Skip to content

Commit

Permalink
Reorganize EC code to its own directory
Browse files Browse the repository at this point in the history
Also fixes feature detection to be more straightforward

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
simo5 committed Nov 20, 2024
1 parent b908747 commit 45dcf69
Show file tree
Hide file tree
Showing 19 changed files with 82 additions and 82 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ jobs:
- name: Build
run: |
if [ "${{ matrix.name }}" = "fips" ]; then
cargo build -vv --features fips
cargo build -vv --no-default-features --features fips
fi
if [ "${{ matrix.name }}" = "ossl3" ]; then
cargo build -vv
Expand All @@ -93,7 +93,7 @@ jobs:
- name: Test
run: |
if [ "${{ matrix.name }}" = "fips" ]; then
cargo test --features fips
cargo test --no-default-features --features fips
fi
if [ "${{ matrix.name }}" = "ossl3" ]; then
cargo test
Expand Down
7 changes: 4 additions & 3 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ zeroize = "1.6.0"

[features]
aes = []
ecc = []
ecdsa = []
ecdh = []
eddsa = []
ec_montgomery = []
hash = []
Expand All @@ -70,9 +71,9 @@ basic = [ "aes", "hmac", "pbkdf2", "sqlitedb" ]

#select everything by default
# Use --no-default-features --features basic, xxx for custom selections
default = [ "basic", "ecc", "ec_montgomery", "eddsa", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]
default = [ "basic", "ecdsa", "ec_montgomery", "eddsa", "ecdh", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]

fips = [ "rusqlite/bundled", "basic", "ecc", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]
fips = [ "rusqlite/bundled", "basic", "ecdsa", "ecdh", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]

dynamic = [ ] # Builds against system libcrypto.so

Expand Down
2 changes: 1 addition & 1 deletion src/ecdh.rs → src/ec/ecdh.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

use std::fmt::Debug;

use crate::ecc::*;
use crate::ec::ecdsa::{MAX_EC_SIZE_BITS, MIN_EC_SIZE_BITS};
use crate::error::Result;
use crate::interface::*;
use crate::mechanism::{Mechanism, Mechanisms, Operation};
Expand Down
9 changes: 4 additions & 5 deletions src/ecc.rs → src/ec/ecdsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,19 @@
use std::fmt::Debug;

use crate::attribute::Attribute;
use crate::ecc_misc::*;
use crate::ec::*;
use crate::error::Result;
use crate::interface::*;
use crate::kasn1::PrivateKeyInfo;
use crate::mechanism::*;
use crate::object::*;
use crate::ossl::ecc::EccOperation;
use crate::ossl::ecdsa::EccOperation;
use crate::{attr_element, bytes_attr_not_empty};

use asn1;
use once_cell::sync::Lazy;

pub const MIN_EC_SIZE_BITS: usize = 256;
pub const MAX_EC_SIZE_BITS: usize = 521;
pub const MIN_EC_SIZE_BITS: usize = BITS_SECP256R1;
pub const MAX_EC_SIZE_BITS: usize = BITS_SECP521R1;

#[derive(Debug)]
pub struct ECCPubFactory {
Expand Down
2 changes: 1 addition & 1 deletion src/eddsa.rs → src/ec/eddsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
use std::fmt::Debug;

use crate::attribute::Attribute;
use crate::ecc_misc::*;
use crate::ec::{ec_key_check_import, BITS_ED25519, BITS_ED448};
use crate::error::Result;
use crate::interface::*;
use crate::mechanism::*;
Expand Down
20 changes: 17 additions & 3 deletions src/ecc_misc.rs → src/ec/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,18 @@ use crate::object::Object;

use asn1;

#[cfg(feature = "ecdh")]
pub mod ecdh;

#[cfg(feature = "ecdsa")]
pub mod ecdsa;

#[cfg(feature = "eddsa")]
pub mod eddsa;

#[cfg(feature = "ec_montgomery")]
pub mod montgomery;

type Version = u64;

#[derive(asn1::Asn1Read, asn1::Asn1Write)]
Expand Down Expand Up @@ -48,9 +60,10 @@ pub fn ec_key_check_import(obj: &mut Object) -> Result<()> {
}

