Use constant-time hex encoding/decoding procedures explicitly. (#305)
* Use constant-time hex encoding/decoding procedures explicitly. * Add comments.
This commit is contained in:
parent
2325692f55
commit
d47b2d805f
|
@ -70,13 +70,15 @@ when supported(PKScheme.Secp256k1):
|
||||||
|
|
||||||
import ecnist, bearssl
|
import ecnist, bearssl
|
||||||
import ../protobuf/minprotobuf, ../vbuffer, ../multihash, ../multicodec
|
import ../protobuf/minprotobuf, ../vbuffer, ../multihash, ../multicodec
|
||||||
import nimcrypto/[rijndael, twofish, sha2, hash, hmac, utils]
|
import nimcrypto/[rijndael, twofish, sha2, hash, hmac]
|
||||||
|
# We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
|
||||||
|
import nimcrypto/utils as ncrutils
|
||||||
import ../utility
|
import ../utility
|
||||||
import stew/results
|
import stew/results
|
||||||
export results
|
export results
|
||||||
|
|
||||||
# This is workaround for Nim's `import` bug
|
# This is workaround for Nim's `import` bug
|
||||||
export rijndael, twofish, sha2, hash, hmac, utils
|
export rijndael, twofish, sha2, hash, hmac, ncrutils
|
||||||
|
|
||||||
from strutils import split
|
from strutils import split
|
||||||
|
|
||||||
|
@ -514,20 +516,14 @@ proc init*[T: PrivateKey|PublicKey](key: var T, data: string): bool =
|
||||||
## hexadecimal string representation.
|
## hexadecimal string representation.
|
||||||
##
|
##
|
||||||
## Returns ``true`` on success.
|
## Returns ``true`` on success.
|
||||||
try:
|
key.init(ncrutils.fromHex(data))
|
||||||
key.init(utils.fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
false
|
|
||||||
|
|
||||||
proc init*(sig: var Signature, data: string): bool =
|
proc init*(sig: var Signature, data: string): bool =
|
||||||
## Initialize signature ``sig`` from serialized hexadecimal string
|
## Initialize signature ``sig`` from serialized hexadecimal string
|
||||||
## representation.
|
## representation.
|
||||||
##
|
##
|
||||||
## Returns ``true`` on success.
|
## Returns ``true`` on success.
|
||||||
try:
|
sig.init(ncrutils.fromHex(data))
|
||||||
sig.init(utils.fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
false
|
|
||||||
|
|
||||||
proc init*(t: typedesc[PrivateKey],
|
proc init*(t: typedesc[PrivateKey],
|
||||||
data: openarray[byte]): CryptoResult[PrivateKey] =
|
data: openarray[byte]): CryptoResult[PrivateKey] =
|
||||||
|
@ -559,10 +555,7 @@ proc init*(t: typedesc[Signature],
|
||||||
proc init*(t: typedesc[PrivateKey], data: string): CryptoResult[PrivateKey] =
|
proc init*(t: typedesc[PrivateKey], data: string): CryptoResult[PrivateKey] =
|
||||||
## Create new private key from libp2p's protobuf serialized hexadecimal string
|
## Create new private key from libp2p's protobuf serialized hexadecimal string
|
||||||
## form.
|
## form.
|
||||||
try:
|
t.init(ncrutils.fromHex(data))
|
||||||
t.init(utils.fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
err(KeyError)
|
|
||||||
|
|
||||||
when supported(PKScheme.RSA):
|
when supported(PKScheme.RSA):
|
||||||
proc init*(t: typedesc[PrivateKey], key: rsa.RsaPrivateKey): PrivateKey =
|
proc init*(t: typedesc[PrivateKey], key: rsa.RsaPrivateKey): PrivateKey =
|
||||||
|
@ -591,17 +584,11 @@ when supported(PKScheme.ECDSA):
