Skip to content

Commit

Permalink
ECDSA: Add RNG as an input parameter to EcdsaKeyPair::from_pkcs8.
Browse files Browse the repository at this point in the history 
Resolve an old TODO now that we can make breaking API changes.
  • Loading branch information
@briansmith
briansmith committed May 4, 2021
1 parent b94d61e commit fe9e4d0
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 14 deletions.
20 changes: 13 additions & 7 deletions src/ec/suite_b/ecdsa/signing.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,15 +105,15 @@ impl EcdsaKeyPair {
pub fn from_pkcs8(
alg: &'static EcdsaSigningAlgorithm,
pkcs8: &[u8],
rng: &dyn rand::SecureRandom,
) -> Result<Self, error::KeyRejected> {
let key_pair = ec::suite_b::key_pair_from_pkcs8(
alg.curve,
alg.pkcs8_template,
untrusted::Input::from(pkcs8),
cpu::features(),
)?;
let rng = rand::SystemRandom::new(); // TODO: make this a parameter.
Self::new(alg, key_pair, &rng)
Self::new(alg, key_pair, rng)
}

/// Constructs an ECDSA key pair from the private key and public key bytes
Expand All @@ -136,15 +136,15 @@ impl EcdsaKeyPair {
alg: &'static EcdsaSigningAlgorithm,
private_key: &[u8],
public_key: &[u8],
rng: &dyn rand::SecureRandom,
) -> Result<Self, error::KeyRejected> {
let key_pair = ec::suite_b::key_pair_from_bytes(
alg.curve,
untrusted::Input::from(private_key),
untrusted::Input::from(public_key),
cpu::features(),
)?;
let rng = rand::SystemRandom::new(); // TODO: make this a parameter.
Self::new(alg, key_pair, &rng)
Self::new(alg, key_pair, rng)
}

fn new(
Expand Down Expand Up @@ -515,10 +515,12 @@ static EC_PUBLIC_KEY_P384_PKCS8_V1_TEMPLATE: pkcs8::Template = pkcs8::Template {

#[cfg(test)]
mod tests {
use crate::{signature, test};
use crate::{rand, signature, test};

#[test]
fn signature_ecdsa_sign_fixed_test() {
let rng = rand::SystemRandom::new();

test::run(
test_file!("ecdsa_sign_fixed_tests.txt"),
|section, test_case| {
Expand All @@ -542,7 +544,8 @@ mod tests {
};

let private_key =
signature::EcdsaKeyPair::from_private_key_and_public_key(alg, &d, &q).unwrap();
signature::EcdsaKeyPair::from_private_key_and_public_key(alg, &d, &q, &rng)
.unwrap();
let rng = test::rand::FixedSliceRandom { bytes: &k };

let actual_result = private_key
Expand All @@ -558,6 +561,8 @@ mod tests {

#[test]
fn signature_ecdsa_sign_asn1_test() {
let rng = rand::SystemRandom::new();

test::run(
test_file!("ecdsa_sign_asn1_tests.txt"),
|section, test_case| {
Expand All @@ -581,7 +586,8 @@ mod tests {
};

let private_key =
signature::EcdsaKeyPair::from_private_key_and_public_key(alg, &d, &q).unwrap();
signature::EcdsaKeyPair::from_private_key_and_public_key(alg, &d, &q, &rng)
.unwrap();
let rng = test::rand::FixedSliceRandom { bytes: &k };

let actual_result = private_key
Expand Down
18 changes: 11 additions & 7 deletions tests/ecdsa_tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ use ring::{

#[test]
fn ecdsa_from_pkcs8_test() {
let rng = rand::SystemRandom::new();

test::run(
test_file!("ecdsa_from_pkcs8_tests.txt"),
|section, test_case| {
Expand Down Expand Up @@ -57,7 +59,7 @@ fn ecdsa_from_pkcs8_test() {
let error = test_case.consume_optional_string("Error");

match (
signature::EcdsaKeyPair::from_pkcs8(this_fixed, &input),
signature::EcdsaKeyPair::from_pkcs8(this_fixed, &input, &rng),
error.clone(),
) {
(Ok(_), None) => (),
Expand All @@ -67,7 +69,7 @@ fn ecdsa_from_pkcs8_test() {
};

match (
signature::EcdsaKeyPair::from_pkcs8(this_asn1, &input),
signature::EcdsaKeyPair::from_pkcs8(this_asn1, &input, &rng),
error,
) {
(Ok(_), None) => (),
Expand All @@ -76,8 +78,8 @@ fn ecdsa_from_pkcs8_test() {
(Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected),
};

assert!(signature::EcdsaKeyPair::from_pkcs8(other_fixed, &input).is_err());
assert!(signature::EcdsaKeyPair::from_pkcs8(other_asn1, &input).is_err());
assert!(signature::EcdsaKeyPair::from_pkcs8(other_fixed, &input, &rng).is_err());
assert!(signature::EcdsaKeyPair::from_pkcs8(other_asn1, &input, &rng).is_err());

Ok(())
},
Expand All @@ -104,7 +106,7 @@ fn ecdsa_generate_pkcs8_test() {
println!();

#[cfg(feature = "alloc")]
let _ = signature::EcdsaKeyPair::from_pkcs8(*alg, pkcs8.as_ref()).unwrap();
let _ = signature::EcdsaKeyPair::from_pkcs8(*alg, pkcs8.as_ref(), &rng).unwrap();
}
}

Expand Down Expand Up @@ -181,9 +183,11 @@ fn ecdsa_test_public_key_coverage() {
const PUBLIC_KEY: &[u8] = include_bytes!("ecdsa_test_public_key_p256.der");
const PUBLIC_KEY_DEBUG: &str = include_str!("ecdsa_test_public_key_p256_debug.txt");

let rng = rand::SystemRandom::new();
let key_pair = signature::EcdsaKeyPair::from_pkcs8(
&signature::ECDSA_P256_SHA256_FIXED_SIGNING,
PRIVATE_KEY,
&rng,
)
.unwrap();

Expand Down Expand Up @@ -246,7 +250,7 @@ fn signature_ecdsa_sign_fixed_sign_and_verify_test() {
};

let private_key =
signature::EcdsaKeyPair::from_private_key_and_public_key(signing_alg, &d, &q)
signature::EcdsaKeyPair::from_private_key_and_public_key(signing_alg, &d, &q, &rng)
.unwrap();

let signature = private_key.sign(&rng, &msg).unwrap();
Expand Down Expand Up @@ -300,7 +304,7 @@ fn signature_ecdsa_sign_asn1_test() {
};

let private_key =
signature::EcdsaKeyPair::from_private_key_and_public_key(signing_alg, &d, &q)
signature::EcdsaKeyPair::from_private_key_and_public_key(signing_alg, &d, &q, &rng)
.unwrap();

let signature = private_key.sign(&rng, &msg).unwrap();
Expand Down

0 comments on commit fe9e4d0

Please sign in to comment.