Skip to content

Commit f993ead

Browse files
authored
Merge pull request #103 from ocheron/newcurves
Ed25519, Ed448, X25519 and X448
2 parents 200f90b + 999be07 commit f993ead

File tree

16 files changed

+423
-52
lines changed

16 files changed

+423
-52
lines changed

.haskell-ci

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,13 @@ compiler: ghc-8.4 lts-12.9
77

88
# options
99
# option: alias x=y z=v
10+
option: cryptonitedeps extradep=cryptonite-0.25 extradep=basement-0.0.6 extradep=foundation-0.0.19 extradep=memory-0.14.14
1011

1112
# builds
1213
# recognized simple options: nohaddock allow-newer allowed-failure
1314
# kvs options: flag=pkg:flagname extradep=package-version gitdep=name
1415
build: ghc-8.2
15-
build: ghc-8.0 os=linux,osx
16+
build: ghc-8.0 cryptonitedeps os=linux,osx
1617
build: ghc-8.4 tests=no benchs=no
1718

1819
# packages

.travis.yml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# ~*~ auto-generated by haskell-ci with config : 8c994dff9412b71aeb13c8aa74a32f97e3b4528b0355e0eb71884241e949ebfe ~*~
1+
# ~*~ auto-generated by haskell-ci with config : ea14c7e23f59d8ff61fd7f71849f1eb272325dd5a6789c1bf2b458a38e899cef ~*~
22

33
# Use new container infrastructure to enable caching
44
sudo: false
@@ -52,7 +52,7 @@ script:
5252
stack --no-terminal build --install-ghc --coverage --test --bench --no-run-benchmarks --haddock --no-haddock-deps
5353
;;
5454
ghc-8.0)
55-
echo "{ resolver: lts-9.21, packages: [ x509/, x509-store/, x509-system/, x509-validation/, x509-util/ ], extra-deps: [], flags: {} }" > stack.yaml
55+
echo "{ resolver: lts-9.21, packages: [ x509/, x509-store/, x509-system/, x509-validation/, x509-util/ ], extra-deps: [ cryptonite-0.25, basement-0.0.6, foundation-0.0.19, memory-0.14.14 ], flags: {} }" > stack.yaml
5656
stack --no-terminal build --install-ghc --coverage --test --bench --no-run-benchmarks --haddock --no-haddock-deps
5757
;;
5858
ghc-8.4)
@@ -71,4 +71,3 @@ script:
7171
esac
7272
set +ex
7373
74-

stack.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
# ~*~ auto-generated by haskell-ci with config : 8c994dff9412b71aeb13c8aa74a32f97e3b4528b0355e0eb71884241e949ebfe ~*~
1+
# ~*~ auto-generated by haskell-ci with config : ea14c7e23f59d8ff61fd7f71849f1eb272325dd5a6789c1bf2b458a38e899cef ~*~
22
{ resolver: lts-12.9, packages: [ x509/, x509-store/, x509-system/, x509-validation/, x509-util/ ], extra-deps: [], flags: {} }
33

x509-store/Data/X509/Memory.hs

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,13 +46,21 @@ pemToKey acc pem =
4646
Right asn1 ->
4747
case pemName pem of
4848
"PRIVATE KEY" ->
49-
tryRSA asn1 : tryECDSA asn1 : tryDSA asn1 : acc
49+
tryRSA asn1 : tryNewcurve asn1 : tryECDSA asn1 : tryDSA asn1 : acc
5050
"RSA PRIVATE KEY" ->
5151
tryRSA asn1 : acc
5252
"DSA PRIVATE KEY" ->
5353
tryDSA asn1 : acc
5454
"EC PRIVATE KEY" ->
5555
tryECDSA asn1 : acc
56+
"X25519 PRIVATE KEY" ->
57+
tryNewcurve asn1 : acc
58+
"X448 PRIVATE KEY" ->
59+
tryNewcurve asn1 : acc
60+
"ED25519 PRIVATE KEY" ->
61+
tryNewcurve asn1 : acc
62+
"ED448 PRIVATE KEY" ->
63+
tryNewcurve asn1 : acc
5664
_ -> acc
5765
where
5866
tryRSA asn1 = case rsaFromASN1 asn1 of
@@ -64,6 +72,12 @@ pemToKey acc pem =
6472
tryECDSA asn1 = case ecdsaFromASN1 [] asn1 of
6573
Left _ -> Nothing
6674
Right (k,_) -> Just $ X509.PrivKeyEC k
75+
tryNewcurve asn1 = case fromASN1 asn1 of
76+
Right (k@(X509.PrivKeyX25519 _),_) -> Just k
77+
Right (k@(X509.PrivKeyX448 _),_) -> Just k
78+
Right (k@(X509.PrivKeyEd25519 _),_) -> Just k
79+
Right (k@(X509.PrivKeyEd448 _),_) -> Just k
80+
_ -> Nothing
6781

