From 2d6cd9eb1633ad80636d273f823b64d723a4be76 Mon Sep 17 00:00:00 2001
From: Rohit Aggarwal <rohit.aggarwal@oliverwyman.com>
Date: Thu, 8 Mar 2018 09:44:05 +0000
Subject: [PATCH] Exposed some of ECDSA functions

---
 openssl-sys/src/ossl10x.rs |  26 ++++++
 openssl-sys/src/ossl110.rs |  23 +++++
 openssl/src/ecdsa.rs       | 179 +++++++++++++++++++++++++++++++++++++
 openssl/src/lib.rs         |   1 +
 4 files changed, 229 insertions(+)
 create mode 100644 openssl/src/ecdsa.rs

diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs
index f8ff7193..78c76b6e 100644
--- a/openssl-sys/src/ossl10x.rs
+++ b/openssl-sys/src/ossl10x.rs
@@ -128,6 +128,12 @@ pub struct DSA {
     pub engine: *mut ::ENGINE,
 }
 
+#[repr(C)]
+pub struct ECDSA_SIG {
+    pub r: *mut BIGNUM,
+    pub s: *mut BIGNUM
+}
+
 #[repr(C)]
 pub struct EVP_PKEY {
     pub type_: c_int,
@@ -823,6 +829,26 @@ extern "C" {
     );
     pub fn CRYPTO_set_id_callback(func: unsafe extern "C" fn() -> c_ulong);
 
+    pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
+    pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
+    pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int;
+    pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG;
+    pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int;
+    pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
+                      sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int;
+    pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
+    pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
+                       sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int;
+    pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int,
+                           sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int;
+    pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int,
+                            kinv: *const BIGNUM, rp: *const BIGNUM,
+                            eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
+    pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int;
+    pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
+                         sig: *mut c_uchar, siglen: *mut c_uint,
+                         kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int;
+
     pub fn ERR_load_crypto_strings();
 
