From 29872fa47a3a5406af3b9f5933637171c262275a Mon Sep 17 00:00:00 2001 From: Adam Wick Date: Mon, 15 Apr 2019 09:38:48 -0700 Subject: [PATCH] Start the infrastructure for ECDSA SSH keys. --- src/ecdsa/mod.rs | 28 +++++++++++++++++++++++++++- src/ecdsa/private.rs | 8 ++++++++ src/ecdsa/public.rs | 10 +++++----- src/x509/mod.rs | 10 +++++----- src/x509/publickey.rs | 20 ++++++++++---------- 5 files changed, 55 insertions(+), 21 deletions(-) diff --git a/src/ecdsa/mod.rs b/src/ecdsa/mod.rs index f6c21e7..f977d1e 100644 --- a/src/ecdsa/mod.rs +++ b/src/ecdsa/mod.rs @@ -10,7 +10,7 @@ use rand::Rng; use rand::distributions::Standard; use self::curve::{EllipticCurve,P192,P224,P256,P384,P521}; use self::point::{ECCPoint,Point}; -pub use self::private::ECCPrivateKey; +pub use self::private::{ECDSAPrivate,ECCPrivateKey}; pub use self::public::{ECDSAPublic,ECCPublicKey}; pub use self::public::{ECDSADecodeErr,ECDSAEncodeErr}; use super::KeyPair; @@ -20,6 +20,32 @@ pub struct ECDSAKeyPair { pub private: ECCPrivateKey } +pub enum ECDSAPair { + P192(ECCPublicKey,ECCPrivateKey), + P224(ECCPublicKey,ECCPrivateKey), + P256(ECCPublicKey,ECCPrivateKey), + P384(ECCPublicKey,ECCPrivateKey), + P521(ECCPublicKey,ECCPrivateKey), +} + +impl KeyPair for ECDSAPair { + type Public = ECDSAPublic; + type Private = ECDSAPrivate; + + fn new(pu: ECDSAPublic, pr: ECDSAPrivate) -> ECDSAPair + { + match (pu, pr) { + (ECDSAPublic::P192(pbl),ECDSAPrivate::P192(prv)) => ECDSAPair::P192(pbl,prv), + (ECDSAPublic::P224(pbl),ECDSAPrivate::P224(prv)) => ECDSAPair::P224(pbl,prv), + (ECDSAPublic::P256(pbl),ECDSAPrivate::P256(prv)) => ECDSAPair::P256(pbl,prv), + (ECDSAPublic::P384(pbl),ECDSAPrivate::P384(prv)) => ECDSAPair::P384(pbl,prv), + (ECDSAPublic::P521(pbl),ECDSAPrivate::P521(prv)) => ECDSAPair::P521(pbl,prv), + _ => + panic!("Non-matching public/private pairs in ECDSAPair::new()") + } + } +} + macro_rules! generate_impl { ($curve: ident, $un: ident, $si: ident) => { impl KeyPair for ECDSAKeyPair<$curve> { diff --git a/src/ecdsa/private.rs b/src/ecdsa/private.rs index 47c1059..0660402 100644 --- a/src/ecdsa/private.rs +++ b/src/ecdsa/private.rs @@ -10,6 +10,14 @@ pub struct ECCPrivateKey { d: Curve::Unsigned } +pub enum ECDSAPrivate { + P192(ECCPrivateKey), + P224(ECCPrivateKey), + P256(ECCPrivateKey), + P384(ECCPrivateKey), + P521(ECCPrivateKey), +} + macro_rules! generate_privates { ($curve: ident, $base: ident, $sig: ident, $dbl: ident, $quad: ident) => { diff --git a/src/ecdsa/public.rs b/src/ecdsa/public.rs index 957b0e7..247b335 100644 --- a/src/ecdsa/public.rs +++ b/src/ecdsa/public.rs @@ -13,11 +13,11 @@ pub struct ECCPublicKey { } pub enum ECDSAPublic { - ECCPublicP192(ECCPublicKey), - ECCPublicP224(ECCPublicKey), - ECCPublicP256(ECCPublicKey), - ECCPublicP384(ECCPublicKey), - ECCPublicP521(ECCPublicKey), + P192(ECCPublicKey), + P224(ECCPublicKey), + P256(ECCPublicKey), + P384(ECCPublicKey), + P521(ECCPublicKey), } pub enum ECDSAEncodeErr { diff --git a/src/x509/mod.rs b/src/x509/mod.rs index ccfc6ee..412ba5a 100644 --- a/src/x509/mod.rs +++ b/src/x509/mod.rs @@ -182,7 +182,7 @@ fn check_signature(alg: &AlgorithmIdentifier, Err(X509ParseError::InvalidSignatureHash) } } - (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::ECCPublicP192(ref key))) => { + (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P192(ref key))) => { let ecdsa_sig = der_decode(&sig)?; match alg.hash { HashAlgorithm::SHA1 if key.verify::(block, &ecdsa_sig) => Ok(()), @@ -194,7 +194,7 @@ fn