add support for EdDSA for client certificates

tomato42 · tomato42 · commit ae60aa823142 · 2021-08-05T14:11:31.000+02:00
diff --git a/tests/clientEd25519Cert.pem b/tests/clientEd25519Cert.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBOjCB7aADAgECAhQ15c2VkK6IVUB62L0UG1houuxlozAFBgMrZXAwEzERMA8G
+A1UEAwwISm9obiBEb2UwHhcNMjEwNzI3MTgxMjA2WhcNMjEwODI2MTgxMjA2WjAT
+MREwDwYDVQQDDAhKb2huIERvZTAqMAUGAytlcAMhADjqYm4QU+seahrT1xHlASeM
+ZTe63eoQ95oBAeZRL8Ofo1MwUTAdBgNVHQ4EFgQUWW+x7NNy1nmJwl/gr6AoPGrC
+0GgwHwYDVR0jBBgwFoAUWW+x7NNy1nmJwl/gr6AoPGrC0GgwDwYDVR0TAQH/BAUw
+AwEB/zAFBgMrZXADQQDQxNKFkySCfap/8yEtD8aJFDpDQLF/QL1rKIo/198n/18X
+D5K63FFkmQOS5dv2h/QiSHWkNpBklqe0bRfW0nEB
+-----END CERTIFICATE-----
diff --git a/tests/clientEd25519Key.pem b/tests/clientEd25519Key.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIOm5ZND3cKuM23aTESsnqkkunnQNuhksWOosOHf06vw6
+-----END PRIVATE KEY-----
diff --git a/tests/tlstest.py b/tests/tlstest.py
@@ -883,6 +883,45 @@ def connect():
 
     test_no += 1
 
+    print("Test {0} - good mutual Ed25519 X.509".format(test_no))
+    with open(os.path.join(dir, "clientEd25519Cert.pem")) as f:
+        x509EdCert = X509().parse(f.read())
+    x509EdChain = X509CertChain([x509EdCert])
+    with open(os.path.join(dir, "clientEd25519Key.pem")) as f:
+        x509EdKey = parsePEMKey(f.read(), private=True)
+
+    synchro.recv(1)
+    connection = connect()
+    connection.handshakeClientCert(x509EdChain, x509EdKey)
+    testConnClient(connection)
+    assert isinstance(connection.session.serverCertChain, X509CertChain)
+    assert connection.session.serverCertChain.getEndEntityPublicKey().key_type\
+            == "Ed25519"
+    connection.close()
+
+    test_no += 1
+
+    print("Test {0} - good mutual Ed25519 X.509, TLS 1.2".format(test_no))
+    with open(os.path.join(dir, "clientEd25519Cert.pem")) as f:
+        x509EdCert = X509().parse(f.read())
+    x509EdChain = X509CertChain([x509EdCert])
+    with open(os.path.join(dir, "clientEd25519Key.pem")) as f:
+        x509EdKey = parsePEMKey(f.read(), private=True)
+
+    synchro.recv(1)
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.minVersion = (3, 3)
+    settings.maxVersion = (3, 3)
+    connection.handshakeClientCert(x509EdChain, x509EdKey, settings=settings)
+    testConnClient(connection)
+    assert isinstance(connection.session.serverCertChain, X509CertChain)
+    assert connection.session.serverCertChain.getEndEntityPublicKey().key_type\
+            == "Ed25519"
+    connection.close()
+
+    test_no += 1
+
     print("Test {0} - good X.509 DSA, SSLv3".format(test_no))
     synchro.recv(1)
     connection = connect()
@@ -989,6 +1028,24 @@ def connect():
 
     test_no += 1
 
+    print("Test {0} - good mutual X.509 Ed25519, PHA, TLSv1.3".format(test_no))
+    synchro.recv(1)
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.minVersion = (3, 4)
+    settings.maxVersion = (3, 4)
+    connection.handshakeClientCert(x509EdChain, x509EdKey, settings=settings)
+    synchro.recv(1)
+    b = connection.read(0, 0)
+    assert b == b''
+    testConnClient(connection)
+    assert isinstance(connection.session.serverCertChain, X509CertChain)
+    assert connection.session.serverCertChain.getEndEntityPublicKey().key_type\
+            == "Ed25519"
+    connection.close()
+
+    test_no += 1
+
     print("Test {0} - good mutual X.509, PHA and KeyUpdate, TLSv1.3".format(test_no))
     synchro.recv(1)
     connection = connect()
@@ -2435,6 +2492,36 @@ def connect():
 
