Skip to content

Commit

Permalink
Introduce and test ECDSA_P521_SHA512 for aws-lc-rs
Browse files Browse the repository at this point in the history
  • Loading branch information
ctz committed Dec 11, 2023
1 parent fdf2c06 commit c3ad39f
Show file tree
Hide file tree
Showing 13 changed files with 121 additions and 14 deletions.
12 changes: 6 additions & 6 deletions src/alg_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ use alloc::{string::String, vec::Vec};

use super::{
INVALID_SIGNATURE_FOR_RSA_KEY, OK_IF_RSA_AVAILABLE, SUPPORTED_ALGORITHMS_IN_TESTS,
UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY,
UNSUPPORTED_ECDSA_SHA512_SIGNATURE, UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY,
};

macro_rules! test_file_bytes {
Expand Down Expand Up @@ -145,7 +145,7 @@ fn test_parse_spki_bad_outer(file_contents: &[u8], expected_error: Error) {
test_verify_signed_data!(
test_ecdsa_prime256v1_sha512_spki_params_null,
"ecdsa-prime256v1-sha512-spki-params-null.pem",
Err(Error::UnsupportedSignatureAlgorithm)
Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
);
test_verify_signed_data_signature_outer!(
test_ecdsa_prime256v1_sha512_unused_bits_signature,
Expand All @@ -157,14 +157,14 @@ test_verify_signed_data_signature_outer!(
test_verify_signed_data!(
test_ecdsa_prime256v1_sha512_using_ecdh_key,
"ecdsa-prime256v1-sha512-using-ecdh-key.pem",
Err(Error::UnsupportedSignatureAlgorithm)
Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
);
// XXX: We should have a variant of this test with a SHA-256 digest that gives
// `Error::UnsupportedSignatureAlgorithmForPublicKey`.
test_verify_signed_data!(
test_ecdsa_prime256v1_sha512_using_ecmqv_key,
"ecdsa-prime256v1-sha512-using-ecmqv-key.pem",
Err(Error::UnsupportedSignatureAlgorithm)
Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
);
test_verify_signed_data!(
test_ecdsa_prime256v1_sha512_using_rsa_algorithm,
Expand All @@ -176,13 +176,13 @@ test_verify_signed_data!(
test_verify_signed_data!(
test_ecdsa_prime256v1_sha512_wrong_signature_format,
"ecdsa-prime256v1-sha512-wrong-signature-format.pem",
Err(Error::UnsupportedSignatureAlgorithm)
Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
);
// Differs from Chromium because we don't support P-256 with SHA-512.
test_verify_signed_data!(
test_ecdsa_prime256v1_sha512,
"ecdsa-prime256v1-sha512.pem",
Err(Error::UnsupportedSignatureAlgorithm)
Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
);
test_verify_signed_data!(
test_ecdsa_secp384r1_sha256_corrupted_data,
Expand Down
11 changes: 11 additions & 0 deletions src/aws_lc_rs_algs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,13 @@ pub static ECDSA_P384_SHA384: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgo
verification_alg: &signature::ECDSA_P384_SHA384_ASN1,
};

/// ECDSA signatures using the P-521 curve and SHA-512.
pub static ECDSA_P521_SHA512: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
public_key_alg_id: alg_id::ECDSA_P521,
signature_alg_id: alg_id::ECDSA_SHA512,
verification_alg: &signature::ECDSA_P521_SHA512_ASN1,
};

/// RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
pub static RSA_PKCS1_2048_8192_SHA256: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
public_key_alg_id: alg_id::RSA_ENCRYPTION,
Expand Down Expand Up @@ -140,6 +147,7 @@ mod tests {
// Reasonable algorithms.
super::ECDSA_P256_SHA256,
super::ECDSA_P384_SHA384,
super::ECDSA_P521_SHA512,
super::ED25519,
super::RSA_PKCS1_2048_8192_SHA256,
super::RSA_PKCS1_2048_8192_SHA384,
Expand All @@ -156,6 +164,9 @@ mod tests {
const UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY: Error =
Error::UnsupportedSignatureAlgorithmForPublicKey;

const UNSUPPORTED_ECDSA_SHA512_SIGNATURE: Error =
Error::UnsupportedSignatureAlgorithmForPublicKey;

const INVALID_SIGNATURE_FOR_RSA_KEY: Error = Error::InvalidSignatureForPublicKey;

const OK_IF_RSA_AVAILABLE: Result<(), Error> = Ok(());
Expand Down
Binary file added src/data/alg-ecdsa-p521.der
Binary file not shown.
1 change: 1 addition & 0 deletions src/data/alg-ecdsa-sha512.der
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*�H�=
11 changes: 7 additions & 4 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,11 @@ pub mod ring {
/// Signature verification algorithm implementations using the aws-lc-rs crypto library.
pub mod aws_lc_rs {
pub use super::aws_lc_rs_algs::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384,
ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384,
RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_3072_8192_SHA384,
RSA_PSS_2048_8192_SHA256_LEGACY_KEY, RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};
}