     pub fn RSA_generate_key(
diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs
index b02c296d..d6f4eb99 100644
--- a/openssl-sys/src/ossl110.rs
+++ b/openssl-sys/src/ossl110.rs
@@ -8,6 +8,7 @@ pub enum BIO_METHOD {}
 pub enum CRYPTO_EX_DATA {}
 pub enum DH {}
 pub enum DSA {}
+pub enum ECDSA_SIG {}
 pub enum EVP_CIPHER {}
 pub enum EVP_MD_CTX {}
 pub enum EVP_PKEY {}
@@ -363,4 +364,26 @@ extern "C" {
     ) -> *mut PKCS12;
     pub fn X509_REQ_get_version(req: *const X509_REQ) -> c_long;
     pub fn X509_REQ_get_subject_name(req: *const X509_REQ) -> *mut ::X509_NAME;
+
+    pub fn ECDSA_SIG_new() -> *mut ECDSA_SIG;
+    pub fn ECDSA_SIG_free(sig: *mut ECDSA_SIG);
+    pub fn ECDSA_SIG_get0(sig: *const ECDSA_SIG, pr: *mut *const BIGNUM, ps: *mut *const BIGNUM);
+    pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int;
+    pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, pp: *mut *mut c_uchar) -> c_int;
+    pub fn d2i_ECDSA_SIG(sig: *mut *mut ECDSA_SIG, pp: *mut *const c_uchar, len: c_long) -> *mut ECDSA_SIG;
+    pub fn ECDSA_size(eckey: *const ::EC_KEY) -> c_int;
+    pub fn ECDSA_sign(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
+                      sig: *mut c_uchar, siglen: *mut c_uint, eckey: *mut ::EC_KEY) -> c_int;
+    pub fn ECDSA_do_sign(dgst: *const c_uchar, dgst_len: c_int, eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
+    pub fn ECDSA_verify(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
+                       sig: *const c_uchar, siglen: c_int, eckey: *mut ::EC_KEY) -> c_int;
+    pub fn ECDSA_do_verify(dgst: *const c_uchar, dgst_len: c_int,
+                           sig: *const ECDSA_SIG, eckey: *mut ::EC_KEY) -> c_int;
+    pub fn ECDSA_do_sign_ex(dgst: *const c_uchar, dgstlen: c_int,
+                            kinv: *const BIGNUM, rp: *const BIGNUM,
+                            eckey: *mut ::EC_KEY) -> *mut ECDSA_SIG;
+    pub fn ECDSA_sign_setup(eckey: *mut ::EC_KEY, ctx: *mut ::BN_CTX, kinv: *mut *mut BIGNUM, rp: *mut *mut BIGNUM) -> c_int;
+    pub fn ECDSA_sign_ex(_type: c_int, dgst: *const c_uchar, dgstlen: c_int,
+                         sig: *mut c_uchar, siglen: *mut c_uint,
+                         kinv: *const BIGNUM, rp: *const BIGNUM, eckey: *mut ::EC_KEY) -> c_int;
 }
diff --git a/openssl/src/ecdsa.rs b/openssl/src/ecdsa.rs
new file mode 100644
index 00000000..50cb0b62
--- /dev/null
+++ b/openssl/src/ecdsa.rs
@@ -0,0 +1,179 @@
+//! Low level Elliptic Curve Digital Signature Algorithm (ECDSA) functions.
+//! 
+
+
+use bn::{BigNum, BigNumRef};
+use {cvt, cvt_n, cvt_p};
+use ec::EcKey;
+use error::ErrorStack;
+use ffi;
+use foreign_types::{ForeignType, ForeignTypeRef};
+use pkey::{Private, Public};
+use std::mem;
+
+
+foreign_type_and_impl_send_sync! {
+    type CType = ffi::ECDSA_SIG;
+    fn drop = ffi::ECDSA_SIG_free;
+
+    /// A low level interface to ECDSA
+    ///
+    /// OpenSSL documentation at [`ECDSA_sign`]
+    ///
+    /// [`ECDSA_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_sign.html
+    pub struct EcdsaSig;
+    /// Reference to [`EcdsaSig`]
+    ///
+    /// [`EcdsaSig`]: struct.EcdsaSig.html
+    pub struct EcdsaSigRef;
+}
+
+impl EcdsaSig {
+
+    /// Computes a digital signature of the `dgstlen` bytes hash value `data` using the private EC key eckey.
+    /// Some example values associated with `dgstlen` are: for SHA-1, it is 20; for SHA-256 it is 32 etc.
+    ///
+    /// OpenSSL documentation at [`ECDSA_do_sign`]
+    ///
+    /// [`ECDSA_do_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_sign.html
+    pub fn sign(data: &[u8], dgstlen: i32, eckey: &EcKey<Private>) -> Result<EcdsaSig, ErrorStack> {
+        unsafe {
+            let sig = cvt_p(ffi::ECDSA_do_sign(data.as_ptr(), dgstlen, eckey.as_ptr()))?;
+            Ok(EcdsaSig::from_ptr(sig as *mut _))
+        }
+    }
+
+    /// Returns a new `EcdsaSig` by setting the `r` and `s` values associated with a
+    /// ECDSA signature.
+    ///
+    /// OpenSSL documentation at [`ECDSA_SIG_set0`]
+    ///
+    /// [`ECDSA_SIG_set0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_set0.html
+    pub fn from_private_components(r: BigNum, s: BigNum) -> Result<EcdsaSig, ErrorStack> {
+        unsafe {
+            let sig = cvt_p(ffi::ECDSA_SIG_new())?;
+            cvt(compat::set_numbers(sig, r.as_ptr(), s.as_ptr()))?;
+            mem::forget((r, s));
+            Ok(EcdsaSig::from_ptr(sig as *mut _))
+        }
+    }
+
+    /// Verifies if the signature is a valid ECDSA signature using the given public key
