From 8078e089f12dc66a41d76bfd05ed851331356fea Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <viktor@twosigma.com>
Date: Fri, 15 Apr 2016 10:32:50 -0500
Subject: [PATCH] Add support for ECDSA w/ SHA-2 signature algs

---
 lib/asn1/rfc2459.asn1 | 21 +++++++++++++++
 lib/hx509/crypto-ec.c | 63 ++++++++++++++++++++++++++++++++++++++-----
 lib/hx509/crypto.c    |  4 +++
 3 files changed, 82 insertions(+), 6 deletions(-)

diff --git a/lib/asn1/rfc2459.asn1 b/lib/asn1/rfc2459.asn1
index a3a7d47e2..3b8bab7c7 100644
--- a/lib/asn1/rfc2459.asn1
+++ b/lib/asn1/rfc2459.asn1
@@ -88,10 +88,22 @@ id-ecMQV OBJECT IDENTIFIER ::= {
        iso(1) identified-organization(3) certicom(132) schemes(1)
        ecmqv(13) }
 
+id-ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+     ecdsa-with-SHA2(3) 4 }
+
+id-ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+     ecdsa-with-SHA2(3) 3 }
+
 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
      ecdsa-with-SHA2(3) 2 }
 
+id-ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+     ecdsa-with-SHA2(3) 1 }
+
 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
 
@@ -107,6 +119,15 @@ id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
        iso(1) identified-organization(3) certicom(132) 0 30 }
 
+id-ec-group-secp224r1 OBJECT IDENTIFIER ::= {
+       iso(1) identified-organization(3) certicom(132) 0 33 }
+
+id-ec-group-secp384r1 OBJECT IDENTIFIER ::= {
+       iso(1) identified-organization(3) certicom(132) 0 34 }
+
+id-ec-group-secp521r1 OBJECT IDENTIFIER ::= {
+       iso(1) identified-organization(3) certicom(132) 0 35 }
+
 -- DSA
 
 id-x9-57 OBJECT IDENTIFIER ::= {
diff --git a/lib/hx509/crypto-ec.c b/lib/hx509/crypto-ec.c
index 698e52c4b..4777171ca 100644
--- a/lib/hx509/crypto-ec.c
+++ b/lib/hx509/crypto-ec.c
@@ -44,6 +44,8 @@
 
 #include "hx_locl.h"
 
+extern const AlgorithmIdentifier _hx509_signature_sha512_data;
+extern const AlgorithmIdentifier _hx509_signature_sha384_data;
 extern const AlgorithmIdentifier _hx509_signature_sha256_data;
 extern const AlgorithmIdentifier _hx509_signature_sha1_data;
 
@@ -65,10 +67,22 @@ heim_oid2ecnid(heim_oid *oid)
 
     if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0)
 	return NID_X9_62_prime256v1;
+#ifdef NID_secp521r1
+    else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP521R1) == 0)
+        return NID_secp521r1;
+#endif
+#ifdef NID_secp384r1
+    else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP384R1) == 0)
+        return NID_secp384r1;
+#endif
+#ifdef NID_secp160r1
     else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0)
 	return NID_secp160r1;
+#endif
+#ifdef NID_secp160r2
     else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0)
 	return NID_secp160r2;
+#endif
 
     return NID_undef;
 }
@@ -293,7 +307,10 @@ ecdsa_available(const hx509_private_key signer,
     if (EC_GROUP_get_order(group, order, bnctx) != 1)
 	goto err;
 
+#if 0
+    /* If anything, require a digest at least as wide as the EC key size */
     if (BN_num_bytes(order) > sig->digest_size)
+#endif
 	ret = 1;
  err:
     if (bnctx)
@@ -407,17 +424,21 @@ const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = {
     { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL
 };
 
+static const unsigned ecdsa_with_sha384_oid[] ={ 1, 2, 840, 10045, 4, 3, 3 };
+const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha384_data = {
+    { 7, rk_UNCONST(ecdsa_with_sha384_oid) }, NULL
+};
+
+static const unsigned ecdsa_with_sha512_oid[] ={ 1, 2, 840, 10045, 4, 3, 4 };
+const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha512_data = {
+    { 7, rk_UNCONST(ecdsa_with_sha512_oid) }, NULL
+};
+
 static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 };
 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = {
     { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL
 };
 
-
-const AlgorithmIdentifier *
-hx509_signature_ecdsa_with_sha1(void)
-{ return &_hx509_signature_ecdsa_with_sha1_data; }
-
-
 hx509_private_key_ops ecdsa_private_key_ops = {
     "EC PRIVATE KEY",
     ASN1_OID_ID_ECPUBLICKEY,
@@ -429,6 +450,36 @@ hx509_private_key_ops ecdsa_private_key_ops = {
     ecdsa_get_internal
 };
 
+const struct signature_alg ecdsa_with_sha512_alg = {
+    "ecdsa-with-sha512",
+    ASN1_OID_ID_ECDSA_WITH_SHA512,
+    &_hx509_signature_ecdsa_with_sha512_data,
+    ASN1_OID_ID_ECPUBLICKEY,
+    &_hx509_signature_sha512_data,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|
+        SIG_PUBLIC_SIG|SELF_SIGNED_OK,
+    0,
+    NULL,
+    ecdsa_verify_signature,
+    ecdsa_create_signature,
+    64
+};
+
+const struct signature_alg ecdsa_with_sha384_alg = {
+    "ecdsa-with-sha384",
+    ASN1_OID_ID_ECDSA_WITH_SHA384,
+    &_hx509_signature_ecdsa_with_sha384_data,
+    ASN1_OID_ID_ECPUBLICKEY,
+    &_hx509_signature_sha384_data,
+    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|
+        SIG_PUBLIC_SIG|SELF_SIGNED_OK,
+    0,
+    NULL,
+    ecdsa_verify_signature,
+    ecdsa_create_signature,
+    48
+};
+
 const struct signature_alg ecdsa_with_sha256_alg = {
     "ecdsa-with-sha256",
     ASN1_OID_ID_ECDSA_WITH_SHA256,
diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c
index 5296686ac..5ddc54b9f 100644
--- a/lib/hx509/crypto.c
+++ b/lib/hx509/crypto.c
@@ -756,6 +756,8 @@ evp_md_verify_signature(hx509_context context,
 }
 
 #ifdef HAVE_HCRYPTO_W_OPENSSL
+extern const struct signature_alg ecdsa_with_sha512_alg;
+extern const struct signature_alg ecdsa_with_sha384_alg;
 extern const struct signature_alg ecdsa_with_sha256_alg;
 extern const struct signature_alg ecdsa_with_sha1_alg;
 #endif
@@ -963,6 +965,8 @@ static const struct signature_alg md5_alg = {
 
 static const struct signature_alg *sig_algs[] = {
 #ifdef HAVE_HCRYPTO_W_OPENSSL
+    &ecdsa_with_sha512_alg,
+    &ecdsa_with_sha384_alg,
     &ecdsa_with_sha256_alg,
     &ecdsa_with_sha1_alg,
 #endif