Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 105 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ getrandom = { version = "0.4", default-features = false, features = ["sys_rng"]
hmac = { version = "0.13", default-features = false }
p256 = { version = "0.14", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
p384 = { version = "0.14.0-rc.15", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
p521 = { version = "0.14.0-rc.15", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
paste = { version = "1", default-features = false }
pkcs8 = { version = "0.11", default-features = false }
pki-types = { package = "rustls-pki-types", version = "1", default-features = false }
Expand All @@ -39,6 +40,8 @@ sec1 = { version = "0.8", default-features = false }
sha2 = { version = "0.11", default-features = false }
signature = { version = "3", default-features = false }
x25519-dalek = { version = "3.0.0-rc.1", default-features = false }
ed448-goldilocks = { version = "0.14.0-pre.15", default-features = false, features = ["signing", "pkcs8"] }
x448 = { version = "0.14.0-pre.12", default-features = false }

[features]
default = ["std", "tls12", "zeroize"]
Expand Down
42 changes: 41 additions & 1 deletion src/kx.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,44 @@ impl crypto::ActiveKeyExchange for X25519KeyExchange {
}
}

#[derive(Debug)]
pub struct X448;

impl crypto::SupportedKxGroup for X448 {
fn name(&self) -> rustls::NamedGroup {
rustls::NamedGroup::X448
}

fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
let mut rng = UnwrapErr(getrandom::SysRng);
let priv_key = x448::EphemeralSecret::try_generate_from_rng(&mut rng)
.map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
let pub_key = (&priv_key).into();
Ok(Box::new(X448KeyExchange { priv_key, pub_key }))
}
}

pub struct X448KeyExchange {
priv_key: x448::EphemeralSecret,
pub_key: x448::PublicKey,
}

impl crypto::ActiveKeyExchange for X448KeyExchange {
fn complete(self: Box<X448KeyExchange>, peer: &[u8]) -> Result<SharedSecret, rustls::Error> {
let peer = x448::PublicKey::from_bytes(peer)
.ok_or_else(|| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
Ok(self.priv_key.diffie_hellman(&peer).as_bytes()[..].into())
}

fn pub_key(&self) -> &[u8] {
self.pub_key.as_bytes()
}

fn group(&self) -> rustls::NamedGroup {
X448.name()
}
}

macro_rules! impl_kx {
($name:ident, $kx_name:ty, $secret:ty, $public_key:ty) => {
paste! {
Expand Down Expand Up @@ -108,5 +146,7 @@ macro_rules! impl_kx {

impl_kx! {SecP256R1, rustls::NamedGroup::secp256r1, p256::ecdh::EphemeralSecret, p256::PublicKey}
impl_kx! {SecP384R1, rustls::NamedGroup::secp384r1, p384::ecdh::EphemeralSecret, p384::PublicKey}
impl_kx! {SecP521R1, rustls::NamedGroup::secp521r1, p521::ecdh::EphemeralSecret, p521::PublicKey}

pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&X25519, &SecP256R1, &SecP384R1];
pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] =
&[&X25519, &X448, &SecP256R1, &SecP384R1, &SecP521R1];
3 changes: 2 additions & 1 deletion src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,12 @@ impl KeyProvider for Provider {
}

#[cfg(feature = "tls12")]
const TLS12_ECDSA_SCHEMES: [SignatureScheme; 4] = [
const TLS12_ECDSA_SCHEMES: [SignatureScheme; 5] = [
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP521_SHA512,
SignatureScheme::ED25519,
SignatureScheme::ED448,
];

#[cfg(feature = "tls12")]
Expand Down
12 changes: 7 additions & 5 deletions src/sign.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
use alloc::{sync::Arc, vec::Vec};
use core::marker::PhantomData;

use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384};
use self::eddsa::Ed25519SigningKey;
use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384, EcdsaSigningKeyP521};
use self::eddsa::{Ed25519SigningKey, Ed448SigningKey};
use self::rsa::RsaSigningKey;

use getrandom::rand_core::UnwrapErr;
Expand Down Expand Up @@ -89,7 +89,8 @@ pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>
pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
let p256 = |_| EcdsaSigningKeyP256::try_from(der).map(|x| Arc::new(x) as _);
let p384 = |_| EcdsaSigningKeyP384::try_from(der).map(|x| Arc::new(x) as _);
p256(()).or_else(p384)
let p521 = |_| EcdsaSigningKeyP521::try_from(der).map(|x| Arc::new(x) as _);
p256(()).or_else(p384).or_else(p521)
}

