1#[cfg(feature = "fips")]
7use crate::aws_lc::EC_KEY_check_fips;
8#[cfg(not(feature = "fips"))]
9use crate::aws_lc::EC_KEY_check_key;
10use crate::aws_lc::{
11 ECDSA_SIG_from_bytes, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, EC_GROUP_get_curve_name,
12 EC_KEY_get0_group, EC_group_p224, EC_group_p256, EC_group_p384, EC_group_p521,
13 EC_group_secp256k1, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_get0_EC_KEY,
14 NID_X9_62_prime256v1, NID_secp224r1, NID_secp256k1, NID_secp384r1, NID_secp521r1, EC_GROUP,
15 EC_KEY, EVP_PKEY, EVP_PKEY_EC,
16};
17use crate::ec::signature::AlgorithmID;
18use crate::error::{KeyRejected, Unspecified};
19#[cfg(feature = "fips")]
20use crate::fips::indicator_check;
21use crate::ptr::{ConstPointer, LcPtr};
22use crate::signature::Signature;
23use core::ffi::c_int;
24use std::ptr::null;
25
26pub(crate) mod encoding;
27pub(crate) mod key_pair;
28pub(crate) mod signature;
29
30const ELEM_MAX_BITS: usize = 521;
31pub(crate) const ELEM_MAX_BYTES: usize = (ELEM_MAX_BITS + 7) / 8;
32
33pub(crate) const PUBLIC_KEY_MAX_LEN: usize = 1 + (2 * ELEM_MAX_BYTES);
35
36fn verify_ec_key_nid(
37 ec_key: &ConstPointer<EC_KEY>,
38 expected_curve_nid: i32,
39) -> Result<(), KeyRejected> {
40 let ec_group = ec_key
41 .project_const_lifetime(unsafe { |ec_key| EC_KEY_get0_group(ec_key.as_const_ptr()) })?;
42 let key_nid = unsafe { EC_GROUP_get_curve_name(ec_group.as_const_ptr()) };
43
44 if key_nid != expected_curve_nid {
45 return Err(KeyRejected::wrong_algorithm());
46 }
47 Ok(())
48}
49
50#[inline]
51#[cfg(not(feature = "fips"))]
52pub(crate) fn verify_evp_key_nid(
53 evp_pkey: &ConstPointer<EVP_PKEY>,
54 expected_curve_nid: i32,
55) -> Result<(), KeyRejected> {
56 let ec_key = evp_pkey.project_const_lifetime(unsafe {
57 |evp_pkey| EVP_PKEY_get0_EC_KEY(evp_pkey.as_const_ptr())
58 })?;
59 verify_ec_key_nid(&ec_key, expected_curve_nid)?;
60
61 Ok(())
62}
63
64#[inline]
65pub(crate) fn validate_ec_evp_key(
66 evp_pkey: &ConstPointer<EVP_PKEY>,
67 expected_curve_nid: i32,
68) -> Result<(), KeyRejected> {
69 let ec_key = evp_pkey.project_const_lifetime(unsafe {
70 |evp_pkey| EVP_PKEY_get0_EC_KEY(evp_pkey.as_const_ptr())
71 })?;
72 verify_ec_key_nid(&ec_key, expected_curve_nid)?;
73
74 #[cfg(not(feature = "fips"))]
75 if 1 != unsafe { EC_KEY_check_key(ec_key.as_const_ptr()) } {
76 return Err(KeyRejected::inconsistent_components());
77 }
78
79 #[cfg(feature = "fips")]
80 if 1 != indicator_check!(unsafe { EC_KEY_check_fips(ec_key.as_const_ptr()) }) {
81 return Err(KeyRejected::inconsistent_components());
82 }
83
84 Ok(())
85}
86
87#[inline]
88pub(crate) fn evp_key_generate(nid: c_int) -> Result<LcPtr<EVP_PKEY>, Unspecified> {
89 let params_fn = |ctx| {
90 if 1 == unsafe { EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) } {
91 Ok(())
92 } else {
93 Err(())
94 }
95 };
96 LcPtr::<EVP_PKEY>::generate(EVP_PKEY_EC, Some(params_fn))
97}
98
99#[inline]
100#[allow(non_upper_case_globals)]
101pub(crate) fn ec_group_from_nid(nid: i32) -> Result<ConstPointer<'static, EC_GROUP>, Unspecified> {
102 Ok(unsafe {
103 ConstPointer::new_static(match nid {
104 NID_secp224r1 => EC_group_p224(),
105 NID_X9_62_prime256v1 => EC_group_p256(),
106 NID_secp384r1 => EC_group_p384(),
107 NID_secp521r1 => EC_group_p521(),
108 NID_secp256k1 => EC_group_secp256k1(),
109 _ => {
110 null()
112 }
113 })?
