1#[cfg(feature = "fips")]
7use crate::aws_lc::EC_KEY_check_fips;
8#[cfg(not(feature = "fips"))]
9use crate::aws_lc::EC_KEY_check_key;
10use crate::aws_lc::{
11 ECDSA_SIG_from_bytes, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, EC_GROUP_get_curve_name,
12 EC_KEY_get0_group, EC_group_p224, EC_group_p256, EC_group_p384, EC_group_p521,
13 EC_group_secp256k1, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_get0_EC_KEY,
14 NID_X9_62_prime256v1, NID_secp224r1, NID_secp256k1, NID_secp384r1, NID_secp521r1, EC_GROUP,
15 EC_KEY, EVP_PKEY, EVP_PKEY_EC,
16};
17use crate::ec::signature::AlgorithmID;
18use crate::error::{KeyRejected, Unspecified};
19#[cfg(feature = "fips")]
20use crate::fips::indicator_check;
21use crate::ptr::{ConstPointer, LcPtr};
22use crate::signature::Signature;
23use core::ffi::c_int;
24use std::ptr::null;
25
26pub(crate) mod encoding;
27pub(crate) mod key_pair;
28pub(crate) mod signature;
29
30const ELEM_MAX_BITS: usize = 521;
31pub(crate) const ELEM_MAX_BYTES: usize = (ELEM_MAX_BITS + 7) / 8;
32
33pub(crate) const PUBLIC_KEY_MAX_LEN: usize = 1 + (2 * ELEM_MAX_BYTES);
35
36fn verify_ec_key_nid(
37 ec_key: &ConstPointer<EC_KEY>,
38 expected_curve_nid: i32,
39) -> Result<(), KeyRejected> {
40 let ec_group =
41 ec_key.project_const_lifetime(unsafe { |ec_key| EC_KEY_get0_group(**ec_key) })?;
42 let key_nid = unsafe { EC_GROUP_get_curve_name(*ec_group) };
43
44 if key_nid != expected_curve_nid {
45 return Err(KeyRejected::wrong_algorithm());
46 }
47 Ok(())
48}
49
50#[inline]
51#[cfg(not(feature = "fips"))]
52pub(crate) fn verify_evp_key_nid(
53 evp_pkey: &ConstPointer<EVP_PKEY>,
54 expected_curve_nid: i32,
55) -> Result<(), KeyRejected> {
56 let ec_key =
57 evp_pkey.project_const_lifetime(unsafe { |evp_pkey| EVP_PKEY_get0_EC_KEY(**evp_pkey) })?;
58 verify_ec_key_nid(&ec_key, expected_curve_nid)?;
59
60 Ok(())
61}
62
63#[inline]
64pub(crate) fn validate_ec_evp_key(
65 evp_pkey: &ConstPointer<EVP_PKEY>,
66 expected_curve_nid: i32,
67) -> Result<(), KeyRejected> {
68 let ec_key =
69 evp_pkey.project_const_lifetime(unsafe { |evp_pkey| EVP_PKEY_get0_EC_KEY(**evp_pkey) })?;
70 verify_ec_key_nid(&ec_key, expected_curve_nid)?;
71
72 #[cfg(not(feature = "fips"))]
73 if 1 != unsafe { EC_KEY_check_key(*ec_key) } {
74 return Err(KeyRejected::inconsistent_components());
75 }
76
77 #[cfg(feature = "fips")]
78 if 1 != indicator_check!(unsafe { EC_KEY_check_fips(*ec_key) }) {
79 return Err(KeyRejected::inconsistent_components());
80 }
81
82 Ok(())
83}
84
85#[inline]
86pub(crate) fn evp_key_generate(nid: c_int) -> Result<LcPtr<EVP_PKEY>, Unspecified> {
87 let params_fn = |ctx| {
88 if 1 == unsafe { EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) } {
89 Ok(())
90 } else {
91 Err(())
92 }
93 };
94 LcPtr::<EVP_PKEY>::generate(EVP_PKEY_EC, Some(params_fn))
95}
96
97#[inline]
98#[allow(non_upper_case_globals)]
99pub(crate) fn ec_group_from_nid(nid: i32) -> Result<ConstPointer<'static, EC_GROUP>, Unspecified> {
100 Ok(unsafe {
101 ConstPointer::new_static(match nid {
102 NID_secp224r1 => EC_group_p224(),
103 NID_X9_62_prime256v1 => EC_group_p256(),
104 NID_secp384r1 => EC_group_p384(),
105 NID_secp521r1 => EC_group_p521(),
106 NID_secp256k1 => EC_group_secp256k1(),
107 _ => {
108 null()
110 }
111 })?
