2016-01-28 15:11:54 -05:00
|
|
|
package crypto
|
|
|
|
|
|
|
|
|
|
import (
|
2016-01-29 07:22:31 -05:00
|
|
|
"crypto"
|
|
|
|
|
"crypto/ecdsa"
|
|
|
|
|
"crypto/elliptic"
|
2024-10-18 17:01:42 -04:00
|
|
|
"github.com/sirupsen/logrus"
|
2016-01-28 15:11:54 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type ECDSAVerifier struct {
|
2016-01-29 07:22:31 -05:00
|
|
|
k *ecdsa.PublicKey
|
|
|
|
|
c elliptic.Curve
|
|
|
|
|
h crypto.Hash
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// verify a signature given the hash
|
|
|
|
|
func (v *ECDSAVerifier) VerifyHash(h, sig []byte) (err error) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.WithFields(logrus.Fields{
|
|
|
|
|
"hash_length": len(h),
|
|
|
|
|
"sig_length": len(sig),
|
|
|
|
|
}).Debug("Verifying ECDSA signature hash")
|
|
|
|
|
|
2016-01-29 07:22:31 -05:00
|
|
|
r, s := elliptic.Unmarshal(v.c, sig)
|
|
|
|
|
if r == nil || s == nil || !ecdsa.Verify(v.k, h, r, s) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.Warn("Invalid ECDSA signature")
|
2016-01-29 07:22:31 -05:00
|
|
|
err = ErrInvalidSignature
|
2024-10-18 17:01:42 -04:00
|
|
|
} else {
|
|
|
|
|
log.Debug("ECDSA signature verified successfully")
|
2016-01-29 07:22:31 -05:00
|
|
|
}
|
|
|
|
|
return
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// verify a block of data by hashing it and comparing the hash against the signature
|
|
|
|
|
func (v *ECDSAVerifier) Verify(data, sig []byte) (err error) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.WithFields(logrus.Fields{
|
|
|
|
|
"data_length": len(data),
|
|
|
|
|
"sig_length": len(sig),
|
|
|
|
|
}).Debug("Verifying ECDSA signature")
|
2016-01-29 07:22:31 -05:00
|
|
|
// sum the data and get the hash
|
|
|
|
|
h := v.h.New().Sum(data)[len(data):]
|
|
|
|
|
// verify
|
|
|
|
|
err = v.VerifyHash(h, sig)
|
|
|
|
|
return
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createECVerifier(c elliptic.Curve, h crypto.Hash, k []byte) (ev *ECDSAVerifier, err error) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.WithFields(logrus.Fields{
|
|
|
|
|
"curve": c.Params().Name,
|
|
|
|
|
"hash": h.String(),
|
|
|
|
|
}).Debug("Creating ECDSA verifier")
|
2016-01-29 07:22:31 -05:00
|
|
|
x, y := elliptic.Unmarshal(c, k[:])
|
|
|
|
|
if x == nil {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.Error("Invalid ECDSA key format")
|
2016-01-29 07:22:31 -05:00
|
|
|
err = ErrInvalidKeyFormat
|
|
|
|
|
} else {
|
|
|
|
|
ev = &ECDSAVerifier{
|
|
|
|
|
c: c,
|
|
|
|
|
h: h,
|
|
|
|
|
}
|
|
|
|
|
ev.k = &ecdsa.PublicKey{c, x, y}
|
2024-10-18 17:01:42 -04:00
|
|
|
log.Debug("ECDSA verifier created successfully")
|
2016-01-29 07:22:31 -05:00
|
|
|
}
|
|
|
|
|
return
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
2024-10-03 21:52:49 -04:00
|
|
|
type (
|
|
|
|
|
ECP256PublicKey [64]byte
|
|
|
|
|
ECP256PrivateKey [32]byte
|
|
|
|
|
)
|
2016-01-28 15:11:54 -05:00
|
|
|
|
|
|
|
|
func (k ECP256PublicKey) Len() int {
|
2016-01-29 07:22:31 -05:00
|
|
|
return len(k)
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (k ECP256PublicKey) NewVerifier() (Verifier, error) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.Debug("Creating new P256 ECDSA verifier")
|
|
|
|
|
//return createECVerifier(elliptic.P256(), crypto.SHA256, k[:])
|
|
|
|
|
v, err := createECVerifier(elliptic.P256(), crypto.SHA256, k[:])
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.WithError(err).Error("Failed to create P256 ECDSA verifier")
|
|
|
|
|
}
|
|
|
|
|
return v, err
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
2024-10-03 21:52:49 -04:00
|
|
|
type (
|
|
|
|
|
ECP384PublicKey [96]byte
|
|
|
|
|
ECP384PrivateKey [48]byte
|
|
|
|
|
)
|
2016-01-28 15:11:54 -05:00
|
|
|
|
|
|
|
|
func (k ECP384PublicKey) Len() int {
|
2016-01-29 07:22:31 -05:00
|
|
|
return len(k)
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (k ECP384PublicKey) NewVerifier() (Verifier, error) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.Debug("Creating new P384 ECDSA verifier")
|
|
|
|
|
v, err := createECVerifier(elliptic.P384(), crypto.SHA384, k[:])
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.WithError(err).Error("Failed to create P384 ECDSA verifier")
|
|
|
|
|
}
|
|
|
|
|
return v, err
|
|
|
|
|
//return createECVerifier(elliptic.P384(), crypto.SHA384, k[:])
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
2024-10-03 21:52:49 -04:00
|
|
|
type (
|
|
|
|
|
ECP521PublicKey [132]byte
|
|
|
|
|
ECP521PrivateKey [66]byte
|
|
|
|
|
)
|
2016-01-28 15:11:54 -05:00
|
|
|
|
|
|
|
|
func (k ECP521PublicKey) Len() int {
|
2016-01-29 07:22:31 -05:00
|
|
|
return len(k)
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (k ECP521PublicKey) NewVerifier() (Verifier, error) {
|
2024-10-18 17:01:42 -04:00
|
|
|
log.Debug("Creating new P521 ECDSA verifier")
|
|
|
|
|
v, err := createECVerifier(elliptic.P521(), crypto.SHA512, k[:])
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.WithError(err).Error("Failed to create P521 ECDSA verifier")
|
|
|
|
|
}
|
|
|
|
|
return v, err
|
|
|
|
|
//return createECVerifier(elliptic.P521(), crypto.SHA512, k[:])
|
2016-01-28 15:11:54 -05:00
|
|
|
}
|