114 })
115}
116
117#[inline]
118fn ecdsa_asn1_to_fixed(alg_id: &'static AlgorithmID, sig: &[u8]) -> Result<Signature, Unspecified> {
119 let expected_number_size = alg_id.private_key_size();
120
121 let ecdsa_sig = LcPtr::new(unsafe { ECDSA_SIG_from_bytes(sig.as_ptr(), sig.len()) })?;
122
123 let r_bn = ecdsa_sig.project_const_lifetime(unsafe {
124 |ecdsa_sig| ECDSA_SIG_get0_r(ecdsa_sig.as_const_ptr())
125 })?;
126 let r_buffer = r_bn.to_be_bytes();
127
128 let s_bn = ecdsa_sig.project_const_lifetime(unsafe {
129 |ecdsa_sig| ECDSA_SIG_get0_s(ecdsa_sig.as_const_ptr())
130 })?;
131 let s_buffer = s_bn.to_be_bytes();
132
133 Ok(Signature::new(|slice| {
134 let (r_start, r_end) = (expected_number_size - r_buffer.len(), expected_number_size);
135 let (s_start, s_end) = (
136 2 * expected_number_size - s_buffer.len(),
137 2 * expected_number_size,
138 );
139
140 slice[r_start..r_end].copy_from_slice(r_buffer.as_slice());
141 slice[s_start..s_end].copy_from_slice(s_buffer.as_slice());
142 2 * expected_number_size
143 }))
144}
145
146#[inline]
147pub(crate) const fn compressed_public_key_size_bytes(curve_field_bits: usize) -> usize {
148 1 + (curve_field_bits + 7) / 8
149}
150
151#[inline]
152pub(crate) const fn uncompressed_public_key_size_bytes(curve_field_bits: usize) -> usize {
153 1 + 2 * ((curve_field_bits + 7) / 8)
154}
155
156#[cfg(test)]
157mod tests {
158 use crate::encoding::{
159 AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der,
160 };
161 use crate::signature::{
162 EcdsaKeyPair, KeyPair, UnparsedPublicKey, ECDSA_P256_SHA256_FIXED,
163 ECDSA_P256_SHA256_FIXED_SIGNING,
164 };
165 use crate::test::from_dirty_hex;
166 use crate::{signature, test};
167
168 #[test]
169 fn test_from_pkcs8() {
170 let input = from_dirty_hex(
171 r"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420090460075f15d
172 2a256248000fb02d83ad77593dde4ae59fc5e96142dffb2bd07a14403420004cf0d13a3a7577231ea1b66cf4
173 021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0
174 437af3f7af6e724",
175 );
176
177 let result = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &input);
178 assert!(result.is_ok());
179 let key_pair = result.unwrap();
180 assert_eq!("EcdsaKeyPair { public_key: EcdsaPublicKey(\"04cf0d13a3a7577231ea1b66cf4021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0437af3f7af6e724\") }",
181 format!("{key_pair:?}"));
182 assert_eq!(
183 "EcdsaPrivateKey(ECDSA_P256)",
184 format!("{:?}", key_pair.private_key())
185 );
186 let pub_key = key_pair.public_key();
187 let der_pub_key: PublicKeyX509Der = pub_key.as_der().unwrap();
188
189 assert_eq!(
190 from_dirty_hex(
191 r"3059301306072a8648ce3d020106082a8648ce3d03010703420004cf0d13a3a7577231ea1b66cf402
192 1cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9
193 b0437af3f7af6e724",
194 )
195 .as_slice(),
196 der_pub_key.as_ref()
197 );
198 }
199
200 #[test]
201 fn test_ecdsa_asn1_verify() {
202 let alg = &signature::ECDSA_P256_SHA256_ASN1;
212 let msg = "";
213 let public_key = from_dirty_hex(
214 r"0430345fd47ea21a11129be651b0884bfac698377611acc9f689458e1
215 3b9ed7d4b9d7599a68dcf125e7f31055ccb374cd04f6d6fd2b217438a63f6f667d50ef2f0",
216 );
217 let sig = from_dirty_hex(
218 r"30440220341f6779b75e98bb42e01095dd48356cbf9002dc704ac8bd2a8240b8
219 8d3796c60220555843b1b4e264fe6ffe6e2b705a376c05c09404303ffe5d2711f3e3b3a010a1",
220 );
221 let unparsed_pub_key = signature::UnparsedPublicKey::new(alg, &public_key);
222
223 let actual_result = unparsed_pub_key.verify(msg.as_bytes(), &sig);
224 assert!(actual_result.is_ok(), "Key: {}", test::to_hex(public_key));
225 }
226
227 #[test]
228 fn public_key_formats() {
229 const MESSAGE: &[u8] = b"message to be signed";
230
231 let key_pair = EcdsaKeyPair::generate(&ECDSA_P256_SHA256_FIXED_SIGNING).unwrap();
232 let public_key = key_pair.public_key();
233 let as_ref_bytes = public_key.as_ref();
234 let compressed = AsBigEndian::<EcPublicKeyCompressedBin>::as_be_bytes(public_key).unwrap();
235 let uncompressed =
236 AsBigEndian::<EcPublicKeyUncompressedBin>::as_be_bytes(public_key).unwrap();
237 let pub_x509 = AsDer::<PublicKeyX509Der>::as_der(public_key).unwrap();
238 assert_eq!(as_ref_bytes, uncompressed.as_ref());
239 assert_ne!(compressed.as_ref()[0], 0x04);
240
241 let rng = crate::rand::SystemRandom::new();
242
243 let signature = key_pair.sign(&rng, MESSAGE).unwrap();
244
245 for pub_key_bytes in [
246 as_ref_bytes,
247 compressed.as_ref(),
248 uncompressed.as_ref(),
249 pub_x509.as_ref(),
250 ] {
251 UnparsedPublicKey::new(&ECDSA_P256_SHA256_FIXED, pub_key_bytes)
252 .verify(MESSAGE, signature.as_ref())
253 .unwrap();
254 }
255 }
256}