From 2d6cd9eb1633ad80636d273f823b64d723a4be76 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 09:44:05 +0000 Subject: [PATCH 01/10] Exposed some of ECDSA functions --- openssl-sys/src/ossl10x.rs | 26 ++++++ openssl-sys/src/ossl110.rs | 23 +++++ openssl/src/ecdsa.rs | 179 +++++++++++++++++++++++++++++++++++++ openssl/src/lib.rs | 1 + 4 files changed, 229 insertions(+) create mode 100644 openssl/src/ecdsa.rs diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs index f8ff7193..78c76b6e 100644 --- a/openssl-sys/src/ossl10x.rs +++ b/openssl-sys/src/ossl10x.rs @@ -128,6 +128,12 @@ pub struct DSA { pub engine: *mut ::ENGINE, } +#[repr(C)] +pub struct ECDSA_SIG { + pub r: *mut BIGNUM, + pub s: *mut BIGNUM +} + #[repr(C)] pub struct EVP_PKEY { pub type_: c_int, @@ -823,6 +829,26 @@ extern "C" { ); pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); + pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; + pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); + pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int; + pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG; + pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int; + pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, + sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; + pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, + sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, + sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int, + kinv: *const BIGNUM, rp: *const BIGNUM, + eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; + pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int; + pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, + sig: *mut c_uchar, siglen: *mut c_uint, + kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int; + pub fn ERR_load_crypto_strings(); pub fn RSA_generate_key( diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs index b02c296d..d6f4eb99 100644 --- a/openssl-sys/src/ossl110.rs +++ b/openssl-sys/src/ossl110.rs @@ -8,6 +8,7 @@ pub enum BIO_METHOD {} pub enum CRYPTO_EX_DATA {} pub enum DH {} pub enum DSA {} +pub enum ECDSA_SIG {} pub enum EVP_CIPHER {} pub enum EVP_MD_CTX {} pub enum EVP_PKEY {} @@ -363,4 +364,26 @@ extern "C" { ) -> *mut PKCS12; pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; + + pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; + pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); + pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); + pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; + pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int; + pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG; + pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int; + pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, + sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; + pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, + sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, + sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int, + kinv: *const BIGNUM, rp: *const BIGNUM, + eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; + pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int; + pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, + sig: *mut c_uchar, siglen: *mut c_uint, + kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int; } diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs new file mode 100644 index 00000000..50cb0b62 --- /dev/null +++ b/openssl/src/ecdsa.rs @@ -0,0 +1,179 @@ +//! Low level Elliptic Curve Digital Signature Algorithm (ECDSA) functions. +//! + + +use bn::{BigNum, BigNumRef}; +use {cvt, cvt_n, cvt_p}; +use ec::EcKey; +use error::ErrorStack; +use ffi; +use foreign_types::{ForeignType, ForeignTypeRef}; +use pkey::{Private, Public}; +use std::mem; + + +foreign_type_and_impl_send_sync! { + type CType = ffi::ECDSA_SIG; + fn drop = ffi::ECDSA_SIG_free; + + /// A low level interface to ECDSA + /// + /// OpenSSL documentation at [`ECDSA_sign`] + /// + /// [`ECDSA_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_sign.html + pub struct EcdsaSig; + /// Reference to [`EcdsaSig`] + /// + /// [`EcdsaSig`]: struct.EcdsaSig.html + pub struct EcdsaSigRef; +} + +impl EcdsaSig { + + /// Computes a digital signature of the `dgstlen` bytes hash value `data` using the private EC key eckey. + /// Some example values associated with `dgstlen` are: for SHA-1, it is 20; for SHA-256 it is 32 etc. + /// + /// OpenSSL documentation at [`ECDSA_do_sign`] + /// + /// [`ECDSA_do_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_sign.html + pub fn sign(data: &[u8], dgstlen: i32, eckey: &EcKey) -> Result { + unsafe { + let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), dgstlen, eckey.as_ptr()))?; + Ok(EcdsaSig::from_ptr(sig as *mut _)) + } + } + + /// Returns a new `EcdsaSig` by setting the `r` and `s` values associated with a + /// ECDSA signature. + /// + /// OpenSSL documentation at [`ECDSA_SIG_set0`] + /// + /// [`ECDSA_SIG_set0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_set0.html + pub fn from_private_components(r: BigNum, s: BigNum) -> Result { + unsafe { + let sig = cvt_p(ffi::ECDSA_SIG_new())?; + cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?; + mem::forget((r, s)); + Ok(EcdsaSig::from_ptr(sig as *mut _)) + } + } + + /// Verifies if the signature is a valid ECDSA signature using the given public key + /// + /// OpenSSL documentation at [`ECDSA_do_verify`] + /// + /// [`ECDSA_do_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_verify.html + pub fn verify(&self, data: &[u8], dgstlen: i32, eckey: &EcKey) -> Result { + unsafe { + let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), dgstlen, self.as_ptr(), eckey.as_ptr()))?; + Ok(x == 1) + } + } + + /// Returns internal components: `r` and `s` of a `EcdsaSig`. (See X9.62 or FIPS 186-2) + /// + /// OpenSSL documentation at [`ECDSA_SIG_get0`] + /// + /// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html + pub fn private_components(&self) -> (Option<&BigNumRef>, Option<&BigNumRef>) { + unsafe { + let xs = compat::get_numbers(self.as_ptr()); + let r = if xs[0].is_null() { None } else { Some(BigNumRef::from_ptr(xs[0] as *mut _)) }; + let s = if xs[1].is_null() { None } else { Some(BigNumRef::from_ptr(xs[1] as *mut _)) }; + (r, s) + } + } + +} + +#[cfg(ossl110)] +mod compat { + use std::ptr; + + use libc::c_int; + use ffi::{self, BIGNUM, ECDSA_SIG}; + + pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int { + ffi::ECDSA_SIG_set0(sig, r, s) + } + + pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] { + let (mut r, mut s) = (ptr::null(), ptr::null()); + ffi::ECDSA_SIG_get0(sig, &mut r, &mut s); + [r, s] + } +} + +#[cfg(ossl10x)] +mod compat { + use libc::c_int; + use ffi::{BIGNUM, ECDSA_SIG}; + + pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int { + (*sig).r = r; + (*sig).s = s; + 1 + } + + pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] { + [(*sig).r, (*sig).s] + } + +} + +#[cfg(test)] +mod test { + use nid::Nid; + use ec::EcGroup; + use super::*; + + fn get_public_key(group: &EcGroup, x: &EcKey) -> Result, ErrorStack> { + let public_key_point = x.public_key(); + Ok(EcKey::from_public_key(group, public_key_point)?) + } + + #[test] + fn sign_and_verify() { + let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); + let private_key = EcKey::generate(&group).unwrap(); + let public_key = get_public_key(&group, &private_key).unwrap(); + + let private_key2 = EcKey::generate(&group).unwrap(); + let public_key2 = get_public_key(&group, &private_key2).unwrap(); + + let data = String::from("hello"); + let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap(); + + // Signature can be verified using the correct data & correct public key + let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap(); + assert!(verification); + + // Signature will not be verified using the incorrect data but the correct public key + let verification2 = res.verify(String::from("hello2").as_bytes(), 32, &public_key).unwrap(); + assert!(verification2 == false); + + // Signature will not be verified using the correct data but the incorrect public key + let verification3 = res.verify(data.as_bytes(), 32, &public_key2).unwrap(); + assert!