Skip to content

Add support for X448/Ed448 and P521 #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RoastVeg wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for X448/Ed448 and P521 #251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
414 changes: 127 additions & 287 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ getrandom = { version = "0.4", default-features = false, features = ["sys_rng"]
hmac = { version = "0.13", default-features = false }
p256 = { version = "0.14.0-rc.9", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
p384 = { version = "0.14.0-rc.9", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
p521 = { version = "0.14.0-rc.9", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
paste = { version = "1", default-features = false }
pkcs8 = { version = "0.11", default-features = false }
pki-types = { package = "rustls-pki-types", version = "1", default-features = false }
Expand All @@ -39,6 +40,8 @@ sec1 = { version = "0.8", default-features = false }
sha2 = { version = "0.11", default-features = false }
signature = { version = "3", default-features = false }
x25519-dalek = { version = "3.0.0-rc.0", default-features = false }
ed448-goldilocks = { version = "0.14.0-pre.15", default-features = false, features = ["signing", "pkcs8"] }
x448 = { version = "0.14.0-pre.12", default-features = false }

[features]
default = ["std", "tls12", "zeroize"]
Expand Down
42 changes: 41 additions & 1 deletion src/kx.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,44 @@ impl crypto::ActiveKeyExchange for X25519KeyExchange {
}
}

#[derive(Debug)]
pub struct X448;

impl crypto::SupportedKxGroup for X448 {
fn name(&self) -> rustls::NamedGroup {
rustls::NamedGroup::X448
}

fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
let mut rng = UnwrapErr(getrandom::SysRng);
let priv_key = x448::EphemeralSecret::try_generate_from_rng(&mut rng)
.map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
let pub_key = (&priv_key).into();
Ok(Box::new(X448KeyExchange { priv_key, pub_key }))
}
}

pub struct X448KeyExchange {
priv_key: x448::EphemeralSecret,
pub_key: x448::PublicKey,
}

impl crypto::ActiveKeyExchange for X448KeyExchange {
fn complete(self: Box<X448KeyExchange>, peer: &[u8]) -> Result<SharedSecret, rustls::Error> {
let peer = x448::PublicKey::from_bytes(peer)
.ok_or_else(|| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
Ok(self.priv_key.diffie_hellman(&peer).as_bytes()[..].into())
}

fn pub_key(&self) -> &[u8] {
self.pub_key.as_bytes()
}

fn group(&self) -> rustls::NamedGroup {
X448.name()
}
}

macro_rules! impl_kx {
($name:ident, $kx_name:ty, $secret:ty, $public_key:ty) => {
paste! {
Expand Down Expand Up @@ -108,5 +146,7 @@ macro_rules! impl_kx {

impl_kx! {SecP256R1, rustls::NamedGroup::secp256r1, p256::ecdh::EphemeralSecret, p256::PublicKey}
impl_kx! {SecP384R1, rustls::NamedGroup::secp384r1, p384::ecdh::EphemeralSecret, p384::PublicKey}
impl_kx! {SecP521R1, rustls::NamedGroup::secp521r1, p521::ecdh::EphemeralSecret, p521::PublicKey}

pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&X25519, &SecP256R1, &SecP384R1];
pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] =
&[&X25519, &X448, &SecP256R1, &SecP384R1, &SecP521R1];
12 changes: 7 additions & 5 deletions src/sign.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
use alloc::{sync::Arc, vec::Vec};
use core::marker::PhantomData;

use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384};
use self::eddsa::Ed25519SigningKey;
use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384, EcdsaSigningKeyP521};
use self::eddsa::{Ed25519SigningKey, Ed448SigningKey};
use self::rsa::RsaSigningKey;

use getrandom::rand_core::UnwrapErr;
Expand Down Expand Up @@ -89,7 +89,8 @@ pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>
pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
let p256 = |_| EcdsaSigningKeyP256::try_from(der).map(|x| Arc::new(x) as _);
let p384 = |_| EcdsaSigningKeyP384::try_from(der).map(|x| Arc::new(x) as _);
p256(()).or_else(p384)
let p521 = |_| EcdsaSigningKeyP521::try_from(der).map(|x| Arc::new(x) as _);
p256(()).or_else(p384).or_else(p521)
}

/// Extract any supported EDDSA key from the given DER input.
Expand All @@ -98,8 +99,9 @@ pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, ru
///
/// Returns an error if the key couldn't be decoded.
pub fn any_eddsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
// TODO: Add support for Ed448
Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _)
let ed25519 = |_| Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _);
let ed448 = |_| Ed448SigningKey::try_from(der).map(|x| Arc::new(x) as _);
ed25519(()).or_else(ed448)
}

pub mod ecdsa;
Expand Down
1 change: 1 addition & 0 deletions src/sign/ecdsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,4 @@ macro_rules! impl_ecdsa {

impl_ecdsa! {P256, SignatureScheme::ECDSA_NISTP256_SHA256, p256::ecdsa::SigningKey, p256::ecdsa::DerSignature}
impl_ecdsa! {P384, SignatureScheme::ECDSA_NISTP384_SHA384, p384::ecdsa::SigningKey, p384::ecdsa::DerSignature}
impl_ecdsa! {P521, SignatureScheme::ECDSA_NISTP521_SHA512, p521::ecdsa::SigningKey, p521::ecdsa::DerSignature}
45 changes: 45 additions & 0 deletions src/sign/eddsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,48 @@ impl SigningKey for Ed25519SigningKey {
SignatureAlgorithm::ED25519
}
}