|
||||||
proc init*(t: typedesc[PublicKey], data: string): CryptoResult[PublicKey] =
|
proc init*(t: typedesc[PublicKey], data: string): CryptoResult[PublicKey] =
|
||||||
## Create new public key from libp2p's protobuf serialized hexadecimal string
|
## Create new public key from libp2p's protobuf serialized hexadecimal string
|
||||||
## form.
|
## form.
|
||||||
try:
|
t.init(ncrutils.fromHex(data))
|
||||||
t.init(utils.fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
err(KeyError)
|
|
||||||
|
|
||||||
proc init*(t: typedesc[Signature], data: string): CryptoResult[Signature] =
|
proc init*(t: typedesc[Signature], data: string): CryptoResult[Signature] =
|
||||||
## Create new signature from serialized hexadecimal string form.
|
## Create new signature from serialized hexadecimal string form.
|
||||||
try:
|
t.init(ncrutils.fromHex(data))
|
||||||
t.init(utils.fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
err(SigError)
|
|
||||||
|
|
||||||
proc `==`*(key1, key2: PublicKey): bool {.inline.} =
|
proc `==`*(key1, key2: PublicKey): bool {.inline.} =
|
||||||
## Return ``true`` if two public keys ``key1`` and ``key2`` of the same
|
## Return ``true`` if two public keys ``key1`` and ``key2`` of the same
|
||||||
|
@ -709,7 +696,7 @@ func shortLog*(key: PrivateKey|PublicKey): string =
|
||||||
|
|
||||||
proc `$`*(sig: Signature): string =
|
proc `$`*(sig: Signature): string =
|
||||||
## Get string representation of signature ``sig``.
|
## Get string representation of signature ``sig``.
|
||||||
result = toHex(sig.data)
|
result = ncrutils.toHex(sig.data)
|
||||||
|
|
||||||
proc sign*(key: PrivateKey,
|
proc sign*(key: PrivateKey,
|
||||||
data: openarray[byte]): CryptoResult[Signature] {.gcsafe.} =
|
data: openarray[byte]): CryptoResult[Signature] {.gcsafe.} =
|
||||||
|
|
|
@ -17,7 +17,8 @@
|
||||||
{.push raises: [Defect].}
|
{.push raises: [Defect].}
|
||||||
|
|
||||||
import bearssl
|
import bearssl
|
||||||
import nimcrypto/utils
|
# We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
|
||||||
|
import nimcrypto/utils as ncrutils
|
||||||
import minasn1
|
import minasn1
|
||||||
export minasn1.Asn1Error
|
export minasn1.Asn1Error
|
||||||
import stew/[results, ctops]
|
import stew/[results, ctops]
|
||||||
|
@ -289,7 +290,7 @@ proc `$`*(seckey: EcPrivateKey): string =
|
||||||
result = "Corrupted key"
|
result = "Corrupted key"
|
||||||
else:
|
else:
|
||||||
let e = offset + cast[int](seckey.key.xlen) - 1
|
let e = offset + cast[int](seckey.key.xlen) - 1
|
||||||
result = toHex(seckey.buffer.toOpenArray(offset, e))
|
result = ncrutils.toHex(seckey.buffer.toOpenArray(offset, e))
|
||||||
|
|
||||||
proc `$`*(pubkey: EcPublicKey): string =
|
proc `$`*(pubkey: EcPublicKey): string =
|
||||||
## Return string representation of EC public key.
|
## Return string representation of EC public key.
|
||||||
|
@ -305,14 +306,14 @@ proc `$`*(pubkey: EcPublicKey): string =
|
||||||
result = "Corrupted key"
|
result = "Corrupted key"
|
||||||
else:
|
else:
|
||||||
let e = offset + cast[int](pubkey.key.qlen) - 1
|
let e = offset + cast[int](pubkey.key.qlen) - 1
|
||||||
result = toHex(pubkey.buffer.toOpenArray(offset, e))
|
result = ncrutils.toHex(pubkey.buffer.toOpenArray(offset, e))
