Support Ed25519 in TLS.
This only works at TLS 1.2 and above as, before TLS 1.2, there is no way
to advertise support for Ed25519 or negotiate the correct signature
algorithm. Add tests for this accordingly.
For now, this is disabled by default on the verifying side but may be
enabled per SSL_CTX. Notably, projects like Chromium which use an
external verifier may need changes elsewhere before they can enable it.
(On the signing side, we can assume that if the caller gave us an
Ed25519 certificate, they mean for us to use it.)
BUG=187
Change-Id: Id25b0a677dcbe205ddd26d8dbba11c04bb520756
Reviewed-on: https://boringssl-review.googlesource.com/14450
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index a72b541..4ade583 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1830,16 +1830,17 @@
void SSL_COMP_free_compression_methods(void) {}
-int ssl_cipher_get_key_type(const SSL_CIPHER *cipher) {
- uint32_t alg_a = cipher->algorithm_auth;
-
- if (alg_a & SSL_aECDSA) {
- return EVP_PKEY_EC;
- } else if (alg_a & SSL_aRSA) {
- return EVP_PKEY_RSA;
+uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key) {
+ switch (EVP_PKEY_id(key)) {
+ case EVP_PKEY_RSA:
+ return SSL_aRSA;
+ case EVP_PKEY_EC:
+ case EVP_PKEY_ED25519:
+ /* Ed25519 keys in TLS 1.2 repurpose the ECDSA ciphers. */
+ return SSL_aECDSA;
+ default:
+ return 0;
}
-
- return EVP_PKEY_NONE;
}
int ssl_cipher_uses_certificate_auth(const SSL_CIPHER *cipher) {
