min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Exposed some of ECDSA functions

This commit is contained in:
Rohit Aggarwal 2018-03-08 09:44:05 +00:00
parent f645165ee2
commit 2d6cd9eb16
4 changed files with 229 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
openssl-sys/src/ossl10x.rs
View File

@ -128,6 +128,12 @@ pub struct DSA {
pub engine: *mut ::ENGINE,
}
#[repr(C)]
pub struct ECDSA_SIG {
pub r: *mut BIGNUM,
pub s: *mut BIGNUM
}
#[repr(C)]
pub struct EVP_PKEY {
pub type_: c_int,
@ -823,6 +829,26 @@ extern "C" {
);
pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong);
pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int;
pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG;
pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int;
pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int;
pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int;
pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int,
sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int;
pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int,
kinv: *const BIGNUM, rp: *const BIGNUM,
eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int;
pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
sig: *mut c_uchar, siglen: *mut c_uint,
kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int;
pub fn ERR_load_crypto_strings();
pub fn RSA_generate_key(

23
openssl-sys/src/ossl110.rs
View File

@ -8,6 +8,7 @@ pub enum BIO_METHOD {}
pub enum CRYPTO_EX_DATA {}
pub enum DH {}
pub enum DSA {}
pub enum ECDSA_SIG {}
pub enum EVP_CIPHER {}
pub enum EVP_MD_CTX {}
pub enum EVP_PKEY {}
@ -363,4 +364,26 @@ extern "C" {
) -> *mut PKCS12;
pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long;
pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME;
pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM);
pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int;
pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int;
pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG;
pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int;
pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int;
pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int;
pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int,
sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int;
pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int,
kinv: *const BIGNUM, rp: *const BIGNUM,
eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int;
pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
sig: *mut c_uchar, siglen: *mut c_uint,
kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int;
}

179
openssl/src/ecdsa.rs Normal file
View File

@ -0,0 +1,179 @@
//! Low level Elliptic Curve Digital Signature Algorithm (ECDSA) functions.
//!
use bn::{BigNum, BigNumRef};
use {cvt, cvt_n, cvt_p};
use ec::EcKey;
use error::ErrorStack;
use ffi;
use foreign_types::{ForeignType, ForeignTypeRef};
use pkey::{Private, Public};
use std::mem;
foreign_type_and_impl_send_sync! {
type CType = ffi::ECDSA_SIG;
fn drop = ffi::ECDSA_SIG_free;
/// A low level interface to ECDSA
///
/// OpenSSL documentation at [`ECDSA_sign`]
///
/// [`ECDSA_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_sign.html
pub struct EcdsaSig;
/// Reference to [`EcdsaSig`]
///
/// [`EcdsaSig`]: struct.EcdsaSig.html
pub struct EcdsaSigRef;
}
impl EcdsaSig {
/// Computes a digital signature of the `dgstlen` bytes hash value `data` using the private EC key eckey.
/// Some example values associated with `dgstlen` are: for SHA-1, it is 20; for SHA-256 it is 32 etc.
///
/// OpenSSL documentation at [`ECDSA_do_sign`]
///
/// [`ECDSA_do_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_sign.html
pub fn sign(data: &[u8], dgstlen: i32, eckey: &EcKey<Private>) -> Result<EcdsaSig, ErrorStack> {
unsafe {
let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), dgstlen, eckey.as_ptr()))?;
Ok(EcdsaSig::from_ptr(sig as *mut _))
}
}
/// Returns a new `EcdsaSig` by setting the `r` and `s` values associated with a
/// ECDSA signature.
///
/// OpenSSL documentation at [`ECDSA_SIG_set0`]
///
/// [`ECDSA_SIG_set0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_set0.html
pub fn from_private_components(r: BigNum, s: BigNum) -> Result<EcdsaSig, ErrorStack> {
unsafe {
let sig = cvt_p(ffi::ECDSA_SIG_new())?;
cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?;
mem::forget((r, s));
Ok(EcdsaSig::from_ptr(sig as *mut _))
}
}
/// Verifies if the signature is a valid ECDSA signature using the given public key
///
/// OpenSSL documentation at [`ECDSA_do_verify`]
///
/// [`ECDSA_do_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_verify.html
pub fn verify(&self, data: &[u8], dgstlen: i32, eckey: &EcKey<Public>) -> Result<bool, ErrorStack> {
unsafe {
let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), dgstlen, self.as_ptr(), eckey.as_ptr()))?;
Ok(x == 1)
}
}
/// Returns internal components: `r` and `s` of a `EcdsaSig`. (See X9.62 or FIPS 186-2)
///
/// OpenSSL documentation at [`ECDSA_SIG_get0`]
///
/// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html
pub fn private_components(&self) -> (Option<&BigNumRef>, Option<&BigNumRef>) {
unsafe {
let xs = compat::get_numbers(self.as_ptr());
let r = if xs[0].is_null() { None } else { Some(BigNumRef::from_ptr(xs[0] as *mut _)) };
let s = if xs[1].is_null() { None } else { Some(BigNumRef::from_ptr(xs[1] as *mut _)) };
(r, s)
}
}
}
#[cfg(ossl110)]
mod compat {
use std::ptr;
use libc::c_int;
use ffi::{self, BIGNUM, ECDSA_SIG};
pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
ffi::ECDSA_SIG_set0(sig, r, s)
}
pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
let (mut r, mut s) = (ptr::null(), ptr::null());
ffi::ECDSA_SIG_get0(sig, &mut r, &mut s);
[r, s]
}
}
#[cfg(ossl10x)]
mod compat {
use libc::c_int;
use ffi::{BIGNUM, ECDSA_SIG};
pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
(*sig).r = r;
(*sig).s = s;
1
}
pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
[(*sig).r, (*sig).s]
}
}
#[cfg(test)]
mod test {
use nid::Nid;
use ec::EcGroup;
use super::*;
fn get_public_key(group: &EcGroup, x: &EcKey<Private>) -> Result<EcKey<Public>, ErrorStack> {
let public_key_point = x.public_key();
Ok(EcKey::from_public_key(group, public_key_point)?)
}
#[test]
fn sign_and_verify() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let private_key2 = EcKey::generate(&group).unwrap();
let public_key2 = get_public_key(&group, &private_key2).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap();
// Signature can be verified using the correct data & correct public key
let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap();
assert!(verification);
// Signature will not be verified using the incorrect data but the correct public key
let verification2 = res.verify(String::from("hello2").as_bytes(), 32, &public_key).unwrap();
assert!(verification2 == false);
// Signature will not be verified using the correct data but the incorrect public key
let verification3 = res.verify(data.as_bytes(), 32, &public_key2).unwrap();
assert!(verification3 == false);
}
#[test]
fn check_private_components() {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let private_key = EcKey::generate(&group).unwrap();
let public_key = get_public_key(&group, &private_key).unwrap();
let data = String::from("hello");
let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap();
let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap();
assert!(verification);
let x = res.private_components();
let r = x.0.unwrap().to_owned().unwrap();
let s = x.1.unwrap().to_owned().unwrap();
let res2 = EcdsaSig::from_private_components(r, s).unwrap();
let verification2 = res2.verify(data.as_bytes(), 32, &public_key).unwrap();
assert!(verification2);
}
}

1
openssl/src/lib.rs
View File

@ -39,6 +39,7 @@ pub mod derive;
pub mod dh;
pub mod dsa;
pub mod ec;
pub mod ecdsa;
pub mod error;
pub mod ex_data;
#[cfg(not(libressl))]