boringssl/crypto/evp
David Benjamin 68772b31b0 Implement new SPKI parsers.
Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each
with different ways to set signature parameters. SPKIs themselves can
get complex with id-RSASSA-PSS keys which come with various constraints
in the key parameters. This suggests we want a common in-library
representation of an SPKI.

This adds two new functions EVP_parse_public_key and
EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and
implements X509_PUBKEY functions with them. EVP_PKEY seems to have been
intended to be able to express the supported SPKI types with
full-fidelity, so these APIs will continue this.

This means future support for id-RSASSA-PSS would *not* repurpose
EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies
acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and
the data pointer would be some (exposed, so the caller may still check
key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX
implementation would enforce the key constraints. If RSA_PSS_KEY would
later need its own API, that code would move there, but that seems
unlikely.

Ideally we'd have a 1:1 correspondence with key OID, although we may
have to fudge things if mistakes happen in standardization. (Whether or
not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate
EVP_PKEY type.)

DSA parsing hooks are still implemented, missing parameters and all for
now. This isn't any worse than before.

Decoupling from the giant crypto/obj OID table will be a later task.

BUG=522228

Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c
Reviewed-on: https://boringssl-review.googlesource.com/6861
Reviewed-by: Adam Langley <agl@google.com>
2016-02-17 16:28:07 +00:00
..
algorithm.c
CMakeLists.txt Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
digestsign.c Don't default to SHA-1 in |EVP_DigestSignInit|/|EVP_DigestVerifyInit|. 2015-10-26 21:26:51 +00:00
evp_asn1.c Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
evp_ctx.c Remove app_data from EVP_PKEY_CTX. 2016-01-28 00:29:34 +00:00
evp_extra_test.cc Add tests for EC keys with specified curves. 2016-02-16 21:51:32 +00:00
evp_test.cc Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
evp_tests.txt Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
evp.c Don't allow EVP_PKEY_RSA2. 2016-01-28 00:43:37 +00:00
internal.h Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
p_dsa_asn1.c Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
p_ec_asn1.c Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
p_ec.c Implement pkey_ec_keygen with EC_KEY APIs. 2016-01-28 00:28:43 +00:00
p_rsa_asn1.c Implement new SPKI parsers. 2016-02-17 16:28:07 +00:00
p_rsa.c Un-const EVP_PKEY_CTX_set0_rsa_oaep_label and fix overflow check. 2016-01-28 00:34:38 +00:00
pbkdf_test.cc Remove calls to ERR_load_crypto_strings. 2016-01-25 23:09:08 +00:00
pbkdf.c Reject iterations=0 when calling PKCS5_PBKDF2_HMAC(). 2015-10-13 19:40:55 +00:00
sign.c