Skip to content

Commit

Permalink
Add Sec1 EC key support
Browse files Browse the repository at this point in the history
Signed-off-by: Vladimir Pouzanov <[email protected]>
  • Loading branch information
farcaller committed Feb 4, 2022
1 parent 9cc0d45 commit ec49534
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/ec/suite_b.rs
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,17 @@ pub(crate) fn key_pair_from_pkcs8(
cpu_features: cpu::Features,
) -> Result<ec::KeyPair, error::KeyRejected> {
let (ec_private_key, _) = pkcs8::unwrap_key(template, pkcs8::Version::V1Only, input)?;
key_pair_from_der(curve, template, ec_private_key, cpu_features)
}

pub(crate) fn key_pair_from_der(
curve: &'static ec::Curve,
template: &pkcs8::Template,
input: untrusted::Input,
cpu_features: cpu::Features,
) -> Result<ec::KeyPair, error::KeyRejected> {
let (private_key, public_key) =
ec_private_key.read_all(error::KeyRejected::invalid_encoding(), |input| {
input.read_all(error::KeyRejected::invalid_encoding(), |input| {
// https://tools.ietf.org/html/rfc5915#section-3
der::nested(
input,
Expand Down
24 changes: 24 additions & 0 deletions src/ec/suite_b/ecdsa/signing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,30 @@ impl EcdsaKeyPair {
Self::new(alg, key_pair, &rng)
}

/// Constructs an ECDSA key pair by parsing an unencrypted Sec1 v1
/// id-ecPublicKey `ECPrivateKey` key.
///
/// The input must be in Sec1 v1 format. It must contain the public key in
/// the `ECPrivateKey` structure; `from_der()` will verify that the public
/// key and the private key are consistent with each other. The algorithm
/// identifier must identify the curve by name; it must not use an
/// "explicit" encoding of the curve. The `parameters` field of the
/// `ECPrivateKey`, if present, must be the same named curve that is in the
/// algorithm identifier in the PKCS#8 header.
pub fn from_der(
alg: &'static EcdsaSigningAlgorithm,
der: &[u8],
) -> Result<Self, error::KeyRejected> {
let key_pair = ec::suite_b::key_pair_from_der(
alg.curve,
alg.pkcs8_template,
untrusted::Input::from(der),
cpu::features(),
)?;
let rng = rand::SystemRandom::new(); // TODO: make this a parameter.
Self::new(alg, key_pair, &rng)
}

/// Constructs an ECDSA key pair from the private key and public key bytes
///
/// The private key must encoded as a big-endian fixed-length integer. For
Expand Down

0 comments on commit ec49534

Please sign in to comment.