(verification3 == false); + } + + #[test] + fn check_private_components() { + let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); + let private_key = EcKey::generate(&group).unwrap(); + let public_key = get_public_key(&group, &private_key).unwrap(); + let data = String::from("hello"); + let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap(); + + let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap(); + assert!(verification); + + let x = res.private_components(); + let r = x.0.unwrap().to_owned().unwrap(); + let s = x.1.unwrap().to_owned().unwrap(); + + let res2 = EcdsaSig::from_private_components(r, s).unwrap(); + let verification2 = res2.verify(data.as_bytes(), 32, &public_key).unwrap(); + assert!(verification2); + } +} \ No newline at end of file diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 321a301f..e4b621ef 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -39,6 +39,7 @@ pub mod derive; pub mod dh; pub mod dsa; pub mod ec; +pub mod ecdsa; pub mod error; pub mod ex_data; #[cfg(not(libressl))] From 55ffc9b2e415c3286c8d903b7c0284c834e4a13d Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 11:54:19 +0000 Subject: [PATCH 02/10] Add support LibreSSL and remove OpenSSL binding which we aren't using --- openssl-sys/src/lib.rs | 6 ++++++ openssl-sys/src/libressl/mod.rs | 6 ++++++ openssl-sys/src/ossl10x.rs | 20 -------------------- openssl-sys/src/ossl110.rs | 19 ------------------- 4 files changed, 12 insertions(+), 39 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 77f69188..4a73ff7f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1876,6 +1876,12 @@ extern "C" { ctx: *mut BN_CTX, ) -> c_int; + pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; + pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); + pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, + sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int; + pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; + pub fn ERR_peek_last_error() -> c_ulong; pub fn ERR_get_error() -> c_ulong; pub fn ERR_get_error_line_data( diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs index 8454a78a..c47363ca 100644 --- a/openssl-sys/src/libressl/mod.rs +++ b/openssl-sys/src/libressl/mod.rs @@ -133,6 +133,12 @@ pub struct DSA { pub engine: *mut ::ENGINE, } +#[repr(C)] +pub struct ECDSA_SIG { + pub r: *mut ::BIGNUM, + pub s: *mut ::BIGNUM +} + #[repr(C)] pub struct EVP_PKEY { pub type_: c_int, diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs index 78c76b6e..09185160 100644 --- a/openssl-sys/src/ossl10x.rs +++ b/openssl-sys/src/ossl10x.rs @@ -829,26 +829,6 @@ extern "C" { ); pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong); - pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; - pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); - pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int; - pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG; - pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int; - pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, - sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; - pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, - sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, - sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int, - kinv: *const BIGNUM, rp: *const BIGNUM, - eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; - pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int; - pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, - sig: *mut c_uchar, siglen: *mut c_uint, - kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int; - pub fn ERR_load_crypto_strings(); pub fn RSA_generate_key( diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs index d6f4eb99..1902af75 100644 --- a/openssl-sys/src/ossl110.rs +++ b/openssl-sys/src/ossl110.rs @@ -365,25 +365,6 @@ extern "C" { pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; - pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; - pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM); pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; - pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int; - pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG; - pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int; - pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, - sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; - pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, - sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, - sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int, - kinv: *const BIGNUM, rp: *const BIGNUM, - eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; - pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int; - pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int, - sig: *mut c_uchar, siglen: *mut c_uint, - kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int; } From d4de2a408f578e6f974468dc448c0c63030087e0 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 16:12:35 +0000 Subject: [PATCH 03/10] Use examples listed in OpenSSL docs for testing --- openssl-sys/src/lib.rs | 4 ++-- openssl/src/ecdsa.rs | 30 ++++++++++++++++++++---------- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 4a73ff7f..564c7eae 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1879,8 +1879,8 @@ extern "C" { pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG; pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG); pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int, - sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int; - pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG; + sig: *const ECDSA_SIG, eckey: *mut EC_KEY) -> c_int; + pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut EC_KEY) -> *mut ECDSA_SIG; pub fn ERR_peek_last_error() -> c_ulong; pub fn ERR_get_error() -> c_ulong; diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 50cb0b62..a8f6cbbd 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -1,5 +1,5 @@ //! Low level Elliptic Curve Digital Signature Algorithm (ECDSA) functions. -//! +//! use bn::{BigNum, BigNumRef}; @@ -127,6 +127,16 @@ mod test { use ec::EcGroup; use super::*; + #[cfg(ossl10x)] + static CURVE_IDENTIFER: Nid = Nid::SECP192K1; + #[cfg(ossl10x)] + static DGST_LEN: i32 = 20; + + #[cfg(ossl110)] + static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME256V1; + #[cfg(ossl110)] + static DGST_LEN: i32 = 32; + fn get_public_key(group: &EcGroup, x: &EcKey) -> Result, ErrorStack> { let public_key_point = x.public_key(); Ok(EcKey::from_public_key(group, public_key_point)?) @@ -134,7 +144,7 @@ mod test { #[test] fn sign_and_verify() { - let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); + let group = EcGroup::from_curve_name(CURVE_IDENTIFER).unwrap(); let private_key = EcKey::generate(&group).unwrap(); let public_key = get_public_key(&group, &private_key).unwrap(); @@ -142,30 +152,30 @@ mod test { let public_key2 = get_public_key(&group, &private_key2).unwrap(); let data = String::from("hello"); - let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap(); + let res = EcdsaSig::sign(data.as_bytes(), DGST_LEN, &private_key).unwrap(); // Signature can be verified using the correct data & correct public key - let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap(); + let verification = res.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); assert!(verification); // Signature will not be verified using the incorrect data but the correct public key - let verification2 = res.verify(String::from("hello2").as_bytes(), 32, &public_key).unwrap(); + let verification2 = res.verify(String::from("hello2").as_bytes(), DGST_LEN, &public_key).unwrap(); assert!(verification2 == false); // Signature will not be verified using the correct data but the incorrect public key - let verification3 = res.verify(data.as_bytes(), 32, &public_key2).unwrap(); + let verification3 = res.verify(data.as_bytes(), DGST_LEN, &public_key2).unwrap(); assert!(verification3 == false); } #[test] fn check_private_components() { - let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); + let group = EcGroup::from_curve_name(CURVE_IDENTIFER).unwrap(); let private_key = EcKey::generate(&group).unwrap(); let public_key = get_public_key(&group, &private_key).unwrap(); let data = String::from("hello"); - let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap(); + let res = EcdsaSig::sign(data.as_bytes(), DGST_LEN, &private_key).unwrap(); - let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap(); + let verification = res.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); assert!