// Bit sized for curves
const BITS_SECP256R1: usize = 256;
const BITS_SECP384R1: usize = 384;
const BITS_SECP521R1: usize = 521;
pub const BITS_SECP256R1: usize = 256;
#[allow(dead_code)]
pub const BITS_SECP384R1: usize = 384;
pub const BITS_SECP521R1: usize = 521;
pub const BITS_ED25519: usize = 256;
pub const BITS_ED448: usize = 448;
pub const BITS_X25519: usize = 256;
Expand Down Expand Up @@ -99,6 +112,7 @@ static NAME_X448: &[u8; 5] = b"X448\0";

pub static EC_NAME: &[u8; 3] = b"EC\0";

#[cfg(any(test, feature = "fips"))]
pub fn curve_name_to_bits(name: &[u8]) -> Result<usize> {
/* Would be nice to use a match, but apparently doesn't
* work with static slices */
Expand Down
5 changes: 3 additions & 2 deletions src/ec_montgomery.rs → src/ec/montgomery.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@
use std::fmt::Debug;

use crate::attribute::Attribute;
use crate::ecc_misc::*;
use crate::ec::montgomery::montgomery::ECMontgomeryOperation;
use crate::ec::{ec_key_check_import, BITS_X25519, BITS_X448};
use crate::error::Result;
use crate::interface::*;
use crate::mechanism::*;
use crate::object::*;
use crate::ossl::ec_montgomery::*;
use crate::ossl::montgomery;
use crate::{attr_element, bytes_attr_not_empty};

use once_cell::sync::Lazy;
Expand Down
38 changes: 16 additions & 22 deletions src/enabled.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,17 @@
#[cfg(all(feature = "dynamic", feature = "fips"))]
compile_error!("Feature 'dynamic' and 'fips' are mutually exclusive and cannot be enabled together");

#[cfg(all(
feature = "ecdh",
not(any(feature = "ecdsa", feature = "ec_montgomery"))
))]
compile_error!("Feature 'ecdh' requires either 'ecdsa' or 'ec_montgomery'");

#[cfg(feature = "aes")]
mod aes;

#[cfg(feature = "ecc")]
mod ecc;

#[cfg(any(feature = "ecc", feature = "eddsa"))]
mod ecc_misc;

#[cfg(all(feature = "ec_montgomery", not(feature = "fips")))]
mod ec_montgomery;

#[cfg(any(feature = "ec_montgomery", feature = "ecc"))]
mod ecdh;

#[cfg(all(feature = "eddsa", not(feature = "fips")))]
mod eddsa;
#[cfg(any(feature = "ecdsa", feature = "eddsa", feature = "ec_montgomery"))]
mod ec;

#[cfg(feature = "hash")]
mod hash;
Expand Down Expand Up @@ -55,17 +49,17 @@ pub fn register_all(mechs: &mut Mechanisms, ot: &mut ObjectFactories) {
#[cfg(feature = "aes")]
aes::register(mechs, ot);

#[cfg(feature = "ecc")]
ecc::register(mechs, ot);
#[cfg(feature = "ecdsa")]
ec::ecdsa::register(mechs, ot);

#[cfg(any(feature = "ec_montgomery", feature = "ecc"))]
ecdh::register(mechs, ot);
#[cfg(feature = "ecdh")]
ec::ecdh::register(mechs, ot);

#[cfg(all(feature = "ec_montgomery", not(feature = "fips")))]
ec_montgomery::register(mechs, ot);
#[cfg(feature = "ec_montgomery")]
ec::montgomery::register(mechs, ot);

#[cfg(all(feature = "eddsa", not(feature = "fips")))]
eddsa::register(mechs, ot);
#[cfg(feature = "eddsa")]
ec::eddsa::register(mechs, ot);

