squash pkcs15-pubkey.c

eddsa and xeddsa are bitstrings On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c
dengert · Jan 20, 2024 · 8308ee7 · 8308ee7
1 parent 1475177
commit 8308ee7
Showing 1 changed file with 42 additions and 10 deletions.
diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
@@ -542,6 +542,12 @@ static struct sc_asn1_entry c_asn1_ec_pointQ[C_ASN1_EC_POINTQ_SIZE] = {
 		{ NULL, 0, 0, 0, NULL, NULL }
 };
 
+#define C_ASN1_EDDSA_PUBKEY_SIZE 2
+static struct sc_asn1_entry c_asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE] = {
+		{ "eddsa-xeddsa pubkey", SC_ASN1_BIT_STRING_NI, SC_ASN1_TAG_BIT_STRING, SC_ASN1_ALLOC, NULL, NULL },
+		{ NULL, 0, 0, 0, NULL, NULL }
+};
+
 int
 sc_pkcs15_decode_pubkey_rsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_rsa *key,
 		const u8 *buf, size_t buflen)
@@ -683,25 +689,47 @@ sc_pkcs15_encode_pubkey_ec(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key,
 }
 
 /*
- * all "ec" keys uses same pubkey format, keep this external entrypoint
- * keys are just byte strings.
+ * EDDSA and XEDDSA pubkeys are encoded in bit strings.
+ * EC pubkeys are encoded in byte strings.
  */
+
 int
 sc_pkcs15_decode_pubkey_eddsa(sc_context_t *ctx,
 		struct sc_pkcs15_pubkey_ec *key,
 		const u8 *buf, size_t buflen)
 {
-	return sc_pkcs15_decode_pubkey_ec(ctx, key, buf, buflen);
+	int r;
+	u8 * pubkey = NULL;
+	size_t pubkey_len;
+	struct sc_asn1_entry asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE];
+
+	LOG_FUNC_CALLED(ctx);
+	sc_copy_asn1_entry(c_asn1_eddsa_pubkey, asn1_eddsa_pubkey);
+	sc_format_asn1_entry(asn1_eddsa_pubkey + 0, &pubkey, &pubkey_len, 1); /* len in bits */
+	r = sc_asn1_decode(ctx, asn1_eddsa_pubkey, buf, buflen, NULL, NULL);
+	if (r < 0)
+		LOG_TEST_RET(ctx, r, "ASN.1 decoding failed");
+
+	key->ecpointQ.len = pubkey_len / 8; /* bits to bytes length i always multiple of 8 */
+	key->ecpointQ.value = pubkey;
+
+	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 }
 
-/*
- * all "ec" keys uses same pubkey format, keep this external entrypoint
- */
 int
 sc_pkcs15_encode_pubkey_eddsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key,
 		u8 **buf, size_t *buflen)
 {
-	return sc_pkcs15_encode_pubkey_ec(ctx, key, buf, buflen);
+	struct sc_asn1_entry asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE];
+	size_t publey_len;
+
+	LOG_FUNC_CALLED(ctx);
+	publey_len = key->ecpointQ.len * 8; /* bytes to bits  for bit string */
+	sc_copy_asn1_entry(c_asn1_eddsa_pubkey, asn1_eddsa_pubkey);
+	sc_format_asn1_entry(asn1_eddsa_pubkey + 0, key->ecpointQ.value, &publey_len, 1);
+
+	LOG_FUNC_RETURN(ctx,
+			sc_asn1_encode(ctx, asn1_eddsa_pubkey, buf, buflen));
 }
 
 int
@@ -712,8 +740,10 @@ sc_pkcs15_encode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key,
 		return sc_pkcs15_encode_pubkey_rsa(ctx, &key->u.rsa, buf, len);
 	if (key->algorithm == SC_ALGORITHM_GOSTR3410)
 		return sc_pkcs15_encode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len);
-	if (key->algorithm == SC_ALGORITHM_EC || key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA)
+	if (key->algorithm == SC_ALGORITHM_EC)
 		return sc_pkcs15_encode_pubkey_ec(ctx, &key->u.ec, buf, len);
+	if (key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA)
+		return sc_pkcs15_encode_pubkey_eddsa(ctx, &key->u.ec, buf, len);
 
 	sc_log(ctx, "Encoding of public key type %u not supported", key->algorithm);
 	LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
@@ -829,8 +859,10 @@ sc_pkcs15_decode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key,
 		return sc_pkcs15_decode_pubkey_rsa(ctx, &key->u.rsa, buf, len);
 	if (key->algorithm == SC_ALGORITHM_GOSTR3410)
 		return sc_pkcs15_decode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len);
-	if (key->algorithm == SC_ALGORITHM_EC  || key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA)
+	if (key->algorithm == SC_ALGORITHM_EC)
 		return sc_pkcs15_decode_pubkey_ec(ctx, &key->u.ec, buf, len);
+	if (key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA)
+		return sc_pkcs15_decode_pubkey_eddsa(ctx, &key->u.ec, buf, len);
 
 	sc_log(ctx, "Decoding of public key type %u not supported", key->algorithm);
 	return SC_ERROR_NOT_SUPPORTED;
@@ -1447,7 +1479,7 @@ static struct ec_curve_info {
 		{"secp256k1",		"1.3.132.0.10", "06052B8104000A", 256},
 
 		/* OpenPGP extensions by Yubikey and GNUK are not defined in RFCs but we know the oid written to card */
-
+		/* card-openpgp.c will accept these as well as RFC8410 OIDs */
 		{"edwards25519",	"1.3.6.1.4.1.11591.15.1", "06092B06010401DA470F01", 255},
 		{"curve25519",		"1.3.6.1.4.3029.1.5.1", "060a2B060104019755010501", 255},