|
||||||
|
|
||||||
proc `$`*(sig: EcSignature): string =
|
proc `$`*(sig: EcSignature): string =
|
||||||
## Return hexadecimal string representation of EC signature.
|
## Return hexadecimal string representation of EC signature.
|
||||||
if isNil(sig) or len(sig.buffer) == 0:
|
if isNil(sig) or len(sig.buffer) == 0:
|
||||||
result = "Empty or uninitialized ECNIST signature"
|
result = "Empty or uninitialized ECNIST signature"
|
||||||
else:
|
else:
|
||||||
result = toHex(sig.buffer)
|
result = ncrutils.toHex(sig.buffer)
|
||||||
|
|
||||||
proc toRawBytes*(seckey: EcPrivateKey, data: var openarray[byte]): EcResult[int] =
|
proc toRawBytes*(seckey: EcPrivateKey, data: var openarray[byte]): EcResult[int] =
|
||||||
## Serialize EC private key ``seckey`` to raw binary form and store it
|
## Serialize EC private key ``seckey`` to raw binary form and store it
|
||||||
|
@ -708,14 +709,16 @@ proc init*(sig: var EcSignature, data: openarray[byte]): Result[void, Asn1Error]
|
||||||
else:
|
else:
|
||||||
err(Asn1Error.Incorrect)
|
err(Asn1Error.Incorrect)
|
||||||
|
|
||||||
proc init*[T: EcPKI](sospk: var T, data: string): Result[void, Asn1Error] {.inline.} =
|
proc init*[T: EcPKI](sospk: var T,
|
||||||
|
data: string): Result[void, Asn1Error] {.inline.} =
|
||||||
## Initialize EC `private key`, `public key` or `signature` ``sospk`` from
|
## Initialize EC `private key`, `public key` or `signature` ``sospk`` from
|
||||||
## ASN.1 DER hexadecimal string representation ``data``.
|
## ASN.1 DER hexadecimal string representation ``data``.
|
||||||
##
|
##
|
||||||
## Procedure returns ``Asn1Status``.
|
## Procedure returns ``Asn1Status``.
|
||||||
sospk.init(fromHex(data))
|
sospk.init(ncrutils.fromHex(data))
|
||||||
|
|
||||||
proc init*(t: typedesc[EcPrivateKey], data: openarray[byte]): EcResult[EcPrivateKey] =
|
proc init*(t: typedesc[EcPrivateKey],
|
||||||
|
data: openarray[byte]): EcResult[EcPrivateKey] =
|
||||||
## Initialize EC private key from ASN.1 DER binary representation ``data`` and
|
## Initialize EC private key from ASN.1 DER binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var key: EcPrivateKey
|
var key: EcPrivateKey
|
||||||
|
@ -725,7 +728,8 @@ proc init*(t: typedesc[EcPrivateKey], data: openarray[byte]): EcResult[EcPrivate
|
||||||
else:
|
else:
|
||||||
ok(key)
|
ok(key)
|
||||||
|
|
||||||
proc init*(t: typedesc[EcPublicKey], data: openarray[byte]): EcResult[EcPublicKey] =
|
proc init*(t: typedesc[EcPublicKey],
|
||||||
|
data: openarray[byte]): EcResult[EcPublicKey] =
|
||||||
## Initialize EC public key from ASN.1 DER binary representation ``data`` and
|
## Initialize EC public key from ASN.1 DER binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var key: EcPublicKey
|
var key: EcPublicKey
|
||||||
|
@ -735,7 +739,8 @@ proc init*(t: typedesc[EcPublicKey], data: openarray[byte]): EcResult[EcPublicKe
|
||||||
else:
|
else:
|
||||||
ok(key)
|
ok(key)
|
||||||
|
|
||||||
proc init*(t: typedesc[EcSignature], data: openarray[byte]): EcResult[EcSignature] =
|
proc init*(t: typedesc[EcSignature],
|
||||||
|
data: openarray[byte]): EcResult[EcSignature] =
|
||||||
## Initialize EC signature from raw binary representation ``data`` and
|
## Initialize EC signature from raw binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var sig: EcSignature
|
var sig: EcSignature
|
||||||
|
@ -748,10 +753,7 @@ proc init*(t: typedesc[EcSignature], data: openarray[byte]): EcResult[EcSignatur
|
||||||
proc init*[T: EcPKI](t: typedesc[T], data: string): EcResult[T] =
|
proc init*[T: EcPKI](t: typedesc[T], data: string): EcResult[T] =
|
||||||
## Initialize EC `private key`, `public key` or `signature` from hexadecimal
|
## Initialize EC `private key`, `public key` or `signature` from hexadecimal
|
||||||
## string representation ``data`` and return constructed object.
|
## string representation ``data`` and return constructed object.
|
||||||
try:
|
t.init(ncrutils.fromHex(data))
|
||||||
t.init(fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
err(EcKeyIncorrectError)
|
|
||||||
|
|
||||||
proc initRaw*(key: var EcPrivateKey, data: openarray[byte]): bool =
|
proc initRaw*(key: var EcPrivateKey, data: openarray[byte]): bool =
|
||||||
## Initialize EC `private key` or `scalar` ``key`` from raw binary
|
## Initialize EC `private key` or `scalar` ``key`` from raw binary
|
||||||
|
@ -833,9 +835,10 @@ proc initRaw*[T: EcPKI](sospk: var T, data: string): bool {.inline.} =
