Skip to content

Commit 66f1e5a

Browse files
baloobaloo
committed
x509-cert: wire ecdsa signatures
1 parent 29d1bbb commit 66f1e5a

File tree

4 files changed

+142
-11
lines changed

4 files changed

+142
-11
lines changed

Cargo.lock

Lines changed: 127 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

x509-cert/Cargo.toml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@ signature = { version = "2.1.0", features = ["digest"], optional = true }
2828
hex-literal = "0.3"
2929
rand = "0.8.5"
3030
rsa = { version = "0.9.0-pre.1", features = ["sha2"] }
31+
ecdsa = { version = "0.16.4", features = ["digest", "pem"] }
32+
p256 = "0.13.0"
3133
rstest = "0.17"
3234
sha2 = { version = "0.10", features = ["oid"] }
3335
tempfile = "3.5.0"

x509-cert/tests/builder.rs

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
#![cfg(all(feature = "builder", feature = "pem"))]
22

33
use der::{pem::LineEnding, Decode, Encode, EncodePem};
4+
use p256::{pkcs8::DecodePrivateKey, NistP256};
45
use rsa::pkcs1::DecodeRsaPrivateKey;
56
use rsa::pkcs1v15::SigningKey;
67
use sha2::Sha256;
@@ -15,7 +16,6 @@ use x509_cert::{
1516
use x509_cert_test_support::{openssl, zlint};
1617

1718
const RSA_2048_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-pub.der");
18-
const RSA_2048_PRIV_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-priv.der");
1919

2020
#[test]
2121
fn root_ca_certificate() {
@@ -84,8 +84,8 @@ fn sub_ca_certificate() {
8484
let pub_key =
8585
SubjectPublicKeyInfoOwned::try_from(RSA_2048_DER_EXAMPLE).expect("get rsa pub key");
8686

87-
let mut signer = rsa_signer();
88-
let mut builder = CertificateBuilder::new(
87+
let mut signer = ecdsa_signer();
88+
let mut builder = CertificateBuilder::new::<ecdsa::Signature<NistP256>>(
8989
profile,
9090
CertificateVersion::V3(uids),
9191
serial_number,
@@ -96,7 +96,7 @@ fn sub_ca_certificate() {
9696
)
9797
.expect("Create certificate");
9898

99-
let certificate = builder.build().unwrap();
99+
let certificate = builder.build::<ecdsa::Signature<NistP256>>().unwrap();
100100

101101
let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
102102
println!("{}", openssl::check_certificate(pem.as_bytes()));
@@ -112,8 +112,17 @@ fn sub_ca_certificate() {
112112
zlint::check_certificate(pem.as_bytes(), ignored);
113113
}
114114

115+
const RSA_2048_PRIV_DER_EXAMPLE: &[u8] = include_bytes!("examples/rsa2048-priv.der");
116+
115117
fn rsa_signer() -> SigningKey<Sha256> {
116118
let private_key = rsa::RsaPrivateKey::from_pkcs1_der(RSA_2048_PRIV_DER_EXAMPLE).unwrap();
117119
let signing_key = SigningKey::<Sha256>::new_with_prefix(private_key);
118120
signing_key
119121
}
122+
123+
const PKCS8_PRIVATE_KEY_DER: &[u8] = include_bytes!("examples/p256-priv.der");
124+
125+
fn ecdsa_signer() -> ecdsa::SigningKey<NistP256> {
126+
let secret_key = p256::SecretKey::from_pkcs8_der(PKCS8_PRIVATE_KEY_DER).unwrap();
127+
ecdsa::SigningKey::from(secret_key)
128+
}

x509-cert/tests/examples/p256-priv.der

138 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)