Skip to content

Commit

Permalink
Enable X/Ed25519 support on BoringSSL
Browse files Browse the repository at this point in the history
  • Loading branch information
alex committed Mar 15, 2023
1 parent 816eb64 commit 2fe8b94
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 22 deletions.
36 changes: 20 additions & 16 deletions openssl/src/pkey.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ use crate::dh::Dh;
use crate::dsa::Dsa;
use crate::ec::EcKey;
use crate::error::ErrorStack;
#[cfg(ossl110)]
#[cfg(any(ossl110, boringssl))]
use crate::pkey_ctx::PkeyCtx;
use crate::rsa::Rsa;
use crate::symm::Cipher;
Expand Down Expand Up @@ -89,11 +89,11 @@ impl Id {
#[cfg(ossl110)]
pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF);

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519);
#[cfg(ossl111)]
pub const ED448: Id = Id(ffi::EVP_PKEY_ED448);
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub const X25519: Id = Id(ffi::EVP_PKEY_X25519);
#[cfg(ossl111)]
pub const X448: Id = Id(ffi::EVP_PKEY_X448);
Expand Down Expand Up @@ -252,7 +252,7 @@ where
/// This function only works for algorithms that support raw public keys.
/// Currently this is: [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`].
#[corresponds(EVP_PKEY_get_raw_public_key)]
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn raw_public_key(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut len = 0;
Expand Down Expand Up @@ -303,7 +303,7 @@ where
/// This function only works for algorithms that support raw private keys.
/// Currently this is: [`Id::HMAC`], [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`].
#[corresponds(EVP_PKEY_get_raw_private_key)]
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn raw_private_key(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut len = 0;
Expand Down Expand Up @@ -503,7 +503,7 @@ impl PKey<Private> {
ctx.keygen()
}

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
fn generate_eddsa(id: Id) -> Result<PKey<Private>, ErrorStack> {
let mut ctx = PkeyCtx::new_id(id)?;
ctx.keygen_init()?;
Expand Down Expand Up @@ -533,7 +533,7 @@ impl PKey<Private> {
/// assert_eq!(secret.len(), 32);
/// # Ok(()) }
/// ```
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn generate_x25519() -> Result<PKey<Private>, ErrorStack> {
PKey::generate_eddsa(Id::X25519)
}
Expand Down Expand Up @@ -587,7 +587,7 @@ impl PKey<Private> {
/// assert_eq!(signature.len(), 64);
/// # Ok(()) }
/// ```
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn generate_ed25519() -> Result<PKey<Private>, ErrorStack> {
PKey::generate_eddsa(Id::ED25519)
}
Expand Down Expand Up @@ -737,7 +737,7 @@ impl PKey<Private> {
///
/// Algorithm types that support raw private keys are HMAC, X25519, ED25519, X448 or ED448
#[corresponds(EVP_PKEY_new_raw_private_key)]
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn private_key_from_raw_bytes(
bytes: &[u8],
key_type: Id,
Expand Down Expand Up @@ -778,7 +778,7 @@ impl PKey<Public> {
///
/// Algorithm types that support raw public keys are X25519, ED25519, X448 or ED448
#[corresponds(EVP_PKEY_new_raw_public_key)]
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn public_key_from_raw_bytes(
bytes: &[u8],
key_type: Id,
Expand Down Expand Up @@ -1084,7 +1084,7 @@ mod tests {
assert_eq!(&g, dh_.generator());
}

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
fn test_raw_public_key(gen: fn() -> Result<PKey<Private>, ErrorStack>, key_type: Id) {
// Generate a new key
let key = gen().unwrap();
Expand All @@ -1100,7 +1100,7 @@ mod tests {
);
}

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
fn test_raw_private_key(gen: fn() -> Result<PKey<Private>, ErrorStack>, key_type: Id) {
// Generate a new key
let key = gen().unwrap();
Expand All @@ -1111,26 +1111,30 @@ mod tests {

// Compare the der encoding of the original and raw / restored public key
assert_eq!(
key.private_key_to_der().unwrap(),
from_raw.private_key_to_der().unwrap()
key.private_key_to_pkcs8().unwrap(),
from_raw.private_key_to_pkcs8().unwrap()
);
}

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
#[test]
fn test_raw_public_key_bytes() {
test_raw_public_key(PKey::generate_x25519, Id::X25519);
test_raw_public_key(PKey::generate_ed25519, Id::ED25519);
#[cfg(not(boringssl))]
test_raw_public_key(PKey::generate_x448, Id::X448);
#[cfg(not(boringssl))]
test_raw_public_key(PKey::generate_ed448, Id::ED448);
}

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
#[test]
fn test_raw_private_key_bytes() {
test_raw_private_key(PKey::generate_x25519, Id::X25519);
test_raw_private_key(PKey::generate_ed25519, Id::ED25519);
#[cfg(not(boringssl))]
test_raw_private_key(PKey::generate_x448, Id::X448);
#[cfg(not(boringssl))]
test_raw_private_key(PKey::generate_ed448, Id::ED448);
}

Expand Down
12 changes: 6 additions & 6 deletions openssl/src/sign.rs
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@ impl<'a> Signer<'a> {
self.len_intern()
}

#[cfg(not(ossl111))]
#[cfg(all(not(ossl111), not(boringssl)))]
fn len_intern(&self) -> Result<usize, ErrorStack> {
unsafe {
let mut len = 0;
Expand All @@ -303,7 +303,7 @@ impl<'a> Signer<'a> {
}
}

#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
fn len_intern(&self) -> Result<usize, ErrorStack> {
unsafe {
let mut len = 0;
Expand Down Expand Up @@ -360,7 +360,7 @@ impl<'a> Signer<'a> {
/// OpenSSL documentation at [`EVP_DigestSign`].
///
/// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn sign_oneshot(
&mut self,
sig_buf: &mut [u8],
Expand All @@ -382,7 +382,7 @@ impl<'a> Signer<'a> {
/// Returns the signature.
///
/// This is a simple convenience wrapper over `len` and `sign_oneshot`.
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn sign_oneshot_to_vec(&mut self, data_buf: &[u8]) -> Result<Vec<u8>, ErrorStack> {
let mut sig_buf = vec![0; self.len()?];
let len = self.sign_oneshot(&mut sig_buf, data_buf)?;
Expand Down Expand Up @@ -596,7 +596,7 @@ impl<'a> Verifier<'a> {
/// OpenSSL documentation at [`EVP_DigestVerify`].
///
/// [`EVP_DigestVerify`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerify.html
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
pub fn verify_oneshot(&mut self, signature: &[u8], buf: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
let r = ffi::EVP_DigestVerify(
Expand Down Expand Up @@ -846,7 +846,7 @@ mod test {
}

#[test]
#[cfg(ossl111)]
#[cfg(any(ossl111, boringssl))]
fn eddsa() {
let key = PKey::generate_ed25519().unwrap();

Expand Down

0 comments on commit 2fe8b94

Please sign in to comment.