     test_no += 1
 
+    print("Test {0} - good mutual Ed25519 X.509".format(test_no))
+    synchro.send(b'R')
+    connection = connect()
+    connection.handshakeServer(certChain=x509Ed25519Chain,
+                               privateKey=x509Ed25519Key, reqCert=True)
+    testConnServer(connection)
+    assert(isinstance(connection.session.clientCertChain, X509CertChain))
+    assert connection.session.clientCertChain.getEndEntityPublicKey().key_type\
+            == "Ed25519"
+    connection.close()
+
+    test_no += 1
+
+    print("Test {0} - good mutual Ed25519 X.509, TLS 1.2".format(test_no))
+    synchro.send(b'R')
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.minVersion = (3, 3)
+    settings.maxVersion = (3, 3)
+    connection.handshakeServer(certChain=x509Ed25519Chain,
+                               privateKey=x509Ed25519Key, reqCert=True,
+                               settings=settings)
+    testConnServer(connection)
+    assert(isinstance(connection.session.clientCertChain, X509CertChain))
+    assert connection.session.clientCertChain.getEndEntityPublicKey().key_type\
+            == "Ed25519"
+    connection.close()
+
+    test_no += 1
+
     print("Test {0} - good X.509 DSA, SSLv3".format(test_no))
     synchro.send(b'R')
     connection = connect()
@@ -2534,6 +2621,29 @@ def connect():
 
     test_no += 1
 
+    print("Test {0} - good mutual X.509 Ed25519, PHA, TLSv1.3".format(test_no))
+    synchro.send(b'R')
+    connection = connect()
+    settings = HandshakeSettings()
+    settings.minVersion = (3, 4)
+    settings.maxVersion = (3, 4)
+    connection.handshakeServer(certChain=x509Ed25519Chain,
+                               privateKey=x509Ed25519Key,
+                               settings=settings)
+    assert connection.session.clientCertChain is None
+    for result in connection.request_post_handshake_auth(settings):
+        assert result in (0, 1)
+    synchro.send(b'R')
+    testConnServer(connection)
+
+    assert connection.session.clientCertChain is not None
+    assert isinstance(connection.session.clientCertChain, X509CertChain)
+    assert connection.session.clientCertChain.getEndEntityPublicKey().key_type\
+            == "Ed25519"
+    connection.close()
+
+    test_no += 1
+
     print("Test {0} - good mutual X.509, PHA and KeyUpdate, TLSv1.3".format(test_no))
     synchro.send(b'R')
     connection = connect()
diff --git a/tlslite/handshakehashes.py b/tlslite/handshakehashes.py
@@ -24,6 +24,7 @@ def __init__(self):
         self._handshakeSHA256 = hashlib.sha256()
         self._handshakeSHA384 = hashlib.sha384()
         self._handshakeSHA512 = hashlib.sha512()
+        self._handshake_buffer = bytearray()
 
     def update(self, data):
         """
@@ -38,6 +39,7 @@ def update(self, data):
         self._handshakeSHA256.update(text)
         self._handshakeSHA384.update(text)
         self._handshakeSHA512.update(text)
+        self._handshake_buffer += text
 
     def digest(self, digest=None):
         """
@@ -61,6 +63,8 @@ def digest(self, digest=None):
             return self._handshakeSHA384.digest()
         elif digest == 'sha512':
             return self._handshakeSHA512.digest()
+        elif digest == "intrinsic":
+            return self._handshake_buffer
         else:
             raise ValueError("Unknown digest name")
 
