RustCrypto implementation of DPE crypto.

ci.sh

@@ -10,19 +10,19 @@ function build_rust_targets() {
   cargo build --release --manifest-path crypto/Cargo.toml --no-default-features
   cargo build --release --manifest-path platform/Cargo.toml --features=$profile --no-default-features
   cargo build --release --manifest-path dpe/Cargo.toml --features=$profile --no-default-features
-  cargo build --release --manifest-path simulator/Cargo.toml --features=$profile --no-default-features
+  cargo build --release --manifest-path simulator/Cargo.toml --features=$profile,openssl --no-default-features
   cargo build --release --manifest-path tools/Cargo.toml --features=$profile --no-default-features
 
   cargo build --manifest-path crypto/Cargo.toml --no-default-features
   cargo build --manifest-path platform/Cargo.toml --features=$profile --no-default-features
   cargo build --manifest-path dpe/Cargo.toml --features=$profile --no-default-features
-  cargo build --manifest-path simulator/Cargo.toml --features=$profile --no-default-features
+  cargo build --manifest-path simulator/Cargo.toml --features=$profile,openssl --no-default-features
   cargo build --manifest-path tools/Cargo.toml --features=$profile --no-default-features
 
   cargo clippy --manifest-path crypto/Cargo.toml --no-default-features -- --deny=warnings
   cargo clippy --manifest-path platform/Cargo.toml --features=$profile --no-default-features -- --deny=warnings
   cargo clippy --manifest-path dpe/Cargo.toml --features=$profile --no-default-features -- --deny=warnings
-  cargo clippy --manifest-path simulator/Cargo.toml --features=$profile --no-default-features -- --deny=warnings
+  cargo clippy --manifest-path simulator/Cargo.toml --features=$profile,openssl --no-default-features -- --deny=warnings
   cargo clippy --manifest-path tools/Cargo.toml --features=$profile --no-default-features -- --deny=warnings
 }
 
@@ -47,14 +47,15 @@ function test_rust_targets() {
   cargo test --manifest-path platform/Cargo.toml --features=$profile --no-default-features
   cargo test --manifest-path crypto/Cargo.toml --no-default-features
   cargo test --manifest-path dpe/Cargo.toml --features=$profile --no-default-features
-  cargo test --manifest-path simulator/Cargo.toml --features=$profile --no-default-features
+  cargo test --manifest-path simulator/Cargo.toml --features=$profile,openssl --no-default-features
 }
 
 # TODO: Support building the simulator for different profiles
 function run_verification_tests() {
   profile=$1
+  crypto=$2
 
-  cargo build --manifest-path simulator/Cargo.toml --features=$profile --no-default-features
+  cargo build --manifest-path simulator/Cargo.toml --features=$profile,$crypto --no-default-features
 
   ( cd verification
     go test -v
@@ -67,12 +68,14 @@ format_go_targets
 # Run tests for P256 profile
 build_rust_targets dpe_profile_p256_sha256
 test_rust_targets dpe_profile_p256_sha256
-run_verification_tests dpe_profile_p256_sha256
+run_verification_tests dpe_profile_p256_sha256 openssl
+run_verification_tests dpe_profile_p256_sha256 rustcrypto
 
 # Run tests for P384 profile
 build_rust_targets dpe_profile_p384_sha384
 test_rust_targets dpe_profile_p384_sha384
-run_verification_tests dpe_profile_p384_sha384
+run_verification_tests dpe_profile_p384_sha384 openssl
+run_verification_tests dpe_profile_p384_sha384 rustcrypto
 
 # Build fuzz target
 ( cd dpe/fuzz

crypto/Cargo.toml

@@ -7,14 +7,20 @@ edition = "2021"
 
 [features]
 openssl = ["dep:openssl", "dep:hkdf", "dep:sha2"]
+rustcrypto = ["dep:hkdf", "dep:hmac", "dep:p256", "dep:p384", "dep:rand", "dep:sha2", "dep:base64ct", "dep:ecdsa", "dep:sec1"]
 deterministic_rand = ["dep:rand"]
 
 [dependencies]
 arrayvec = { version = "0.7.4", default-features = false, features = ["zeroize"] }
-hkdf = {version = "0.12.3", optional = true}
+ecdsa = { version = "0.16.9", optional = true, features = ["pem"]}
+hkdf = { version = "0.12.3", optional = true }
+hmac = {version="0.12.1", optional = true}
 openssl = {version = "0.10.57", optional = true}
-rand = {version = "0.8.5", optional = true}
-sha2 = {version = "0.10.6", optional = true}
+p256 = {version= "0.13.2", optional = true}
+p384 = {version= "0.13.0", optional = true}
+rand = { version = "0.8.5", optional = true }
+sec1 = {version="0.7.3", optional = true}
+sha2 = { version = "0.10.6", optional = true }
 zeroize = { version = "1.6.0", default-features = false, features = ["zeroize_derive"] }
 
 [dev-dependencies]
@@ -23,4 +29,9 @@ strum_macros = "0.24"
 
