Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixes #138: adds and implements a CryptographyProvider trait #142

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fixes #138: adds and implements a CryptographyProvider trait #142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# will have compiled files and executables
/target/
**/*.rs.bk
**/.*.swp

# Fuzzing corpuses should be explicitly updated
fuzz/corpus/
Expand Down
3 changes: 2 additions & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "authenticator"
version = "0.3.1"
authors = ["J.C. Jones <[email protected]>", "Tim Taubert <[email protected]>", "Kyle Machulis <[email protected]>"]
authors = ["J.C. Jones <[email protected]>", "Tim Taubert <[email protected]>", "Kyle Machulis <[email protected]>", "Dana Keeler <[email protected]>"]
keywords = ["ctap2", "u2f", "fido", "webauthn"]
categories = ["cryptography", "hardware-support", "os"]
repository = "https://github.com/mozilla/authenticator-rs/"
Expand Down Expand Up @@ -51,6 +51,7 @@ serde = { version = "1.0", optional = true, features = ["derive"] }
serde_json = { version = "1.0", optional = true }
bytes = { version = "0.5", optional = true, features = ["serde"] }
base64 = { version = "^0.10", optional = true }
ring = "0.16"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gonna have to be a feature I think


[dev-dependencies]
sha2 = "^0.8.2"
Expand Down
67 changes: 67 additions & 0 deletions src/crypto.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use crate::ring::rand::SecureRandom;
use crate::ring::signature::KeyPair;
use crate::Result;

pub trait CryptoProvider {
fn new_key(&self) -> Result<Box<dyn Key>>;
fn random_bytes(&self, destination: &mut [u8]) -> Result<()>;
}

pub trait Key {
fn sign(&self, data: &[u8]) -> Result<Vec<u8>>;
fn public(&self) -> Vec<u8>;
}

pub struct RingCryptoProvider {
rng: ring::rand::SystemRandom,
}

impl RingCryptoProvider {
pub fn new() -> RingCryptoProvider {
RingCryptoProvider {
rng: ring::rand::SystemRandom::new(),
}
}
}

impl CryptoProvider for RingCryptoProvider {
fn new_key(&self) -> Result<Box<dyn Key>> {
let pkcs8 = ring::signature::EcdsaKeyPair::generate_pkcs8(
&ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
&self.rng,
)?;
let handle = ring::signature::EcdsaKeyPair::from_pkcs8(
&ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
pkcs8.as_ref(),
)?;
Ok(Box::new(RingKey {
handle,
rng: self.rng.clone(),
}))
}

fn random_bytes(&self, destination: &mut [u8]) -> Result<()> {
self.rng.fill(destination)?;
Ok(())
}
}

pub struct RingKey {
handle: ring::signature::EcdsaKeyPair,
rng: ring::rand::SystemRandom,
}

impl Key for RingKey {
fn sign(&self, data: &[u8]) -> Result<Vec<u8>> {
let signature = self.handle.sign(&self.rng, data)?;
Ok(signature.as_ref().to_vec())
}

fn public(&self) -> Vec<u8> {
self.handle.public_key().as_ref().to_vec()
}
}
16 changes: 16 additions & 0 deletions src/errors.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ pub enum AuthenticatorError {
InternalError(String),
U2FToken(U2FTokenError),
Custom(String),
CryptoError,
}

impl AuthenticatorError {
Expand Down Expand Up @@ -50,6 +51,9 @@ impl fmt::Display for AuthenticatorError {
write!(f, "A u2f token error occurred {:?}", err)
}
AuthenticatorError::Custom(ref err) => write!(f, "A custom error occurred {:?}", err),
AuthenticatorError::CryptoError => {
write!(f, "The cryptography implementation encountered an error")
}
}
}
}
Expand All @@ -66,6 +70,18 @@ impl<T> From<mpsc::SendError<T>> for AuthenticatorError {
}
}

impl From<ring::error::Unspecified> for AuthenticatorError {
fn from(_: ring::error::Unspecified) -> Self {
AuthenticatorError::CryptoError
}
}

impl From<ring::error::KeyRejected> for AuthenticatorError {
fn from(_: ring::error::KeyRejected) -> Self {
AuthenticatorError::CryptoError
}
}

#[derive(Clone, Copy, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
pub enum U2FTokenError {
Unknown = 1,
Expand Down
4 changes: 4 additions & 0 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ extern crate runloop;
#[macro_use]
extern crate bitflags;

extern crate ring;

pub mod authenticatorservice;
mod consts;
mod statemachine;
Expand All @@ -77,6 +79,8 @@ pub mod errors;
pub mod statecallback;
mod virtualdevices;

mod crypto;

// Keep this in sync with the constants in u2fhid-capi.h.
bitflags! {
pub struct RegisterFlags: u64 {
Expand Down