@@ -107,4 +111,5 @@ def copy(self):
         other._handshakeSHA256 = self._handshakeSHA256.copy()
         other._handshakeSHA384 = self._handshakeSHA384.copy()
         other._handshakeSHA512 = self._handshakeSHA512.copy()
+        other._handshake_buffer = bytearray(self._handshake_buffer)
         return other
diff --git a/tlslite/keyexchange.py b/tlslite/keyexchange.py
@@ -369,7 +369,11 @@ def calcVerifyBytes(version, handshakeHashes, signatureAlg,
             else:
                 verifyBytes = handshakeHashes.digest("sha1")
         elif version == (3, 3):
-            if signatureAlg[1] != SignatureAlgorithm.ecdsa:
+            if signatureAlg in (SignatureScheme.ed25519,
+                    SignatureScheme.ed448):
+                hashName = "intrinsic"
+                padding = None
+            elif signatureAlg[1] != SignatureAlgorithm.ecdsa:
                 scheme = SignatureScheme.toRepr(signatureAlg)
                 if scheme is None:
                     hashName = HashAlgorithm.toRepr(signatureAlg[0])
@@ -436,12 +440,21 @@ def makeCertificateVerify(version, handshakeHashes, validSigAlgs,
                                                   clientRandom,
                                                   serverRandom,
                                                   key_type=privateKey.key_type)
-        if signatureAlgorithm and \
+        if signatureAlgorithm and signatureAlgorithm in (
+                SignatureScheme.ed25519, SignatureScheme.ed448):
+            padding = None
+            hashName = "intrinsic"
+            saltLen = None
+            sig_func = privateKey.hashAndSign
+            ver_func = privateKey.hashAndVerify
+        elif signatureAlgorithm and \
                 signatureAlgorithm[1] == SignatureAlgorithm.ecdsa:
             padding = None
             hashName = HashAlgorithm.toRepr(signatureAlgorithm[0])
             saltLen = None
             verifyBytes = verifyBytes[:privateKey.private_key.curve.baselen]
+            sig_func = privateKey.sign
+            ver_func = privateKey.verify
         else:
             scheme = SignatureScheme.toRepr(signatureAlgorithm)
             # for pkcs1 signatures hash is used to add PKCS#1 prefix, but
@@ -455,13 +468,15 @@ def makeCertificateVerify(version, handshakeHashes, validSigAlgs,
                 if padding == 'pss':
                     hashName = SignatureScheme.getHash(scheme)
                     saltLen = getattr(hashlib, hashName)().digest_size
-
-        signedBytes = privateKey.sign(verifyBytes,
-                                      padding,
-                                      hashName,
-                                      saltLen)
-        if not privateKey.verify(signedBytes, verifyBytes, padding, hashName,
-                                 saltLen):
+            sig_func = privateKey.sign
+            ver_func = privateKey.verify
+
+        signedBytes = sig_func(verifyBytes,
+                               padding,
+                               hashName,
+                               saltLen)
+        if not ver_func(signedBytes, verifyBytes, padding, hashName,
+                        saltLen):
             raise TLSInternalError("Certificate Verify signature invalid")
         certificateVerify = CertificateVerify(version)
         certificateVerify.create(signedBytes, signatureAlgorithm)
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -1434,23 +1434,34 @@ def _clientTLS13Handshake(self, settings, session, clientHello,
                                                 signature_scheme, None, None,
                                                 None, prfName, b'client')
 
-                if signature_scheme[1] == SignatureAlgorithm.ecdsa:
+                if signature_scheme in (SignatureScheme.ed25519,
+                        SignatureScheme.ed448):
+                    pad_type = None
+                    hash_name = "intrinsic"
+                    salt_len = None
+                    sig_func = privateKey.hashAndSign
+                    ver_func = privateKey.hashAndVerify
+                elif signature_scheme[1] == SignatureAlgorithm.ecdsa:
                     pad_type = None
                     hash_name = HashAlgorithm.toRepr(signature_scheme[0])
                     salt_len = None
+                    sig_func = privateKey.sign
+                    ver_func = privateKey.verify
                 else:
                     pad_type = SignatureScheme.getPadding(scheme)
                     hash_name = SignatureScheme.getHash(scheme)
                     salt_len = getattr(hashlib, hash_name)().digest_size
+                    sig_func = privateKey.sign
+                    ver_func = privateKey.verify
 