|
||||||
## raw hexadecimal string representation ``data``.
|
## raw hexadecimal string representation ``data``.
|
||||||
##
|
##
|
||||||
## Procedure returns ``true`` on success, ``false`` otherwise.
|
## Procedure returns ``true`` on success, ``false`` otherwise.
|
||||||
result = sospk.initRaw(fromHex(data))
|
result = sospk.initRaw(ncrutils.fromHex(data))
|
||||||
|
|
||||||
proc initRaw*(t: typedesc[EcPrivateKey], data: openarray[byte]): EcResult[EcPrivateKey] =
|
proc initRaw*(t: typedesc[EcPrivateKey],
|
||||||
|
data: openarray[byte]): EcResult[EcPrivateKey] =
|
||||||
## Initialize EC private key from raw binary representation ``data`` and
|
## Initialize EC private key from raw binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var res: EcPrivateKey
|
var res: EcPrivateKey
|
||||||
|
@ -844,7 +847,8 @@ proc initRaw*(t: typedesc[EcPrivateKey], data: openarray[byte]): EcResult[EcPriv
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc initRaw*(t: typedesc[EcPublicKey], data: openarray[byte]): EcResult[EcPublicKey] =
|
proc initRaw*(t: typedesc[EcPublicKey],
|
||||||
|
data: openarray[byte]): EcResult[EcPublicKey] =
|
||||||
## Initialize EC public key from raw binary representation ``data`` and
|
## Initialize EC public key from raw binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var res: EcPublicKey
|
var res: EcPublicKey
|
||||||
|
@ -853,7 +857,8 @@ proc initRaw*(t: typedesc[EcPublicKey], data: openarray[byte]): EcResult[EcPubli
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc initRaw*(t: typedesc[EcSignature], data: openarray[byte]): EcResult[EcSignature] =
|
proc initRaw*(t: typedesc[EcSignature],
|
||||||
|
data: openarray[byte]): EcResult[EcSignature] =
|
||||||
## Initialize EC signature from raw binary representation ``data`` and
|
## Initialize EC signature from raw binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var res: EcSignature
|
var res: EcSignature
|
||||||
|
@ -865,7 +870,7 @@ proc initRaw*(t: typedesc[EcSignature], data: openarray[byte]): EcResult[EcSigna
|
||||||
proc initRaw*[T: EcPKI](t: typedesc[T], data: string): T {.inline.} =
|
proc initRaw*[T: EcPKI](t: typedesc[T], data: string): T {.inline.} =
|
||||||
## Initialize EC `private key`, `public key` or `signature` from raw
|
## Initialize EC `private key`, `public key` or `signature` from raw
|
||||||
## hexadecimal string representation ``data`` and return constructed object.
|
## hexadecimal string representation ``data`` and return constructed object.
|
||||||
result = t.initRaw(fromHex(data))
|
result = t.initRaw(ncrutils.fromHex(data))
|
||||||
|
|
||||||
proc scalarMul*(pub: EcPublicKey, sec: EcPrivateKey): EcPublicKey =
|
proc scalarMul*(pub: EcPublicKey, sec: EcPrivateKey): EcPublicKey =
|
||||||
## Return scalar multiplication of ``pub`` and ``sec``.
|
## Return scalar multiplication of ``pub`` and ``sec``.
|
||||||
|
|
|
@ -14,7 +14,9 @@
|
||||||
{.push raises: Defect.}
|
{.push raises: Defect.}
|
||||||
|
|
||||||
import constants, bearssl
|
import constants, bearssl
|
||||||
import nimcrypto/[hash, sha2, utils]
|
import nimcrypto/[hash, sha2]
|
||||||
|
# We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
|
||||||
|
import nimcrypto/utils as ncrutils
|
||||||
import stew/[results, ctops]
|
import stew/[results, ctops]
