1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

//! ECDSA signer. Generic over elliptic curves.
//!
//! Requires an [`elliptic_curve::Arithmetic`] impl on the curve, and a
//! [`SignPrimitive`] impl on its associated `Scalar` type.

// TODO(tarcieri): RFC 6979; support for hardware crypto accelerators

use crate::{
    hazmat::{DigestPrimitive, SignPrimitive},
    Error, Signature, SignatureSize,
};
use elliptic_curve::{
    generic_array::ArrayLength,
    ops::Invert,
    weierstrass::Curve,
    zeroize::{Zeroize, Zeroizing},
    Arithmetic, FromBytes, SecretKey,
};

#[cfg(feature = "rand")]
use {
    elliptic_curve::Generate,
    signature::{
        digest::Digest,
        rand_core::{CryptoRng, RngCore},
        RandomizedDigestSigner, RandomizedSigner,
    },
};

/// ECDSA signer
pub struct Signer<C>
where
    C: Curve + Arithmetic,
    C::Scalar: Invert<Output = C::Scalar> + SignPrimitive<C> + Zeroize,
    SignatureSize<C>: ArrayLength<u8>,
{
    secret_scalar: C::Scalar,
}

impl<C> Signer<C>
where
    C: Curve + Arithmetic,
    C::Scalar: Invert<Output = C::Scalar> + SignPrimitive<C> + Zeroize,
    SignatureSize<C>: ArrayLength<u8>,
{
    /// Create a new signer
    pub fn new(secret_key: &SecretKey<C>) -> Result<Self, Error> {
        let scalar = C::Scalar::from_bytes(secret_key.as_bytes());

        if scalar.is_some().into() {
            Ok(Self {
                secret_scalar: scalar.unwrap(),
            })
        } else {
            Err(Error::new())
        }
    }
}

#[cfg(feature = "rand")]
#[cfg_attr(docsrs, doc(cfg(feature = "rand")))]
impl<C, D> RandomizedDigestSigner<D, Signature<C>> for Signer<C>
where
    C: Curve + Arithmetic,
    D: Digest<OutputSize = C::ElementSize>,
    C::Scalar: Invert<Output = C::Scalar> + Generate + SignPrimitive<C> + Zeroize,
    SignatureSize<C>: ArrayLength<u8>,
{
    fn try_sign_digest_with_rng(
        &self,
        rng: impl CryptoRng + RngCore,
        digest: D,
    ) -> Result<Signature<C>, Error> {
        let ephemeral_scalar = Zeroizing::new(C::Scalar::generate(rng));

        self.secret_scalar
            .try_sign_prehashed(&*ephemeral_scalar, &digest.finalize())
    }
}

#[cfg(feature = "rand")]
#[cfg_attr(docsrs, doc(cfg(feature = "rand")))]
impl<C> RandomizedSigner<Signature<C>> for Signer<C>
where
    C: Curve + Arithmetic + DigestPrimitive,
    C::Digest: Digest<OutputSize = C::ElementSize>,
    C::Scalar: Invert<Output = C::Scalar> + Generate + SignPrimitive<C> + Zeroize,
    SignatureSize<C>: ArrayLength<u8>,
{
    fn try_sign_with_rng(
        &self,
        rng: impl CryptoRng + RngCore,
        msg: &[u8],
    ) -> Result<Signature<C>, Error> {
        self.try_sign_digest_with_rng(rng, C::Digest::new().chain(msg))
    }
}

impl<C> Zeroize for Signer<C>
where
    C: Curve + Arithmetic,
    C::Scalar: Invert<Output = C::Scalar> + SignPrimitive<C> + Zeroize,

    SignatureSize<C>: ArrayLength<u8>,
{
    fn zeroize(&mut self) {
        self.secret_scalar.zeroize();
    }
}

impl<C> Drop for Signer<C>
where
    C: Curve + Arithmetic,
    C::Scalar: Invert<Output = C::Scalar> + SignPrimitive<C> + Zeroize,

    SignatureSize<C>: ArrayLength<u8>,
{
    fn drop(&mut self) {
        self.zeroize();
    }
}