(verification); let x = res.private_components(); @@ -173,7 +183,7 @@ mod test { let s = x.1.unwrap().to_owned().unwrap(); let res2 = EcdsaSig::from_private_components(r, s).unwrap(); - let verification2 = res2.verify(data.as_bytes(), 32, &public_key).unwrap(); + let verification2 = res2.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); assert!(verification2); } } \ No newline at end of file From 4b4d3120180648fbed3581f1d9be3dab10199637 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 16:46:31 +0000 Subject: [PATCH 04/10] Another try at using the correct curve --- openssl/src/ecdsa.rs | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index a8f6cbbd..10f5f893 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -127,16 +127,9 @@ mod test { use ec::EcGroup; use super::*; - #[cfg(ossl10x)] - static CURVE_IDENTIFER: Nid = Nid::SECP192K1; - #[cfg(ossl10x)] + static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1; static DGST_LEN: i32 = 20; - #[cfg(ossl110)] - static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME256V1; - #[cfg(ossl110)] - static DGST_LEN: i32 = 32; - fn get_public_key(group: &EcGroup, x: &EcKey) -> Result, ErrorStack> { let public_key_point = x.public_key(); Ok(EcKey::from_public_key(group, public_key_point)?) From 0a38b5a9efcc1bf60f42f8925832cd07f1a159d3 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 16:56:40 +0000 Subject: [PATCH 05/10] Try out another curve --- openssl/src/ecdsa.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 10f5f893..f7386861 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -127,7 +127,7 @@ mod test { use ec::EcGroup; use super::*; - static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1; + static CURVE_IDENTIFER: Nid = Nid::X9_62_C2TNB191V1; static DGST_LEN: i32 = 20; fn get_public_key(group: &EcGroup, x: &EcKey) -> Result, ErrorStack> { From 9e2755abae98ca4c48dff58e5d8c6fb42a093916 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 17:10:09 +0000 Subject: [PATCH 06/10] Get curves for OpenSSL tests itself --- openssl/src/ecdsa.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index f7386861..8ab24e91 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -127,9 +127,14 @@ mod test { use ec::EcGroup; use super::*; - static CURVE_IDENTIFER: Nid = Nid::X9_62_C2TNB191V1; static DGST_LEN: i32 = 20; + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1; + + #[cfg(osslconf = "OPENSSL_NO_EC2M")] + static CURVE_IDENTIFER: Nid = Nid::X9_62_C2TNB191V1; + fn get_public_key(group: &EcGroup, x: &EcKey) -> Result, ErrorStack> { let public_key_point = x.public_key(); Ok(EcKey::from_public_key(group, public_key_point)?) From 8461129456411bcfa738cc251cea2fd88e3fe1c9 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Thu, 8 Mar 2018 17:42:15 +0000 Subject: [PATCH 07/10] Changes as per PR feedback --- openssl/src/ecdsa.rs | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 8ab24e91..24f43431 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -4,7 +4,7 @@ use bn::{BigNum, BigNumRef}; use {cvt, cvt_n, cvt_p}; -use ec::EcKey; +use ec::EcKeyRef; use error::ErrorStack; use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; @@ -36,7 +36,7 @@ impl EcdsaSig { /// OpenSSL documentation at [`ECDSA_do_sign`] /// /// [`ECDSA_do_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_sign.html - pub fn sign(data: &[u8], dgstlen: i32, eckey: &EcKey) -> Result { + pub fn sign(data: &[u8], dgstlen: i32, eckey: &EcKeyRef) -> Result { unsafe { let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), dgstlen, eckey.as_ptr()))?; Ok(EcdsaSig::from_ptr(sig as *mut _)) @@ -63,24 +63,36 @@ impl EcdsaSig { /// OpenSSL documentation at [`ECDSA_do_verify`] /// /// [`ECDSA_do_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_verify.html - pub fn verify(&self, data: &[u8], dgstlen: i32, eckey: &EcKey) -> Result { + pub fn verify(&self, data: &[u8], dgstlen: i32, eckey: &EcKeyRef) -> Result { unsafe { let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), dgstlen, self.as_ptr(), eckey.as_ptr()))?; Ok(x == 1) } } - /// Returns internal components: `r` and `s` of a `EcdsaSig`. (See X9.62 or FIPS 186-2) + /// Returns internal component: `r` of a `EcdsaSig`. (See X9.62 or FIPS 