Skip to content

Commit

Permalink
Merge branch 'master' into libfixes
Browse files Browse the repository at this point in the history
  • Loading branch information
sarroutbi authored Feb 2, 2024
2 parents 9a438c8 + e6a7ae7 commit aa1123c
Show file tree
Hide file tree
Showing 12 changed files with 70 additions and 24 deletions.
11 changes: 8 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,13 @@ jobs:
- clang
os:
- fedora:latest
- quay.io/centos/centos:stream8
- quay.io/centos/centos:stream9
- quay.io/centos/centos:stream8
- debian:testing
- debian:latest
- ubuntu:rolling
- ubuntu:jammy
- ubuntu:focal
stable:: [true]
include:
- compiler: gcc
Expand All @@ -33,6 +35,9 @@ jobs:
- compiler: clang
os: ubuntu:devel
stable: false
- compiler: gcc
os: centos:7
stable: true
steps:
- uses: actions/checkout@v3

Expand All @@ -48,7 +53,7 @@ jobs:
mkdir -p build && cd build
export ninja=$(command -v ninja)
[ -z "${ninja}" ] && export ninja=$(command -v ninja-build)
meson .. || cat meson-logs/meson-log.txt >&2
meson setup .. || cat meson-logs/meson-log.txt >&2
${ninja}
- name: Run tests
Expand Down Expand Up @@ -95,7 +100,7 @@ jobs:
mkdir -p build && cd build
export ninja=$(command -v ninja)
[ -z "${ninja}" ] && export ninja=$(command -v ninja-build)
CFLAGS=-I$(brew --prefix openssl)/include LDFLAGS=-L$(brew --prefix openssl)/lib PKG_CONFIG_PATH=$(brew --prefix openssl)/lib/pkgconfig meson .. || cat meson-logs/meson-log.txt >&2
CFLAGS=-I$(brew --prefix openssl)/include LDFLAGS=-L$(brew --prefix openssl)/lib PKG_CONFIG_PATH=$(brew --prefix openssl)/lib/pkgconfig meson setup .. || cat meson-logs/meson-log.txt >&2
${ninja}
- name: Run tests
Expand Down
20 changes: 14 additions & 6 deletions .github/workflows/install-dependencies
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/sh -ex

COMMON="meson curl git file bzip2 ${CC}"
COMMON="meson curl git file bzip2 asciidoc jq ${CC}"

case "${DISTRO}" in
osx:*)
Expand Down Expand Up @@ -30,14 +30,22 @@ debian:*|ubuntu:*)
dnf -y install ${COMMON} pkgconfig openssl-devel zlib-devel jansson-devel
;;

*centos:*)
centos:7)
yum -y clean all
yum -y --setopt=deltarpm=0 update
yum install -y yum-utils epel-release
yum config-manager -y --set-enabled crb \
|| yum config-manager -y --set-enabled powertools || :
yum -y --allowerasing install ${COMMON}
yum install -y yum-utils epel-release centos-release-scl llvm-toolset-7
yum -y install ${COMMON}
yum-builddep -y jose
;;

*centos:stream*)
dnf -y clean all
dnf -y --allowerasing --setopt=deltarpm=0 update
dnf install -y yum-utils epel-release
dnf config-manager -y --set-enabled crb \
|| dnf config-manager -y --set-enabled powertools || :
dnf -y --allowerasing install ${COMMON}
dnf builddep -y jose
;;
esac
# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
6 changes: 4 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ José is extensively tested against the RFC test vectors.
| ES256 | YES | Signature | EC |
| ES384 | YES | Signature | EC |
| ES512 | YES | Signature | EC |
| ES256K | YES | Signature | EC |
| PS256 | YES | Signature | RSA |
| PS384 | YES | Signature | RSA |
| PS512 | YES | Signature | RSA |
Expand Down Expand Up @@ -112,7 +113,7 @@ Decryption failed!
Building Jose is fairly straightforward:

$ mkdir build && cd build
$ meson .. --prefix=/usr
$ meson setup .. --prefix=/usr
$ ninja
$ sudo ninja install

