forked from iotaledger/identity.rs
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add EcDSA verifier (iotaledger#1353)
* add ecdsa verifier * add identity_ecdsa_verifier to workspace, add license headers * Update identity_ecdsa_verifier/Cargo.toml Co-authored-by: wulfraem <[email protected]> * Update identity_ecdsa_verifier/src/secp256k1.rs Co-authored-by: wulfraem <[email protected]> * Update identity_ecdsa_verifier/Cargo.toml Co-authored-by: wulfraem <[email protected]> * Update identity_ecdsa_verifier/src/secp256k1.rs Co-authored-by: wulfraem <[email protected]> * Update identity_ecdsa_verifier/src/secp256r1.rs Co-authored-by: wulfraem <[email protected]> * add feedback * add OpenSSL installation to windows runner in CI * update license headers and authors for ecdsa verifier * update license template to allow multiple contributors --------- Co-authored-by: Sebastian Wolfram <[email protected]>
- Loading branch information
Showing
12 changed files
with
482 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
// Copyright {20\d{2}(-20\d{2})?} IOTA Stiftung | ||
// Copyright {20\d{2}(-20\d{2})?} IOTA Stiftung{(?:, .+)?} | ||
// SPDX-License-Identifier: Apache-2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
[package] | ||
name = "identity_ecdsa_verifier" | ||
version = "0.1.0" | ||
authors = ["IOTA Stiftung", "Filancore GmbH"] | ||
edition.workspace = true | ||
homepage.workspace = true | ||
keywords = ["iota", "identity", "jose", "jwk", "jws"] | ||
license.workspace = true | ||
readme = "./README.md" | ||
repository.workspace = true | ||
rust-version.workspace = true | ||
description = "JWS ECDSA signature verification for IOTA Identity" | ||
|
||
[lints] | ||
workspace = true | ||
|
||
[dependencies] | ||
identity_verification = { version = "=1.2.0", path = "../identity_verification", default-features = false } | ||
k256 = { version = "0.13.3", default-features = false, features = ["std", "ecdsa", "ecdsa-core"], optional = true } | ||
p256 = { version = "0.13.2", default-features = false, features = ["std", "ecdsa", "ecdsa-core"], optional = true } | ||
signature = { version = "2", default-features = false } | ||
|
||
[dev-dependencies] | ||
josekit = "0.8.6" | ||
serde_json.workspace = true | ||
|
||
[features] | ||
default = ["es256", "es256k"] | ||
# Enables the EcDSAJwsVerifier to verify JWS with alg = ES256. | ||
es256 = ["dep:p256"] | ||
# Enables the EcDSAJwsVerifier to verify JWS with alg = ES256K. | ||
es256k = ["dep:k256"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# ECDSA Verifier | ||
|
||
This crate implements a `JwsVerifier` capable of verifying EcDSA signatures with algorithms `ES256` and `ES256K`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// Copyright 2020-2024 IOTA Stiftung, Filancore GmbH | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
use identity_verification::jws::JwsAlgorithm; | ||
use identity_verification::jws::JwsVerifier; | ||
use identity_verification::jws::SignatureVerificationErrorKind; | ||
|
||
/// An implementor of [`JwsVerifier`](identity_verification::jws::JwsVerifier) | ||
/// that can handle a selection of EcDSA algorithms. | ||
/// | ||
/// The following algorithms are supported, if the respective feature on the | ||
/// crate is activated: | ||
/// | ||
/// - [`JwsAlgorithm::ES256`](identity_verification::jws::JwsAlgorithm::ES256). | ||
/// - [`JwsAlgorithm::ES256K`](identity_verification::jws::JwsAlgorithm::ES256K). | ||
#[derive(Debug, Default)] | ||
#[non_exhaustive] | ||
pub struct EcDSAJwsVerifier {} | ||
|
||
impl JwsVerifier for EcDSAJwsVerifier { | ||
fn verify( | ||
&self, | ||
input: identity_verification::jws::VerificationInput, | ||
public_key: &identity_verification::jwk::Jwk, | ||
) -> Result<(), identity_verification::jws::SignatureVerificationError> { | ||
match input.alg { | ||
#[cfg(feature = "es256")] | ||