 [build-dependencies]
 openssl = {version = "0.10.57", optional = true}
-rand = {version = "0.8.5", optional = true}
+rand = {version = "0.8.5", optional = true}
+p256 = {version= "0.13.2", optional = true}
+p384 = {version= "0.13.0", optional = true}
+ecdsa = { version = "0.16.9", optional = true, features = ["pem"]}
+base64ct = {version= "1.6.0", optional= true}
+sec1 = {version="0.7.3", optional = true}

crypto/build.rs

@@ -1,5 +1,8 @@
 // Licensed under the Apache-2.0 license
 
+#[cfg(feature = "rustcrypto")]
+use std::ops::Deref;
+
 fn main() {
     #[cfg(feature = "openssl")]
     {
@@ -57,4 +60,61 @@ fn main() {
         let mut sample_alias_key_file_384 = File::create(path_384).unwrap();
         sample_alias_key_file_384.write_all(&pem_384).unwrap();
     }
+    #[cfg(feature = "rustcrypto")]
+    {
+        use {
+            base64ct::LineEnding,
+            ecdsa::SigningKey,
+            fs::File,
+            p256::NistP256,
+            p384::NistP384,
+            rand::{rngs::StdRng, SeedableRng},
+            sec1::{DecodeEcPrivateKey, EncodeEcPrivateKey},
+            std::env,
+            std::fs,
+            std::io::Write,
+            std::path::Path,
+            std::str,
+        };
+
+        const ALIAS_PRIV_256: &str = "../platform/src/test_data/key_256.pem";
+        const ALIAS_PRIV_384: &str = "../platform/src/test_data/key_384.pem";
+
+        println!("cargo:rerun-if-changed={ALIAS_PRIV_256}");
+        println!("cargo:rerun-if-changed={ALIAS_PRIV_384}");
+
+        let out_dir = env::var_os("OUT_DIR").unwrap();
+
+        // generate 256 bit private key in PEM format
+        let pem_256 = if Path::new(ALIAS_PRIV_256).exists() {
+            let ec_secret = SigningKey::<NistP256>::read_sec1_pem_file(ALIAS_PRIV_256).unwrap();
+            ec_secret.to_sec1_pem(LineEnding::default()).unwrap()
+        } else {
+            let ec_secret = SigningKey::<NistP256>::random(&mut StdRng::from_entropy());
+            ec_secret.to_sec1_pem(LineEnding::default()).unwrap()
+        };
+
+        // generate 384 bit private key in PEM format
+        let pem_384 = if Path::new(ALIAS_PRIV_384).exists() {
+            let ec_secret = SigningKey::<NistP384>::read_sec1_pem_file(ALIAS_PRIV_384).unwrap();
+            ec_secret.to_sec1_pem(LineEnding::default()).unwrap()
+        } else {
+            let ec_secret = SigningKey::<NistP384>::random(&mut StdRng::from_entropy());
+            ec_secret.to_sec1_pem(LineEnding::default()).unwrap()
+        };
+
+        // write 256 bit private key to file
+        let path_256 = Path::new(&out_dir).join("alias_priv_256.pem");
+        let mut sample_alias_key_file_256 = File::create(path_256).unwrap();
+        sample_alias_key_file_256
+            .write_all(pem_256.deref().as_bytes())
+            .unwrap();
+
+        // write 384 bit private key to file
+        let path_384 = Path::new(&out_dir).join("alias_priv_384.pem");
+        let mut sample_alias_key_file_384 = File::create(path_384).unwrap();
+        sample_alias_key_file_384
+            .write_all(pem_384.deref().as_bytes())
+            .unwrap();
+    }
 }

crypto/src/hkdf.rs

@@ -0,0 +1,58 @@
+// Licensed under the Apache-2.0 license
+
+use crate::{AlgLen, CryptoBuf, CryptoError, Digest};
+use hkdf::Hkdf;
+use sha2::{Sha256, Sha384};
+
+impl From<hkdf::InvalidLength> for CryptoError {
+    fn from(_: hkdf::InvalidLength) -> Self {
+        CryptoError::HashError(0)
+    }
+}
+
+pub fn hkdf_derive_cdi(
+    algs: AlgLen,
+    measurement: &Digest,
+    info: &[u8],
+) -> Result<Vec<u8>, CryptoError> {
+    match algs {
+        AlgLen::Bit256 => {
+            let hk = Hkdf::<Sha256>::new(Some(info), measurement.bytes());
+            let mut cdi = [0u8; AlgLen::Bit256.size()];
+            hk.expand(measurement.bytes(), &mut cdi)?;
+
+            Ok(cdi.to_vec())
+        }
+        AlgLen::Bit384 => {
+            let hk = Hkdf::<Sha384>::new(Some(info), measurement.bytes());
+            let mut cdi = [0u8; AlgLen::Bit384.size()];
+            hk.expand(measurement.bytes(), &mut cdi)?;
+
+            Ok(cdi.to_vec())
+        }
+    }
+}
+
+pub fn hkdf_get_priv_key(
+    algs: AlgLen,
+    cdi: &[u8],
+    label: &[u8],
+    info: &[u8],
+) -> Result<CryptoBuf, CryptoError> {
+    match algs {
+        AlgLen::Bit256 => {
+            let hk = Hkdf::<Sha256>::new(Some(info), cdi);
+            let mut priv_key = [0u8; AlgLen::Bit256.size()];
+            hk.expand(label, &mut priv_key)?;
+
+            Ok(CryptoBuf::new(&priv_key).unwrap())
+        }
+        AlgLen::Bit384 => {
+            let hk = Hkdf::<Sha384>::new(Some(info), cdi);
+            let mut priv_key = [0u8; AlgLen::Bit384.size()];
+            hk.expand(label, &mut priv_key)?;
+
+            Ok(CryptoBuf::new(&priv_key).unwrap())
+        }
+    }
+}