|
||||||
export results
|
export results
|
||||||
|
|
||||||
|
@ -1735,14 +1737,17 @@ proc `==`*(eda, edb: EdSignature): bool =
|
||||||
## Compare ED25519 `signature` objects for equality.
|
## Compare ED25519 `signature` objects for equality.
|
||||||
result = CT.isEqual(eda.data, edb.data)
|
result = CT.isEqual(eda.data, edb.data)
|
||||||
|
|
||||||
proc `$`*(key: EdPrivateKey): string = toHex(key.data)
|
proc `$`*(key: EdPrivateKey): string =
|
||||||
## Return string representation of ED25519 `private key`.
|
## Return string representation of ED25519 `private key`.
|
||||||
|
ncrutils.toHex(key.data)
|
||||||
|
|
||||||
proc `$`*(key: EdPublicKey): string = toHex(key.data)
|
proc `$`*(key: EdPublicKey): string =
|
||||||
## Return string representation of ED25519 `private key`.
|
## Return string representation of ED25519 `private key`.
|
||||||
|
ncrutils.toHex(key.data)
|
||||||
|
|
||||||
proc `$`*(sig: EdSignature): string = toHex(sig.data)
|
proc `$`*(sig: EdSignature): string =
|
||||||
## Return string representation of ED25519 `signature`.
|
## Return string representation of ED25519 `signature`.
|
||||||
|
ncrutils.toHex(sig.data)
|
||||||
|
|
||||||
proc init*(key: var EdPrivateKey, data: openarray[byte]): bool =
|
proc init*(key: var EdPrivateKey, data: openarray[byte]): bool =
|
||||||
## Initialize ED25519 `private key` ``key`` from raw binary
|
## Initialize ED25519 `private key` ``key`` from raw binary
|
||||||
|
@ -1779,32 +1784,24 @@ proc init*(key: var EdPrivateKey, data: string): bool =
|
||||||
## representation ``data``.
|
## representation ``data``.
|
||||||
##
|
##
|
||||||
## Procedure returns ``true`` on success.
|
## Procedure returns ``true`` on success.
|
||||||
try:
|
init(key, ncrutils.fromHex(data))
|
||||||
init(key, fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
false
|
|
||||||
|
|
||||||
proc init*(key: var EdPublicKey, data: string): bool =
|
proc init*(key: var EdPublicKey, data: string): bool =
|
||||||
## Initialize ED25519 `public key` ``key`` from hexadecimal string
|
## Initialize ED25519 `public key` ``key`` from hexadecimal string
|
||||||
## representation ``data``.
|
## representation ``data``.
|
||||||
##
|
##
|
||||||
## Procedure returns ``true`` on success.
|
## Procedure returns ``true`` on success.
|
||||||
try:
|
init(key, ncrutils.fromHex(data))
|
||||||
init(key, fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
false
|
|
||||||
|
|
||||||
proc init*(sig: var EdSignature, data: string): bool =
|
proc init*(sig: var EdSignature, data: string): bool =
|
||||||
## Initialize ED25519 `signature` ``sig`` from hexadecimal string
|
## Initialize ED25519 `signature` ``sig`` from hexadecimal string
|
||||||
## representation ``data``.
|
## representation ``data``.
|
||||||
##
|
##
|
||||||
## Procedure returns ``true`` on success.
|
## Procedure returns ``true`` on success.
|
||||||
try:
|
init(sig, ncrutils.fromHex(data))
|
||||||
init(sig, fromHex(data))
|
|
||||||
except ValueError:
|
|
||||||
false
|
|
||||||
|
|
||||||
proc init*(t: typedesc[EdPrivateKey], data: openarray[byte]): Result[EdPrivateKey, EdError] =
|
proc init*(t: typedesc[EdPrivateKey],
|
||||||
|
data: openarray[byte]): Result[EdPrivateKey, EdError] =
|
||||||
## Initialize ED25519 `private key` from raw binary representation ``data``
|
## Initialize ED25519 `private key` from raw binary representation ``data``
|
||||||
## and return constructed object.
|
## and return constructed object.
|
||||||
var res: t
|
var res: t
|
||||||
|
@ -1813,7 +1810,8 @@ proc init*(t: typedesc[EdPrivateKey], data: openarray[byte]): Result[EdPrivateKe
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[EdPublicKey], data: openarray[byte]): Result[EdPublicKey, EdError] =