186-2) /// /// OpenSSL documentation at [`ECDSA_SIG_get0`] /// /// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html - pub fn private_components(&self) -> (Option<&BigNumRef>, Option<&BigNumRef>) { + pub fn private_component_r(&self) -> Option<&BigNumRef> { unsafe { let xs = compat::get_numbers(self.as_ptr()); let r = if xs[0].is_null() { None } else { Some(BigNumRef::from_ptr(xs[0] as *mut _)) }; + r + } + } + + /// Returns internal components: `s` of a `EcdsaSig`. (See X9.62 or FIPS 186-2) + /// + /// OpenSSL documentation at [`ECDSA_SIG_get0`] + /// + /// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html + pub fn private_component_s(&self) -> Option<&BigNumRef> { + unsafe { + let xs = compat::get_numbers(self.as_ptr()); let s = if xs[1].is_null() { None } else { Some(BigNumRef::from_ptr(xs[1] as *mut _)) }; - (r, s) + s } } @@ -125,6 +137,7 @@ mod compat { mod test { use nid::Nid; use ec::EcGroup; + use ec::EcKey; use super::*; static DGST_LEN: i32 = 20; @@ -176,9 +189,8 @@ mod test { let verification = res.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); assert!(verification); - let x = res.private_components(); - let r = x.0.unwrap().to_owned().unwrap(); - let s = x.1.unwrap().to_owned().unwrap(); + let r = res.private_component_r().unwrap().to_owned().unwrap(); + let s = res.private_component_s().unwrap().to_owned().unwrap(); let res2 = EcdsaSig::from_private_components(r, s).unwrap(); let verification2 = res2.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); From 7ab650098cc31223600a13570f7849889bb54d4b Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Fri, 9 Mar 2018 10:39:58 +0000 Subject: [PATCH 08/10] Remove unneeded paramter --- openssl/src/ecdsa.rs | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 24f43431..b220350c 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -30,15 +30,14 @@ foreign_type_and_impl_send_sync! { impl EcdsaSig { - /// Computes a digital signature of the `dgstlen` bytes hash value `data` using the private EC key eckey. - /// Some example values associated with `dgstlen` are: for SHA-1, it is 20; for SHA-256 it is 32 etc. + /// Computes a digital signature of the hash value `data` using the private EC key eckey. /// /// OpenSSL documentation at [`ECDSA_do_sign`] /// /// [`ECDSA_do_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_sign.html - pub fn sign(data: &[u8], dgstlen: i32, eckey: &EcKeyRef) -> Result { + pub fn sign(data: &[u8], eckey: &EcKeyRef) -> Result { unsafe { - let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), dgstlen, eckey.as_ptr()))?; + let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), data.len() as i32, eckey.as_ptr()))?; Ok(EcdsaSig::from_ptr(sig as *mut _)) } } @@ -63,9 +62,9 @@ impl EcdsaSig { /// OpenSSL documentation at [`ECDSA_do_verify`] /// /// [`ECDSA_do_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_verify.html - pub fn verify(&self, data: &[u8], dgstlen: i32, eckey: &EcKeyRef) -> Result { + pub fn verify(&self, data: &[u8], eckey: &EcKeyRef) -> Result { unsafe { - let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), dgstlen, self.as_ptr(), eckey.as_ptr()))?; + let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), data.len() as i32, self.as_ptr(), eckey.as_ptr()))?; Ok(x == 1) } } @@ -140,8 +139,6 @@ mod test { use ec::EcKey; use super::*; - static DGST_LEN: i32 = 20; - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1; @@ -163,18 +160,18 @@ mod test { let public_key2 = get_public_key(&group, &private_key2).unwrap(); let data = String::from("hello"); - let res = EcdsaSig::sign(data.as_bytes(), DGST_LEN, &private_key).unwrap(); + let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap(); // Signature can be verified using the correct data & correct public key - let verification = res.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); + let verification = res.verify(data.as_bytes(), &public_key).unwrap(); assert!(verification); // Signature will not be verified using the incorrect data but the correct public key - let verification2 = res.verify(String::from("hello2").as_bytes(), DGST_LEN, &public_key).unwrap(); + let verification2 = res.verify(String::from("hello2").as_bytes(), &public_key).unwrap(); assert!