-                signature = privateKey.sign(signature_context,
-                                            pad_type,
-                                            hash_name,
-                                            salt_len)
-                if not privateKey.verify(signature, signature_context,
-                                         pad_type,
-                                         hash_name,
-                                         salt_len):
+                signature = sig_func(signature_context,
+                                     pad_type,
+                                     hash_name,
+                                     salt_len)
+                if not ver_func(signature, signature_context,
+                                pad_type,
+                                hash_name,
+                                salt_len):
                     for result in self._sendError(
                             AlertDescription.internal_error,
                             "Certificate Verify signature failed"):
@@ -2894,21 +2905,29 @@ def _serverTLS13Handshake(self, settings, clientHello, cipherSuite,
 
             public_key = client_cert_chain.getEndEntityPublicKey()
 
-            if signature_scheme[1] == SignatureAlgorithm.ecdsa:
+            if signature_scheme in (SignatureScheme.ed25519,
+                    SignatureScheme.ed448):
+                hash_name = "intrinsic"
+                pad_type = None
+                salt_len = None
+                ver_func = public_key.hashAndVerify
+            elif signature_scheme[1] == SignatureAlgorithm.ecdsa:
                 hash_name = HashAlgorithm.toRepr(signature_scheme[0])
                 pad_type = None
                 salt_len = None
+                ver_func = public_key.verify
             else:
                 scheme = SignatureScheme.toRepr(signature_scheme)
                 pad_type = SignatureScheme.getPadding(scheme)
                 hash_name = SignatureScheme.getHash(scheme)
                 salt_len = getattr(hashlib, hash_name)().digest_size
+                ver_func = public_key.verify
 
-            if not public_key.verify(certificate_verify.signature,
-                                     signature_context,
-                                     pad_type,
-                                     hash_name,
-                                     salt_len):
+            if not ver_func(certificate_verify.signature,
+                            signature_context,
+                            pad_type,
+                            hash_name,
+                            salt_len):
                 for result in self._sendError(
                         AlertDescription.decrypt_error,
                         "signature verification failed"):
@@ -4189,7 +4208,13 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg,
                 else: break
             public_key = result
 
-            if not signatureAlgorithm or \
+            if signatureAlgorithm and signatureAlgorithm in (
+                    SignatureScheme.ed25519, SignatureScheme.ed448):
+                hash_name = "intrinsic"
+                salt_len = None
+                padding = None
+                ver_func = public_key.hashAndVerify
+            elif not signatureAlgorithm or \
                     signatureAlgorithm[1] != SignatureAlgorithm.ecdsa:
                 scheme = SignatureScheme.toRepr(signatureAlgorithm)
                 # for pkcs1 signatures hash is used to add PKCS#1 prefix, but
@@ -4203,18 +4228,20 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg,
                     if padding == 'pss':
                         hash_name = SignatureScheme.getHash(scheme)
                         salt_len = getattr(hashlib, hash_name)().digest_size
+                ver_func = public_key.verify
             else:
                 hash_name = HashAlgorithm.toStr(signatureAlgorithm[0])
                 verify_bytes = verify_bytes[
                     :public_key.public_key.curve.baselen]
                 padding = None
                 salt_len = None
+                ver_func = public_key.verify
 
-            if not public_key.verify(certificateVerify.signature,
-                                     verify_bytes,
-                                     padding,
-                                     hash_name,
-                                     salt_len):
+            if not ver_func(certificateVerify.signature,
+                            verify_bytes,
+                            padding,
+                            hash_name,
+                            salt_len):
                 for result in self._sendError(
                         AlertDescription.decrypt_error,
                         "Signature failed to verify"):
diff --git a/tlslite/tlsrecordlayer.py b/tlslite/tlsrecordlayer.py

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+-----BEGIN PRIVATE KEY-----`
	`2`	`+MC4CAQAwBQYDK2VwBCIEIOm5ZND3cKuM23aTESsnqkkunnQNuhksWOosOHf06vw6`
	`3`	`+-----END PRIVATE KEY-----`