Expand Down Expand Up @@ -148,6 +149,8 @@ pub static ALL_VERIFICATION_ALGS: &[&dyn types::SignatureVerificationAlgorithm]
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ECDSA_P384_SHA384,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ECDSA_P521_SHA512,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::ED25519,
#[cfg(feature = "aws_lc_rs")]
aws_lc_rs::RSA_PKCS1_2048_8192_SHA256,
Expand Down
2 changes: 2 additions & 0 deletions src/ring_algs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,8 @@ mod tests {
Error::UnsupportedSignatureAlgorithm
};

const UNSUPPORTED_ECDSA_SHA512_SIGNATURE: Error = Error::UnsupportedSignatureAlgorithm;

const INVALID_SIGNATURE_FOR_RSA_KEY: Error = if cfg!(feature = "alloc") {
Error::InvalidSignatureForPublicKey
} else {
Expand Down
8 changes: 8 additions & 0 deletions src/signed_data.rs
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,10 @@ pub mod alg_id {
pub const ECDSA_P384: AlgorithmIdentifier =
AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));

/// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
pub const ECDSA_P521: AlgorithmIdentifier =
AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));

/// AlgorithmIdentifier for `ecdsa-with-SHA256`.
pub const ECDSA_SHA256: AlgorithmIdentifier =
AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
Expand All @@ -275,6 +279,10 @@ pub mod alg_id {
pub const ECDSA_SHA384: AlgorithmIdentifier =
AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));

/// AlgorithmIdentifier for `ecdsa-with-SHA512`.
pub const ECDSA_SHA512: AlgorithmIdentifier =
AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));

/// AlgorithmIdentifier for `rsaEncryption`.
pub const RSA_ENCRYPTION: AlgorithmIdentifier =
AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
Expand Down
22 changes: 20 additions & 2 deletions tests/generate.py
Original file line number Diff line number Diff line change
Expand Up @@ -550,7 +550,7 @@ def signatures(force: bool) -> None:
"ed25519": ed25519.Ed25519PrivateKey.generate(),
"ecdsa_p256": ec.generate_private_key(ec.SECP256R1(), backend),
"ecdsa_p384": ec.generate_private_key(ec.SECP384R1(), backend),
"ecdsa_p521_not_supported": ec.generate_private_key(ec.SECP521R1(), backend),
"ecdsa_p521": ec.generate_private_key(ec.SECP521R1(), backend),
"rsa_1024_not_supported": rsa.generate_private_key(
rsa_pub_exponent, 1024, backend
),
Expand All @@ -559,6 +559,10 @@ def signatures(force: bool) -> None:
"rsa_4096": rsa.generate_private_key(rsa_pub_exponent, 4096, backend),
}

feature_gates = {
"ECDSA_P521_SHA512": 'all(not(feature = "ring"), feature = "aws_lc_rs")',
}

rsa_types: list[str] = [
"RSA_PKCS1_2048_8192_SHA256",
"RSA_PKCS1_2048_8192_SHA384",
Expand All @@ -572,6 +576,7 @@ def signatures(force: bool) -> None:
"ed25519": ["ED25519"],
"ecdsa_p256": ["ECDSA_P256_SHA384", "ECDSA_P256_SHA256"],
"ecdsa_p384": ["ECDSA_P384_SHA384", "ECDSA_P384_SHA256"],
"ecdsa_p521": ["ECDSA_P521_SHA512"],
"rsa_2048": rsa_types,
"rsa_3072": rsa_types + ["RSA_PKCS1_3072_8192_SHA384"],
"rsa_4096": rsa_types + ["RSA_PKCS1_3072_8192_SHA384"],
Expand Down Expand Up @@ -601,6 +606,9 @@ def signatures(force: bool) -> None:
"ECDSA_P384_SHA384": lambda key, message: key.sign(
message, ec.ECDSA(hashes.SHA384())
),
"ECDSA_P521_SHA512": lambda key, message: key.sign(
message, ec.ECDSA(hashes.SHA512())
),
"RSA_PKCS1_2048_8192_SHA256": lambda key, message: key.sign(
message, padding.PKCS1v15(), hashes.SHA256()
),
Expand Down Expand Up @@ -659,11 +667,12 @@ def _test(

