Support for sign/verify w/ digest (#826)

Author: justsmth

aws-lc-rs/src/digest.rs

@@ -218,6 +218,30 @@ pub struct Digest {
 }
 
 impl Digest {
+    /// Imports a digest value provide by an external source. This allows for the signing of
+    /// content that might not be directly accessible.
+    ///
+    /// WARNING: Ensure that the digest is provided by a trusted source.
+    /// When possible, prefer to directly compute the digest of content.
+    ///
+    /// # Errors
+    /// Returns `Unspecified` if the imported value is the wrong length for the specified algorithm.
+    pub fn import_less_safe(
+        digest: &[u8],
+        algorithm: &'static Algorithm,
+    ) -> Result<Self, Unspecified> {
+        if digest.len() != algorithm.output_len {
+            return Err(Unspecified);
+        }
+        let mut my_digest = [0u8; MAX_OUTPUT_LEN];
+        my_digest[0..digest.len()].copy_from_slice(&digest[0..digest.len()]);
+        Ok(Digest {
+            message: my_digest,
+            len: digest.len(),
+            algorithm,
+        })
+    }
+
     /// The algorithm that was used to calculate the digest value.
     #[inline]
     #[must_use]
@@ -359,6 +383,7 @@ pub(crate) fn match_digest_type(algorithm_id: &AlgorithmID) -> ConstPointer<'_,
 
 #[cfg(test)]
 mod tests {
+    use crate::digest;
     #[cfg(feature = "fips")]
     mod fips;
 
@@ -439,8 +464,6 @@ mod tests {
 
     #[test]
     fn digest_coverage() {
-        use crate::digest;
-
         for alg in [
             &digest::SHA1_FOR_LEGACY_USE_ONLY,
             &digest::SHA224,
@@ -463,4 +486,14 @@ mod tests {
             assert_eq!(orig_digest.clone().as_ref(), clone_digest.as_ref());
         }
     }
+
+    #[test]
+    fn test_import_less_safe() {
+        let digest = digest::digest(&digest::SHA256, b"hello, world");
+        let digest_copy =
+            digest::Digest::import_less_safe(digest.as_ref(), &digest::SHA256).unwrap();
+
+        assert_eq!(digest.as_ref(), digest_copy.as_ref());
+        assert_eq!(digest.algorithm, digest_copy.algorithm);
+    }
 }

aws-lc-rs/src/ec/key_pair.rs

@@ -4,15 +4,15 @@
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
 use crate::aws_lc::{EVP_PKEY, EVP_PKEY_EC};
-use core::fmt;
-use core::fmt::{Debug, Formatter};
-
+use crate::digest::Digest;
 use crate::ec::evp_key_generate;
 use crate::ec::signature::{EcdsaSignatureFormat, EcdsaSigningAlgorithm, PublicKey};
 #[cfg(feature = "fips")]
 use crate::ec::validate_ec_evp_key;
 #[cfg(not(feature = "fips"))]
 use crate::ec::verify_evp_key_nid;
+use core::fmt;
+use core::fmt::{Debug, Formatter};
 
 use crate::ec;
 use crate::ec::encoding::rfc5915::{marshal_rfc5915_private_key, parse_rfc5915_private_key};
@@ -207,7 +207,7 @@ impl EcdsaKeyPair {
         self.algorithm
     }
 
-    /// Returns the signature of the message using a random nonce.
+    /// Returns a signature for the message.
     ///
     /// # *ring* Compatibility
     /// Our implementation ignores the `SecureRandom` parameter.
@@ -235,6 +235,31 @@ impl EcdsaKeyPair {
             EcdsaSignatureFormat::Fixed => ec::ecdsa_asn1_to_fixed(self.algorithm.id, &out_sig)?,
         })
     }
+
+    /// Returns a signature for the message corresponding to the provided digest.
+    ///
+    /// # Errors
+    /// `error::Unspecified` on internal error.
+    //
+    // # FIPS
+    // Not allowed.
+    #[inline]
+    pub fn sign_digest(&self, digest: &Digest) -> Result<Signature, Unspecified> {
+        let out_sig = self
+            .evp_pkey
+            .sign_digest(digest, No_EVP_PKEY_CTX_consumer)?;
+        if self.algorithm.digest != digest.algorithm() {
+            return Err(Unspecified);
+        }
+
+        Ok(match self.algorithm.sig_format {
+            EcdsaSignatureFormat::ASN1 => Signature::new(|slice| {
+                slice[..out_sig.len()].copy_from_slice(&out_sig);
+                out_sig.len()
+            }),
+            EcdsaSignatureFormat::Fixed => ec::ecdsa_asn1_to_fixed(self.algorithm.id, &out_sig)?,
+        })
+    }
 }
 
