Skip to content

Commit

Permalink
Add support for P-521 curve with SHA-256/SHA-384 digests (#272)
Browse files Browse the repository at this point in the history
  • Loading branch information
samin-cf authored Jul 21, 2024
1 parent 97242e5 commit 917b1ba
Show file tree
Hide file tree
Showing 13 changed files with 120 additions and 14 deletions.
8 changes: 4 additions & 4 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ ring = ["dep:ring"]
std = ["alloc", "pki-types/std"]

[dependencies]
aws-lc-rs = { version = "1", optional = true, default-features = false, features = ["aws-lc-sys"] }
aws-lc-rs = { version = "1.8.1", optional = true, default-features = false, features = ["aws-lc-sys"] }
pki-types = { package = "rustls-pki-types", version = "1.7", default-features = false }
ring = { version = "0.17", default-features = false, optional = true }
untrusted = "0.9"
Expand Down
16 changes: 16 additions & 0 deletions src/aws_lc_rs_algs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,20 @@ pub static ECDSA_P384_SHA384: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgo
verification_alg: &signature::ECDSA_P384_SHA384_ASN1,
};

/// ECDSA signatures using the P-521 curve and SHA-256.
pub static ECDSA_P521_SHA256: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
public_key_alg_id: alg_id::ECDSA_P521,
signature_alg_id: alg_id::ECDSA_SHA256,
verification_alg: &signature::ECDSA_P521_SHA256_ASN1,
};

/// ECDSA signatures using the P-521 curve and SHA-384.
pub static ECDSA_P521_SHA384: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
public_key_alg_id: alg_id::ECDSA_P521,
signature_alg_id: alg_id::ECDSA_SHA384,
verification_alg: &signature::ECDSA_P521_SHA384_ASN1,
};

/// ECDSA signatures using the P-521 curve and SHA-512.
pub static ECDSA_P521_SHA512: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
public_key_alg_id: alg_id::ECDSA_P521,
Expand Down Expand Up @@ -151,6 +165,8 @@ mod tests {
// Reasonable algorithms.
super::ECDSA_P256_SHA256,
super::ECDSA_P384_SHA384,
super::ECDSA_P521_SHA256,
super::ECDSA_P521_SHA384,
super::ECDSA_P521_SHA512,
super::ED25519,
super::RSA_PKCS1_2048_8192_SHA256,
Expand Down
12 changes: 8 additions & 4 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,10 @@ pub mod ring {
pub mod aws_lc_rs {
pub use super::aws_lc_rs_algs::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384,
ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384,
RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_3072_8192_SHA384,
RSA_PSS_2048_8192_SHA256_LEGACY_KEY, RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
ECDSA_P521_SHA256, ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519,
RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};
}

Expand Down Expand Up @@ -153,6 +153,10 @@ pub static ALL_VERIFICATION_ALGS: &[&dyn types::SignatureVerificationAlgorithm]
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ECDSA_P384_SHA384,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ECDSA_P521_SHA256,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ECDSA_P521_SHA384,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ECDSA_P521_SHA512,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ED25519,
Expand Down
10 changes: 9 additions & 1 deletion tests/generate.py
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,8 @@ def signatures(force: bool) -> None:
}

feature_gates = {
"ECDSA_P521_SHA256": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
"ECDSA_P521_SHA384": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
"ECDSA_P521_SHA512": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
}

