min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #863 from rohit-lshift/master 

Exposed some of ECDSA functions
This commit is contained in:
Steven Fackler 2018-03-11 15:08:16 -07:00 committed by GitHub
parent f2575138eb c0a4bc4202
commit 1b830c3fb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 219 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssl-sys/src/lib.rs
View File

@ -1914,6 +1914,12 @@ extern "C" {
ctx: *mut BN_CTX, ctx: *mut BN_CTX,
) -> c_int; ) -> c_int;
pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int,
sig: *const ECDSA_SIG, eckey: *mut EC_KEY) -> c_int;
pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut EC_KEY) -> *mut ECDSA_SIG;
pub fn ERR_peek_last_error() -> c_ulong; pub fn ERR_peek_last_error() -> c_ulong;
pub fn ERR_get_error() -> c_ulong; pub fn ERR_get_error() -> c_ulong;
pub fn ERR_get_error_line_data( pub fn ERR_get_error_line_data(

6
openssl-sys/src/libressl/mod.rs
View File

@ -133,6 +133,12 @@ pub struct DSA {
pub engine: *mut ::ENGINE, pub engine: *mut ::ENGINE,
} }
#[repr(C)]
pub struct ECDSA_SIG {
pub r: *mut ::BIGNUM,
pub s: *mut ::BIGNUM
}
#[repr(C)] #[repr(C)]
pub struct EVP_PKEY { pub struct EVP_PKEY {
pub type_: c_int, pub type_: c_int,

6
openssl-sys/src/ossl10x.rs
View File

@ -128,6 +128,12 @@ pub struct DSA {
pub engine: *mut ::ENGINE, pub engine: *mut ::ENGINE,
} }
#[repr(C)]
pub struct ECDSA_SIG {
pub r: *mut BIGNUM,
pub s: *mut BIGNUM
}
#[repr(C)] #[repr(C)]
pub struct EVP_PKEY { pub struct EVP_PKEY {
pub type_: c_int, pub type_: c_int,

4
openssl-sys/src/ossl110.rs
View File

@ -8,6 +8,7 @@ pub enum BIO_METHOD {}
pub enum CRYPTO_EX_DATA {} pub enum CRYPTO_EX_DATA {}
pub enum DH {} pub enum DH {}
pub enum DSA {} pub enum DSA {}
pub enum ECDSA_SIG {}
pub enum EVP_CIPHER {} pub enum EVP_CIPHER {}
pub enum EVP_MD_CTX {} pub enum EVP_MD_CTX {}
pub enum EVP_PKEY {} pub enum EVP_PKEY {}
@ -363,4 +364,7 @@ extern "C" {
) -> *mut PKCS12; ) -> *mut PKCS12;
pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long; pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long;
pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME; pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME;
pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM);
pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int;
} }