 /// Elliptic curve private key.

aws-lc-rs/src/ec/signature.rs

@@ -198,19 +198,41 @@ impl VerificationAlgorithm for EcdsaVerificationAlgorithm {
                 verify_asn1_signature(self.id, self.digest, public_key, msg, signature)
             }
             EcdsaSignatureFormat::Fixed => {
-                verify_fixed_signature(self.id, self.digest, public_key, msg, signature)
+                let (out_bytes, out_bytes_len) = convert_fixed_signature(self.id, signature)?;
+                verify_asn1_signature(self.id, self.digest, public_key, msg, unsafe {
+                    out_bytes.as_slice(out_bytes_len)
+                })
+            }
+        }
+    }
+
+    fn verify_digest_sig(
+        &self,
+        public_key: &[u8],
+        digest: &digest::Digest,
+        signature: &[u8],
+    ) -> Result<(), Unspecified> {
+        if self.digest != digest.algorithm() {
+            return Err(Unspecified);
+        }
+        match self.sig_format {
+            EcdsaSignatureFormat::ASN1 => {
+                verify_asn1_digest_signature(self.id, digest, public_key, signature)
+            }
+            EcdsaSignatureFormat::Fixed => {
+                let (out_bytes, out_bytes_len) = convert_fixed_signature(self.id, signature)?;
+                verify_asn1_digest_signature(self.id, digest, public_key, unsafe {
+                    out_bytes.as_slice(out_bytes_len)
+                })
             }
         }
     }
 }
 
-fn verify_fixed_signature(
+fn convert_fixed_signature(
     alg: &'static AlgorithmID,
-    digest: &'static digest::Algorithm,
-    public_key: &[u8],
-    msg: &[u8],
     signature: &[u8],
-) -> Result<(), Unspecified> {
+) -> Result<(LcPtr<u8>, usize), Unspecified> {
     let mut out_bytes = null_mut::<u8>();
     let mut out_bytes_len = MaybeUninit::<usize>::uninit();
     let sig = unsafe { ecdsa_sig_from_fixed(alg, signature)? };
@@ -219,20 +241,30 @@ fn verify_fixed_signature(
     } {
         return Err(Unspecified);
     }
-    let out_bytes = LcPtr::new(out_bytes)?;
-    let signature = unsafe { out_bytes.as_slice(out_bytes_len.assume_init()) };
-    verify_asn1_signature(alg, digest, public_key, msg, signature)
+    Ok((LcPtr::new(out_bytes)?, unsafe {
+        out_bytes_len.assume_init()
+    }))
 }
 
 fn verify_asn1_signature(
     alg: &'static AlgorithmID,
-    digest: &'static digest::Algorithm,
+    digest_alg: &'static digest::Algorithm,
     public_key: &[u8],
     msg: &[u8],
     signature: &[u8],
 ) -> Result<(), Unspecified> {
     let evp_pkey = parse_ec_public_key(public_key, alg.nid())?;
-    evp_pkey.verify(msg, Some(digest), No_EVP_PKEY_CTX_consumer, signature)
+    evp_pkey.verify(msg, Some(digest_alg), No_EVP_PKEY_CTX_consumer, signature)
+}
+
+fn verify_asn1_digest_signature(
+    alg: &'static AlgorithmID,
+    digest: &digest::Digest,
+    public_key: &[u8],
+    signature: &[u8],
+) -> Result<(), Unspecified> {
+    let evp_pkey = parse_ec_public_key(public_key, alg.nid())?;
+    evp_pkey.verify_digest_sig(digest, No_EVP_PKEY_CTX_consumer, signature)
 }
 