/// Extract any supported EDDSA key from the given DER input.
Expand All @@ -98,8 +99,9 @@ pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, ru
///
/// Returns an error if the key couldn't be decoded.
pub fn any_eddsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
// TODO: Add support for Ed448
Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _)
let ed25519 = |_| Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _);
let ed448 = |_| Ed448SigningKey::try_from(der).map(|x| Arc::new(x) as _);
ed25519(()).or_else(ed448)
}

pub mod ecdsa;
Expand Down
1 change: 1 addition & 0 deletions src/sign/ecdsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,4 @@ macro_rules! impl_ecdsa {

impl_ecdsa! {P256, SignatureScheme::ECDSA_NISTP256_SHA256, p256::ecdsa::SigningKey, p256::ecdsa::DerSignature}
impl_ecdsa! {P384, SignatureScheme::ECDSA_NISTP384_SHA384, p384::ecdsa::SigningKey, p384::ecdsa::DerSignature}
impl_ecdsa! {P521, SignatureScheme::ECDSA_NISTP521_SHA512, p521::ecdsa::SigningKey, p521::ecdsa::DerSignature}
45 changes: 45 additions & 0 deletions src/sign/eddsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,48 @@ impl SigningKey for Ed25519SigningKey {
SignatureAlgorithm::ED25519
}
}

#[derive(Debug)]
pub struct Ed448SigningKey {
key: Arc<ed448_goldilocks::SigningKey>,
scheme: SignatureScheme,
}

impl TryFrom<&PrivateKeyDer<'_>> for Ed448SigningKey {
type Error = rustls::Error;

fn try_from(value: &PrivateKeyDer<'_>) -> Result<Self, Self::Error> {
let pkey = match value {
PrivateKeyDer::Pkcs8(der) => {
ed448_goldilocks::SigningKey::from_pkcs8_der(der.secret_pkcs8_der())
.map_err(|e| format!("failed to decrypt private key: {e}"))
}
PrivateKeyDer::Pkcs1(_) => Err("ED448 does not support PKCS#1 key".to_string()),
PrivateKeyDer::Sec1(_) => Err("ED448 does not support SEC1 key".to_string()),
_ => Err("not supported".into()),
};
pkey.map(|kp| Self {
key: Arc::new(kp),
scheme: SignatureScheme::ED448,
})
.map_err(rustls::Error::General)
}
}

impl SigningKey for Ed448SigningKey {
fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>> {
if offered.contains(&self.scheme) {
Some(Box::new(super::GenericSigner {
_marker: PhantomData,
key: self.key.clone(),
scheme: self.scheme,
}))
} else {
None
}
}

fn algorithm(&self) -> SignatureAlgorithm {
SignatureAlgorithm::ED448
}
}
9 changes: 7 additions & 2 deletions src/verify.rs
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
use rustls::crypto::WebPkiSupportedAlgorithms;
use rustls::SignatureScheme;

use self::ecdsa::{ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384};
use self::eddsa::ED25519;
use self::ecdsa::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P521_SHA512,
};
use self::eddsa::{ED25519, ED448};
use self::rsa::{
RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384,
RSA_PSS_SHA512,
Expand All @@ -15,6 +17,7 @@ pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
ECDSA_P384_SHA256,
ECDSA_P384_SHA384,
ED25519,
ED448,
RSA_PKCS1_SHA256,
RSA_PKCS1_SHA384,
RSA_PKCS1_SHA512,
Expand All @@ -31,7 +34,9 @@ pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
SignatureScheme::ECDSA_NISTP256_SHA256,
&[ECDSA_P256_SHA256, ECDSA_P384_SHA256],
),
(SignatureScheme::ECDSA_NISTP521_SHA512, &[ECDSA_P521_SHA512]),
(SignatureScheme::ED25519, &[ED25519]),
(SignatureScheme::ED448, &[ED448]),
(SignatureScheme::RSA_PKCS1_SHA256, &[RSA_PKCS1_SHA256]),
(SignatureScheme::RSA_PKCS1_SHA384, &[RSA_PKCS1_SHA384]),
(SignatureScheme::RSA_PKCS1_SHA512, &[RSA_PKCS1_SHA512]),
Expand Down
1 change: 1 addition & 0 deletions src/verify/ecdsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,4 @@ impl_generic_ecdsa_verifer! {ECDSA_P256_SHA256, alg_id::ECDSA_P256, alg_id::ECDS
impl_generic_ecdsa_verifer! {ECDSA_P256_SHA384, alg_id::ECDSA_P256, alg_id::ECDSA_SHA384, p256::ecdsa::VerifyingKey, p256::ecdsa::DerSignature, sha2::Sha384}
impl_generic_ecdsa_verifer! {ECDSA_P384_SHA256, alg_id::ECDSA_P384, alg_id::ECDSA_SHA256, p384::ecdsa::VerifyingKey, p384::ecdsa::DerSignature, sha2::Sha256}
impl_generic_ecdsa_verifer! {ECDSA_P384_SHA384, alg_id::ECDSA_P384, alg_id::ECDSA_SHA384, p384::ecdsa::VerifyingKey, p384::ecdsa::DerSignature, sha2::Sha384}
impl_generic_ecdsa_verifer! {ECDSA_P521_SHA512, alg_id::ECDSA_P521, alg_id::ECDSA_SHA512, p521::ecdsa::VerifyingKey, p521::ecdsa::DerSignature, sha2::Sha512}
Loading