Expand All @@ -576,7 +578,7 @@ def signatures(force: bool) -> None:
"ed25519": ["ED25519"],
"ecdsa_p256": ["ECDSA_P256_SHA384", "ECDSA_P256_SHA256"],
"ecdsa_p384": ["ECDSA_P384_SHA384", "ECDSA_P384_SHA256"],
"ecdsa_p521": ["ECDSA_P521_SHA512"],
"ecdsa_p521": ["ECDSA_P521_SHA512", "ECDSA_P521_SHA256", "ECDSA_P521_SHA384"],
"rsa_2048": rsa_types,
"rsa_3072": rsa_types + ["RSA_PKCS1_3072_8192_SHA384"],
"rsa_4096": rsa_types + ["RSA_PKCS1_3072_8192_SHA384"],
Expand Down Expand Up @@ -606,6 +608,12 @@ def signatures(force: bool) -> None:
"ECDSA_P384_SHA384": lambda key, message: key.sign(
message, ec.ECDSA(hashes.SHA384())
),
"ECDSA_P521_SHA256": lambda key, message: key.sign(
message, ec.ECDSA(hashes.SHA256())
),
"ECDSA_P521_SHA384": lambda key, message: key.sign(
message, ec.ECDSA(hashes.SHA384())
),
"ECDSA_P521_SHA512": lambda key, message: key.sign(
message, ec.ECDSA(hashes.SHA512())
),
Expand Down
81 changes: 77 additions & 4 deletions tests/signatures.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,11 @@ use webpki::ring::{

#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
use webpki::aws_lc_rs::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P521_SHA512,
ED25519, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P521_SHA256,
ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256,
RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_3072_8192_SHA384,
RSA_PSS_2048_8192_SHA256_LEGACY_KEY, RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};

#[cfg(feature = "alloc")]
Expand Down Expand Up @@ -75,6 +76,10 @@ fn ed25519_key_and_ed25519_detects_bad_signature() {
fn ed25519_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ed25519.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA256,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA384,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
Expand Down Expand Up @@ -149,6 +154,10 @@ fn ecdsa_p256_key_and_ecdsa_p256_sha256_detects_bad_signature() {
fn ecdsa_p256_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA256,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA384,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P384_SHA256,
Expand Down Expand Up @@ -222,6 +231,10 @@ fn ecdsa_p384_key_and_ecdsa_p384_sha256_detects_bad_signature() {
fn ecdsa_p384_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA256,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA384,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
Expand Down Expand Up @@ -266,6 +279,54 @@ fn ecdsa_p521_key_and_ecdsa_p521_sha512_detects_bad_signature() {
);
}

#[test]
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
fn ecdsa_p521_key_and_ecdsa_p521_sha256_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p521_key_and_ecdsa_p521_sha256_good_signature.sig.bin");
assert_eq!(check_sig(ee, ECDSA_P521_SHA256, message, signature), Ok(()));
}

#[test]
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
fn ecdsa_p521_key_and_ecdsa_p521_sha256_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p521_key_and_ecdsa_p521_sha256_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, ECDSA_P521_SHA256, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}

#[test]
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
fn ecdsa_p521_key_and_ecdsa_p521_sha384_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p521_key_and_ecdsa_p521_sha384_good_signature.sig.bin");
assert_eq!(check_sig(ee, ECDSA_P521_SHA384, message, signature), Ok(()));
}

#[test]
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
fn ecdsa_p521_key_and_ecdsa_p521_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p521_key_and_ecdsa_p521_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, ECDSA_P521_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}

#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p521_key_rejected_by_other_algorithms() {
Expand Down Expand Up @@ -458,6 +519,10 @@ fn rsa_2048_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature()
fn rsa_2048_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA256,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA384,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
Expand Down Expand Up @@ -668,6 +733,10 @@ fn rsa_3072_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature() {
fn rsa_3072_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA256,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA384,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
Expand Down Expand Up @@ -878,6 +947,10 @@ fn rsa_4096_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature() {
fn rsa_4096_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA256,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA384,
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
Expand Down
Binary file modified tests/signatures/ecdsa_p521.ee.der
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
0��BY 8�#�$�c��_�PE�$ TVf�ٖ�0h�I��?�@~9~Xu�zݺ�Z��K����P�{�@z�BG]���'rUq�Q��:�,��t���$Ȧ��\ۀ
~��А�i
[d9#�)��ۙ��;
Expand Down
Binary file not shown.
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
0��Am��ұ'���n��M�6r�y���}�H�� 0tOo��(v@�H�^�l��$ �~��K�s-BC
�Z�K���#�50'�"ki�wĢFz��Y���uf��#5V�kG���oV�M���4��g
Binary file not shown.
Binary file not shown.

0 comments on commit 917b1ba

Please sign in to comment.