WIP: ecdsa support

Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

Cargo.lock

@@ -8,10 +8,13 @@ readme = "README.md"
 keywords = ["pkcs11", "cryptoki", "hsm"]
 categories = ["cryptography", "hardware-support"]
 license = "Apache-2.0"
+repository = "https://github.com/parallaxsecond/rust-cryptoki"
 
 [dependencies]
 cryptoki = { path = "../cryptoki", version = "0.6.1" }
 der = "0.7.8"
+ecdsa = "0.16.9"
+p256 = { version = "0.13.2", features = ["pkcs8"] }
 rsa = "0.9"
 signature = { version = "2.2.0", features = ["digest"] }
 sha1 = { version = "0.10", features = ["oid"] }

cryptoki-rustcrypto/Cargo.toml

@@ -0,0 +1,174 @@
+use cryptoki::{
+    mechanism::Mechanism,
+    object::{Attribute, AttributeType, KeyType, ObjectClass, ObjectHandle},
+    session::Session,
+};
+use der::{asn1::ObjectIdentifier, oid::AssociatedOid, AnyRef, Encode};
+use ecdsa::{
+    elliptic_curve::{
+        generic_array::ArrayLength,
+        sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint},
+        AffinePoint, CurveArithmetic, FieldBytesSize, PublicKey,
+    },
+    hazmat::DigestPrimitive,
+    PrimeCurve, Signature, VerifyingKey,
+};
+use signature::digest::Digest;
+use spki::{
+    AlgorithmIdentifier, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier,
+    SignatureAlgorithmIdentifier,
+};
+use std::{convert::TryFrom, ops::Add};
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum Error {
+    #[error("Cryptoki error: {0}")]
+    Cryptoki(#[from] cryptoki::error::Error),
+
+    #[error("Private key missing attribute: {0}")]
+    MissingAttribute(AttributeType),
+
+    #[error("Elliptic curve error: {0}")]
+    Ecdsa(#[from] ecdsa::elliptic_curve::Error),
+}
+
+pub trait SignAlgorithm: PrimeCurve + CurveArithmetic + AssociatedOid + DigestPrimitive {
+    fn sign_mechanism() -> Mechanism<'static>;
+}
+
+impl SignAlgorithm for p256::NistP256 {
+    fn sign_mechanism() -> Mechanism<'static> {
+        Mechanism::Ecdsa
+    }
+}
+
+pub struct Signer<C: SignAlgorithm> {
+    session: Session,
+    _public_key: ObjectHandle,
+    private_key: ObjectHandle,
+    verifying_key: VerifyingKey<C>,
+}
+
+impl<C: SignAlgorithm> Signer<C>
+where
+    FieldBytesSize<C>: ModulusSize,
+    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
+{
+    pub fn new(session: Session, label: &[u8]) -> Result<Self, Error> {
+        // First we'll lookup a private key with that label.
+        let template = vec![
+            Attribute::Token(true),
+            Attribute::Private(true),
+            Attribute::Label(label.to_vec()),
+            Attribute::Class(ObjectClass::PRIVATE_KEY),
+            Attribute::KeyType(KeyType::EC),
+            Attribute::EcParams(C::OID.to_der().unwrap()),
+            Attribute::Sign(true),
+        ];
+
+        let private_key = session.find_objects(&template)?.remove(0);
+        let attribute_pk = session.get_attributes(private_key, &[AttributeType::Id])?;
+
+        // Second we'll lookup a public key with the same label/ec params/ec point
+        let mut template = vec![
+            Attribute::Private(false),
+            Attribute::Label(label.to_vec()),
+            Attribute::Class(ObjectClass::PUBLIC_KEY),
+            Attribute::KeyType(KeyType::EC),
+            Attribute::EcParams(C::OID.to_der().unwrap()),
+        ];
+        let mut id = None;
+        for attribute in attribute_pk {
+            match attribute {
+                Attribute::Id(i) if id.is_none() => {
+                    template.push(Attribute::Id(i.clone()));
+                    id = Some(i);
+                }
+                _ => {}
+            }
+        }
+
+        let public_key = session.find_objects(&template)?.remove(0);
+        let attribute_pk = session.get_attributes(public_key, &[AttributeType::EcPoint])?;
+
+        let mut ec_point = None;
+        for attribute in attribute_pk {
+            match attribute {
+                Attribute::EcPoint(p) if ec_point.is_none() => {
+                    ec_point = Some(p);
+                }
+                _ => {}
+            }
+        }
+
+        let ec_point = ec_point.ok_or(Error::MissingAttribute(AttributeType::EcPoint))?;
+
+        // TODO(baloo): figure out why this is wrapped in an octet string
+        let public = PublicKey::<C>::from_sec1_bytes(&ec_point[2..])?;
+        let verifying_key = public.into();
+
+        Ok(Self {
+            session,
+            private_key,
+            _public_key: public_key,
+            verifying_key,
+        })
+    }
+
+    pub fn into_session(self) -> Session {
+        self.session
+    }
+}
+
+impl<C: SignAlgorithm> AssociatedAlgorithmIdentifier for Signer<C>
+where
+    C: AssociatedOid,
+{
+    type Params = ObjectIdentifier;
+
+    const ALGORITHM_IDENTIFIER: AlgorithmIdentifier<ObjectIdentifier> =
+        PublicKey::<C>::ALGORITHM_IDENTIFIER;
+}
+
+impl<C: SignAlgorithm> signature::Keypair for Signer<C> {
+    type VerifyingKey = VerifyingKey<C>;
+
+    fn verifying_key(&self) -> Self::VerifyingKey {
+        self.verifying_key.clone()
+    }
+}
+
+impl<C: SignAlgorithm> signature::Signer<Signature<C>> for Signer<C>
+where
+    <<C as ecdsa::elliptic_curve::Curve>::FieldBytesSize as Add>::Output: ArrayLength<u8>,
+{
+    fn try_sign(&self, msg: &[u8]) -> Result<Signature<C>, signature::Error> {
+        println!("try sign");
+
+        let msg = C::Digest::digest(msg);
+
+        let bytes = self
+            .session
+            .sign(&C::sign_mechanism(), self.private_key, &msg)
+            .map_err(Error::Cryptoki)
+            .map_err(Box::new)
+            .map_err(signature::Error::from_source)?;
+
+        let signature = Signature::try_from(bytes.as_slice())?;
+
+        Ok(signature)
+    }
+}
+
+impl<C: SignAlgorithm> SignatureAlgorithmIdentifier for Signer<C>
+where
+    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
+    FieldBytesSize<C>: ModulusSize,
+    Signature<C>: AssociatedAlgorithmIdentifier<Params = AnyRef<'static>>,
+{
+    type Params = AnyRef<'static>;
+
+    const SIGNATURE_ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> =
+        Signature::<C>::ALGORITHM_IDENTIFIER;
+}