|
proc init*(t: typedesc[EdPublicKey],
|
||||||
|
data: openarray[byte]): Result[EdPublicKey, EdError] =
|
||||||
## Initialize ED25519 `public key` from raw binary representation ``data``
|
## Initialize ED25519 `public key` from raw binary representation ``data``
|
||||||
## and return constructed object.
|
## and return constructed object.
|
||||||
var res: t
|
var res: t
|
||||||
|
@ -1822,7 +1820,8 @@ proc init*(t: typedesc[EdPublicKey], data: openarray[byte]): Result[EdPublicKey,
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[EdSignature], data: openarray[byte]): Result[EdSignature, EdError] =
|
proc init*(t: typedesc[EdSignature],
|
||||||
|
data: openarray[byte]): Result[EdSignature, EdError] =
|
||||||
## Initialize ED25519 `signature` from raw binary representation ``data``
|
## Initialize ED25519 `signature` from raw binary representation ``data``
|
||||||
## and return constructed object.
|
## and return constructed object.
|
||||||
var res: t
|
var res: t
|
||||||
|
@ -1831,7 +1830,8 @@ proc init*(t: typedesc[EdSignature], data: openarray[byte]): Result[EdSignature,
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[EdPrivateKey], data: string): Result[EdPrivateKey, EdError] =
|
proc init*(t: typedesc[EdPrivateKey],
|
||||||
|
data: string): Result[EdPrivateKey, EdError] =
|
||||||
## Initialize ED25519 `private key` from hexadecimal string representation
|
## Initialize ED25519 `private key` from hexadecimal string representation
|
||||||
## ``data`` and return constructed object.
|
## ``data`` and return constructed object.
|
||||||
var res: t
|
var res: t
|
||||||
|
@ -1840,7 +1840,8 @@ proc init*(t: typedesc[EdPrivateKey], data: string): Result[EdPrivateKey, EdErro
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[EdPublicKey], data: string): Result[EdPublicKey, EdError] =
|
proc init*(t: typedesc[EdPublicKey],
|
||||||
|
data: string): Result[EdPublicKey, EdError] =
|
||||||
## Initialize ED25519 `public key` from hexadecimal string representation
|
## Initialize ED25519 `public key` from hexadecimal string representation
|
||||||
## ``data`` and return constructed object.
|
## ``data`` and return constructed object.
|
||||||
var res: t
|
var res: t
|
||||||
|
@ -1849,7 +1850,8 @@ proc init*(t: typedesc[EdPublicKey], data: string): Result[EdPublicKey, EdError]
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[EdSignature], data: string): Result[EdSignature, EdError] =
|
proc init*(t: typedesc[EdSignature],
|
||||||
|
data: string): Result[EdSignature, EdError] =
|
||||||
## Initialize ED25519 `signature` from hexadecimal string representation
|
## Initialize ED25519 `signature` from hexadecimal string representation
|
||||||
## ``data`` and return constructed object.
|
## ``data`` and return constructed object.
|
||||||
var res: t
|
var res: t
|
||||||
|
|
|
@ -13,7 +13,8 @@
|
||||||
|
|
||||||
import stew/[endians2, results]
|
import stew/[endians2, results]
|
||||||
export results
|
export results
|
||||||
import nimcrypto/utils
|
# We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
|
||||||
|
import nimcrypto/utils as ncrutils
|
||||||
|
|
||||||
type
|
type
|
||||||
Asn1Error* {.pure.} = enum
|
Asn1Error* {.pure.} = enum
|
||||||
|
@ -593,7 +594,7 @@ proc init*(t: typedesc[Asn1Buffer], data: openarray[byte]): Asn1Buffer =
|
||||||
|
|
||||||
proc init*(t: typedesc[Asn1Buffer], data: string): Asn1Buffer =
|
proc init*(t: typedesc[Asn1Buffer], data: string): Asn1Buffer =
|
||||||
## Initialize ``Asn1Buffer`` from hexadecimal string ``data``.
|
## Initialize ``Asn1Buffer`` from hexadecimal string ``data``.
|
||||||
result.buffer = fromHex(data)
|
result.buffer = ncrutils.fromHex(data)
|
||||||
|
|
||||||
proc init*(t: typedesc[Asn1Buffer]): Asn1Buffer =
|
proc init*(t: typedesc[Asn1Buffer]): Asn1Buffer =
|
||||||
## Initialize empty ``Asn1Buffer``.
|
## Initialize empty ``Asn1Buffer``.
|
||||||
|
@ -612,7 +613,7 @@ proc init*(t: typedesc[Asn1Composite], idx: int): Asn1Composite =