 #[inline]

aws-lc-rs/src/ed25519.rs

@@ -22,7 +22,7 @@ use crate::pkcs8::{Document, Version};
 use crate::ptr::LcPtr;
 use crate::rand::SecureRandom;
 use crate::signature::{KeyPair, Signature, VerificationAlgorithm};
-use crate::{constant_time, hex, sealed};
+use crate::{constant_time, digest, hex, sealed};
 
 /// The length of an Ed25519 public key.
 pub const ED25519_PUBLIC_KEY_LEN: usize = crate::aws_lc::ED25519_PUBLIC_KEY_LEN as usize;
@@ -53,6 +53,10 @@ impl VerificationAlgorithm for EdDSAParameters {
         )
     }
 
+    /// Verify `signature` for `msg` using `public_key`.
+    ///
+    /// # Errors
+    ///  Returns `Unspecified` if the `msg` cannot be verified using `public_key`.
     fn verify_sig(
         &self,
         public_key: &[u8],
@@ -62,6 +66,19 @@ impl VerificationAlgorithm for EdDSAParameters {
         let evp_pkey = try_ed25519_public_key_from_bytes(public_key)?;
         evp_pkey.verify(msg, None, No_EVP_PKEY_CTX_consumer, signature)
     }
+
+    /// DO NOT USE. This function is required by `VerificationAlgorithm` but cannot be used w/ Ed25519.
+    ///
+    /// # Errors
+    /// Always returns `Unspecified`.
+    fn verify_digest_sig(
+        &self,
+        _public_key: &[u8],
+        _digest: &digest::Digest,
+        _signature: &[u8],
+    ) -> Result<(), Unspecified> {
+        Err(Unspecified)
+    }
 }
 
 fn try_ed25519_public_key_from_bytes(key_bytes: &[u8]) -> Result<LcPtr<EVP_PKEY>, KeyRejected> {

aws-lc-rs/src/evp_pkey.rs

@@ -5,8 +5,9 @@ use crate::aws_lc::{
     EVP_DigestSign, EVP_DigestSignInit, EVP_DigestVerify, EVP_DigestVerifyInit, EVP_PKEY_CTX_new,
     EVP_PKEY_CTX_new_id, EVP_PKEY_bits, EVP_PKEY_cmp, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get0_RSA,
     EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, EVP_PKEY_id, EVP_PKEY_keygen,
-    EVP_PKEY_keygen_init, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_size,
-    EVP_PKEY_up_ref, EVP_marshal_private_key, EVP_marshal_private_key_v2, EVP_marshal_public_key,
+    EVP_PKEY_keygen_init, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_sign,
+    EVP_PKEY_sign_init, EVP_PKEY_size, EVP_PKEY_up_ref, EVP_PKEY_verify, EVP_PKEY_verify_init,
+    EVP_marshal_private_key, EVP_marshal_private_key_v2, EVP_marshal_public_key,
     EVP_parse_private_key, EVP_parse_public_key, EC_KEY, EVP_PKEY, EVP_PKEY_CTX, EVP_PKEY_ED25519,
     RSA,
 };
@@ -23,6 +24,7 @@ use crate::{cbs, digest};
 // TODO: Uncomment when MSRV >= 1.64
 // use core::ffi::c_int;
 use crate::digest::digest_ctx::DigestContext;
+use crate::digest::Digest;
 use crate::fips::indicator_check;
 use std::os::raw::c_int;
 use std::ptr::{null, null_mut};
@@ -354,6 +356,55 @@ impl LcPtr<EVP_PKEY> {
         Ok(signature.into_boxed_slice())
     }
 