112 })
113}
114
115#[inline]
116fn ecdsa_asn1_to_fixed(alg_id: &'static AlgorithmID, sig: &[u8]) -> Result<Signature, Unspecified> {
117 let expected_number_size = alg_id.private_key_size();
118
119 let ecdsa_sig = LcPtr::new(unsafe { ECDSA_SIG_from_bytes(sig.as_ptr(), sig.len()) })?;
120
121 let r_bn = ecdsa_sig
122 .project_const_lifetime(unsafe { |ecdsa_sig| ECDSA_SIG_get0_r(*ecdsa_sig.as_const()) })?;
123 let r_buffer = r_bn.to_be_bytes();
124
125 let s_bn = ecdsa_sig
126 .project_const_lifetime(unsafe { |ecdsa_sig| ECDSA_SIG_get0_s(*ecdsa_sig.as_const()) })?;
127 let s_buffer = s_bn.to_be_bytes();
128
129 Ok(Signature::new(|slice| {
130 let (r_start, r_end) = (expected_number_size - r_buffer.len(), expected_number_size);
131 let (s_start, s_end) = (
132 2 * expected_number_size - s_buffer.len(),
133 2 * expected_number_size,
134 );
135
136 slice[r_start..r_end].copy_from_slice(r_buffer.as_slice());
137 slice[s_start..s_end].copy_from_slice(s_buffer.as_slice());
138 2 * expected_number_size
139 }))
140}
141
142#[inline]
143pub(crate) const fn compressed_public_key_size_bytes(curve_field_bits: usize) -> usize {
144 1 + (curve_field_bits + 7) / 8
145}
146
147#[inline]
148pub(crate) const fn uncompressed_public_key_size_bytes(curve_field_bits: usize) -> usize {
149 1 + 2 * ((curve_field_bits + 7) / 8)
150}
151
152#[cfg(test)]
153mod tests {
154 use crate::encoding::{
155 AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der,
156 };
157 use crate::signature::{
158 EcdsaKeyPair, KeyPair, UnparsedPublicKey, ECDSA_P256_SHA256_FIXED,
159 ECDSA_P256_SHA256_FIXED_SIGNING,
160 };
161 use crate::test::from_dirty_hex;
162 use crate::{signature, test};
163
164 #[test]
165 fn test_from_pkcs8() {
166 let input = from_dirty_hex(
167 r"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420090460075f15d
168 2a256248000fb02d83ad77593dde4ae59fc5e96142dffb2bd07a14403420004cf0d13a3a7577231ea1b66cf4
169 021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0
170 437af3f7af6e724",
171 );
172
173 let result = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &input);
174 assert!(result.is_ok());
175 let key_pair = result.unwrap();
176 assert_eq!("EcdsaKeyPair { public_key: EcdsaPublicKey(\"04cf0d13a3a7577231ea1b66cf4021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0437af3f7af6e724\") }",
177 format!("{key_pair:?}"));
178 assert_eq!(
179 "EcdsaPrivateKey(ECDSA_P256)",
180 format!("{:?}", key_pair.private_key())
181 );
182 let pub_key = key_pair.public_key();
183 let der_pub_key: PublicKeyX509Der = pub_key.as_der().unwrap();
184
185 assert_eq!(
186 from_dirty_hex(
187 r"3059301306072a8648ce3d020106082a8648ce3d03010703420004cf0d13a3a7577231ea1b66cf402
188 1cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9
189 b0437af3f7af6e724",
190 )
191 .as_slice(),
192 der_pub_key.as_ref()
193 );
194 }
195
196 #[test]
197 fn test_ecdsa_asn1_verify() {
198 let alg = &signature::ECDSA_P256_SHA256_ASN1;
208 let msg = "";
209 let public_key = from_dirty_hex(
210 r"0430345fd47ea21a11129be651b0884bfac698377611acc9f689458e1
211 3b9ed7d4b9d7599a68dcf125e7f31055ccb374cd04f6d6fd2b217438a63f6f667d50ef2f0",
212 );
213 let sig = from_dirty_hex(
214 r"30440220341f6779b75e98bb42e01095dd48356cbf9002dc704ac8bd2a8240b8
215 8d3796c60220555843b1b4e264fe6ffe6e2b705a376c05c09404303ffe5d2711f3e3b3a010a1",
216 );
217 let unparsed_pub_key = signature::UnparsedPublicKey::new(alg, &public_key);
218
219 let actual_result = unparsed_pub_key.verify(msg.as_bytes(), &sig);
220 assert!(actual_result.is_ok(), "Key: {}", test::to_hex(public_key));
221 }
222
223 #[test]
224 fn public_key_formats() {
225 const MESSAGE: &[u8] = b"message to be signed";
226
227 let key_pair = EcdsaKeyPair::generate(&ECDSA_P256_SHA256_FIXED_SIGNING).unwrap();
228 let public_key = key_pair.public_key();
229 let as_ref_bytes = public_key.as_ref();
230 let compressed = AsBigEndian::<EcPublicKeyCompressedBin>::as_be_bytes(public_key).unwrap();
231 let uncompressed =
232 AsBigEndian::<EcPublicKeyUncompressedBin>::as_be_bytes(public_key).unwrap();
233 let pub_x509 = AsDer::<PublicKeyX509Der>::as_der(public_key).unwrap();
234 assert_eq!(as_ref_bytes, uncompressed.as_ref());
235 assert_ne!(compressed.as_ref()[0], 0x04);
236
237 let rng = crate::rand::SystemRandom::new();
238
239 let signature = key_pair.sign(&rng, MESSAGE).unwrap();
240
241 for pub_key_bytes in [
242 as_ref_bytes,
243 compressed.as_ref(),
244 uncompressed.as_ref(),
245 pub_x509.as_ref(),
246 ] {
247 UnparsedPublicKey::new(&ECDSA_P256_SHA256_FIXED, pub_key_bytes)
248 .verify(MESSAGE, signature.as_ref())
249 .unwrap();
250 }
251 }
252}