#[derive(Debug)]
pub struct Ed448SigningKey {
key: Arc<ed448_goldilocks::SigningKey>,
scheme: SignatureScheme,
}

impl TryFrom<&PrivateKeyDer<'_>> for Ed448SigningKey {
type Error = rustls::Error;

fn try_from(value: &PrivateKeyDer<'_>) -> Result<Self, Self::Error> {
let pkey = match value {
PrivateKeyDer::Pkcs8(der) => {
ed448_goldilocks::SigningKey::from_pkcs8_der(der.secret_pkcs8_der())
.map_err(|e| format!("failed to decrypt private key: {e}"))
}
PrivateKeyDer::Pkcs1(_) => Err("ED448 does not support PKCS#1 key".to_string()),
PrivateKeyDer::Sec1(_) => Err("ED448 does not support SEC1 key".to_string()),
_ => Err("not supported".into()),
};
pkey.map(|kp| Self {
key: Arc::new(kp),
scheme: SignatureScheme::ED448,
})
.map_err(rustls::Error::General)
}
}

impl SigningKey for Ed448SigningKey {
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>> {
if offered.contains(&self.scheme) {
Some(Box::new(super::GenericSigner {
_marker: PhantomData,
key: self.key.clone(),
scheme: self.scheme,
}))
} else {
None
}
}

fn algorithm(&self) -> SignatureAlgorithm {
SignatureAlgorithm::ED448
}
}
8 changes: 6 additions & 2 deletions src/verify.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
use rustls::crypto::WebPkiSupportedAlgorithms;
use rustls::SignatureScheme;

use self::ecdsa::{ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384};
use self::eddsa::ED25519;
use self::ecdsa::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P521_SHA512,
};
use self::eddsa::{ED25519, ED448};
use self::rsa::{
RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384,
RSA_PSS_SHA512,
Expand Down Expand Up @@ -31,7 +33,9 @@ pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
SignatureScheme::ECDSA_NISTP256_SHA256,
&[ECDSA_P256_SHA256, ECDSA_P384_SHA256],
),
(SignatureScheme::ECDSA_NISTP521_SHA512, &[ECDSA_P521_SHA512]),
(SignatureScheme::ED25519, &[ED25519]),
(SignatureScheme::ED448, &[ED448]),
(SignatureScheme::RSA_PKCS1_SHA256, &[RSA_PKCS1_SHA256]),
(SignatureScheme::RSA_PKCS1_SHA384, &[RSA_PKCS1_SHA384]),
(SignatureScheme::RSA_PKCS1_SHA512, &[RSA_PKCS1_SHA512]),
Expand Down
1 change: 1 addition & 0 deletions src/verify/ecdsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,4 @@ impl_generic_ecdsa_verifer! {ECDSA_P256_SHA256, alg_id::ECDSA_P256, alg_id::ECDS
impl_generic_ecdsa_verifer! {ECDSA_P256_SHA384, alg_id::ECDSA_P256, alg_id::ECDSA_SHA384, p256::ecdsa::VerifyingKey, p256::ecdsa::DerSignature, sha2::Sha384}
impl_generic_ecdsa_verifer! {ECDSA_P384_SHA256, alg_id::ECDSA_P384, alg_id::ECDSA_SHA256, p384::ecdsa::VerifyingKey, p384::ecdsa::DerSignature, sha2::Sha256}
impl_generic_ecdsa_verifer! {ECDSA_P384_SHA384, alg_id::ECDSA_P384, alg_id::ECDSA_SHA384, p384::ecdsa::VerifyingKey, p384::ecdsa::DerSignature, sha2::Sha384}
impl_generic_ecdsa_verifer! {ECDSA_P521_SHA512, alg_id::ECDSA_P521, alg_id::ECDSA_SHA512, p521::ecdsa::VerifyingKey, p521::ecdsa::DerSignature, sha2::Sha512}
30 changes: 30 additions & 0 deletions src/verify/eddsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,33 @@ impl SignatureVerificationAlgorithm for Ed25519Verify {
}

pub const ED25519: &dyn SignatureVerificationAlgorithm = &Ed25519Verify;

#[derive(Debug)]
struct Ed448Verify;

impl SignatureVerificationAlgorithm for Ed448Verify {
fn public_key_alg_id(&self) -> AlgorithmIdentifier {
alg_id::ED448
}

fn signature_alg_id(&self) -> AlgorithmIdentifier {
alg_id::ED448
}

fn verify_signature(
&self,
public_key: &[u8],
message: &[u8],
signature: &[u8],
) -> Result<(), InvalidSignature> {
let public_key = public_key.try_into().map_err(|_| InvalidSignature)?;
let signature =
ed448_goldilocks::Signature::from_slice(signature).map_err(|_| InvalidSignature)?;
ed448_goldilocks::VerifyingKey::from_bytes(public_key)
.map_err(|_| InvalidSignature)?
.verify(message, &signature)
.map_err(|_| InvalidSignature)
}
}

pub const ED448: &dyn SignatureVerificationAlgorithm = &Ed448Verify;
Loading