|
||||||
|
|
||||||
proc `$`*(buffer: Asn1Buffer): string =
|
proc `$`*(buffer: Asn1Buffer): string =
|
||||||
## Return string representation of ``buffer``.
|
## Return string representation of ``buffer``.
|
||||||
result = toHex(buffer.toOpenArray())
|
result = ncrutils.toHex(buffer.toOpenArray())
|
||||||
|
|
||||||
proc `$`*(field: Asn1Field): string =
|
proc `$`*(field: Asn1Field): string =
|
||||||
## Return string representation of ``field``.
|
## Return string representation of ``field``.
|
||||||
|
@ -621,7 +622,7 @@ proc `$`*(field: Asn1Field): string =
|
||||||
result.add("]")
|
result.add("]")
|
||||||
if field.kind == Asn1Tag.NoSupport:
|
if field.kind == Asn1Tag.NoSupport:
|
||||||
result.add(" ")
|
result.add(" ")
|
||||||
result.add(toHex(field.toOpenArray()))
|
result.add(ncrutils.toHex(field.toOpenArray()))
|
||||||
elif field.kind == Asn1Tag.Boolean:
|
elif field.kind == Asn1Tag.Boolean:
|
||||||
result.add(" ")
|
result.add(" ")
|
||||||
result.add($field.vbool)
|
result.add($field.vbool)
|
||||||
|
@ -630,24 +631,24 @@ proc `$`*(field: Asn1Field): string =
|
||||||
if field.length <= 8:
|
if field.length <= 8:
|
||||||
result.add($field.vint)
|
result.add($field.vint)
|
||||||
else:
|
else:
|
||||||
result.add(toHex(field.toOpenArray()))
|
result.add(ncrutils.toHex(field.toOpenArray()))
|
||||||
elif field.kind == Asn1Tag.BitString:
|
elif field.kind == Asn1Tag.BitString:
|
||||||
result.add(" ")
|
result.add(" ")
|
||||||
result.add("(")
|
result.add("(")
|
||||||
result.add($field.ubits)
|
result.add($field.ubits)
|
||||||
result.add(" bits) ")
|
result.add(" bits) ")
|
||||||
result.add(toHex(field.toOpenArray()))
|
result.add(ncrutils.toHex(field.toOpenArray()))
|
||||||
elif field.kind == Asn1Tag.OctetString:
|
elif field.kind == Asn1Tag.OctetString:
|
||||||
result.add(" ")
|
result.add(" ")
|
||||||
result.add(toHex(field.toOpenArray()))
|
result.add(ncrutils.toHex(field.toOpenArray()))
|
||||||
elif field.kind == Asn1Tag.Null:
|
elif field.kind == Asn1Tag.Null:
|
||||||
result.add(" NULL")
|
result.add(" NULL")
|
||||||
elif field.kind == Asn1Tag.Oid:
|
elif field.kind == Asn1Tag.Oid:
|
||||||
result.add(" ")
|
result.add(" ")
|
||||||
result.add(toHex(field.toOpenArray()))
|
result.add(ncrutils.toHex(field.toOpenArray()))
|
||||||
elif field.kind == Asn1Tag.Sequence:
|
elif field.kind == Asn1Tag.Sequence:
|
||||||
result.add(" ")
|
result.add(" ")
|
||||||
result.add(toHex(field.toOpenArray()))
|
result.add(ncrutils.toHex(field.toOpenArray()))
