tasign 0.2.3

TA ELF signing utilities with CMS/PKCS#7 support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

//! RSA PKCS#1 v1.5 + ECDSA P-256 (SHA-256) via `tee_crypto::tee_ops`.

extern crate alloc;

use tee_crypto::hash::{DigestBytes, HashAlgorithm};
use tee_crypto::material::{SignatureAlgorithm, SignatureBytes, SignatureEncoding};
#[cfg(feature = "std")]
use tee_crypto::rsa::RsaKeypair;
use tee_crypto::rsa::RsaPublic;
use tee_crypto::tee_ops::ecc::{self, EccCurve, EccHashAlgo};
use tee_crypto::tee_ops::rsa::{self, RsaHashAlgo, RsaSignPadding};

use super::map::map_tee_err;
#[cfg(feature = "std")]
use super::map::TasignRngAdapter;
#[cfg(feature = "std")]
use super::rng::CryptoRng;
use crate::crypto::CryptoError;

#[cfg(feature = "std")]
pub fn rsa_sign_digest(
    key: &RsaKeypair,
    digest: &[u8; 32],
    rng: &mut dyn CryptoRng,
) -> Result<alloc::vec::Vec<u8>, CryptoError> {
    let digest = DigestBytes::new(digest.to_vec(), HashAlgorithm::Sha256);
    let mut adapter = TasignRngAdapter(rng);
    let sig = rsa::rsa_sign(
        key,
        RsaHashAlgo::Sha256,
        RsaSignPadding::Pkcs1v15,
        &digest,
        &mut adapter,
        None,
    )
    .map_err(map_tee_err)?;
    Ok(sig.as_bytes().to_vec())
}

pub fn rsa_verify_digest(
    key: &RsaPublic,
    digest: &[u8; 32],
    sig: &[u8],
) -> Result<(), CryptoError> {
    let digest = DigestBytes::new(digest.to_vec(), HashAlgorithm::Sha256);
    let sig = SignatureBytes::new(
        sig.to_vec(),
        SignatureAlgorithm::RsaPkcs1v15,
        SignatureEncoding::Raw,
    );
    rsa::rsa_verify(
        key,
        RsaHashAlgo::Sha256,
        RsaSignPadding::Pkcs1v15,
        &digest,
        &sig,
    )
    .map_err(map_tee_err)
}

#[cfg(feature = "std")]
pub fn ecdsa_sign_digest(
    scalar: &[u8; 32],
    digest: &[u8; 32],
    rng: &mut dyn CryptoRng,
) -> Result<alloc::vec::Vec<u8>, CryptoError> {
    let mut adapter = TasignRngAdapter(rng);
    ecc::ecc_sign_p256_prehash_der(scalar, digest, &mut adapter).map_err(map_tee_err)
}

pub fn ecdsa_verify_digest(
    public_x: &[u8],
    public_y: &[u8],
    digest: &[u8; 32],
    sig: &[u8],
) -> Result<(), CryptoError> {
    let digest = DigestBytes::new(digest.to_vec(), HashAlgorithm::Sha256);
    let sig = SignatureBytes::new(
        sig.to_vec(),
        SignatureAlgorithm::Ecdsa(EccCurve::P256),
        SignatureEncoding::Der,
    );
    ecc::ecc_verify(
        EccCurve::P256,
        EccHashAlgo::Sha256,
        public_x,
        public_y,
        &digest,
        &sig,
    )
    .map_err(map_tee_err)
}

pub fn rsa_pub_key_bits(key: &RsaPublic) -> usize {
    rsa::rsa_public_key_bits(key)
}

#[cfg(feature = "std")]
pub fn rsa_key_bits(key: &RsaKeypair) -> usize {
    rsa::rsa_private_key_bits(key)
}