Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for Ed25519ph Signer/Verifier (#1595)
* Added ED25519 pre-hashed Signer/Verifier Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com> * Add LoadSigner/Verifier WithOpts functions for more flexibility Before this commit, the Signer/Verifier to load was determined exclusively by the public/private key type, however there may be multiple Signers/Verifiers available, like in the case of RSA and ED25519. This commit adds LoadVerifierWithOpts, LoadSignerWithOpts, and LoadSignerVerifierWithOpts to give clients more flexibility, allowing the user of the API to choose between the available options by using options. Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com> * Move signerverifier_options back into signature pkg Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com> * Moved LoadOption into pkg/signature/options Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com> --------- Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com>
- Loading branch information
Showing
12 changed files
with
664 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,201 @@ | ||
// | ||
// Copyright 2024 The Sigstore Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package signature | ||
|
||
import ( | ||
"crypto" | ||
"crypto/ed25519" | ||
"crypto/rand" | ||
"errors" | ||
"fmt" | ||
"io" | ||
|
||
"github.com/sigstore/sigstore/pkg/signature/options" | ||
) | ||
|
||
var ed25519phSupportedHashFuncs = []crypto.Hash{ | ||
crypto.SHA512, | ||
} | ||
|
||
// ED25519phSigner is a signature.Signer that uses the Ed25519 public-key signature system with pre-hashing | ||
type ED25519phSigner struct { | ||
priv ed25519.PrivateKey | ||
} | ||
|
||
// LoadED25519phSigner calculates signatures using the specified private key. | ||
func LoadED25519phSigner(priv ed25519.PrivateKey) (*ED25519phSigner, error) { | ||
if priv == nil { | ||
return nil, errors.New("invalid ED25519 private key specified") | ||
} | ||
|
||
return &ED25519phSigner{ | ||
priv: priv, | ||
}, nil | ||
} | ||
|
||
// SignMessage signs the provided message. If the message is provided, | ||
// this method will compute the digest according to the hash function specified | ||
// when the ED25519phSigner was created. | ||
// | ||
// This function recognizes the following Options listed in order of preference: | ||
// | ||
// - WithDigest() | ||
// | ||
// All other options are ignored if specified. | ||
func (e ED25519phSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error) { | ||
digest, _, err := ComputeDigestForSigning(message, crypto.SHA512, ed25519phSupportedHashFuncs, opts...) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return e.priv.Sign(nil, digest, crypto.SHA512) | ||
} | ||
|
||
// Public returns the public key that can be used to verify signatures created by | ||
// this signer. | ||
func (e ED25519phSigner) Public() crypto.PublicKey { | ||
if e.priv == nil { | ||
return nil | ||
} | ||
|
||
return e.priv.Public() | ||
} | ||
|
||
// PublicKey returns the public key that can be used to verify signatures created by | ||
// this signer. As this value is held in memory, all options provided in arguments | ||
// to this method are ignored. | ||
func (e ED25519phSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error) { | ||
return e.Public(), nil | ||
} | ||
|
||
// Sign computes the signature for the specified message; the first and third arguments to this | ||
// function are ignored as they are not used by the ED25519ph algorithm. | ||
func (e ED25519phSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error) { | ||
return e.SignMessage(nil, options.WithDigest(digest)) | ||
} | ||
|
||
// ED25519phVerifier is a signature.Verifier that uses the Ed25519 public-key signature system | ||
type ED25519phVerifier struct { | ||
publicKey ed25519.PublicKey | ||
} | ||
|
||
// LoadED25519phVerifier returns a Verifier that verifies signatures using the | ||
// specified ED25519 public key. | ||
func LoadED25519phVerifier(pub ed25519.PublicKey) (*ED25519phVerifier, error) { | ||
if pub == nil { | ||
return nil, errors.New("invalid ED25519 public key specified") | ||
} | ||
|
||
return &ED25519phVerifier{ | ||
publicKey: pub, | ||
}, nil | ||
} | ||
|
||
// PublicKey returns the public key that is used to verify signatures by | ||
