From f74b79870c6f8cd3c2433a98fbd679b8866d0f2d Mon Sep 17 00:00:00 2001 From: Justin W Smith <103147162+justsmth@users.noreply.github.com> Date: Thu, 25 Jan 2024 12:25:02 -0500 Subject: [PATCH] Encoding docs cleanup --- aws-lc-rs/Cargo.toml | 2 +- aws-lc-rs/src/agreement.rs | 3 +- aws-lc-rs/src/ec.rs | 5 +-- aws-lc-rs/src/ec/key_pair.rs | 7 ++- aws-lc-rs/src/encoding.rs | 82 ++++++++++++++++++++-------------- aws-lc-rs/src/rsa/key.rs | 5 ++- aws-lc-rs/tests/ecdsa_tests.rs | 2 +- 7 files changed, 59 insertions(+), 47 deletions(-) diff --git a/aws-lc-rs/Cargo.toml b/aws-lc-rs/Cargo.toml index 29baa934c37..1c02ec714cc 100644 --- a/aws-lc-rs/Cargo.toml +++ b/aws-lc-rs/Cargo.toml @@ -47,9 +47,9 @@ aws-lc-sys = { version = "0.13.0", path = "../aws-lc-sys", optional = true } aws-lc-fips-sys = { version = "0.12.0", path = "../aws-lc-fips-sys", optional = true } zeroize = "1.7" mirai-annotations = "1.12.0" +paste = "1.0" [dev-dependencies] -paste = "1.0" regex = "1.6.0" lazy_static = "1.4.0" clap = { version = "4.1.8", features = ["derive"] } diff --git a/aws-lc-rs/src/agreement.rs b/aws-lc-rs/src/agreement.rs index 43c023b1ac1..6ccfcb9ff3c 100644 --- a/aws-lc-rs/src/agreement.rs +++ b/aws-lc-rs/src/agreement.rs @@ -68,7 +68,6 @@ use aws_lc::{ NID_secp521r1, BIGNUM, EVP_PKEY, EVP_PKEY_X25519, NID_X25519, }; -use crate::buffer::Buffer; use crate::encoding::{ AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, }; @@ -456,7 +455,7 @@ impl AsDer> for PrivateKey { let length = usize::try_from(unsafe { aws_lc::i2d_ECPrivateKey(*ec_key, &mut outp) }) .map_err(|_| Unspecified)?; let outp = LcPtr::new(outp)?; - Ok(Buffer::take_from_slice(unsafe { + Ok(EcPrivateKeyRfc5915Der::take_from_slice(unsafe { std::slice::from_raw_parts_mut(*outp, length) })) } diff --git a/aws-lc-rs/src/ec.rs b/aws-lc-rs/src/ec.rs index 8aa58f3e235..227fa657dfc 100644 --- a/aws-lc-rs/src/ec.rs +++ b/aws-lc-rs/src/ec.rs @@ -31,7 +31,6 @@ use aws_lc::{ EVP_PKEY_EC, }; -use crate::buffer::Buffer; use crate::digest::digest_ctx::DigestContext; use crate::encoding::{AsDer, EcPublicKeyX509Der}; use crate::error::{KeyRejected, Unspecified}; @@ -148,7 +147,7 @@ impl AsDer> for PublicKey { let buffer = LcPtr::new(buffer)?; let der = unsafe { std::slice::from_raw_parts(*buffer, len.try_into()?) }.to_owned(); - Ok(Buffer::new(der)) + Ok(EcPublicKeyX509Der::new(der)) } } @@ -641,7 +640,7 @@ mod tests { let result = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &input); assert!(result.is_ok()); let key_pair = result.unwrap(); - assert_eq!("EcdsaKeyPair { public_key: EcdsaPublicKey(\"04cf0d13a3a7577231ea1b66cf4021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0437af3f7af6e724\") }", + assert_eq!("EcdsaKeyPair { public_key: EcdsaPublicKey(\"04cf0d13a3a7577231ea1b66cf4021cd54f21f4ac4f5f2fdd28e05bc7d2bd099d1374cd08d2ef654d6f04498db462f73e0282058dd661a4c9b0437af3f7af6e724\") }", format!("{key_pair:?}")); assert_eq!( "EcdsaPrivateKey(ECDSA_P256)", diff --git a/aws-lc-rs/src/ec/key_pair.rs b/aws-lc-rs/src/ec/key_pair.rs index c8ad5f18ce7..bf491b72098 100644 --- a/aws-lc-rs/src/ec/key_pair.rs +++ b/aws-lc-rs/src/ec/key_pair.rs @@ -10,7 +10,6 @@ use std::ptr::{null, null_mut}; use aws_lc::{EVP_DigestSign, EVP_DigestSignInit, EVP_PKEY_get0_EC_KEY, EVP_PKEY}; -use crate::buffer::Buffer; use crate::digest::digest_ctx::DigestContext; #[cfg(feature = "fips")] use crate::ec::validate_evp_key; @@ -320,9 +319,9 @@ impl AsDer> for PrivateKey<'_> { let length = usize::try_from(aws_lc::i2d_ECPrivateKey(*ec_key, &mut outp)) .map_err(|_| Unspecified)?; let outp = LcPtr::new(outp)?; - Ok(Buffer::take_from_slice(std::slice::from_raw_parts_mut( - *outp, length, - ))) + Ok(EcPrivateKeyRfc5915Der::take_from_slice( + std::slice::from_raw_parts_mut(*outp, length), + )) } } } diff --git a/aws-lc-rs/src/encoding.rs b/aws-lc-rs/src/encoding.rs