JwsAlgorithm::ES256 => crate::Secp256R1Verifier::verify(&input, public_key), | ||
#[cfg(feature = "es256k")] | ||
JwsAlgorithm::ES256K => crate::Secp256K1Verifier::verify(&input, public_key), | ||
_ => Err(SignatureVerificationErrorKind::UnsupportedAlg.into()), | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
// Copyright 2020-2024 IOTA Stiftung, Filancore GmbH | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
#![doc = include_str!("./../README.md")] | ||
#![warn( | ||
rust_2018_idioms, | ||
unreachable_pub, | ||
missing_docs, | ||
rustdoc::missing_crate_level_docs, | ||
rustdoc::broken_intra_doc_links, | ||
rustdoc::private_intra_doc_links, | ||
rustdoc::private_doc_tests, | ||
clippy::missing_safety_doc | ||
)] | ||
|
||
mod ecdsa_jws_verifier; | ||
#[cfg(feature = "es256k")] | ||
mod secp256k1; | ||
#[cfg(feature = "es256")] | ||
mod secp256r1; | ||
|
||
pub use ecdsa_jws_verifier::*; | ||
#[cfg(feature = "es256k")] | ||
pub use secp256k1::*; | ||
#[cfg(feature = "es256")] | ||
pub use secp256r1::*; | ||
|
||
#[cfg(test)] | ||
mod tests; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
// Copyright 2020-2024 IOTA Stiftung, Filancore GmbH | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
use std::ops::Deref; | ||
|
||
use identity_verification::jwk::JwkParamsEc; | ||
use identity_verification::jws::SignatureVerificationError; | ||
use identity_verification::jws::SignatureVerificationErrorKind; | ||
use identity_verification::jwu::{self}; | ||
use k256::ecdsa::Signature; | ||
use k256::ecdsa::VerifyingKey; | ||
use k256::elliptic_curve::sec1::FromEncodedPoint; | ||
use k256::elliptic_curve::subtle::CtOption; | ||
use k256::EncodedPoint; | ||
use k256::PublicKey; | ||
|
||
/// A verifier that can handle the | ||
/// [`JwsAlgorithm::ES256K`](identity_verification::jws::JwsAlgorithm::ES256K) | ||
/// algorithm. | ||
#[derive(Debug, Default)] | ||
#[non_exhaustive] | ||
pub struct Secp256K1Verifier {} | ||
|
||
impl Secp256K1Verifier { | ||
/// Verify a JWS signature secured with the | ||
/// [`JwsAlgorithm::ES256K`](identity_verification::jws::JwsAlgorithm::ES256K) | ||
/// algorithm. | ||
/// | ||
/// This function is useful when one is building a | ||
/// [`JwsVerifier`](identity_verification::jws::JwsVerifier) that | ||
/// handles the | ||
/// [`JwsAlgorithm::ES256K`](identity_verification::jws::JwsAlgorithm::ES256K) | ||
/// in the same manner as the [`Secp256K1Verifier`] hence extending its | ||
/// capabilities. | ||
/// | ||
/// # Warning | ||
/// | ||
/// This function does not check whether `alg = ES256K` in the protected | ||
/// header. Callers are expected to assert this prior to calling the | ||
/// function. | ||
pub fn verify( | ||
input: &identity_verification::jws::VerificationInput, | ||
public_key: &identity_verification::jwk::Jwk, | ||
) -> Result<(), SignatureVerificationError> { | ||
// Obtain a K256 public key. | ||
let params: &JwkParamsEc = public_key | ||
.try_ec_params() | ||
.map_err(|_| SignatureVerificationErrorKind::UnsupportedKeyType)?; | ||
|
||
// Concatenate x and y coordinates as required by | ||
// EncodedPoint::from_untagged_bytes. | ||
let public_key_bytes = jwu::decode_b64(¶ms.x) | ||
.map_err(|err| { | ||
SignatureVerificationError::new(SignatureVerificationErrorKind::KeyDecodingFailure).with_source(err) | ||
})? | ||
.into_iter() | ||
.chain(jwu::decode_b64(¶ms.y).map_err(|err| { | ||
SignatureVerificationError::new(SignatureVerificationErrorKind::KeyDecodingFailure).with_source(err) | ||
})?) | ||
.collect(); | ||
|
||
// The JWK contains the uncompressed x and y coordinates, so we can create the | ||
// encoded point directly without prefixing an SEC1 tag. | ||
let encoded_point: EncodedPoint = EncodedPoint::from_untagged_bytes(&public_key_bytes); | ||
let public_key: PublicKey = { | ||
let opt_public_key: CtOption<PublicKey> = PublicKey::from_encoded_point(&encoded_point); | ||
if opt_public_key.is_none().into() { | ||