// this verifier. As this value is held in memory, all options provided in arguments | ||
// to this method are ignored. | ||
func (e *ED25519phVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error) { | ||
return e.publicKey, nil | ||
} | ||
|
||
// VerifySignature verifies the signature for the given message. Unless provided | ||
// in an option, the digest of the message will be computed using the hash function specified | ||
// when the ED25519phVerifier was created. | ||
// | ||
// This function returns nil if the verification succeeded, and an error message otherwise. | ||
// | ||
// This function recognizes the following Options listed in order of preference: | ||
// | ||
// - WithDigest() | ||
// | ||
// All other options are ignored if specified. | ||
func (e *ED25519phVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error { | ||
if signature == nil { | ||
return errors.New("nil signature passed to VerifySignature") | ||
} | ||
|
||
digest, _, err := ComputeDigestForVerifying(message, crypto.SHA512, ed25519phSupportedHashFuncs, opts...) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
sigBytes, err := io.ReadAll(signature) | ||
if err != nil { | ||
return fmt.Errorf("reading signature: %w", err) | ||
} | ||
|
||
if err := ed25519.VerifyWithOptions(e.publicKey, digest, sigBytes, &ed25519.Options{Hash: crypto.SHA512}); err != nil { | ||
return fmt.Errorf("failed to verify signature: %w", err) | ||
} | ||
return nil | ||
} | ||
|
||
// ED25519phSignerVerifier is a signature.SignerVerifier that uses the Ed25519 public-key signature system | ||
type ED25519phSignerVerifier struct { | ||
*ED25519phSigner | ||
*ED25519phVerifier | ||
} | ||
|
||
// LoadED25519phSignerVerifier creates a combined signer and verifier. This is | ||
// a convenience object that simply wraps an instance of ED25519phSigner and ED25519phVerifier. | ||
func LoadED25519phSignerVerifier(priv ed25519.PrivateKey) (*ED25519phSignerVerifier, error) { | ||
signer, err := LoadED25519phSigner(priv) | ||
if err != nil { | ||
return nil, fmt.Errorf("initializing signer: %w", err) | ||
} | ||
pub, ok := priv.Public().(ed25519.PublicKey) | ||
if !ok { | ||
return nil, fmt.Errorf("given key is not ed25519.PublicKey") | ||
} | ||
verifier, err := LoadED25519phVerifier(pub) | ||
if err != nil { | ||
return nil, fmt.Errorf("initializing verifier: %w", err) | ||
} | ||
|
||
return &ED25519phSignerVerifier{ | ||
ED25519phSigner: signer, | ||
ED25519phVerifier: verifier, | ||
}, nil | ||
} | ||
|
||
// NewDefaultED25519phSignerVerifier creates a combined signer and verifier using ED25519. | ||
// This creates a new ED25519 key using crypto/rand as an entropy source. | ||
func NewDefaultED25519phSignerVerifier() (*ED25519phSignerVerifier, ed25519.PrivateKey, error) { | ||
return NewED25519phSignerVerifier(rand.Reader) | ||
} | ||
|
||
// NewED25519phSignerVerifier creates a combined signer and verifier using ED25519. | ||
// This creates a new ED25519 key using the specified entropy source. | ||
func NewED25519phSignerVerifier(rand io.Reader) (*ED25519phSignerVerifier, ed25519.PrivateKey, error) { | ||
_, priv, err := ed25519.GenerateKey(rand) | ||
if err != nil { | ||
return nil, nil, err | ||
} | ||
|
||
sv, err := LoadED25519phSignerVerifier(priv) | ||
if err != nil { | ||
return nil, nil, err | ||
} | ||
|
||
return sv, priv, nil | ||
} | ||
|
||
// PublicKey returns the public key that is used to verify signatures by | ||
// this verifier. As this value is held in memory, all options provided in arguments | ||
// to this method are ignored. | ||
func (e ED25519phSignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error) { | ||
return e.publicKey, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
// | ||
// Copyright 2024 The Sigstore Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package signature | ||
|
||
import ( | ||
"crypto" | ||
"crypto/ed25519" | ||
"encoding/base64" | ||
"testing" | ||
|
||
"github.com/sigstore/sigstore/pkg/cryptoutils" | ||
) | ||
|
||
// Generated with: | ||
// openssl genpkey -algorithm ed25519 -outform PEM -out - | ||
const ed25519phPriv = `-----BEGIN PRIVATE KEY----- | ||
MC4CAQAwBQYDK2VwBCIEIFP9CZb6J1DiOLfdIkPfy1bwBOCjEG6KR/cIdhw90J1H | ||
-----END PRIVATE KEY-----` | ||
|
||
// Extracted from above with: | ||
// openssl ec -in ec_private.pem -pubout | ||
const ed25519phPub = `-----BEGIN PUBLIC KEY----- | ||
