diff --git a/Cargo.lock b/Cargo.lock index c12bf02..396d784 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -11,6 +11,12 @@ dependencies = [ "generic-array", ] +[[package]] +name = "base64ct" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43a46022bae2c3bc5a17c2d45d59c1233ce0e2cca9ae9b92e92e9ce529874177" + [[package]] name = "blobby" version = "0.1.2" @@ -44,22 +50,32 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "const-oid" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" + [[package]] name = "crypto-bigint" -version = "0.2.11" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f83bd3bb4314701c568e340cd8cf78c975aa0ca79e03d3f6d1677d5b0c9c0c03" +checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" dependencies = [ "generic-array", "rand_core", "subtle", + "zeroize", ] [[package]] name = "der" -version = "0.4.5" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4" +checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" +dependencies = [ + "const-oid", +] [[package]] name = "digest" @@ -73,9 +89,9 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.12.4" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43ee23aa5b4f68c7a092b5c3beb25f50c406adc75e2363634f242f28ab255372" +checksum = "e91ae02c7618ee05108cd86a0be2f5586d1f0d965bede7ecfd46815f1b860227" dependencies = [ "der", "elliptic-curve", @@ -93,14 +109,17 @@ dependencies = [ [[package]] name = "elliptic-curve" -version = "0.10.6" +version = "0.11.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "beca177dcb8eb540133e7680baff45e7cc4d93bf22002676cec549f82343721b" +checksum = "1f01ff20862362c34074072c8be2de97399633d6b1d2114afa56bf77a8b7f0a4" dependencies = [ "crypto-bigint", + "der", "generic-array", "rand_core", + "sec1", "subtle", + "zeroize", ] [[package]] @@ -174,22 +193,35 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "p256" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d053368e1bae4c8a672953397bd1bd7183dde1c72b0b7612a15719173148d186" +checksum = "d0e0c5310031b5d4528ac6534bccc1446c289ac45c47b277d5aa91089c5f74fa" dependencies = [ "ecdsa", "elliptic-curve", + "sec1", ] [[package]] name = "p384" -version = "0.8.0" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23bc88c404ccc881c8a1ad62ba5cd7d336a64ecbf46de4874f2ad955f67b157" +checksum = "755d8266e41f57bd8562ed9b6e93cdcf73ead050e1e8c3a27ea3871b6643a20c" dependencies = [ "ecdsa", "elliptic-curve", + "sec1", +] + +[[package]] +name = "pkcs8" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" +dependencies = [ + "der", + "spki", + "zeroize", ] [[package]] @@ -236,7 +268,7 @@ dependencies = [ [[package]] name = "ring-compat" -version = "0.3.2" +version = "0.4.0-pre" dependencies = [ "aead", "digest", @@ -251,6 +283,19 @@ dependencies = [ "zeroize", ] +[[package]] +name = "sec1" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08da66b8b0965a5555b6bd6639e68ccba85e1e2506f5fbb089e93f8a04e1a2d1" +dependencies = [ + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "signature" version = "1.3.2" @@ -266,6 +311,16 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spki" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8a277a21925310de1d31bb6b021da3550b00e9127096ef84ee38f44609925c4" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "subtle" version = "2.4.1" diff --git a/Cargo.toml b/Cargo.toml index 75eff9e..57fc216 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ring-compat" -version = "0.3.2" +version = "0.4.0-pre" description = """ Compatibility crate for using RustCrypto's traits with the cryptographic algorithm implementations from *ring* @@ -17,12 +17,12 @@ keywords = ["aead", "digest", "crypto", "ring", "signature"] [dependencies] aead = { version = "0.4", optional = true, default-features = false } digest = { version = "0.9", optional = true } -ecdsa = { version = "0.12", optional = true, default-features = false } +ecdsa = { version = "0.13", optional = true, default-features = false } ed25519 = { version = "1.3", optional = true, default-features = false } generic-array = { version = "0.14", default-features = false } opaque-debug = "0.3" -p256 = { version = "0.9", optional = true, default-features = false, features = ["ecdsa-core"] } -p384 = { version = "0.8", optional = true, default-features = false, features = ["ecdsa"] } +p256 = { version = "0.10", optional = true, default-features = false, features = ["ecdsa-core"] } +p384 = { version = "0.9", optional = true, default-features = false, features = ["ecdsa"] } ring = { version = "0.16", default-features = false } zeroize = { version = "1", default-features = false } diff --git a/src/signature/ecdsa.rs b/src/signature/ecdsa.rs index 6c24e43..9340c7b 100644 --- a/src/signature/ecdsa.rs +++ b/src/signature/ecdsa.rs @@ -9,13 +9,13 @@ mod signing_key; mod verifying_key; pub use self::{signing_key::SigningKey, verifying_key::VerifyingKey}; -pub use ::ecdsa::{der, elliptic_curve::weierstrass::Curve, Signature}; +pub use ::ecdsa::{der, elliptic_curve::PrimeCurve, Signature}; use ring::signature::{EcdsaSigningAlgorithm, EcdsaVerificationAlgorithm}; /// Trait for associating a *ring* [`EcdsaSigningAlgorithm`] with an /// elliptic curve -pub trait CurveAlg: Curve { +pub trait CurveAlg: PrimeCurve { /// *ring* signing algorithm fn signing_alg() -> &'static EcdsaSigningAlgorithm; diff --git a/src/signature/ecdsa/signing_key.rs b/src/signature/ecdsa/signing_key.rs index f89a9fd..27d682b 100644 --- a/src/signature/ecdsa/signing_key.rs +++ b/src/signature/ecdsa/signing_key.rs @@ -1,14 +1,13 @@ //! ECDSA signing key -use super::{Curve, CurveAlg, Signature, VerifyingKey}; +use super::{CurveAlg, PrimeCurve, Signature, VerifyingKey}; use crate::signature::{Error, Signature as _, Signer}; use ::ecdsa::{ - elliptic_curve::sec1::{UncompressedPointSize, UntaggedPointSize}, + elliptic_curve::{sec1, FieldSize}, SignatureSize, }; use core::marker::PhantomData; -use core::ops::Add; -use generic_array::{typenum::U1, ArrayLength}; +use generic_array::ArrayLength; use ring::{ self, rand::SystemRandom, @@ -18,7 +17,7 @@ use ring::{ /// ECDSA signing key. Generic over elliptic curves. pub struct SigningKey where - C: Curve + CurveAlg, + C: PrimeCurve + CurveAlg, SignatureSize: ArrayLength, { /// *ring* ECDSA keypair @@ -33,7 +32,7 @@ where impl SigningKey where - C: Curve + CurveAlg, + C: PrimeCurve + CurveAlg, SignatureSize: ArrayLength, { /// Initialize a [`SigningKey`] from a PKCS#8-encoded private key @@ -61,8 +60,7 @@ where /// Get the [`VerifyingKey`] for this [`SigningKey`] pub fn verify_key(&self) -> VerifyingKey where - UntaggedPointSize: Add + ArrayLength, - UncompressedPointSize: ArrayLength, + FieldSize: sec1::ModulusSize, { VerifyingKey::new(self.keypair.public_key().as_ref()).unwrap() } @@ -70,7 +68,7 @@ where impl Signer> for SigningKey where - C: Curve + CurveAlg, + C: PrimeCurve + CurveAlg, SignatureSize: ArrayLength, { fn try_sign(&self, msg: &[u8]) -> Result, Error> { diff --git a/src/signature/ecdsa/verifying_key.rs b/src/signature/ecdsa/verifying_key.rs index e145314..c09026d 100644 --- a/src/signature/ecdsa/verifying_key.rs +++ b/src/signature/ecdsa/verifying_key.rs @@ -1,42 +1,37 @@ //! ECDSA verifying key -use super::{Curve, CurveAlg, Signature}; +use super::{CurveAlg, PrimeCurve, Signature}; use crate::signature::{Error, Verifier}; use ::ecdsa::{ - elliptic_curve::{ - bigint::Encoding as _, - sec1::{self, UncompressedPointSize, UntaggedPointSize}, - }, + elliptic_curve::{bigint::Encoding as _, sec1, FieldSize}, SignatureSize, }; -use core::{convert::TryInto, ops::Add}; -use generic_array::{typenum::U1, ArrayLength}; +use core::convert::TryInto; +use generic_array::ArrayLength; use ring::signature::UnparsedPublicKey; /// ECDSA verifying key. Generic over elliptic curves. #[derive(Clone, Debug, Eq, PartialEq)] pub struct VerifyingKey(sec1::EncodedPoint) where - C: Curve + CurveAlg, - SignatureSize: ArrayLength, - UntaggedPointSize: Add + ArrayLength, - UncompressedPointSize: ArrayLength; + C: PrimeCurve + CurveAlg, + FieldSize: sec1::ModulusSize, + SignatureSize: ArrayLength; impl VerifyingKey where - C: Curve + CurveAlg, + C: PrimeCurve + CurveAlg, + FieldSize: sec1::ModulusSize, SignatureSize: ArrayLength, - UntaggedPointSize: Add + ArrayLength, - UncompressedPointSize: ArrayLength, { /// Initialize [`VerifyingKey`] from a SEC1-encoded public key pub fn new(bytes: &[u8]) -> Result { let point_result = if bytes.len() == C::UInt::BYTE_SIZE * 2 { - Ok(sec1::EncodedPoint::from_untagged_bytes( + Ok(sec1::EncodedPoint::::from_untagged_bytes( bytes.try_into().unwrap(), )) } else { - sec1::EncodedPoint::from_bytes(bytes) + sec1::EncodedPoint::::from_bytes(bytes) }; point_result.map(VerifyingKey).map_err(|_| Error::new()) @@ -48,12 +43,11 @@ where } } -impl Verifier> for VerifyingKey +impl Verifier> for VerifyingKey where - C: Curve + CurveAlg, + C: PrimeCurve + CurveAlg, + FieldSize: sec1::ModulusSize, SignatureSize: ArrayLength, - UntaggedPointSize: Add + ArrayLength, - UncompressedPointSize: ArrayLength, { fn verify(&self, msg: &[u8], sig: &Signature) -> Result<(), Error> { UnparsedPublicKey::new(C::verify_alg(), self.0.as_ref())