Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 7597d20

Browse filesBrowse files
panvaaduh95
panva
authored and
aduh95
committed
crypto: add support for Ed25519 context parameter
Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #62474 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent 57ef845 commit 7597d20
Copy full SHA for 7597d20

5 files changed

+301-9Lines changed: 301 additions & 9 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎deps/ncrypto/ncrypto.cc‎

Copy file name to clipboardExpand all lines: deps/ncrypto/ncrypto.cc
+42Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4363,6 +4363,27 @@ std::optional<EVP_PKEY_CTX*> EVPMDCtxPointer::signInitWithContext(
43634363
#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING
43644364
EVP_PKEY_CTX* ctx = nullptr;
43654365

4366+
#ifdef OSSL_SIGNATURE_PARAM_INSTANCE
4367+
// Ed25519 requires the INSTANCE param to switch into Ed25519ctx mode.
4368+
// Without it, OpenSSL silently ignores the context string.
4369+
if (key.id() == EVP_PKEY_ED25519) {
4370+
const OSSL_PARAM params[] = {
4371+
OSSL_PARAM_construct_utf8_string(
4372+
OSSL_SIGNATURE_PARAM_INSTANCE, const_cast<char*>("Ed25519ctx"), 0),
4373+
OSSL_PARAM_construct_octet_string(
4374+
OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
4375+
const_cast<unsigned char*>(context_string.data),
4376+
context_string.len),
4377+
OSSL_PARAM_END};
4378+
4379+
if (!EVP_DigestSignInit_ex(
4380+
ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) {
4381+
return std::nullopt;
4382+
}
4383+
return ctx;
4384+
}
4385+
#endif // OSSL_SIGNATURE_PARAM_INSTANCE
4386+
43664387
const OSSL_PARAM params[] = {
43674388
OSSL_PARAM_construct_octet_string(
43684389
OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
@@ -4387,6 +4408,27 @@ std::optional<EVP_PKEY_CTX*> EVPMDCtxPointer::verifyInitWithContext(
43874408
#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING
43884409
EVP_PKEY_CTX* ctx = nullptr;
43894410

4411+
#ifdef OSSL_SIGNATURE_PARAM_INSTANCE
4412+
// Ed25519 requires the INSTANCE param to switch into Ed25519ctx mode.
4413+
// Without it, OpenSSL silently ignores the context string.
4414+
if (key.id() == EVP_PKEY_ED25519) {
4415+
const OSSL_PARAM params[] = {
4416+
OSSL_PARAM_construct_utf8_string(
4417+
OSSL_SIGNATURE_PARAM_INSTANCE, const_cast<char*>("Ed25519ctx"), 0),
4418+
OSSL_PARAM_construct_octet_string(
4419+
OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
4420+
const_cast<unsigned char*>(context_string.data),
4421+
context_string.len),
4422+
OSSL_PARAM_END};
4423+
4424+
if (!EVP_DigestVerifyInit_ex(
4425+
ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) {
4426+
return std::nullopt;
4427+
}
4428+
return ctx;
4429+
}
4430+
#endif // OSSL_SIGNATURE_PARAM_INSTANCE
4431+
43904432
const OSSL_PARAM params[] = {
43914433
OSSL_PARAM_construct_octet_string(
43924434
OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
Collapse file

‎doc/api/crypto.md‎

Copy file name to clipboardExpand all lines: doc/api/crypto.md
+15-6Lines changed: 15 additions & 6 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -6039,6 +6039,9 @@ Throws an error if FIPS mode is not available.
60396039
<!-- YAML
60406040
added: v12.0.0
60416041
changes:
6042+
- version: REPLACEME
6043+
pr-url: https://github.com/nodejs/node/pull/62474
6044+
description: Add support for Ed25519 context parameter.
60426045
- version: v24.8.0
60436046
pr-url: https://github.com/nodejs/node/pull/59570
60446047
description: Add support for ML-DSA, Ed448, and SLH-DSA context parameter.
@@ -6102,9 +6105,10 @@ additional properties can be passed:
61026105
`crypto.constants.RSA_PSS_SALTLEN_DIGEST` sets the salt length to the digest
61036106
size, `crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN` (default) sets it to the
61046107
maximum permissible value.
6105-
* `context` {ArrayBuffer|Buffer|TypedArray|DataView} For Ed448, ML-DSA, and SLH-DSA,
6106-
this option specifies the optional context to differentiate signatures generated
6107-
for different purposes with the same key.
6108+
* `context` {ArrayBuffer|Buffer|TypedArray|DataView} For Ed25519[^openssl32]
6109+
(using Ed25519ctx from [RFC 8032][]), Ed448, ML-DSA, and SLH-DSA,
6110+
this option specifies the optional context to differentiate signatures
6111+
generated for different purposes with the same key.
61086112

61096113
If the `callback` function is provided this function uses libuv's threadpool.
61106114

@@ -6164,6 +6168,9 @@ not introduce timing vulnerabilities.
61646168
<!-- YAML
61656169
added: v12.0.0
61666170
changes:
6171+
- version: REPLACEME
6172+
pr-url: https://github.com/nodejs/node/pull/62474
6173+
description: Add support for Ed25519 context parameter.
61676174
- version: v24.8.0
61686175
pr-url: https://github.com/nodejs/node/pull/59570
61696176
description: Add support for ML-DSA, Ed448, and SLH-DSA context parameter.
@@ -6233,9 +6240,10 @@ additional properties can be passed:
62336240
`crypto.constants.RSA_PSS_SALTLEN_DIGEST` sets the salt length to the digest
62346241
size, `crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN` (default) sets it to the
62356242
maximum permissible value.
6236-
* `context` {ArrayBuffer|Buffer|TypedArray|DataView} For Ed448, ML-DSA, and SLH-DSA,
6237-
this option specifies the optional context to differentiate signatures generated
6238-
for different purposes with the same key.
6243+
* `context` {ArrayBuffer|Buffer|TypedArray|DataView} For Ed25519[^openssl32]
6244+
(using Ed25519ctx from [RFC 8032][]), Ed448, ML-DSA, and SLH-DSA,
6245+
this option specifies the optional context to differentiate signatures
6246+
generated for different purposes with the same key.
62396247

62406248
The `signature` argument is the previously calculated signature for the `data`.
62416249

@@ -6835,6 +6843,7 @@ See the [list of SSL OP Flags][] for details.
68356843
[RFC 5208]: https://www.rfc-editor.org/rfc/rfc5208.txt
68366844
[RFC 5280]: https://www.rfc-editor.org/rfc/rfc5280.txt
68376845
[RFC 7517]: https://www.rfc-editor.org/rfc/rfc7517.txt
6846+
[RFC 8032]: https://www.rfc-editor.org/rfc/rfc8032.txt
68386847
[Web Crypto API documentation]: webcrypto.md
68396848
[`BN_is_prime_ex`]: https://www.openssl.org/docs/man1.1.1/man3/BN_is_prime_ex.html
68406849
[`Buffer`]: buffer.md
Collapse file

‎src/crypto/crypto_sig.cc‎

Copy file name to clipboardExpand all lines: src/crypto/crypto_sig.cc
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,7 @@ bool SupportsContextString(const EVPKeyPointer& key) {
241241
return false;
242242
#else
243243
switch (key.id()) {
244+
case EVP_PKEY_ED25519:
244245
case EVP_PKEY_ED448:
245246
#if OPENSSL_WITH_PQC
246247
case EVP_PKEY_ML_DSA_44:

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.