196
openssl/src/ecdsa.rs Normal file
View File

@ -0,0 +1,196 @@
//! Low level Elliptic Curve Digital Signature Algorithm (ECDSA) functions.
//!
use bn::{BigNum, BigNumRef};
use {cvt, cvt_n, cvt_p};
use ec::EcKeyRef;
use error::ErrorStack;
use ffi;
use foreign_types::{ForeignType, ForeignTypeRef};
use pkey::{Private, Public};
use std::mem;
foreign_type_and_impl_send_sync! {
type CType = ffi::ECDSA_SIG;
fn drop = ffi::ECDSA_SIG_free;
/// A low level interface to ECDSA
///
/// OpenSSL documentation at [`ECDSA_sign`]
///
/// [`ECDSA_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_sign.html
pub struct EcdsaSig;
/// Reference to [`EcdsaSig`]
///
/// [`EcdsaSig`]: struct.EcdsaSig.html
pub struct EcdsaSigRef;
}
impl EcdsaSig {
/// Computes a digital signature of the hash value `data` using the private EC key eckey.
///
/// OpenSSL documentation at [`ECDSA_do_sign`]
///
/// [`ECDSA_do_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_sign.html
pub fn sign(data: &[u8], eckey: &EcKeyRef<Private>) -> Result<EcdsaSig, ErrorStack> {
unsafe {
let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), data.len() as i32, eckey.as_ptr()))?;
Ok(EcdsaSig::from_ptr(sig as *mut _))
}
}
/// Returns a new `EcdsaSig` by setting the `r` and `s` values associated with a
/// ECDSA signature.
///
/// OpenSSL documentation at [`ECDSA_SIG_set0`]
///
/// [`ECDSA_SIG_set0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_set0.html
pub fn from_private_components(r: BigNum, s: BigNum) -> Result<EcdsaSig, ErrorStack> {
unsafe {
let sig = cvt_p(ffi::ECDSA_SIG_new())?;
cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?;
mem::forget((r, s));
Ok(EcdsaSig::from_ptr(sig as *mut _))
}
}
/// Verifies if the signature is a valid ECDSA signature using the given public key
///
/// OpenSSL documentation at [`ECDSA_do_verify`]
///
/// [`ECDSA_do_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_verify.html
pub fn verify(&self, data: &[u8], eckey: &EcKeyRef<Public>) -> Result<bool, ErrorStack> {
unsafe {
let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), data.len() as i32, self.as_ptr(), eckey.as_ptr()))?;
Ok(x == 1)
}
}
/// Returns internal component: `r` of a `EcdsaSig`. (See X9.62 or FIPS 186-2)
///
/// OpenSSL documentation at [`ECDSA_SIG_get0`]
///
/// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html
pub fn private_component_r(&self) -> Option<&BigNumRef> {
unsafe {
let xs = compat::get_numbers(self.as_ptr());
let r = if xs[0].is_null() { None } else { Some(BigNumRef::from_ptr(xs[0] as *mut _)) };
r
}
}
/// Returns internal components: `s` of a `EcdsaSig`. (See X9.62 or FIPS 186-2)
///
/// OpenSSL documentation at [`ECDSA_SIG_get0`]
///
/// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html
pub fn private_component_s(&self) -> Option<&BigNumRef> {
unsafe {
let xs = compat::get_numbers(self.as_ptr());
let s = if xs[1].is_null() { None } else { Some(BigNumRef::from_ptr(xs[1] as *mut _)) };
s
}
}
}
#[cfg(ossl110)]
mod compat {
use std::ptr;
use libc::c_int;
use ffi::{self, BIGNUM, ECDSA_SIG};
pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
ffi::ECDSA_SIG_set0(sig, r, s)
}
pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
let (mut r, mut s) = (ptr::null(), ptr::null());
ffi::ECDSA_SIG_get0(sig, &mut r, &mut s);
[r, s]
}
}
#[cfg(ossl10x)]
mod compat {
use libc::c_int;
use ffi::{BIGNUM, ECDSA_SIG};
pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
(*sig).r = r;
(*sig).s = s;
1
}
pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
[(*sig).r, (*sig).s]
}
}
#[cfg(test)]
mod test {
use nid::Nid;
use ec::EcGroup;
use ec::EcKey;
use super::*;
#[cfg(not(osslconf = "OPENSSL_NO_EC2M"))]
static CURVE_IDENTIFER: Nid = Nid::X9_62_PRIME192V1;
#[cfg(osslconf = "OPENSSL_NO_EC2M")]
static CURVE_IDENTIFER: Nid = Nid::X9_62_C2TNB191V1;
fn get_public_key(group: &EcGroup, x: &EcKey<Private>) -> Result<EcKey<Public>, ErrorStack> {
let public_key_point = x.public_key();
Ok(EcKey::from_public_key(group, public_key_point)?)
}
#[test]
fn sign_and_verify() {
let group = EcGroup::from_curve_name(CURVE_IDENTIFER).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let private_key2 = EcKey::generate(&group).unwrap();
let public_key2 = get_public_key(&group, &private_key2).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap();
// Signature can be verified using the correct data & correct public key
let verification = res.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification);
// Signature will not be verified using the incorrect data but the correct public key
let verification2 = res.verify(String::from("hello2").as_bytes(), &public_key).unwrap();
assert!(verification2 == false);
// Signature will not be verified using the correct data but the incorrect public key
let verification3 = res.verify(data.as_bytes(), &public_key2).unwrap();
assert!(verification3 == false);
}
#[test]
fn check_private_components() {
let group = EcGroup::from_curve_name(CURVE_IDENTIFER).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), &private_key).unwrap();
let verification = res.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification);
let r = res.private_component_r().unwrap().to_owned().unwrap();
let s = res.private_component_s().unwrap().to_owned().unwrap();
let res2 = EcdsaSig::from_private_components(r, s).unwrap();
let verification2 = res2.verify(data.as_bytes(), &public_key).unwrap();
assert!(verification2);
}
}

1
openssl/src/lib.rs
View File

@ -39,6 +39,7 @@ pub mod derive;
pub mod dh; pub mod dh;
pub mod dsa; pub mod dsa;
pub mod ec; pub mod ec;
pub mod ecdsa;
pub mod error; pub mod error;
pub mod ex_data; pub mod ex_data;
#[cfg(not(libressl))] #[cfg(not(libressl))]