Expand All @@ -124,8 +125,9 @@ To build a FreeBSD, HardenedBSD or OPNsense package
use:

(as root) # pkg install meson pkgconf jansson asciidoc jq

$ mkdir build && cd build
$ meson .. --prefix=/usr/local
$ meson setup .. --prefix=/usr/local
$ ninja
$ meson test
(as root) # ninja install
Expand Down
3 changes: 2 additions & 1 deletion lib/openssl/ec.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,11 @@ jwk_make_execute(jose_cfg_t *cfg, json_t *jwk)
if (json_unpack(jwk, "{s?s}", "crv", &crv) < 0)
return false;

switch (str2enum(crv, "P-256", "P-384", "P-521", NULL)) {
switch (str2enum(crv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
case 0: nid = NID_X9_62_prime256v1; break;
case 1: nid = NID_secp384r1; break;
case 2: nid = NID_secp521r1; break;
case 3: nid = NID_secp256k1; break;
default: return false;
}

Expand Down
29 changes: 25 additions & 4 deletions lib/openssl/ecdsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

#include <string.h>

#define NAMES "ES256", "ES384", "ES512"
#define NAMES "ES256", "ES384", "ES512", "ES256K"

typedef struct {
jose_io_t io;
Expand Down Expand Up @@ -137,6 +137,19 @@ alg2crv(const char *alg)
case 0: return "P-256";
case 1: return "P-384";
case 2: return "P-521";
case 3: return "secp256k1";
default: return NULL;
}
}

static const char *
alg2hash(const char *alg)
{
switch (str2enum(alg, NAMES, NULL)) {
case 0: return "S256";
case 1: return "S384";
case 2: return "S512";
case 3: return "S256";
default: return NULL;
}
}
Expand Down Expand Up @@ -200,10 +213,11 @@ alg_sign_sug(const jose_hook_alg_t *alg, jose_cfg_t *cfg, const json_t *jwk)
if (!type || strcmp(type, "EC") != 0)
return NULL;

switch (str2enum(curv, "P-256", "P-384", "P-521", NULL)) {
switch (str2enum(curv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
case 0: return "ES256";
case 1: return "ES384";
case 2: return "ES512";
case 3: return "ES256K";
default: return NULL;
}
}
Expand All @@ -216,7 +230,7 @@ alg_sign_sig(const jose_hook_alg_t *alg, jose_cfg_t *cfg, json_t *jws,
jose_io_auto_t *io = NULL;
io_t *i = NULL;

halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, &alg->name[1]);
halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, alg2hash(alg->name));
if (!halg)
return NULL;

Expand Down Expand Up @@ -248,7 +262,7 @@ alg_sign_ver(const jose_hook_alg_t *alg, jose_cfg_t *cfg, const json_t *jws,
jose_io_auto_t *io = NULL;
io_t *i = NULL;

halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, &alg->name[1]);
halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, alg2hash(alg->name));
if (!halg)
return NULL;

Expand Down Expand Up @@ -302,6 +316,13 @@ constructor(void)
.sign.sug = alg_sign_sug,
.sign.sig = alg_sign_sig,
.sign.ver = alg_sign_ver },
{ .kind = JOSE_HOOK_ALG_KIND_SIGN,
.name = "ES256K",
.sign.sprm = "sign",
.sign.vprm = "verify",
.sign.sug = alg_sign_sug,
.sign.sig = alg_sign_sig,
.sign.ver = alg_sign_ver },
{}
};

Expand Down
4 changes: 3 additions & 1 deletion lib/openssl/jwk.c
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,7 @@ jose_openssl_jwk_from_EC_POINT(jose_cfg_t *cfg, const EC_GROUP *grp,
case NID_X9_62_prime256v1: crv = "P-256"; break;
case NID_secp384r1: crv = "P-384"; break;
case NID_secp521r1: crv = "P-521"; break;
case NID_secp256k1: crv = "secp256k1"; break;
default: return NULL;
}