crypto/src/lib.rs

@@ -3,18 +3,27 @@ Licensed under the Apache-2.0 license.
 Abstract:
     Generic trait definition of Cryptographic functions.
 --*/
-#![cfg_attr(not(any(feature = "openssl", test)), no_std)]
+#![cfg_attr(not(any(feature = "openssl", feature = "rustcrypto", test)), no_std)]
 
 #[cfg(feature = "openssl")]
 pub use crate::openssl::*;
 pub use signer::*;
 
+#[cfg(feature = "rustcrypto")]
+pub use crate::rustcrypto::*;
+pub use signer::*;
+
 #[cfg(feature = "openssl")]
 pub mod openssl;
 
+#[cfg(feature = "rustcrypto")]
+pub mod rustcrypto;
+
 #[cfg(feature = "deterministic_rand")]
 pub use rand::*;
 
+#[cfg(any(feature = "openssl", feature = "rustcrypto"))]
+mod hkdf;
 mod signer;
 
 #[derive(Debug, Clone, Copy)]

crypto/src/openssl.rs

@@ -1,7 +1,6 @@
 // Licensed under the Apache-2.0 license
 
-use crate::{AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, Hasher, HmacSig};
-use hkdf::Hkdf;
+use crate::{hkdf::*, AlgLen, Crypto, CryptoBuf, CryptoError, Digest, EcdsaPub, Hasher, HmacSig};
 use openssl::{
     bn::{BigNum, BigNumContext},
     ec::{EcGroup, EcKey, EcPoint},
@@ -14,7 +13,6 @@ use openssl::{
 };
 #[cfg(feature = "deterministic_rand")]
 use rand::{rngs::StdRng, RngCore, SeedableRng};
-use sha2::{Sha256, Sha384};
 
 impl From<ErrorStack> for CryptoError {
     fn from(e: ErrorStack) -> Self {
@@ -30,12 +28,6 @@ impl From<ErrorStack> for CryptoError {
     }
 }
 
-impl From<hkdf::InvalidLength> for CryptoError {
-    fn from(_: hkdf::InvalidLength) -> Self {
-        CryptoError::HashError(0)
-    }
-}
-
 pub struct OpensslHasher(openssl::hash::Hasher);
 
 impl Hasher for OpensslHasher {
@@ -136,22 +128,7 @@ impl Crypto for OpensslCrypto {
         measurement: &Digest,
         info: &[u8],
     ) -> Result<Self::Cdi, CryptoError> {
-        match algs {
-            AlgLen::Bit256 => {
-                let hk = Hkdf::<Sha256>::new(Some(info), measurement.bytes());
-                let mut cdi = [0u8; AlgLen::Bit256.size()];
-                hk.expand(measurement.bytes(), &mut cdi)?;
-
-                Ok(cdi.to_vec())
-            }
-            AlgLen::Bit384 => {
-                let hk = Hkdf::<Sha384>::new(Some(info), measurement.bytes());
-                let mut cdi = [0u8; AlgLen::Bit384.size()];
-                hk.expand(measurement.bytes(), &mut cdi)?;
-
-                Ok(cdi.to_vec())
-            }
-        }
+        hkdf_derive_cdi(algs, measurement, info)
     }
 
     fn derive_key_pair(
@@ -161,22 +138,7 @@ impl Crypto for OpensslCrypto {
         label: &[u8],
         info: &[u8],
     ) -> Result<(Self::PrivKey, EcdsaPub), CryptoError> {
-        let priv_key = match algs {
-            AlgLen::Bit256 => {
-                let hk = Hkdf::<Sha256>::new(Some(info), cdi);
-                let mut priv_key = [0u8; AlgLen::Bit256.size()];
-                hk.expand(label, &mut priv_key)?;
-
-                CryptoBuf::new(&priv_key).unwrap()
-            }
-            AlgLen::Bit384 => {
-                let hk = Hkdf::<Sha384>::new(Some(info), cdi);
-                let mut priv_key = [0u8; AlgLen::Bit384.size()];
-                hk.expand(label, &mut priv_key)?;
-
-                CryptoBuf::new(&priv_key).unwrap()
-            }
-        };
+        let priv_key = hkdf_get_priv_key(algs, cdi, label, info)?;
 
         let ec_priv_key = OpensslCrypto::ec_key_from_priv_key(algs, &priv_key)?;
         let nid = OpensslCrypto::get_curve(algs);