index f01f9562aed..ef83aee044e 100644 --- a/aws-lc-rs/src/encoding.rs +++ b/aws-lc-rs/src/encoding.rs @@ -3,35 +3,64 @@ //! Serialization formats +use self::types::Pkcs8V1DerType; use crate::buffer::Buffer; use crate::encoding::types::{ - Curve25519SeedBufferType, EcPrivateKeyBinType, EcPrivateKeyRfc5915DerType, - EcPublicKeyX509DerType, + Curve25519SeedBinType, EcPrivateKeyBinType, EcPrivateKeyRfc5915DerType, EcPublicKeyX509DerType, }; +use core::fmt::{Debug, Error, Formatter}; +use core::ops::Deref; -use self::types::Pkcs8V1DerType; +use paste::paste; -mod types { - pub struct EcPrivateKeyBinType { - _priv: (), - } +macro_rules! generated_encodings { + ($($name:ident),*) => {paste! { + mod types { + $( + pub struct [<$name Type>] { + _priv: (), + } + )* + } + $( + /// Serialized bytes + pub struct $name<'a>(Buffer<'a, [<$name Type>]>); - pub struct EcPrivateKeyRfc5915DerType { - _priv: (), - } + impl<'a> Deref for $name<'a> { + type Target = Buffer<'a, [<$name Type>]>; - pub struct EcPublicKeyX509DerType { - _priv: (), - } + fn deref(&self) -> &Self::Target { + &self.0 + } + } - pub struct Curve25519SeedBufferType { - _priv: (), - } + impl $name<'static> { + #[allow(dead_code)] + pub(crate) fn new(owned: Vec) -> Self { + Self(Buffer::new(owned)) + } + #[allow(dead_code)] + pub(crate) fn take_from_slice(owned: &mut [u8]) -> Self { + Self(Buffer::take_from_slice(owned)) + } + } - pub struct Pkcs8V1DerType { - _priv: (), - } + impl Debug for $name<'_> { + fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error> { + f.debug_struct(stringify!($name)).finish() + } + + } + )* + }} } +generated_encodings!( + EcPrivateKeyBin, + EcPrivateKeyRfc5915Der, + EcPublicKeyX509Der, + Curve25519SeedBin, + Pkcs8V1Der +); /// Trait for types that can be serialized into a DER format. pub trait AsDer { @@ -50,18 +79,3 @@ pub trait AsBigEndian { /// Returns Unspecified if serialization fails. fn as_be_bytes(&self) -> Result; } - -/// Elliptic curve private key data encoded as a big-endian fixed-length integer. -pub type EcPrivateKeyBin<'a> = Buffer<'a, EcPrivateKeyBinType>; - -/// Elliptic curve private key as a DER-encoded `ECPrivateKey` (RFC 5915) structure. -pub type EcPrivateKeyRfc5915Der<'a> = Buffer<'a, EcPrivateKeyRfc5915DerType>; - -/// An elliptic curve public key as a DER-encoded (X509) `SubjectPublicKeyInfo` structure -pub type EcPublicKeyX509Der<'a> = Buffer<'a, EcPublicKeyX509DerType>; - -/// Elliptic curve private key data encoded as a big-endian fixed-length integer. -pub type Curve25519SeedBin<'a> = Buffer<'a, Curve25519SeedBufferType>; - -/// A PKCS#8 v1 (RFC 5208) DER encoded structure. -pub type Pkcs8V1Der<'a> = Buffer<'a, Pkcs8V1DerType>; diff --git a/aws-lc-rs/src/rsa/key.rs b/aws-lc-rs/src/rsa/key.rs index 3f920424e93..8ae4053f2d2 100644 --- a/aws-lc-rs/src/rsa/key.rs +++ b/aws-lc-rs/src/rsa/key.rs @@ -11,7 +11,6 @@ use core::{ }; use crate::{ - buffer::Buffer, encoding::{AsDer, Pkcs8V1Der}, fips::indicator_check, }; @@ -363,7 +362,9 @@ impl crate::signature::KeyPair for KeyPair { impl AsDer> for KeyPair { fn as_der(&self) -> Result, Unspecified> { - Ok(Buffer::new(encoding::pkcs8::encode_v1_der(&self.evp_pkey)?)) + Ok(Pkcs8V1Der::new(encoding::pkcs8::encode_v1_der( + &self.evp_pkey, + )?)) } } diff --git a/aws-lc-rs/tests/ecdsa_tests.rs b/aws-lc-rs/tests/ecdsa_tests.rs index ec6f6be058f..07bede3ffce 100644 --- a/aws-lc-rs/tests/ecdsa_tests.rs +++ b/aws-lc-rs/tests/ecdsa_tests.rs @@ -476,7 +476,7 @@ fn test_private_key() { } { let private_key_der: EcPrivateKeyRfc5915Der = key_pair.private_key().as_der().unwrap(); - assert_eq!("Buffer(...)", format!("{private_key_der:?}")); + assert_eq!("EcPrivateKeyRfc5915Der", format!("{private_key_der:?}")); assert!(EcdsaKeyPair::from_pkcs8(signing_alg, private_key_der.as_ref()).is_err()); let key_pair_copy =