6882
dsaFromASN1 :: [ASN1] -> Either String (DSA.KeyPair, [ASN1])
6983
dsaFromASN1 (Start Sequence : IntVal n : xs)

x509-store/Tests/Tests.hs

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,12 +193,143 @@ ecKey2Epc = fromString $
193193
"Uck8U4LTKtiWK6dd2zTRWU6ze/4UJUuZTnJb7Q==\n" ++
194194
"-----END EC PRIVATE KEY-----\n"
195195

196+
{-
197+
openssl req -new -x509 -subj /CN=CA -newkey rsa:1024 -nodes -reqexts v3_ca \
198+
-keyout cakey.pem -out cacert.pem
199+
openssl req -new -subj /CN=Test -key cakey.pem -nodes -reqexts v3_req \
200+
-out req.pem
201+
openssl genpkey -algorithm x25519 -out privkey.pem
202+
openssl pkey -in privkey.pem -pubout -out pubkey.pem
203+
openssl x509 -req -in req.pem -CA cacert.pem -CAkey cakey.pem \
204+
-set_serial 2 -force_pubkey pubkey.pem \
205+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
206+
sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem
207+
openssl pkey -in privkey.pem -traditional \
208+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
209+
-}
210+
x25519Certificate, x25519Key1, x25519Key2 :: B.ByteString
211+
x25519Certificate = fromString $
212+
"-----BEGIN CERTIFICATE-----\n" ++
213+
"MIIBEzB+AgECMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMMAkNBMB4XDTE4MDgy\n" ++
214+
"NjE0MTIzOFoXDTE4MDkyNTE0MTIzOFowDzENMAsGA1UEAwwEVGVzdDAqMAUGAytl\n" ++
215+
"bgMhAMzDmaCSEjQR6yWKSdWBxw4YNOb6YMETiWt7AVOUaxw9MA0GCSqGSIb3DQEB\n" ++
216+
"CwUAA4GBAEJrXXtt9XaL3oARVv8hm/abqhUds9ytT4CQtaQgSV7HQIp96LN87pc9\n" ++
217+
"pwrISZrWuIlVpyQpGOK1i+uI3LgdKn1zO5CJdjRtW6lCCXg9R/wEcEKAiVKIzg2G\n" ++
218+
"FanQ4TG8YzfBToUbsSMfptxhbKPk/lVa8ffmXLZBILjPbI63iu4d\n" ++
219+
"-----END CERTIFICATE-----\n"
220+
x25519Key1 = fromString $
221+
"-----BEGIN PRIVATE KEY-----\n" ++
222+
"MC4CAQAwBQYDK2VuBCIEIEhpc79EOwSU0JgHC6/32OUYul2yRiha3aftJiHybq1F\n" ++
223+
"-----END PRIVATE KEY-----\n"
224+
x25519Key2 = fromString $
225+
"-----BEGIN X25519 PRIVATE KEY-----\n" ++
226+
"MC4CAQAwBQYDK2VuBCIEIEhpc79EOwSU0JgHC6/32OUYul2yRiha3aftJiHybq1F\n" ++
227+
"-----END X25519 PRIVATE KEY-----\n"
228+
229+
{-
230+
openssl req -new -x509 -subj /CN=CA -newkey rsa:1024 -nodes -reqexts v3_ca \
231+
-keyout cakey.pem -out cacert.pem
232+
openssl req -new -subj /CN=Test -key cakey.pem -nodes -reqexts v3_req \
233+
-out req.pem
234+
openssl genpkey -algorithm x448 -out privkey.pem
235+
openssl pkey -in privkey.pem -pubout -out pubkey.pem
236+
openssl x509 -req -in req.pem -CA cacert.pem -CAkey cakey.pem \
237+
-set_serial 2 -force_pubkey pubkey.pem \
238+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
239+
sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem
240+
openssl pkey -in privkey.pem -traditional \
241+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
242+
-}
243+
x448Certificate, x448Key1, x448Key2 :: B.ByteString
244+
x448Certificate = fromString $
245+
"-----BEGIN CERTIFICATE-----\n" ++
246+
"MIIBLDCBlgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAeFw0xODA4\n" ++
247+
"MjYxNDEzMTlaFw0xODA5MjUxNDEzMTlaMA8xDTALBgNVBAMMBFRlc3QwQjAFBgMr\n" ++
248+
"ZW8DOQCh0ta92rVURtIK29lN9F1QbBpSV0jAr7jAXLdz4SHPPO1OO+2gXvjuDpt3\n" ++
249+
"lTzR6oZQkAc5nK43PjANBgkqhkiG9w0BAQsFAAOBgQCk2dVKQpLS4/EEe2fuRMvs\n" ++
250+
"2qvERTT41P9cjkz3obrizjg68Aaj1m/0SeQFWYh4QeGf7lVSA6evPQG8XdscHHMd\n" ++
251+
"/7/U/gfY+aTiaKTf/E7pXMdtiMEOkcrA1J5fnI5M96R6UMRIRbqxhpGC/Jb7EdVM\n" ++
252+
"LAlOqcCwRBVCEJnexQK1TA==\n" ++
253+
"-----END CERTIFICATE-----\n"
254+
x448Key1 = fromString $
255+
"-----BEGIN PRIVATE KEY-----\n" ++
256+
"MEYCAQAwBQYDK2VvBDoEOKxpGvu6rhYy78qgxgtT+uZt4Ctxd3AB/S59i1Cx03hR\n" ++
257+
"kVB9q7Mz02YjHbwAaM/hAHajYdwHa7aV\n" ++
258+
"-----END PRIVATE KEY-----\n"
259+
x448Key2 = fromString $
260+
"-----BEGIN X448 PRIVATE KEY-----\n" ++
261+
"MEYCAQAwBQYDK2VvBDoEOKxpGvu6rhYy78qgxgtT+uZt4Ctxd3AB/S59i1Cx03hR\n" ++
262+
"kVB9q7Mz02YjHbwAaM/hAHajYdwHa7aV\n" ++
263+
"-----END X448 PRIVATE KEY-----\n"
264+
265+
{-
266+
openssl req -new -x509 -subj /CN=Test -newkey ed25519 -nodes -reqexts v3_req \
267+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
268+
sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem
269+
openssl pkey -in privkey.pem -traditional \
270+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
271+
-}
272+
ed25519Certificate, ed25519Key1, ed25519Key2 :: B.ByteString
273+
ed25519Certificate = fromString $
274+
"-----BEGIN CERTIFICATE-----\n" ++
275+
"MIIBMjCB5aADAgECAhR6ecRAmI54Nv+XftTZ/GSiPICx0TAFBgMrZXAwDzENMAsG\n" ++
276+
"A1UEAwwEVGVzdDAeFw0xODA4MTUxMTQ3MDNaFw0xODA5MTQxMTQ3MDNaMA8xDTAL\n" ++
277+
"BgNVBAMMBFRlc3QwKjAFBgMrZXADIQAI0GFxXxlCuJD082Grn0p0AZ/staBylKsS\n" ++
278+
"OwPu6iPHb6NTMFEwHQYDVR0OBBYEFGTOlalKBchEtrbeG5jRF5fbzhDJMB8GA1Ud\n" ++
279+
"IwQYMBaAFGTOlalKBchEtrbeG5jRF5fbzhDJMA8GA1UdEwEB/wQFMAMBAf8wBQYD\n" ++
280+
"K2VwA0EARON+KCuJoY1u8Yrn/MrCBpeu49AIMbqoyB8YN6msQpLPjWzLYaC70Cc2\n" ++
281+
"DY6BFI5hKr+mLCN/+VlzRzqW8dqSDg==\n" ++
282+
"-----END CERTIFICATE-----\n"
283+
ed25519Key1 = fromString $
284+
"-----BEGIN PRIVATE KEY-----\n" ++
285+
"MC4CAQAwBQYDK2VwBCIEILEtRbG7T++/S58HPwVUJSR12Iu8FVputSfQBkotgeZ0\n" ++
286+
"-----END PRIVATE KEY-----\n"
287+
ed25519Key2 = fromString $
288+
"-----BEGIN ED25519 PRIVATE KEY-----\n" ++
289+
"MC4CAQAwBQYDK2VwBCIEILEtRbG7T++/S58HPwVUJSR12Iu8FVputSfQBkotgeZ0\n" ++
290+
