feat: add SignatureVerificationAlgorithm

Author: Taowyoo

rustls-mbedcrypto-provider/Cargo.toml

@@ -20,6 +20,7 @@ log = { version = "0.4.4", optional = true }
 pki-types = { package = "rustls-pki-types", version = "0.2.1", features = [
     "std",
 ] }
+webpki = { package = "rustls-webpki", version = "0.102.0-alpha.6", features = ["alloc", "std"], default-features = false }
 utils = { package = "rustls-mbedtls-provider-utils", path = "../rustls-mbedtls-provider-utils", version = "0.1.0-alpha.1" }
 
 [target.'cfg(target_env = "msvc")'.dependencies]

rustls-mbedcrypto-provider/src/hash.rs

@@ -43,6 +43,15 @@ pub(crate) static MBED_SHA_384: Algorithm = Algorithm {
     output_len: 384 / 8,
 };
 
+/// SHA-512 as specified in [FIPS 180-4].
+///
+/// [FIPS 180-4]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
+pub(crate) static MBED_SHA_512: Algorithm = Algorithm {
+    hash_algorithm: HashAlgorithm::SHA512,
+    hash_type: mbedtls::hash::Type::Sha512,
+    output_len: 512 / 8,
+};
+
 impl hash::Hash for Hash {
     fn start(&self) -> Box<dyn hash::Context> {
         Box::new(HashContext(MbedHashContext::new(self.0)))

rustls-mbedcrypto-provider/src/lib.rs

@@ -81,15 +81,17 @@ pub(crate) mod hmac;
 pub(crate) mod kx;
 
 /// Message signing interfaces.
-pub mod signer;
+pub mod sign;
+/// Supported signature verify algorithms
+pub mod signature_verify_algo;
 /// TLS1.2 ciphersuites implementation.
 #[cfg(feature = "tls12")]
 pub mod tls12;
 /// TLS1.3 ciphersuites implementation.
 pub mod tls13;
 
 use mbedtls::rng::Random;
-use rustls::SupportedCipherSuite;
+use rustls::{SignatureScheme, SupportedCipherSuite, WebPkiSupportedAlgorithms};
 
 /// RNG supported by *mbedtls*
 pub mod rng {
@@ -142,13 +144,17 @@ impl rustls::crypto::CryptoProvider for Mbedtls {
 
     fn load_private_key(
         &self,
-        _key_der: pki_types::PrivateKeyDer<'static>,
+        key_der: pki_types::PrivateKeyDer<'static>,
     ) -> Result<alloc::sync::Arc<dyn rustls::sign::SigningKey>, rustls::Error> {
-        todo!()
+        let pk = mbedtls::pk::Pk::from_private_key(key_der.secret_der(), None)
+            .map_err(|err| rustls::Error::Other(rustls::OtherError(alloc::sync::Arc::new(err))))?;
+        Ok(alloc::sync::Arc::new(MbedTlsPkSigningKey(alloc::sync::Arc::new(
+            std::sync::Mutex::new(pk),
+        ))))
     }
 
-    fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms {
-        todo!()
+    fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms {
+        SUPPORTED_SIG_ALGS
     }
 }
 
@@ -179,6 +185,37 @@ pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[
     tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 ];
 
