From 96af5e81a5f84e38be7990db3b3e7ac4f946592c Mon Sep 17 00:00:00 2001 From: Zach Halvorsen Date: Wed, 9 Aug 2023 08:48:05 -0700 Subject: [PATCH] Add more transparency into some EC structures. (#641) This adds the ability to create ECDH keys from raw bytes and export signatures as raw bytes. --- libraries/crypto/src/ecdh.rs | 11 +++++++++++ libraries/crypto/src/ecdsa.rs | 5 +---- libraries/opensk/src/api/crypto/ecdsa.rs | 1 - libraries/opensk/src/api/crypto/software_crypto.rs | 1 - 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/libraries/crypto/src/ecdh.rs b/libraries/crypto/src/ecdh.rs index ed5bec03..dc7f0583 100644 --- a/libraries/crypto/src/ecdh.rs +++ b/libraries/crypto/src/ecdh.rs @@ -78,6 +78,17 @@ impl SecKey { p.getx().to_int().to_bin(&mut x); x } + + /// Creates a private key from the exponent's bytes, or None if checks fail. + pub fn from_bytes(bytes: &[u8; 32]) -> Option { + let a = NonZeroExponentP256::from_int_checked(Int256::from_bin(bytes)); + // The branching here is fine because all this reveals is whether the key was invalid. + if bool::from(a.is_none()) { + return None; + } + let a = a.unwrap(); + Some(SecKey { a }) + } } impl PubKey { diff --git a/libraries/crypto/src/ecdsa.rs b/libraries/crypto/src/ecdsa.rs index f4e66211..ca29b8da 100644 --- a/libraries/crypto/src/ecdsa.rs +++ b/libraries/crypto/src/ecdsa.rs @@ -19,9 +19,7 @@ use super::ec::point::PointP256; use super::Hash256; use alloc::vec; use alloc::vec::Vec; -#[cfg(feature = "std")] -use arrayref::array_mut_ref; -use arrayref::{array_ref, mut_array_refs}; +use arrayref::{array_mut_ref, array_ref, mut_array_refs}; use core::marker::PhantomData; use rand_core::RngCore; use zeroize::Zeroize; @@ -220,7 +218,6 @@ impl Signature { Some(Signature { r, s }) } - #[cfg(feature = "std")] pub fn to_bytes(&self, bytes: &mut [u8; Signature::BYTES_LENGTH]) { self.r .to_int() diff --git a/libraries/opensk/src/api/crypto/ecdsa.rs b/libraries/opensk/src/api/crypto/ecdsa.rs index 1dad533b..6c76e12b 100644 --- a/libraries/opensk/src/api/crypto/ecdsa.rs +++ b/libraries/opensk/src/api/crypto/ecdsa.rs @@ -73,7 +73,6 @@ pub trait Signature: Sized { fn from_slice(bytes: &[u8; EC_SIGNATURE_SIZE]) -> Option; /// Writes the signature bytes into the passed in parameter. - #[cfg(feature = "std")] fn to_slice(&self, bytes: &mut [u8; EC_SIGNATURE_SIZE]); /// Encodes the signatures as ASN1 DER. diff --git a/libraries/opensk/src/api/crypto/software_crypto.rs b/libraries/opensk/src/api/crypto/software_crypto.rs index f0cd2216..6ce9bbb1 100644 --- a/libraries/opensk/src/api/crypto/software_crypto.rs +++ b/libraries/opensk/src/api/crypto/software_crypto.rs @@ -169,7 +169,6 @@ impl ecdsa::Signature for SoftwareEcdsaSignature { crypto::ecdsa::Signature::from_bytes(bytes).map(|s| SoftwareEcdsaSignature { signature: s }) } - #[cfg(feature = "std")] fn to_slice(&self, bytes: &mut [u8; EC_SIGNATURE_SIZE]) { self.signature.to_bytes(bytes); }