sig_path: str = os.path.join(output_dir, f"{lower_test_name}.sig.bin")
write_der(sig_path, signature, force)
feature_gate = feature_gates.get(algorithm, 'feature = "alloc"')

print(
"""
#[test]
#[cfg(feature = "alloc")]
#[cfg(%(feature_gate)s)]
fn %(lower_test_name)s() {
let ee = include_bytes!("%(cert_path)s");
let message = include_bytes!("%(message_path)s");
Expand Down Expand Up @@ -760,6 +769,15 @@ def bad_algorithms_for_key(
if type == "rsa_2048":
unusable_algs.remove("RSA_PKCS1_3072_8192_SHA384")

unusable_algs = {
(
"#[cfg(%s)] %s" % (feature_gates[alg], alg)
if alg in feature_gates
else alg
)
for alg in unusable_algs
}

bad_algorithms_for_key(
type + "_key_rejected_by_other_algorithms",
cert_type=type,
Expand Down
65 changes: 63 additions & 2 deletions tests/signatures.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ use webpki::ring::{

#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
use webpki::aws_lc_rs::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P521_SHA512,
ED25519, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};
Expand Down Expand Up @@ -75,6 +75,8 @@ fn ed25519_key_and_ed25519_detects_bad_signature() {
fn ed25519_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ed25519.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
ECDSA_P256_SHA384,
ECDSA_P384_SHA256,
Expand Down Expand Up @@ -147,6 +149,8 @@ fn ecdsa_p256_key_and_ecdsa_p256_sha256_detects_bad_signature() {
fn ecdsa_p256_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P384_SHA256,
ECDSA_P384_SHA384,
ED25519,
Expand Down Expand Up @@ -218,6 +222,8 @@ fn ecdsa_p384_key_and_ecdsa_p384_sha256_detects_bad_signature() {
fn ecdsa_p384_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
ECDSA_P256_SHA384,
ED25519,
Expand All @@ -236,6 +242,55 @@ fn ecdsa_p384_key_rejected_by_other_algorithms() {
}
}

#[test]
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
fn ecdsa_p521_key_and_ecdsa_p521_sha512_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p521_key_and_ecdsa_p521_sha512_good_signature.sig.bin");
assert_eq!(check_sig(ee, ECDSA_P521_SHA512, message, signature), Ok(()));
}

#[test]
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
fn ecdsa_p521_key_and_ecdsa_p521_sha512_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p521_key_and_ecdsa_p521_sha512_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, ECDSA_P521_SHA512, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}

#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p521_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
for algorithm in &[
ECDSA_P256_SHA256,
ECDSA_P256_SHA384,
ECDSA_P384_SHA256,
ECDSA_P384_SHA384,
ED25519,
RSA_PKCS1_2048_8192_SHA256,
RSA_PKCS1_2048_8192_SHA384,
RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384,
RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
] {
assert_eq!(
check_sig(ee, *algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}

#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha256_good_signature() {
Expand Down Expand Up @@ -403,6 +458,8 @@ fn rsa_2048_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature()
fn rsa_2048_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
ECDSA_P256_SHA384,
ECDSA_P384_SHA256,
Expand Down Expand Up @@ -611,6 +668,8 @@ fn rsa_3072_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature() {
fn rsa_3072_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
ECDSA_P256_SHA384,
ECDSA_P384_SHA256,
Expand Down Expand Up @@ -819,6 +878,8 @@ fn rsa_4096_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature() {
fn rsa_4096_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
for algorithm in &[
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
ECDSA_P521_SHA512,
ECDSA_P256_SHA256,
ECDSA_P256_SHA384,
ECDSA_P384_SHA256,
Expand Down
Binary file added tests/signatures/ecdsa_p521.ee.der
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0��B���*0[�^��{;���,/��z���9��`�k���I:�������E�0е���c�TbNpR�=S�AA;Z�"�t��I;�:��Q9�>�lΙ��v�0�J�*{f�ߋy���)A�lm�0�rm��L
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
0��B[܀��ٳ�[`/�[� �1�]ߵ�����6�9`?p�W�[�帎*�˳���c؊��Fp$��\B����E,� 썙�W�?�v֝��z�&�~
5��H�'b�;�$�@Y���'B!R�>O}�
Expand Down
Binary file removed tests/signatures/ecdsa_p521_not_supported.ee.der
Binary file not shown.

0 comments on commit c3ad39f

Please sign in to comment.