Skip to content

Commit

Permalink
update hacl-star and fix p256
Browse files Browse the repository at this point in the history
  • Loading branch information
@franziskuskiefer
franziskuskiefer committed Oct 6, 2020
1 parent c926878 commit 39ab416
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 27 deletions.
4 changes: 2 additions & 2 deletions evercrypt-rs/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "evercrypt"
version = "0.0.1"
version = "0.0.2"
authors = ["Franziskus Kiefer <[email protected]>"]
edition = "2018"
license = "MPL-2.0"
Expand All @@ -20,7 +20,7 @@ force-rust-crypto-aes = ["rust-crypto-aes"]
random = ["rand", "rand_core"]

[dependencies]
evercrypt-sys = "0.0.1"
evercrypt-sys = { path = "../evercrypt-sys", version = "0.0.2" }
aes-gcm = { version = "0.6", optional = true }
rand = { version = "0.7", optional = true }
rand_core = { version = "0.5", optional = true }
Expand Down
54 changes: 41 additions & 13 deletions evercrypt-rs/src/p256.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,11 @@ fn validate_sk(sk: &[u8]) -> Result<Scalar, Error> {
private[31 - i] = sk[sk.len() - 1 - i];
}

// FIXME: Make sure the key is in range [1, p-1]
// Ensure that the key is in range [1, p-1]
let valid = unsafe { Hacl_P256_is_more_than_zero_less_than_order(private.as_ptr() as _) };
if !valid {
return Err(Error::InvalidScalar);
}

Ok(private)
}
Expand All @@ -57,11 +61,11 @@ pub fn dh_base(s: &[u8]) -> Result<[u8; 64], Error> {
let private = validate_sk(s)?;

let mut out = [0u8; 64];
let r = unsafe { Hacl_P256_ecp256dh_i(out.as_mut_ptr(), private.as_ptr() as _) };
if r != 0 {
Err(Error::InvalidPoint)
} else {
let success = unsafe { Hacl_P256_ecp256dh_i(out.as_mut_ptr(), private.as_ptr() as _) };
if success {
Ok(out)
} else {
Err(Error::InvalidPoint)
}
}

Expand All @@ -71,17 +75,17 @@ pub fn dh(p: &[u8], s: &[u8]) -> Result<[u8; 64], Error> {
let private = validate_sk(s)?;

let mut out = [0u8; 64];
let r = unsafe {
let success = unsafe {
Hacl_P256_ecp256dh_r(
out.as_mut_ptr(),
public.as_ptr() as _,
private.as_ptr() as _,
)
};
if r != 0 {
Err(Error::InvalidPoint)
} else {
if success {
Ok(out)
} else {
Err(Error::InvalidPoint)
}
}

Expand Down Expand Up @@ -148,7 +152,7 @@ pub fn ecdsa_sign(hash: Mode, msg: &[u8], sk: &Scalar, nonce: &Nonce) -> Result<
let private = validate_sk(sk)?;

let mut signature = [0u8; 64];
let result = match hash {
let success = match hash {
Mode::Sha256 => unsafe {
Hacl_P256_ecdsa_sign_p256_sha2(
signature.as_mut_ptr(),
Expand Down Expand Up @@ -179,7 +183,7 @@ pub fn ecdsa_sign(hash: Mode, msg: &[u8], sk: &Scalar, nonce: &Nonce) -> Result<
_ => return Err(Error::InvalidConfig),
};

if result != 0 {
if !success {
return Err(Error::SigningFailed);
}

Expand Down Expand Up @@ -237,8 +241,6 @@ pub fn random_nonce() -> Nonce {
}

/// Generate a new P256 scalar (private key).
///
/// **WARNING:** The result might not be within [1, p-1]!
pub fn key_gen() -> Scalar {
loop {
let out: Scalar = crate::rand_util::get_random_array();
Expand All @@ -248,3 +250,29 @@ pub fn key_gen() -> Scalar {
}
}
}

// === Unit tests === //

#[test]
fn scalar_checks() {
let s: Scalar = [
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63,
0x25, 0x50,
]; // order - 1
assert!(validate_sk(&s).is_ok());

let s: Scalar = [
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63,
0x25, 0x51,
]; // order
assert!(validate_sk(&s).is_err());

let s: Scalar = [
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63,
0x25, 0x52,
]; // order + 1
assert!(validate_sk(&s).is_err());
}
10 changes: 0 additions & 10 deletions evercrypt-rs/tests/test_p256_ecdsa.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,16 +120,6 @@ fn test_wycheproof() {
continue;
}

// Skip failing.
// FIXME: investigate
if test.tcId == 285 || // k*G has a large x-coordinate
test.tcId == 339
// point duplication during verification
{
tests_skipped += 1;
continue;
}

let msg = hex_str_to_bytes(&test.msg);
let sig = hex_str_to_bytes(&test.sig);

Expand Down
2 changes: 1 addition & 1 deletion evercrypt-sys/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "evercrypt-sys"
version = "0.0.2-dev"
version = "0.0.2"
authors = ["Franziskus Kiefer <[email protected]>"]
edition = "2018"
build = "build.rs"
Expand Down
2 changes: 1 addition & 1 deletion evercrypt-sys/hacl-star
Submodule hacl-star updated from 3da837 to 05e0b0

0 comments on commit 39ab416

Please sign in to comment.