+/// A `WebPkiSupportedAlgorithms` value that reflects pki's capabilities when
+/// compiled against *mbedtls*.
+static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
+    all: &[
+        signature_verify_algo::ECDSA_P256_SHA256,
+        signature_verify_algo::ECDSA_P384_SHA384,
+        signature_verify_algo::RSA_PKCS1_SHA256,
+        signature_verify_algo::RSA_PKCS1_SHA384,
+        signature_verify_algo::RSA_PKCS1_SHA512,
+        signature_verify_algo::RSA_PSS_SHA256,
+        signature_verify_algo::RSA_PSS_SHA384,
+        signature_verify_algo::RSA_PSS_SHA512,
+    ],
+    mapping: &[
+        (
+            SignatureScheme::ECDSA_NISTP384_SHA384,
+            &[signature_verify_algo::ECDSA_P384_SHA384],
+        ),
+        (
+            SignatureScheme::ECDSA_NISTP256_SHA256,
+            &[signature_verify_algo::ECDSA_P256_SHA256],
+        ),
+        (SignatureScheme::RSA_PSS_SHA512, &[signature_verify_algo::RSA_PKCS1_SHA512]),
+        (SignatureScheme::RSA_PSS_SHA384, &[signature_verify_algo::RSA_PKCS1_SHA384]),
+        (SignatureScheme::RSA_PSS_SHA256, &[signature_verify_algo::RSA_PKCS1_SHA256]),
+        (SignatureScheme::RSA_PKCS1_SHA512, &[signature_verify_algo::RSA_PSS_SHA512]),
+        (SignatureScheme::RSA_PKCS1_SHA384, &[signature_verify_algo::RSA_PSS_SHA384]),
+        (SignatureScheme::RSA_PKCS1_SHA256, &[signature_verify_algo::RSA_PSS_SHA256]),
+    ],
+};
+
 /// All defined key exchange groups supported by *mbedtls* appear in this module.
 ///
 /// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
@@ -190,3 +227,4 @@ pub mod kx_group {
 }
 
 pub use kx::ALL_KX_GROUPS;
+use sign::MbedTlsPkSigningKey;

rustls-mbedcrypto-provider/src/signer.rs renamed to rustls-mbedcrypto-provider/src/sign.rs

@@ -7,7 +7,6 @@ use utils::error::mbedtls_err_into_rustls_err;
 use utils::hash::{buffer_for_hash_type, rustls_signature_scheme_to_mbedtls_hash_type};
 use utils::pk::{rustls_signature_scheme_to_mbedtls_pk_options, rustls_signature_scheme_to_mbedtls_pk_type};
 
-///
 struct MbedTlsSigner(Arc<Mutex<mbedtls::pk::Pk>>, rustls::SignatureScheme);
 