check_signature(alg: &AlgorithmIdentifier, Err(X509ParseError::InvalidSignatureHash) } } - (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::ECCPublicP224(ref key))) => { + (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P224(ref key))) => { let ecdsa_sig = der_decode(&sig)?; match alg.hash { HashAlgorithm::SHA1 if key.verify::(block, &ecdsa_sig) => Ok(()), @@ -206,7 +206,7 @@ fn check_signature(alg: &AlgorithmIdentifier, Err(X509ParseError::InvalidSignatureHash) } } - (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::ECCPublicP256(ref key))) => { + (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P256(ref key))) => { let ecdsa_sig = der_decode(&sig)?; match alg.hash { HashAlgorithm::SHA1 if key.verify::(block, &ecdsa_sig) => Ok(()), @@ -218,7 +218,7 @@ fn check_signature(alg: &AlgorithmIdentifier, Err(X509ParseError::InvalidSignatureHash) } } - (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::ECCPublicP384(ref key))) => { + (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P384(ref key))) => { let ecdsa_sig = der_decode(&sig)?; match alg.hash { HashAlgorithm::SHA1 if key.verify::(block, &ecdsa_sig) => Ok(()), @@ -230,7 +230,7 @@ fn check_signature(alg: &AlgorithmIdentifier, Err(X509ParseError::InvalidSignatureHash) } } - (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::ECCPublicP521(ref key))) => { + (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P521(ref key))) => { let ecdsa_sig = der_decode(&sig)?; match alg.hash { HashAlgorithm::SHA1 if key.verify::(block, &ecdsa_sig) => Ok(()), diff --git a/src/x509/publickey.rs b/src/x509/publickey.rs index da5ff07..12b64d1 100644 --- a/src/x509/publickey.rs +++ b/src/x509/publickey.rs @@ -255,11 +255,11 @@ fn encode_ecdsa_key(c: ASN1Class, x: &ECDSAPublic) -> Result (oid!(1,2,840,10045,3,1,1), k.to_asn1_class(c)?), - ECDSAPublic::ECCPublicP224(k) => (oid!(1,3,132,0,33), k.to_asn1_class(c)?), - ECDSAPublic::ECCPublicP256(k) => (oid!(1,2,840,10045,3,1,7), k.to_asn1_class(c)?), - ECDSAPublic::ECCPublicP384(k) => (oid!(1,3,132,0,34), k.to_asn1_class(c)?), - ECDSAPublic::ECCPublicP521(k) => (oid!(1,3,132,0,35), k.to_asn1_class(c)?), + ECDSAPublic::P192(k) => (oid!(1,2,840,10045,3,1,1), k.to_asn1_class(c)?), + ECDSAPublic::P224(k) => (oid!(1,3,132,0,33), k.to_asn1_class(c)?), + ECDSAPublic::P256(k) => (oid!(1,2,840,10045,3,1,7), k.to_asn1_class(c)?), + ECDSAPublic::P384(k) => (oid!(1,3,132,0,34), k.to_asn1_class(c)?), + ECDSAPublic::P521(k) => (oid!(1,3,132,0,35), k.to_asn1_class(c)?), }; let curve_oid = ASN1Block::ObjectIdentifier(c, 0, base_curve_oid); let header = ASN1Block::Sequence(c, 0, vec![objoid, curve_oid]); @@ -272,27 +272,27 @@ fn decode_ecdsa_key(info: ASN1Block, keybls: &[ASN1Block]) -> Result::from_asn1(keybls)?; - return Ok(ECDSAPublic::ECCPublicP192(res)); + return Ok(ECDSAPublic::P192(res)); } if oid == oid!(1,3,132,0,33) { let (res, _) = ECCPublicKey::::from_asn1(keybls)?; - return Ok(ECDSAPublic::ECCPublicP224(res)); + return Ok(ECDSAPublic::P224(res)); } if oid == oid!(1,2,840,10045,3,1,7) { let (res, _) = ECCPublicKey::::from_asn1(keybls)?; - return Ok(ECDSAPublic::ECCPublicP256(res)); + return Ok(ECDSAPublic::P256(res)); } if oid == oid!(1,3,132,0,34) { let (res, _) = ECCPublicKey::::from_asn1(keybls)?; - return Ok(ECDSAPublic::ECCPublicP384(res)); + return Ok(ECDSAPublic::P384(res)); } if oid == oid!(1,3,132,0,35) { let (res, _) = ECCPublicKey::::from_asn1(keybls)?; - return Ok(ECDSAPublic::ECCPublicP521(res)); + return Ok(ECDSAPublic::P521(res)); } }