"-----END ED25519 PRIVATE KEY-----\n"
291+
292+
{-
293+
openssl req -new -x509 -subj /CN=Test -newkey ed448 -nodes -reqexts v3_req \
294+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
295+
sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/' privkey.pem
296+
openssl pkey -in privkey.pem -traditional \
297+
| sed -e 's/^\(.*\)$/ "\1\\n"/' -e '$!s/$/ ++/'
298+
-}
299+
ed448Certificate, ed448Key1, ed448Key2 :: B.ByteString
300+
ed448Certificate = fromString $
301+
"-----BEGIN CERTIFICATE-----\n" ++
302+
"MIIBfTCB/qADAgECAhQ4hHMRAtg46drqmq6GQxeDN1WScDAFBgMrZXEwDzENMAsG\n" ++
303+
"A1UEAwwEVGVzdDAeFw0xODA4MTUxMTQ1MzRaFw0xODA5MTQxMTQ1MzRaMA8xDTAL\n" ++
304+
"BgNVBAMMBFRlc3QwQzAFBgMrZXEDOgBMbAytTVwKE9JHijqIy1q+wgs/G235N2w9\n" ++
305+
"Hfai1DjPd5nyVDeSD+BHiuJZDWfxRe6y34seoIsszQCjUzBRMB0GA1UdDgQWBBQo\n" ++
306+
"Nz/cV3FL07M93xsySVPHD0nOojAfBgNVHSMEGDAWgBQoNz/cV3FL07M93xsySVPH\n" ++
307+
"D0nOojAPBgNVHRMBAf8EBTADAQH/MAUGAytlcQNzABqXoKLJjmHK+smSGeh5M0vU\n" ++
308+
"PbHM3oSuiS25Q5UqHnrrxgyVBvq83/jCpEHc03BOSrMU5fRhbc84AK1kAPeEdGns\n" ++
309+
"dsG2uVxz0be795jKStt0a0o/w9cN5bd761Oeqoqs8CxWtjALhLu27IiY5uRkG5Uq\n" ++
310+
"AA==\n" ++
311+
"-----END CERTIFICATE-----\n"
312+
ed448Key1 = fromString $
313+
"-----BEGIN PRIVATE KEY-----\n" ++
314+
"MEcCAQAwBQYDK2VxBDsEOcYO2tQ1U1vNoCUT0bNXVeausDEkUMmN0RI4ZUWU+9jA\n" ++
315+
"ZxaQP40ONQ5yQM/V6Nuw3NlDnp8OU9R18Q==\n" ++
316+
"-----END PRIVATE KEY-----\n"
317+
ed448Key2 = fromString $
318+
"-----BEGIN ED448 PRIVATE KEY-----\n" ++
319+
"MEcCAQAwBQYDK2VxBDsEOcYO2tQ1U1vNoCUT0bNXVeausDEkUMmN0RI4ZUWU+9jA\n" ++
320+
"ZxaQP40ONQ5yQM/V6Nuw3NlDnp8OU9R18Q==\n" ++
321+
"-----END ED448 PRIVATE KEY-----\n"
322+
196323
memoryKeyTests :: TestTree
197324
memoryKeyTests = testGroup "Key"
198325
[ keyTest "RSA" rsaKey1 rsaKey2
199326
, keyTest "DSA" dsaKey1 dsaKey2
200327
, keyTest "EC (named curve)" ecKey1Nc ecKey2Nc
201328
, keyTest "EC (explicit prime curve)" ecKey1Epc ecKey2Epc
329+
, keyTest "X25519" x25519Key1 x25519Key2
330+
, keyTest "X448" x448Key1 x448Key2
331+
, keyTest "Ed25519" ed25519Key1 ed25519Key2
332+
, keyTest "Ed448" ed448Key1 ed448Key2
202333
]
203334
where
204335
keyTest name outer inner =
@@ -217,6 +348,10 @@ memoryCertificateTests = testGroup "Certificate"
217348
, certTest "DSA" dsaCertificate
218349
, certTest "EC (named curve)" ecCertificateNc
219350
, certTest "EC (explicit prime curve)" ecCertificateEpc
351+
, certTest "X25519" x25519Certificate
352+
, certTest "X448" x448Certificate
353+
, certTest "Ed25519" ed25519Certificate
354+
, certTest "Ed448" ed448Certificate
220355
]
221356
where
222357
certTest name bytes = testCase name $