return Err(SignatureVerificationError::new( | ||
SignatureVerificationErrorKind::KeyDecodingFailure, | ||
)); | ||
} else { | ||
opt_public_key.unwrap() | ||
} | ||
}; | ||
|
||
let verifying_key: VerifyingKey = VerifyingKey::from(public_key); | ||
|
||
let mut signature: Signature = Signature::try_from(input.decoded_signature.deref()).map_err(|err| { | ||
SignatureVerificationError::new(SignatureVerificationErrorKind::InvalidSignature).with_source(err) | ||
})?; | ||
|
||
if let Some(normalized) = signature.normalize_s() { | ||
signature = normalized; | ||
} | ||
|
||
match signature::Verifier::verify(&verifying_key, &input.signing_input, &signature) { | ||
Ok(()) => Ok(()), | ||
Err(err) => { | ||
Err(SignatureVerificationError::new(SignatureVerificationErrorKind::InvalidSignature).with_source(err)) | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
// Copyright 2020-2024 IOTA Stiftung, Filancore GmbH | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
use std::ops::Deref; | ||
|
||
use identity_verification::jwk::JwkParamsEc; | ||
use identity_verification::jws::SignatureVerificationError; | ||
use identity_verification::jws::SignatureVerificationErrorKind; | ||
use identity_verification::jwu::{self}; | ||
use p256::ecdsa::Signature; | ||
use p256::ecdsa::VerifyingKey; | ||
use p256::elliptic_curve::sec1::FromEncodedPoint; | ||
use p256::elliptic_curve::subtle::CtOption; | ||
use p256::EncodedPoint; | ||
use p256::PublicKey; | ||
|
||
/// A verifier that can handle the | ||
/// [`JwsAlgorithm::ES256`](identity_verification::jws::JwsAlgorithm::ES256) | ||
/// algorithm. | ||
#[derive(Debug, Default)] | ||
#[non_exhaustive] | ||
pub struct Secp256R1Verifier {} | ||
|
||
impl Secp256R1Verifier { | ||
/// Verify a JWS signature secured with the | ||
/// [`JwsAlgorithm::ES256`](identity_verification::jws::JwsAlgorithm::ES256) | ||
/// algorithm. | ||
/// | ||
/// This function is useful when one is building a | ||
/// [`JwsVerifier`](identity_verification::jws::JwsVerifier) that | ||
/// handles the | ||
/// [`JwsAlgorithm::ES256`](identity_verification::jws::JwsAlgorithm::ES256) | ||
/// in the same manner as the [`Secp256R1Verifier`] hence extending its | ||
/// capabilities. | ||
/// | ||
/// # Warning | ||
/// | ||
/// This function does not check whether `alg = ES256` in the protected | ||
/// header. Callers are expected to assert this prior to calling the | ||
/// function. | ||
pub fn verify( | ||
input: &identity_verification::jws::VerificationInput, | ||
public_key: &identity_verification::jwk::Jwk, | ||
) -> Result<(), SignatureVerificationError> { | ||
// Obtain a P256 public key. | ||
let params: &JwkParamsEc = public_key | ||
.try_ec_params() | ||
.map_err(|_| SignatureVerificationErrorKind::UnsupportedKeyType)?; | ||
|
||
// Concatenate x and y coordinates as required by | ||
// EncodedPoint::from_untagged_bytes. | ||
let public_key_bytes = jwu::decode_b64(¶ms.x) | ||
.map_err(|err| { | ||
SignatureVerificationError::new(SignatureVerificationErrorKind::KeyDecodingFailure).with_source(err) | ||
})? | ||
.into_iter() | ||
.chain(jwu::decode_b64(¶ms.y).map_err(|err| { | ||
SignatureVerificationError::new(SignatureVerificationErrorKind::KeyDecodingFailure).with_source(err) | ||
})?) | ||
.collect(); | ||
|
||
// The JWK contains the uncompressed x and y coordinates, so we can create the | ||
// encoded point directly without prefixing an SEC1 tag. | ||
let encoded_point: EncodedPoint = EncodedPoint::from_untagged_bytes(&public_key_bytes); | ||
let public_key: PublicKey = { | ||
let opt_public_key: CtOption<PublicKey> = PublicKey::from_encoded_point(&encoded_point); | ||
if opt_public_key.is_none().into() { | ||
return Err(SignatureVerificationError::new( | ||
SignatureVerificationErrorKind::KeyDecodingFailure, | ||
)); | ||
} else { | ||
opt_public_key.unwrap() | ||
} | ||
}; | ||
|
||