(verification2 == false); // Signature will not be verified using the correct data but the incorrect public key - let verification3 = res.verify(data.as_bytes(), DGST_LEN, &public_key2).unwrap(); + let verification3 = res.verify(data.as_bytes(), &public_key2).unwrap(); assert!(verification3 == false); } @@ -184,16 +181,16 @@ mod test { let private_key = EcKey::generate(&group).unwrap(); let public_key = get_public_key(&group, &private_key).unwrap(); let data = String::from("hello"); - let res = EcdsaSig::sign(data.as_bytes(), DGST_LEN, &private_key).unwrap(); + let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap(); - let verification = res.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); + let verification = res.verify(data.as_bytes(), &public_key).unwrap(); assert!(verification); let r = res.private_component_r().unwrap().to_owned().unwrap(); let s = res.private_component_s().unwrap().to_owned().unwrap(); let res2 = EcdsaSig::from_private_components(r, s).unwrap(); - let verification2 = res2.verify(data.as_bytes(), DGST_LEN, &public_key).unwrap(); + let verification2 = res2.verify(data.as_bytes(), &public_key).unwrap(); assert!(verification2); } } \ No newline at end of file From bc304565e740d0c093e902285501fe6790c1143e Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Sat, 10 Mar 2018 16:29:54 +0000 Subject: [PATCH 09/10] Arguments should be BigNumRef and not BigNum --- openssl/src/ecdsa.rs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index b220350c..2161ecbf 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -2,14 +2,13 @@ //! -use bn::{BigNum, BigNumRef}; +use bn::BigNumRef; use {cvt, cvt_n, cvt_p}; use ec::EcKeyRef; use error::ErrorStack; use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; use pkey::{Private, Public}; -use std::mem; foreign_type_and_impl_send_sync! { @@ -48,11 +47,10 @@ impl EcdsaSig { /// OpenSSL documentation at [`ECDSA_SIG_set0`] /// /// [`ECDSA_SIG_set0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_set0.html - pub fn from_private_components(r: BigNum, s: BigNum) -> Result { + pub fn from_private_components(r: &BigNumRef, s: &BigNumRef) -> Result { unsafe { let sig = cvt_p(ffi::ECDSA_SIG_new())?; cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?; - mem::forget((r, s)); Ok(EcdsaSig::from_ptr(sig as *mut _)) } } @@ -189,7 +187,7 @@ mod test { let r = res.private_component_r().unwrap().to_owned().unwrap(); let s = res.private_component_s().unwrap().to_owned().unwrap(); - let res2 = EcdsaSig::from_private_components(r, s).unwrap(); + let res2 = EcdsaSig::from_private_components(&r, &s).unwrap(); let verification2 = res2.verify(data.as_bytes(), &public_key).unwrap(); assert!(verification2); } From c0a4bc42021725d8ac3e2a7854c795c904eaa3d9 Mon Sep 17 00:00:00 2001 From: Rohit Aggarwal Date: Sun, 11 Mar 2018 07:41:22 +0000 Subject: [PATCH 10/10] Revert previous commit --- openssl/src/ecdsa.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs index 2161ecbf..b220350c 100644 --- a/openssl/src/ecdsa.rs +++ b/openssl/src/ecdsa.rs @@ -2,13 +2,14 @@ //! -use bn::BigNumRef; +use bn::{BigNum, BigNumRef}; use {cvt, cvt_n, cvt_p}; use ec::EcKeyRef; use error::ErrorStack; use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; use pkey::{Private, Public}; +use std::mem; foreign_type_and_impl_send_sync! { @@ -47,10 +48,11 @@ impl EcdsaSig { /// OpenSSL documentation at [`ECDSA_SIG_set0`] /// /// [`ECDSA_SIG_set0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_set0.html - pub fn from_private_components(r: &BigNumRef, s: &BigNumRef) -> Result { + pub fn from_private_components(r: BigNum, s: BigNum) -> Result { unsafe { let sig = cvt_p(ffi::ECDSA_SIG_new())?; cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?; + mem::forget((r, s)); Ok(EcdsaSig::from_ptr(sig as *mut _)) } } @@ -187,7 +189,7 @@ mod test { let r = res.private_component_r().unwrap().to_owned().unwrap(); let s = res.private_component_s().unwrap().to_owned().unwrap(); - let res2 = EcdsaSig::from_private_components(&r, &s).unwrap(); + let res2 = EcdsaSig::from_private_components(r, s).unwrap(); let verification2 = res2.verify(data.as_bytes(), &public_key).unwrap(); assert!(verification2); }