 impl Debug for MbedTlsSigner {

rustls-mbedcrypto-provider/src/signature_verify_algo.rs

@@ -0,0 +1,114 @@
+use super::hash::Algorithm as HashAlgorithm;
+use alloc::vec;
+use mbedtls::pk::Pk;
+use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
+use rustls::SignatureScheme;
+use webpki::alg_id;
+
+/// ECDSA signatures using the P-256 curve and SHA-256.
+pub static ECDSA_P256_SHA256: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::ECDSA_NISTP256_SHA256,
+    hash_algo: &super::hash::MBED_SHA_256,
+    public_key_alg_id: alg_id::ECDSA_P256,
+    signature_alg_id: alg_id::ECDSA_SHA256,
+};
+/// ECDSA signatures using the P-384 curve and SHA-384.
+pub static ECDSA_P384_SHA384: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::ECDSA_NISTP384_SHA384,
+    hash_algo: &super::hash::MBED_SHA_384,
+    public_key_alg_id: alg_id::ECDSA_P384,
+    signature_alg_id: alg_id::ECDSA_SHA384,
+};
+/// RSA PKCS#1 1.5 signatures using SHA-256.
+pub static RSA_PKCS1_SHA256: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::RSA_PKCS1_SHA256,
+    hash_algo: &super::hash::MBED_SHA_256,
+    public_key_alg_id: alg_id::RSA_ENCRYPTION,
+    signature_alg_id: alg_id::RSA_PKCS1_SHA256,
+};
+/// RSA PKCS#1 1.5 signatures using SHA-384.
+pub static RSA_PKCS1_SHA384: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::RSA_PKCS1_SHA384,
+    hash_algo: &super::hash::MBED_SHA_384,
+    public_key_alg_id: alg_id::RSA_ENCRYPTION,
+    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
+};
+/// RSA PKCS#1 1.5 signatures using SHA-512.
+pub static RSA_PKCS1_SHA512: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::RSA_PKCS1_SHA512,
+    hash_algo: &super::hash::MBED_SHA_512,
+    public_key_alg_id: alg_id::RSA_ENCRYPTION,
+    signature_alg_id: alg_id::RSA_PKCS1_SHA512,
+};
+/// RSA PSS signatures using SHA-256 and of
+/// type rsaEncryption; see [RFC 4055 Section 1.2].
+///
+/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
+pub static RSA_PSS_SHA256: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::RSA_PSS_SHA256,
+    hash_algo: &super::hash::MBED_SHA_256,
+    public_key_alg_id: alg_id::RSA_ENCRYPTION,
+    signature_alg_id: alg_id::RSA_PSS_SHA256,
+};
+/// RSA PSS signatures using SHA-384 and of
+/// type rsaEncryption; see [RFC 4055 Section 1.2].
+///
+/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
+pub static RSA_PSS_SHA384: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::RSA_PSS_SHA384,
+    hash_algo: &super::hash::MBED_SHA_384,
+    public_key_alg_id: alg_id::RSA_ENCRYPTION,
+    signature_alg_id: alg_id::RSA_PSS_SHA384,
+};
+/// RSA PSS signatures using SHA-512 and of
+/// type rsaEncryption; see [RFC 4055 Section 1.2].
+///
+/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
+pub static RSA_PSS_SHA512: &Algorithm = &Algorithm {
+    signature_scheme: SignatureScheme::RSA_PSS_SHA512,
+    hash_algo: &super::hash::MBED_SHA_512,
+    public_key_alg_id: alg_id::RSA_ENCRYPTION,
+    signature_alg_id: alg_id::RSA_PSS_SHA512,
+};
+
+/// A signature verify algorithm type
+#[derive(Clone, Debug, PartialEq)]
+pub struct Algorithm {
+    signature_scheme: SignatureScheme,
+    hash_algo: &'static HashAlgorithm,
+    public_key_alg_id: AlgorithmIdentifier,
+    signature_alg_id: AlgorithmIdentifier,
+}
+
+impl SignatureVerificationAlgorithm for Algorithm {
+    fn verify_signature(&self, public_key: &[u8], message: &[u8], signature: &[u8]) -> Result<(), InvalidSignature> {
+        let mut pk = Pk::from_public_key(public_key).map_err(|_| InvalidSignature)?;
+        let signature_curve = utils::pk::rustls_signature_scheme_to_mbedtls_curve_id(self.signature_scheme);
+        match signature_curve {
+            mbedtls::pk::EcGroupId::None => (),
+            _ => {
+                let curves_match = pk
+                    .curve()
+                    .is_ok_and(|pk_curve| pk_curve == signature_curve);
+                if !curves_match {
+                    return Err(InvalidSignature);
+                }
+            }
+        }
+        if let Some(opts) = utils::pk::rustls_signature_scheme_to_mbedtls_pk_options(self.signature_scheme) {
+            pk.set_options(opts);
+        }
+        let mut hash = vec![0u8; self.hash_algo.output_len];
+        mbedtls::hash::Md::hash(self.hash_algo.hash_type, message, &mut hash).map_err(|_| InvalidSignature)?;
+        pk.verify(self.hash_algo.hash_type, &hash, signature)
+            .map_err(|_| InvalidSignature)
+    }
+
+    fn public_key_alg_id(&self) -> AlgorithmIdentifier {
+        self.public_key_alg_id
+    }
+
+    fn signature_alg_id(&self) -> AlgorithmIdentifier {
+        self.signature_alg_id
+    }
+}

rustls-mbedpki-provider/src/lib.rs

@@ -137,7 +137,7 @@ fn verify_tls_signature(
     let pk = cert.public_key_mut();
     let hash_type = utils::hash::rustls_signature_scheme_to_mbedtls_hash_type(dss.scheme);
 
-    // for tls 1.3, we need to verify the advertised curve in signaure scheme matches the public key
+    // for tls 1.3, we need to verify the advertised curve in signature scheme matches the public key
     if is_tls13 {
         let signature_curve = utils::pk::rustls_signature_scheme_to_mbedtls_curve_id(dss.scheme);
         match signature_curve {