+    ///
+    /// OpenSSL documentation at [`ECDSA_do_verify`]
+    ///
+    /// [`ECDSA_do_verify`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_do_verify.html
+    pub fn verify(&self, data: &[u8], dgstlen: i32, eckey: &EcKey<Public>) -> Result<bool, ErrorStack> {
+        unsafe {
+            let x = cvt_n(ffi::ECDSA_do_verify(data.as_ptr(), dgstlen, self.as_ptr(), eckey.as_ptr()))?;
+            Ok(x == 1)
+        }
+    }
+
+    /// Returns internal components: `r` and `s` of a `EcdsaSig`. (See X9.62 or FIPS 186-2)
+    ///
+    /// OpenSSL documentation at [`ECDSA_SIG_get0`]
+    ///
+    /// [`ECDSA_SIG_get0`]: https://www.openssl.org/docs/man1.1.0/crypto/ECDSA_SIG_get0.html
+    pub fn private_components(&self) -> (Option<&BigNumRef>, Option<&BigNumRef>) {
+        unsafe {
+            let xs = compat::get_numbers(self.as_ptr());
+            let r = if xs[0].is_null() { None } else { Some(BigNumRef::from_ptr(xs[0] as *mut _)) };
+            let s = if xs[1].is_null() { None } else { Some(BigNumRef::from_ptr(xs[1] as *mut _)) };
+            (r, s)
+        }
+    }
+
+}
+
+#[cfg(ossl110)]
+mod compat {
+    use std::ptr;
+
+    use libc::c_int;
+    use ffi::{self, BIGNUM, ECDSA_SIG};
+
+    pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
+        ffi::ECDSA_SIG_set0(sig, r, s)
+    }
+
+    pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
+        let (mut r, mut s) = (ptr::null(), ptr::null());
+        ffi::ECDSA_SIG_get0(sig, &mut r, &mut s);
+        [r, s]
+    }
+}
+
+#[cfg(ossl10x)]
+mod compat {
+    use libc::c_int;
+    use ffi::{BIGNUM, ECDSA_SIG};
+
+    pub unsafe fn set_numbers(sig: *mut ECDSA_SIG, r: *mut BIGNUM, s: *mut BIGNUM) -> c_int {
+        (*sig).r = r;
+        (*sig).s = s;
+        1
+    }
+
+    pub unsafe fn get_numbers(sig: *mut ECDSA_SIG) -> [*const BIGNUM; 2] {
+        [(*sig).r, (*sig).s]
+    }
+
+}
+
+#[cfg(test)]
+mod test {
+    use nid::Nid;
+    use ec::EcGroup;
+    use super::*;
+
+    fn get_public_key(group: &EcGroup, x: &EcKey<Private>) -> Result<EcKey<Public>, ErrorStack> {
+        let public_key_point = x.public_key();
+        Ok(EcKey::from_public_key(group, public_key_point)?)
+    }
+
+    #[test]
+    fn sign_and_verify() {
+        let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
+        let private_key = EcKey::generate(&group).unwrap();
+        let public_key = get_public_key(&group, &private_key).unwrap();
+
+        let private_key2 = EcKey::generate(&group).unwrap();
+        let public_key2 = get_public_key(&group, &private_key2).unwrap();
+
+        let data = String::from("hello");
+        let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap();
+
+        // Signature can be verified using the correct data & correct public key
+        let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap();
+        assert!(verification);
+
+        // Signature will not be verified using the incorrect data but the correct public key
+        let verification2 = res.verify(String::from("hello2").as_bytes(), 32, &public_key).unwrap();
+        assert!(verification2 == false);
+
+        // Signature will not be verified using the correct data but the incorrect public key
+        let verification3 = res.verify(data.as_bytes(), 32, &public_key2).unwrap();
+        assert!(verification3 == false);
+    }
+
+    #[test]
+    fn check_private_components() {
+        let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
+        let private_key = EcKey::generate(&group).unwrap();
+        let public_key = get_public_key(&group, &private_key).unwrap();
+        let data = String::from("hello");
+        let res = EcdsaSig::sign(data.as_bytes(), 32, &private_key).unwrap();
+
+        let verification = res.verify(data.as_bytes(), 32, &public_key).unwrap();
+        assert!(verification);
+
+        let x = res.private_components();
+        let r = x.0.unwrap().to_owned().unwrap();
+        let s = x.1.unwrap().to_owned().unwrap();
+
+        let res2 = EcdsaSig::from_private_components(r, s).unwrap();
+        let verification2 = res2.verify(data.as_bytes(), 32, &public_key).unwrap();
+        assert!(verification2);
+    }
+}
\ No newline at end of file
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index 321a301f..e4b621ef 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -39,6 +39,7 @@ pub mod derive;
 pub mod dh;
 pub mod dsa;
 pub mod ec;
+pub mod ecdsa;
 pub mod error;
 pub mod ex_data;
 #[cfg(not(libressl))]