let verifying_key: VerifyingKey = VerifyingKey::from(public_key); | ||
|
||
let signature: Signature = Signature::try_from(input.decoded_signature.deref()).map_err(|err| { | ||
SignatureVerificationError::new(SignatureVerificationErrorKind::InvalidSignature).with_source(err) | ||
})?; | ||
|
||
match signature::Verifier::verify(&verifying_key, &input.signing_input, &signature) { | ||
Ok(()) => Ok(()), | ||
Err(err) => { | ||
Err(SignatureVerificationError::new(SignatureVerificationErrorKind::InvalidSignature).with_source(err)) | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
// Copyright 2020-2024 IOTA Stiftung, Filancore GmbH | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
mod secp256; | ||
mod secp256k; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
// Copyright 2020-2024 IOTA Stiftung, Filancore GmbH | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
mod es256 { | ||
use identity_verification::jwk::EcCurve; | ||
use identity_verification::jwk::Jwk; | ||
use identity_verification::jwk::JwkParamsEc; | ||
use identity_verification::jwu; | ||
use p256::ecdsa::Signature; | ||
use p256::ecdsa::SigningKey; | ||
use p256::SecretKey; | ||
|
||
pub(crate) fn expand_p256_jwk(jwk: &Jwk) -> SecretKey { | ||
let params: &JwkParamsEc = jwk.try_ec_params().unwrap(); | ||
|
||
if params.try_ec_curve().unwrap() != EcCurve::P256 { | ||
panic!("expected a P256 curve"); | ||
} | ||
|
||
let sk_bytes = params.d.as_ref().map(jwu::decode_b64).unwrap().unwrap(); | ||
SecretKey::from_slice(&sk_bytes).unwrap() | ||
} | ||
|
||
pub(crate) fn sign(message: &[u8], private_key: &Jwk) -> impl AsRef<[u8]> { | ||
let sk: SecretKey = expand_p256_jwk(private_key); | ||
let signing_key: SigningKey = SigningKey::from(sk); | ||
let signature: Signature = signature::Signer::sign(&signing_key, message); | ||
signature.to_bytes() | ||
} | ||
} | ||
|
||
use identity_verification::jwk::Jwk; | ||
use identity_verification::jws; | ||
use identity_verification::jws::JwsHeader; | ||
|
||
use crate::EcDSAJwsVerifier; | ||
|
||
#[test] | ||
fn test_es256_rfc7515() { | ||
// Test Vector taken from https://datatracker.ietf.org/doc/html/rfc7515#appendix-A.3. | ||
let tv_header: &str = r#"{"alg":"ES256"}"#; | ||
let tv_claims: &[u8] = &[ | ||
123, 34, 105, 115, 115, 34, 58, 34, 106, 111, 101, 34, 44, 13, 10, 32, 34, 101, 120, 112, 34, 58, 49, 51, 48, 48, | ||
56, 49, 57, 51, 56, 48, 44, 13, 10, 32, 34, 104, 116, 116, 112, 58, 47, 47, 101, 120, 97, 109, 112, 108, 101, 46, | ||
99, 111, 109, 47, 105, 115, 95, 114, 111, 111, 116, 34, 58, 116, 114, 117, 101, 125, | ||
]; | ||
let tv_encoded: &[u8] = b"eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.e4ZrhZdbFQ7630Tq51E6RQiJaae9bFNGJszIhtusEwzvO21rzH76Wer6yRn2Zb34VjIm3cVRl0iQctbf4uBY3w"; | ||
let tv_private_key: &str = r#" | ||
{ | ||
"kty": "EC", | ||
"crv": "P-256", | ||
"x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", | ||
"y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", | ||
"d": "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI" | ||
} | ||
"#; | ||
|
||
let header: JwsHeader = serde_json::from_str(tv_header).unwrap(); | ||
let jwk: Jwk = serde_json::from_str(tv_private_key).unwrap(); | ||
let encoder: jws::CompactJwsEncoder<'_> = jws::CompactJwsEncoder::new(tv_claims, &header).unwrap(); | ||
let signing_input: &[u8] = encoder.signing_input(); | ||
let encoded: String = { | ||
let signature = es256::sign(signing_input, &jwk); | ||
encoder.into_jws(signature.as_ref()) | ||
}; | ||
assert_eq!(encoded.as_bytes(), tv_encoded); | ||
|
||
let jws_verifier = EcDSAJwsVerifier::default(); | ||
let decoder = jws::Decoder::new(); | ||
let token = decoder | ||
.decode_compact_serialization(tv_encoded, None) | ||
.and_then(|decoded| decoded.verify(&jws_verifier, &jwk)) | ||
.unwrap(); | ||
|
||
assert_eq!(token.protected, header); | ||
assert_eq!(token.claims, tv_claims); | ||
} |
Oops, something went wrong.