#[cfg(feature = "hash")]
hash::register(mechs, ot);
Expand Down
2 changes: 1 addition & 1 deletion src/fips/indicators.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

use crate::attr_element;
use crate::attribute::Attribute;
use crate::ecc_misc::*;
use crate::ec::{curve_name_to_bits, get_ossl_name_from_obj};
use crate::error::Result;
use crate::interface::*;
use crate::object::{OAFlags, Object, ObjectAttr, ObjectFactory};
Expand Down
18 changes: 9 additions & 9 deletions src/ossl/common.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ use crate::ossl::bindings::*;
use crate::ossl::get_libctx;
use crate::{byte_ptr, void_ptr};

#[cfg(all(feature = "ec_montgomery", not(feature = "fips")))]
use crate::ossl::ec_montgomery as ecm;
#[cfg(feature = "ecc")]
use crate::ossl::ecc;
#[cfg(all(feature = "eddsa", not(feature = "fips")))]
#[cfg(feature = "ecdsa")]
use crate::ossl::ecdsa;
#[cfg(feature = "eddsa")]
use crate::ossl::eddsa;
#[cfg(feature = "ec_montgomery")]
use crate::ossl::montgomery as ecm;
#[cfg(feature = "rsa")]
use crate::ossl::rsa;

Expand Down Expand Up @@ -283,11 +283,11 @@ impl EvpPkey {
};
let key_type = obj.get_attr_as_ulong(CKA_KEY_TYPE)?;
let (name, params) = match key_type {
#[cfg(feature = "ecc")]
CKK_EC => ecc::ecc_object_to_params(obj, class)?,
#[cfg(all(feature = "eddsa", not(feature = "fips")))]
#[cfg(feature = "ecdsa")]
CKK_EC => ecdsa::ecc_object_to_params(obj, class)?,
#[cfg(feature = "eddsa")]
CKK_EC_EDWARDS => eddsa::eddsa_object_to_params(obj, class)?,
#[cfg(all(feature = "ec_montgomery", not(feature = "fips")))]
#[cfg(feature = "ec_montgomery")]
CKK_EC_MONTGOMERY => ecm::ecm_object_to_params(obj, class)?,
#[cfg(feature = "rsa")]
CKK_RSA => rsa::rsa_object_to_params(obj, class)?,
Expand Down
6 changes: 3 additions & 3 deletions src/ossl/ecdh.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use std::borrow::Cow;

use crate::attribute::CkAttrs;
use crate::bytes_to_vec;
use crate::ecc_misc::*;
use crate::ec::{get_ossl_name_from_obj, EC_NAME};
use crate::error::Result;
use crate::interface::*;
use crate::mechanism::*;
Expand Down Expand Up @@ -34,15 +34,15 @@ fn make_peer_key(key: &Object, ec_point: &Vec<u8>) -> Result<EvpPkey> {
params.zeroize = true;

let name = match key.get_attr_as_ulong(CKA_KEY_TYPE)? {
#[cfg(feature = "ecc")]
#[cfg(feature = "ecdsa")]
CKK_EC => {
params.add_const_c_string(
name_as_char(OSSL_PKEY_PARAM_GROUP_NAME),
name_as_char(get_ossl_name_from_obj(key)?),
)?;
EC_NAME
}
#[cfg(all(feature = "ec_montgomery", not(feature = "fips")))]
#[cfg(feature = "ec_montgomery")]
CKK_EC_MONTGOMERY => get_ossl_name_from_obj(key)?,
_ => return Err(CKR_KEY_TYPE_INCONSISTENT)?,
};
Expand Down
4 changes: 2 additions & 2 deletions src/ossl/ecc.rs → src/ossl/ecdsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
use core::ffi::{c_char, c_int};

use crate::attribute::Attribute;
use crate::ecc::*;
use crate::ecc_misc::*;
use crate::ec::ecdsa::*;
use crate::ec::{get_ec_point_from_obj, get_ossl_name_from_obj, EC_NAME};
use crate::error::Result;
use crate::interface::*;
use crate::kasn1::DerEncBigUint;
Expand Down
6 changes: 1 addition & 5 deletions src/ossl/eddsa.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
use std::ffi::{c_char, c_int};

use crate::attribute::Attribute;
use crate::ecc_misc::*;
use crate::ec::{get_ec_point_from_obj, get_ossl_name_from_obj};
use crate::error::Result;
use crate::interface::*;
use crate::mechanism::*;
Expand All @@ -19,10 +19,6 @@ use crate::ossl::fips::*;
#[cfg(not(feature = "fips"))]
use crate::ossl::get_libctx;

