ts_crypto/

elliptic.rs

//! Elliptic curve cryptography

use der::{
    Decode,
    asn1::{SequenceOf, UintRef},
};
use digest::array::{Array, ArraySize};
use ecdsa::{
    EcdsaCurve, EncodedPoint, Signature, SignatureSize, SigningKey as EcSigningKey,
    VerifyingKey as EcVerifyingKey, hazmat::DigestAlgorithm,
};
use elliptic_curve::{
    AffinePoint, CurveArithmetic, FieldBytes, FieldBytesSize,
    point::AffineCoordinates,
    sec1::{FromEncodedPoint, ToEncodedPoint},
};
use sec1::point::ModulusSize;
use signature::{Signer, Verifier};

use crate::{SignMessage, ToVerifier, VerifySignature};

/// An elliptic curve for `ECDSA`
pub trait Curve
where
    // Curve has point operations
    AffinePoint<Self::Curve>: FromEncodedPoint<Self::Curve> + ToEncodedPoint<Self::Curve>,
    FieldBytesSize<Self::Curve>: ModulusSize,
    // Curve be used in a key
    EcSigningKey<Self::Curve>: Signer<Signature<Self::Curve>>,
    EcVerifyingKey<Self::Curve>: Verifier<Signature<Self::Curve>>,
    SignatureSize<Self::Curve>: ArraySize,
{
    /// The inner curve
    type Curve: EcdsaCurve + CurveArithmetic + DigestAlgorithm;
}

/// Parameters for an `ECDSA` key
pub trait Parameters: VerifySignature {
    /// Get the x coordinate for this key
    fn x(&self) -> Vec<u8>;

    /// Get the y coordinate for this key
    fn y(&self) -> Vec<u8>;
}

impl<C> Curve for C
where
    C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
    // Curve has point operations
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldBytesSize<C>: ModulusSize,
    // Curve be used in a key
    EcSigningKey<C>: Signer<Signature<C>>,
    EcVerifyingKey<C>: Verifier<Signature<C>>,
    SignatureSize<C>: ArraySize,
{
    type Curve = C;
}

/// An `ECDSA` verifying key
pub struct VerifyingKey<C: Curve> {
    /// The inner verifying key
    pub(crate) key: EcVerifyingKey<C::Curve>,
}

/// An `ECDSA` signing key
pub struct SigningKey<C: Curve> {
    /// The inner signing key
    pub(crate) key: EcSigningKey<C::Curve>,
}

impl<C: Curve> VerifyingKey<C> {
    /// Create a key from coordinates on the curve
    pub fn from_coordinates(x: &[u8], y: &[u8]) -> Option<Self> {
        let x = Array::try_from(x).ok()?;
        let y = Array::try_from(y).ok()?;
        let point = EncodedPoint::<C::Curve>::from_affine_coordinates(&x, &y, false);
        let point = AffinePoint::<C::Curve>::from_encoded_point(&point).into_option()?;
        let key = EcVerifyingKey::from_affine(point).ok()?;
        Some(Self { key })
    }
}

impl<C: Curve> Parameters for VerifyingKey<C> {
    fn x(&self) -> Vec<u8> {
        self.key.as_affine().x().to_vec()
    }

    fn y(&self) -> Vec<u8> {
        self.key.as_affine().y().to_vec()
    }
}

impl<C: Curve> VerifySignature for VerifyingKey<C> {
    fn verifies_signature(&self, signature: &[u8], message: &[u8]) -> bool {
        if let Ok(signature) = Signature::from_slice(signature) {
            self.key.verify(message, &signature).is_ok()
        } else if let Ok(sequence) = SequenceOf::<UintRef, 2>::from_der(signature) {
            // ```text
            // ECDSA-Sig-Value ::= SEQUENCE {
            //   r  INTEGER,
            //   s  INTEGER
            // }
            // ```
            let Some(r) = sequence.get(0) else {
                return false;
            };
            let Some(s) = sequence.get(1) else {
                return false;
            };

            // Pad `r` and `s` to the required length
            let mut r_array = Array::<u8, FieldBytesSize<C::Curve>>::default();
            if r.as_bytes().len() > r_array.len() {
                return false;
            }
            let offset = r_array.len().saturating_sub(r.as_bytes().len());
            #[allow(clippy::indexing_slicing, reason = "offest is always in bounds")]
            r_array[offset..].copy_from_slice(r.as_bytes());

            let mut s_array = Array::<u8, FieldBytesSize<C::Curve>>::default();
            if s.as_bytes().len() > s_array.len() {
                return false;
            }
            let offset = r_array.len().saturating_sub(s.as_bytes().len());
            #[allow(clippy::indexing_slicing, reason = "offest is always in bounds")]
            s_array[offset..].copy_from_slice(s.as_bytes());

            let Ok(r) = FieldBytes::<C::Curve>::try_from(r_array.as_slice()) else {
                return false;
            };
            let Ok(s) = FieldBytes::<C::Curve>::try_from(s_array.as_slice()) else {
                return false;
            };
            let Ok(signature) = Signature::<C::Curve>::from_scalars(r, s) else {
                return false;
            };
            // C::Curve::FieldBytesSize::USIZE

            self.key.verify(message, &signature).is_ok()
        } else {
            false
        }
    }
}

impl<C: Curve> SignMessage for SigningKey<C> {
    fn sign(&self, message: &[u8]) -> Vec<u8> {
        let signature: Signature<C::Curve> = self.key.sign(message);
        signature.to_vec()
    }
}

impl<C: Curve> ToVerifier for SigningKey<C> {
    type Key = VerifyingKey<C>;

    fn verifying_key(&self) -> Self::Key {
        let key = *self.key.verifying_key();
        VerifyingKey { key }
    }
}