Expand Down Expand Up @@ -366,10 +367,11 @@ jose_openssl_jwk_to_EC_KEY(jose_cfg_t *cfg, const json_t *jwk)
if (strcmp(kty, "EC") != 0)
return NULL;

switch (str2enum(crv, "P-256", "P-384", "P-521", NULL)) {
switch (str2enum(crv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
case 0: nid = NID_X9_62_prime256v1; break;
case 1: nid = NID_secp384r1; break;
case 2: nid = NID_secp521r1; break;
case 3: nid = NID_secp256k1; break;
default: return NULL;
}

Expand Down
2 changes: 1 addition & 1 deletion lib/openssl/rsaes.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@

#include <string.h>

#ifdef EVP_PKEY_CTX_set_rsa_oaep_md
#if defined (EVP_PKEY_CTX_set_rsa_oaep_md) || (OPENSSL_VERSION_NUMBER >= 0x30000000L)
#define NAMES "RSA1_5", "RSA-OAEP", "RSA-OAEP-224", "RSA-OAEP-256", "RSA-OAEP-384", "RSA-OAEP-512"
#define HAVE_OAEP
#else
Expand Down
2 changes: 1 addition & 1 deletion meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ pkg.generate(
name: 'José Library',
libraries_private: [ zlib, libcrypto ],
libraries: libjose_lib,
requires: 'jansson',
requires: jansson,
)

if a2x.found()
Expand Down
9 changes: 6 additions & 3 deletions tests/alg_encr.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,12 @@ test(const jose_hook_alg_t *a, const char *pt, json_t *cek, bool iter)
assert(d);

if (iter) {
uint8_t *xxx = ebuf;
for (size_t i = 0; i < elen; i++)
assert(d->feed(d, &xxx[i], 1));
if (elen) {
uint8_t *xxx = ebuf;
for (size_t i = 0; i < elen; i++) {
assert(d->feed(d, &xxx[i], 1));
}
}
} else {
assert(d->feed(d, ebuf, elen));
}
Expand Down
3 changes: 3 additions & 0 deletions tests/api_b64.c
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ main(int argc, char *argv[])
for (uint16_t i = 0; i <= UINT8_MAX; i++) {
union encoding enc = { i };
uint8_t dec[3] = {};
assert(dec != NULL);
assert(jose_b64_dec_buf(enc.enc, 1, dec, sizeof(dec)) == SIZE_MAX);
}

Expand All @@ -74,6 +75,7 @@ main(int argc, char *argv[])
for (uint16_t i = 0; i <= UINT8_MAX; i++) {
uint8_t dec[3] = { i };
union encoding enc = {};
assert(dec != NULL);
assert(jose_b64_enc_buf(dec, 1, enc.enc, sizeof(enc.enc)) == 2);
set(val, enc.idx);
}
Expand Down Expand Up @@ -106,6 +108,7 @@ main(int argc, char *argv[])
for (uint16_t j = 0; j <= UINT8_MAX; j++) {
uint8_t dec[3] = { i, j };
union encoding enc = {};
assert(dec != NULL);
assert(jose_b64_enc_buf(dec, 2, enc.enc, sizeof(enc.enc)) == 3);
set(val, enc.idx);
}
Expand Down
1 change: 1 addition & 0 deletions tests/jose-jwk-gen
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ done
jose jwk gen -i '{ "kty": "EC", "crv": "P-256" }'
jose jwk gen -i '{ "kty": "EC", "crv": "P-384" }'
jose jwk gen -i '{ "kty": "EC", "crv": "P-521" }'
jose jwk gen -i '{ "kty": "EC", "crv": "secp256k1" }'

jose jwk gen -i '{ "kty": "RSA", "bits": 3072 }'
! jose jwk gen -i '{ "kty": "RSA", "bits": 3072, "e": 257 }'
Expand Down
4 changes: 2 additions & 2 deletions tests/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,14 @@ foreach p: progs
if p == 'api_b64'
to = 1800
else
to = 30
to = 180
endif
test(p, exe, timeout: to)
endforeach

foreach s: scripts
exe = find_program('./' + s)
test(s, exe, env: e, timeout: 60)
test(s, exe, env: e, timeout: 900)
endforeach

subdir('issue-75')

0 comments on commit aa1123c

Please sign in to comment.