/* confusingly enough, this is not EC for FIPS-level operations */
#[cfg(feature = "fips")]
static ECDSA_NAME: &[u8; 6] = b"EDDSA\0";

pub const OUTLEN_ED25519: usize = 64;
pub const OUTLEN_ED448: usize = 114;

Expand Down
12 changes: 6 additions & 6 deletions src/ossl/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,16 @@ pub mod common;
pub mod drbg;

// the derive code for both ECDSA and Montgomery curves
#[cfg(any(feature = "ecc", feature = "ec_montgomery"))]
#[cfg(feature = "ecdh")]
pub mod ecdh;

#[cfg(feature = "ecc")]
pub mod ecc;
#[cfg(feature = "ecdsa")]
pub mod ecdsa;

#[cfg(all(feature = "ec_montgomery", not(feature = "fips")))]
pub mod ec_montgomery;
#[cfg(feature = "ec_montgomery")]
pub mod montgomery;

#[cfg(all(feature = "eddsa", not(feature = "fips")))]
#[cfg(feature = "eddsa")]
pub mod eddsa;

#[cfg(feature = "fips")]
Expand Down
5 changes: 1 addition & 4 deletions src/ossl/ec_montgomery.rs → src/ossl/montgomery.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,13 @@
use std::ffi::{c_char, c_int};

use crate::attribute::Attribute;
use crate::ecc_misc::*;
use crate::ec::{get_ec_point_from_obj, get_ossl_name_from_obj};
use crate::error::Result;
use crate::interface::*;
use crate::object::Object;
use crate::ossl::bindings::*;
use crate::ossl::common::*;

#[cfg(feature = "fips")]
use crate::ossl::fips::*;

pub fn ecm_object_to_params(
key: &Object,
class: CK_OBJECT_CLASS,
Expand Down
10 changes: 4 additions & 6 deletions src/tests/ecdh_vectors.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use std::io;
use std::io::BufRead;
use std::str::from_utf8;

use crate::ecc_misc;
use crate::ec;
use crate::tests::*;

use serial_test::parallel;
Expand Down Expand Up @@ -75,9 +75,7 @@ fn parse_ecdh_vector(filename: &str) -> Vec<EcdhTestUnit> {
tag = Some(line.clone());
curve = None;
} else if line.starts_with(kw) {
curve = ecc_misc::map_curve_name(
&line[kw.len()..line.len() - 1],
);
curve = ec::map_curve_name(&line[kw.len()..line.len() - 1]);
if curve != None {
println!(
" : {} Matched",
Expand Down Expand Up @@ -118,7 +116,7 @@ fn parse_ecdh_vector(filename: &str) -> Vec<EcdhTestUnit> {
from_utf8(curve_name).unwrap()
);
let ec_params =
match ecc_misc::curve_name_to_ec_params(curve_name) {
match ec::curve_name_to_ec_params(curve_name) {
Ok(p) => p,
Err(_) => continue, /* skip unsupported */
};
Expand Down Expand Up @@ -196,7 +194,7 @@ fn test_to_ecc_point(key: &EccKey, curve_name: &'static [u8]) -> Vec<u8> {
ec_point.push(0x04);
/* The P-521 curve points are heavily zero padded so we need to make sure they are well
* formatted for OpenSSL -- to the field length boundary */
let field_len = match ecc_misc::curve_name_to_bits(curve_name) {
let field_len = match ec::curve_name_to_bits(curve_name) {
Ok(l) => l,
Err(_) => panic!("Unknown curve given"),
};
Expand Down
2 changes: 1 addition & 1 deletion src/tests/keys.rs
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ fn test_rsa_key() {
testtokn.finalize();
}

#[cfg(feature = "ecc")]
#[cfg(feature = "ecdsa")]
#[test]
#[parallel]
fn test_ecc_key() {
Expand Down
Loading

0 comments on commit 45dcf69

Please sign in to comment.