+    pub(crate) fn sign_digest<F>(
+        &self,
+        digest: &Digest,
+        padding_fn: Option<F>,
+    ) -> Result<Box<[u8]>, Unspecified>
+    where
+        F: EVP_PKEY_CTX_consumer,
+    {
+        let mut pctx = LcPtr::new(unsafe { EVP_PKEY_CTX_new(*self.as_mut_unsafe(), null_mut()) })?;
+
+        if 1 != unsafe { EVP_PKEY_sign_init(*pctx.as_mut()) } {
+            return Err(Unspecified);
+        }
+
+        if let Some(pad_fn) = padding_fn {
+            pad_fn(*pctx.as_mut())?;
+        }
+
+        let msg_digest = digest.as_ref();
+        let mut sig_len = 0;
+        if 1 != unsafe {
+            EVP_PKEY_sign(
+                *pctx.as_mut(),
+                null_mut(),
+                &mut sig_len,
+                msg_digest.as_ptr(),
+                msg_digest.len(),
+            )
+        } {
+            return Err(Unspecified);
+        }
+
+        let mut signature = vec![0u8; sig_len];
+        if 1 != indicator_check!(unsafe {
+            EVP_PKEY_sign(
+                *pctx.as_mut(),
+                signature.as_mut_ptr(),
+                &mut sig_len,
+                msg_digest.as_ptr(),
+                msg_digest.len(),
+            )
+        }) {
+            return Err(Unspecified);
+        }
+        signature.truncate(sig_len);
+
+        Ok(signature.into_boxed_slice())
+    }
+
     pub(crate) fn verify<F>(
         &self,
         msg: &[u8],
@@ -404,6 +455,42 @@ impl LcPtr<EVP_PKEY> {
         Ok(())
     }
 
+    pub(crate) fn verify_digest_sig<F>(
+        &self,
+        digest: &Digest,
+        padding_fn: Option<F>,
+        signature: &[u8],
+    ) -> Result<(), Unspecified>
+    where
+        F: EVP_PKEY_CTX_consumer,
+    {
+        let mut pctx = LcPtr::new(unsafe { EVP_PKEY_CTX_new(*self.as_mut_unsafe(), null_mut()) })?;
+
+        if 1 != unsafe { EVP_PKEY_verify_init(*pctx.as_mut()) } {
+            return Err(Unspecified);
+        }
+
+        if let Some(pad_fn) = padding_fn {
+            pad_fn(*pctx.as_mut())?;
+        }
+
+        let msg_digest = digest.as_ref();
+
+        if 1 == unsafe {
+            indicator_check!(EVP_PKEY_verify(
+                *pctx.as_mut(),
+                signature.as_ptr(),
+                signature.len(),
+                msg_digest.as_ptr(),
+                msg_digest.len(),
+            ))
+        } {
+            Ok(())
+        } else {
+            Err(Unspecified)
+        }
+    }
+
     pub(crate) fn generate<F>(pkey_type: c_int, params_fn: Option<F>) -> Result<Self, Unspecified>
     where
         F: EVP_PKEY_CTX_consumer,

aws-lc-rs/src/pqdsa/key_pair.rs

@@ -175,14 +175,16 @@ pub(crate) fn evp_key_pqdsa_generate(nid: c_int) -> Result<LcPtr<EVP_PKEY>, Unsp
 mod tests {
     use super::*;
 
-    use crate::signature::{UnparsedPublicKey, VerificationAlgorithm};
+    use crate::signature::UnparsedPublicKey;
     use crate::unstable::signature::{ML_DSA_44_SIGNING, ML_DSA_65_SIGNING, ML_DSA_87_SIGNING};
 
     const TEST_ALGORITHMS: &[&PqdsaSigningAlgorithm] =
         &[&ML_DSA_44_SIGNING, &ML_DSA_65_SIGNING, &ML_DSA_87_SIGNING];
 
     #[test]
     fn test_public_key_serialization() {
+        #[cfg(feature = "ring-sig-verify")]
+        use crate::signature::VerificationAlgorithm;
         for &alg in TEST_ALGORITHMS {
             // Generate a new key pair
             let keypair = PqdsaKeyPair::generate(alg).unwrap();