cryptoki-rustcrypto/src/ecdsa.rs

@@ -1 +1,2 @@
+pub mod ecdsa;
 pub mod rsa;

cryptoki-rustcrypto/src/lib.rs

@@ -0,0 +1,83 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+mod common;
+
+use crate::common::USER_PIN;
+use common::init_pins;
+use cryptoki::{
+    mechanism::Mechanism,
+    object::{Attribute, KeyType},
+    session::UserType,
+    types::AuthPin,
+};
+use cryptoki_rustcrypto::ecdsa;
+use der::Encode;
+use p256::pkcs8::AssociatedOid;
+use serial_test::serial;
+use signature::{Keypair, Signer, Verifier};
+use testresult::TestResult;
+
+#[test]
+#[serial]
+fn sign_verify() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+
+    // open a session
+    let session = pkcs11.open_rw_session(slot)?;
+
+    // log in the session
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    // get mechanism
+    let mechanism = Mechanism::EccKeyPairGen;
+
+    let secp256r1_oid: Vec<u8> = p256::NistP256::OID.to_der().unwrap();
+    println!("oid: {:x?}", secp256r1_oid);
+
+    let label = b"demo-signer";
+
+    // pub key template
+    let pub_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(false),
+        Attribute::KeyType(KeyType::EC),
+        Attribute::Verify(true),
+        Attribute::EcParams(secp256r1_oid.clone()),
+        Attribute::Label(label.to_vec()),
+    ];
+
+    // priv key template
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        //Attribute::KeyType(KeyType::EC),
+        //Attribute::EcParams(secp256r1_oid),
+        //Attribute::Sensitive(true),
+        //Attribute::Extractable(false),
+        Attribute::Sign(true),
+        Attribute::Label(label.to_vec()),
+    ];
+
+    // generate a key pair
+    let (public, private) =
+        session.generate_key_pair(&mechanism, &pub_key_template, &priv_key_template)?;
+
+    // data to sign
+    let data = [0xFF, 0x55, 0xDD];
+
+    let signer =
+        ecdsa::Signer::<p256::NistP256>::new(session, label).expect("Lookup keys from HSM");
+
+    let signature = signer.sign(&data);
+
+    let verifying_key = signer.verifying_key();
+    verifying_key.verify(&data, &signature)?;
+
+    let session = signer.into_session();
+
+    // delete keys
+    session.destroy_object(public)?;
+    session.destroy_object(private)?;
+
+    Ok(())
+}