prime256v1:
return .p256
case NID_secp384r1:
return .p384
case NID_secp521r1:
return .p521
default:
return nil
}
}
}

extension BoringSSLEllipticCurveGroup.CurveName {
Expand Down
Loading

0 comments on commit da39d26

Please sign in to comment.