From 2fe8b94066f1063ec78b0502052e4558379514a0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 15 Mar 2023 07:34:43 -0400 Subject: [PATCH] Enable X/Ed25519 support on BoringSSL --- openssl/src/pkey.rs | 36 ++++++++++++++++++++---------------- openssl/src/sign.rs | 12 ++++++------ 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index 780bd637e5..ca9e08b253 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -47,7 +47,7 @@ use crate::dh::Dh; use crate::dsa::Dsa; use crate::ec::EcKey; use crate::error::ErrorStack; -#[cfg(ossl110)] +#[cfg(any(ossl110, boringssl))] use crate::pkey_ctx::PkeyCtx; use crate::rsa::Rsa; use crate::symm::Cipher; @@ -89,11 +89,11 @@ impl Id { #[cfg(ossl110)] pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF); - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519); #[cfg(ossl111)] pub const ED448: Id = Id(ffi::EVP_PKEY_ED448); - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub const X25519: Id = Id(ffi::EVP_PKEY_X25519); #[cfg(ossl111)] pub const X448: Id = Id(ffi::EVP_PKEY_X448); @@ -252,7 +252,7 @@ where /// This function only works for algorithms that support raw public keys. /// Currently this is: [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`]. #[corresponds(EVP_PKEY_get_raw_public_key)] - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn raw_public_key(&self) -> Result, ErrorStack> { unsafe { let mut len = 0; @@ -303,7 +303,7 @@ where /// This function only works for algorithms that support raw private keys. /// Currently this is: [`Id::HMAC`], [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`]. #[corresponds(EVP_PKEY_get_raw_private_key)] - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn raw_private_key(&self) -> Result, ErrorStack> { unsafe { let mut len = 0; @@ -503,7 +503,7 @@ impl PKey { ctx.keygen() } - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] fn generate_eddsa(id: Id) -> Result, ErrorStack> { let mut ctx = PkeyCtx::new_id(id)?; ctx.keygen_init()?; @@ -533,7 +533,7 @@ impl PKey { /// assert_eq!(secret.len(), 32); /// # Ok(()) } /// ``` - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn generate_x25519() -> Result, ErrorStack> { PKey::generate_eddsa(Id::X25519) } @@ -587,7 +587,7 @@ impl PKey { /// assert_eq!(signature.len(), 64); /// # Ok(()) } /// ``` - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn generate_ed25519() -> Result, ErrorStack> { PKey::generate_eddsa(Id::ED25519) } @@ -737,7 +737,7 @@ impl PKey { /// /// Algorithm types that support raw private keys are HMAC, X25519, ED25519, X448 or ED448 #[corresponds(EVP_PKEY_new_raw_private_key)] - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn private_key_from_raw_bytes( bytes: &[u8], key_type: Id, @@ -778,7 +778,7 @@ impl PKey { /// /// Algorithm types that support raw public keys are X25519, ED25519, X448 or ED448 #[corresponds(EVP_PKEY_new_raw_public_key)] - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn public_key_from_raw_bytes( bytes: &[u8], key_type: Id, @@ -1084,7 +1084,7 @@ mod tests { assert_eq!(&g, dh_.generator()); } - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] fn test_raw_public_key(gen: fn() -> Result, ErrorStack>, key_type: Id) { // Generate a new key let key = gen().unwrap(); @@ -1100,7 +1100,7 @@ mod tests { ); } - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] fn test_raw_private_key(gen: fn() -> Result, ErrorStack>, key_type: Id) { // Generate a new key let key = gen().unwrap(); @@ -1111,26 +1111,30 @@ mod tests { // Compare the der encoding of the original and raw / restored public key assert_eq!( - key.private_key_to_der().unwrap(), - from_raw.private_key_to_der().unwrap() + key.private_key_to_pkcs8().unwrap(), + from_raw.private_key_to_pkcs8().unwrap() ); } - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] #[test] fn test_raw_public_key_bytes() { test_raw_public_key(PKey::generate_x25519, Id::X25519); test_raw_public_key(PKey::generate_ed25519, Id::ED25519); + #[cfg(not(boringssl))] test_raw_public_key(PKey::generate_x448, Id::X448); + #[cfg(not(boringssl))] test_raw_public_key(PKey::generate_ed448, Id::ED448); } - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] #[test] fn test_raw_private_key_bytes() { test_raw_private_key(PKey::generate_x25519, Id::X25519); test_raw_private_key(PKey::generate_ed25519, Id::ED25519); + #[cfg(not(boringssl))] test_raw_private_key(PKey::generate_x448, Id::X448); + #[cfg(not(boringssl))] test_raw_private_key(PKey::generate_ed448, Id::ED448); } diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 51738651c6..1c13a625b3 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -290,7 +290,7 @@ impl<'a> Signer<'a> { self.len_intern() } - #[cfg(not(ossl111))] + #[cfg(all(not(ossl111), not(boringssl)))] fn len_intern(&self) -> Result { unsafe { let mut len = 0; @@ -303,7 +303,7 @@ impl<'a> Signer<'a> { } } - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] fn len_intern(&self) -> Result { unsafe { let mut len = 0; @@ -360,7 +360,7 @@ impl<'a> Signer<'a> { /// OpenSSL documentation at [`EVP_DigestSign`]. /// /// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn sign_oneshot( &mut self, sig_buf: &mut [u8], @@ -382,7 +382,7 @@ impl<'a> Signer<'a> { /// Returns the signature. /// /// This is a simple convenience wrapper over `len` and `sign_oneshot`. - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn sign_oneshot_to_vec(&mut self, data_buf: &[u8]) -> Result, ErrorStack> { let mut sig_buf = vec![0; self.len()?]; let len = self.sign_oneshot(&mut sig_buf, data_buf)?; @@ -596,7 +596,7 @@ impl<'a> Verifier<'a> { /// OpenSSL documentation at [`EVP_DigestVerify`]. /// /// [`EVP_DigestVerify`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerify.html - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] pub fn verify_oneshot(&mut self, signature: &[u8], buf: &[u8]) -> Result { unsafe { let r = ffi::EVP_DigestVerify( @@ -846,7 +846,7 @@ mod test { } #[test] - #[cfg(ossl111)] + #[cfg(any(ossl111, boringssl))] fn eddsa() { let key = PKey::generate_ed25519().unwrap();