x509-util/src/Certificate.hs

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
{-# LANGUAGE DeriveDataTypeable, OverloadedStrings #-}
22

33
import Data.Either
4-
import qualified Data.ByteString.Lazy as L
5-
import qualified Data.ByteString.Lazy.Char8 as LC
4+
import qualified Data.ByteArray as BA
65
import qualified Data.ByteString as B
76
import Data.X509
87
import qualified Data.X509 as X509
@@ -38,8 +37,8 @@ import Numeric
3837
formatValidity (start,end) = p start ++ " to " ++ p end
3938
where p t = timePrint ("YYYY-MM-DD H:MI:S" :: String) t
4039

41-
hexdump :: B.ByteString -> String
42-
hexdump bs = concatMap hex $ B.unpack bs
40+
hexdump :: BA.ByteArrayAccess ba => ba -> String
41+
hexdump bs = concatMap hex $ BA.unpack bs
4342
where hex n
4443
| n > 0xf = showHex n ""
4544
| otherwise = "0" ++ showHex n ""
@@ -92,6 +91,10 @@ showCertSmall signedCert = do
9291
X509.PubKeyDSA pubkey -> printf "public key: DSA\n"
9392
X509.PubKeyEC (PubKeyEC_Named name _) -> printf "public key: ECDSA (curve %s)\n" (show name)
9493
X509.PubKeyEC _ -> printf "public key: ECDSA (explicit curve)\n"
94+
X509.PubKeyX25519 _ -> printf "public key: ECDH (curve25519)\n"
95+
X509.PubKeyX448 _ -> printf "public key: ECDH (curve448)\n"
96+
X509.PubKeyEd25519 _ -> printf "public key: EdDSA (edwards25519)\n"
97+
X509.PubKeyEd448 _ -> printf "public key: EdDSA (edwards448)\n"
9598
X509.PubKeyUnknown oid ws -> printf "public key: unknown: %s\n" (show oid)
9699
pk -> printf "public key: %s\n" (show pk)
97100
where
@@ -149,6 +152,10 @@ showCert signedCert = do
149152
printf " n : %x\n" (pubkeyEC_order pubkey)
150153
printf " h : %x\n" (pubkeyEC_cofactor pubkey)
151154
printf " seed : %x\n" (pubkeyEC_seed pubkey)
155+
X509.PubKeyX25519 pubkey -> showPubHexdump "X25519" pubkey
156+
X509.PubKeyX448 pubkey -> showPubHexdump "X448" pubkey
157+
X509.PubKeyEd25519 pubkey -> showPubHexdump "Ed25519" pubkey
158+
X509.PubKeyEd448 pubkey -> showPubHexdump "Ed448" pubkey
152159
X509.PubKeyUnknown oid ws -> do
153160
printf "public key unknown: %s\n" (show oid)
154161
printf " raw bytes: %s\n" (show ws)
@@ -165,6 +172,10 @@ showCert signedCert = do
165172
sigbits = X509.signedSignature signed
166173
cert = X509.signedObject signed
167174

175+
showPubHexdump :: BA.ByteArrayAccess public => String -> public -> IO ()
176+
showPubHexdump alg pubkey = do
177+
printf "public key %s:\n" alg
178+
printf " pub : %s\n" (hexdump pubkey)
168179