MCowBQYDK2VwAyEA9wy4umF4RHQ8UQXo8fzEQNBWE4GsBMkCzQPAfHvkf/s= | ||
-----END PUBLIC KEY-----` | ||
|
||
func TestED25519phSignerVerifier(t *testing.T) { | ||
privateKey, err := cryptoutils.UnmarshalPEMToPrivateKey([]byte(ed25519phPriv), cryptoutils.SkipPassword) | ||
if err != nil { | ||
t.Fatalf("unexpected error unmarshalling public key: %v", err) | ||
} | ||
edPriv, ok := privateKey.(ed25519.PrivateKey) | ||
if !ok { | ||
t.Fatalf("expected ed25519.PrivateKey") | ||
} | ||
|
||
sv, err := LoadED25519phSignerVerifier(edPriv) | ||
if err != nil { | ||
t.Fatalf("unexpected error creating signer/verifier: %v", err) | ||
} | ||
|
||
message := []byte("sign me") | ||
sig, _ := base64.StdEncoding.DecodeString("9D4pA8jutZnbqKy4fFRl+kDsVUCO50qrOD1lxmsiUFk6NX+7OXUK5BCMkE2KYPRDxjkDFBzbDZEQhaFdDV5tDg==") | ||
testingSigner(t, sv, "ed25519ph", crypto.SHA512, message) | ||
testingVerifier(t, sv, "ed25519ph", crypto.SHA512, sig, message) | ||
pub, err := sv.PublicKey() | ||
if err != nil { | ||
t.Fatalf("unexpected error from PublicKey(): %v", err) | ||
} | ||
assertPublicKeyIsx509Marshalable(t, pub) | ||
} | ||
|
||
func TestED25519phVerifier(t *testing.T) { | ||
publicKey, err := cryptoutils.UnmarshalPEMToPublicKey([]byte(ed25519phPub)) | ||
if err != nil { | ||
t.Fatalf("unexpected error unmarshalling public key: %v", err) | ||
} | ||
edPub, ok := publicKey.(ed25519.PublicKey) | ||
if !ok { | ||
t.Fatalf("public key is not ed25519") | ||
} | ||
|
||
v, err := LoadED25519phVerifier(edPub) | ||
if err != nil { | ||
t.Fatalf("unexpected error creating verifier: %v", err) | ||
} | ||
|
||
message := []byte("sign me") | ||
sig, _ := base64.StdEncoding.DecodeString("9D4pA8jutZnbqKy4fFRl+kDsVUCO50qrOD1lxmsiUFk6NX+7OXUK5BCMkE2KYPRDxjkDFBzbDZEQhaFdDV5tDg==") | ||
testingVerifier(t, v, "ed25519ph", crypto.SHA512, sig, message) | ||
pub, err := v.PublicKey() | ||
if err != nil { | ||
t.Fatalf("unexpected error from PublicKey(): %v", err) | ||
} | ||
assertPublicKeyIsx509Marshalable(t, pub) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
// | ||
// Copyright 2024 The Sigstore Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package options | ||
|
||
import ( | ||
"crypto" | ||
"crypto/rsa" | ||
) | ||
|
||
// RequestHash implements the functional option pattern for setting a Hash | ||
// function when loading a signer or verifier | ||
type RequestHash struct { | ||
NoOpOptionImpl | ||
hashFunc crypto.Hash | ||
} | ||
|
||
// ApplyHash sets the hash as requested by the functional option | ||
func (r RequestHash) ApplyHash(hash *crypto.Hash) { | ||
*hash = r.hashFunc | ||
} | ||
|
||
// WithHash specifies that the given hash function should be used when loading a signer or verifier | ||
func WithHash(hash crypto.Hash) RequestHash { | ||
return RequestHash{hashFunc: hash} | ||
} | ||
|
||
// RequestED25519ph implements the functional option pattern for specifying | ||
// ED25519ph (pre-hashed) should be used when loading a signer or verifier and a | ||
// ED25519 key is | ||
type RequestED25519ph struct { | ||
NoOpOptionImpl | ||
useED25519ph bool | ||
} | ||
|
||
// ApplyED25519ph sets the ED25519ph flag as requested by the functional option | ||
func (r RequestED25519ph) ApplyED25519ph(useED25519ph *bool) { | ||
*useED25519ph = r.useED25519ph | ||
} | ||
|
||
// WithED25519ph specifies that the ED25519ph algorithm should be used when a ED25519 key is used | ||
func WithED25519ph() RequestED25519ph { | ||
return RequestED25519ph{useED25519ph: true} | ||
} | ||
|
||
// RequestPSSOptions implements the functional option pattern for specifying RSA | ||
// PSS should be used when loading a signer or verifier and a RSA key is | ||
// detected | ||
type RequestPSSOptions struct { | ||
NoOpOptionImpl | ||
opts *rsa.PSSOptions | ||
} | ||
|
||
// ApplyRSAPSS sets the RSAPSS options as requested by the functional option | ||
func (r RequestPSSOptions) ApplyRSAPSS(opts **rsa.PSSOptions) { | ||
*opts = r.opts | ||
} | ||
|
||
// WithRSAPSS specifies that the RSAPSS algorithm should be used when a RSA key is used | ||
// Note that the RSA PSSOptions contains an hash algorithm, which will override | ||
// the hash function specified with WithHash. | ||
func WithRSAPSS(opts *rsa.PSSOptions) RequestPSSOptions { | ||
return RequestPSSOptions{opts: opts} | ||
} |
Oops, something went wrong.