169180
showRSAKey :: RSA.PrivateKey -> String
170181
showRSAKey privkey = unlines
@@ -213,6 +224,11 @@ showECKey privkey@PrivKeyEC_Prime{} = unlines $
213224
]
214225
mcurve = X509.ecPrivKeyCurve privkey
215226

227+
showPrivHexdump :: BA.ByteArrayAccess secret => secret -> String
228+
showPrivHexdump privkey = unlines
229+
[ "priv: " ++ hexdump privkey
230+
]
231+
216232
showASN1 :: Int -> [ASN1] -> IO ()
217233
showASN1 at = prettyPrint at
218234
where
@@ -332,6 +348,14 @@ doKeyMain files = do
332348
putStrLn "DSA KEY" >> putStrLn (showDSAKey k)
333349
[X509.PrivKeyEC k] ->
334350
putStrLn "EC KEY" >> putStrLn (showECKey k)
351+
[X509.PrivKeyX25519 k] ->
352+
putStrLn "X25519 KEY" >> putStrLn (showPrivHexdump k)
353+
[X509.PrivKeyX448 k] ->
354+
putStrLn "X448 KEY" >> putStrLn (showPrivHexdump k)
355+
[X509.PrivKeyEd25519 k] ->
356+
putStrLn "Ed25519 KEY" >> putStrLn (showPrivHexdump k)
357+
[X509.PrivKeyEd448 k] ->
358+
putStrLn "Ed448 KEY" >> putStrLn (showPrivHexdump k)
335359
_ -> error "private key unknown"
336360

337361
doSystemMain _ = do

x509-util/x509-util.cabal

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ Executable x509-util
2929
, pem
3030
, directory
3131
, hourglass
32+
, memory
3233
, cryptonite
3334

3435
source-repository head

x509-validation/Data/X509/Validation/Signature.hs

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,14 @@ module Data.X509.Validation.Signature
1414
, SignatureFailure(..)
1515
) where
1616

17+
import Crypto.Error (CryptoFailable(..))
1718
import qualified Crypto.PubKey.RSA.PKCS15 as RSA
1819
import qualified Crypto.PubKey.RSA.PSS as PSS
1920
import qualified Crypto.PubKey.DSA as DSA
2021
import qualified Crypto.PubKey.ECC.Types as ECC
2122
import qualified Crypto.PubKey.ECC.ECDSA as ECDSA
23+
import qualified Crypto.PubKey.Ed25519 as Ed25519
24+
import qualified Crypto.PubKey.Ed448 as Ed448
2225
import Crypto.Hash
2326

2427
import Data.ByteString (ByteString)
@@ -121,6 +124,21 @@ verifySignature (SignatureALG hashALG pubkeyALG) pubkey cdata signature
121124
rsaVerify HashSHA384 = RSA.verify (Just SHA384)
122125
rsaVerify HashSHA512 = RSA.verify (Just SHA512)
123126

127+
verifySignature (SignatureALG_IntrinsicHash pubkeyALG) pubkey cdata signature
128+
| pubkeyToAlg pubkey == pubkeyALG = doVerify pubkey
129+
| otherwise = SignatureFailed SignaturePubkeyMismatch
130+
where
131+
doVerify (PubKeyEd25519 key) = eddsa Ed25519.verify Ed25519.signature key
132+
doVerify (PubKeyEd448 key) = eddsa Ed448.verify Ed448.signature key
133+
doVerify _ = SignatureFailed SignatureUnimplemented
134+
135+
eddsa verify toSig key =
136+
case toSig signature of
137+
CryptoPassed sig
138+
| verify key cdata sig -> SignaturePass
139+
| otherwise -> SignatureFailed SignatureInvalid
140+
CryptoFailed _ -> SignatureFailed SignatureInvalid
141+
124142
verifyECDSA :: HashALG -> PubKeyEC -> Maybe (ByteString -> ByteString -> Bool)
125143
verifyECDSA hashALG key =
126144
ecPubKeyCurveName key >>= verifyCurve (pubkeyEC_pub key)

0 commit comments

Comments
 (0)