|
||||||
|
|
||||||
proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag) =
|
proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag) =
|
||||||
## Write empty value to buffer or composite with ``tag``.
|
## Write empty value to buffer or composite with ``tag``.
|
||||||
|
|
|
@ -14,13 +14,13 @@
|
||||||
## Copyright(C) 2018 Thomas Pornin <pornin@bolet.org>.
|
## Copyright(C) 2018 Thomas Pornin <pornin@bolet.org>.
|
||||||
|
|
||||||
{.push raises: Defect.}
|
{.push raises: Defect.}
|
||||||
|
|
||||||
import nimcrypto/utils
|
|
||||||
import bearssl
|
import bearssl
|
||||||
import minasn1
|
import minasn1
|
||||||
export Asn1Error
|
|
||||||
import stew/[results, ctops]
|
import stew/[results, ctops]
|
||||||
export results
|
# We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
|
||||||
|
import nimcrypto/utils as ncrutils
|
||||||
|
|
||||||
|
export Asn1Error, results
|
||||||
|
|
||||||
const
|
const
|
||||||
DefaultPublicExponent* = 65537'u32
|
DefaultPublicExponent* = 65537'u32
|
||||||
|
@ -574,14 +574,16 @@ proc init*(sig: var RsaSignature, data: openarray[byte]): Result[void, Asn1Error
|
||||||
else:
|
else:
|
||||||
err(Asn1Error.Incorrect)
|
err(Asn1Error.Incorrect)
|
||||||
|
|
||||||
proc init*[T: RsaPKI](sospk: var T, data: string): Result[void, Asn1Error] {.inline.} =
|
proc init*[T: RsaPKI](sospk: var T,
|
||||||
|
data: string): Result[void, Asn1Error] {.inline.} =
|
||||||
## Initialize EC `private key`, `public key` or `scalar` ``sospk`` from
|
## Initialize EC `private key`, `public key` or `scalar` ``sospk`` from
|
||||||
## hexadecimal string representation ``data``.
|
## hexadecimal string representation ``data``.
|
||||||
##
|
##
|
||||||
## Procedure returns ``Result[void, Asn1Status]``.
|
## Procedure returns ``Result[void, Asn1Status]``.
|
||||||
sospk.init(fromHex(data))
|
sospk.init(ncrutils.fromHex(data))
|
||||||
|
|
||||||
proc init*(t: typedesc[RsaPrivateKey], data: openarray[byte]): RsaResult[RsaPrivateKey] =
|
proc init*(t: typedesc[RsaPrivateKey],
|
||||||
|
data: openarray[byte]): RsaResult[RsaPrivateKey] =
|
||||||
## Initialize RSA private key from ASN.1 DER binary representation ``data``
|
## Initialize RSA private key from ASN.1 DER binary representation ``data``
|
||||||
## and return constructed object.
|
## and return constructed object.
|
||||||
var res: RsaPrivateKey
|
var res: RsaPrivateKey
|
||||||
|
@ -590,7 +592,8 @@ proc init*(t: typedesc[RsaPrivateKey], data: openarray[byte]): RsaResult[RsaPriv
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[RsaPublicKey], data: openarray[byte]): RsaResult[RsaPublicKey] =
|
proc init*(t: typedesc[RsaPublicKey],
|
||||||
|
data: openarray[byte]): RsaResult[RsaPublicKey] =
|
||||||
## Initialize RSA public key from ASN.1 DER binary representation ``data``
|
## Initialize RSA public key from ASN.1 DER binary representation ``data``
|
||||||
## and return constructed object.
|
## and return constructed object.
|
||||||
var res: RsaPublicKey
|
var res: RsaPublicKey
|
||||||
|
@ -599,7 +602,8 @@ proc init*(t: typedesc[RsaPublicKey], data: openarray[byte]): RsaResult[RsaPubli
|
||||||
else:
|
else:
|
||||||
ok(res)
|
ok(res)
|
||||||
|
|
||||||
proc init*(t: typedesc[RsaSignature], data: openarray[byte]): RsaResult[RsaSignature] =
|
proc init*(t: typedesc[RsaSignature],
|
||||||
|
data: openarray[byte]): RsaResult[RsaSignature] =
|
||||||
## Initialize RSA signature from raw binary representation ``data`` and
|
## Initialize RSA signature from raw binary representation ``data`` and
|
||||||
## return constructed object.
|
## return constructed object.
|
||||||
var res: RsaSignature
|
var res: RsaSignature
|
||||||
|
@ -611,7 +615,7 @@ proc init*(t: typedesc[RsaSignature], data: openarray[byte]): RsaResult[RsaSigna
|
||||||
proc init*[T: RsaPKI](t: typedesc[T], data: string): T {.inline.} =
|
proc init*[T: RsaPKI](t: typedesc[T], data: string): T {.inline.} =
|
||||||
## Initialize RSA `private key`, `public key` or `signature` from hexadecimal
|
## Initialize RSA `private key`, `public key` or `signature` from hexadecimal
|
||||||
## string representation ``data`` and return constructed object.
|
## string representation ``data`` and return constructed object.
|
||||||
result = t.init(fromHex(data))
|
result = t.init(ncrutils.fromHex(data))
|
||||||
|
|
||||||
proc `$`*(key: RsaPrivateKey): string =
|
proc `$`*(key: RsaPrivateKey): string =
|
||||||
## Return string representation of RSA private key.
|
## Return string representation of RSA private key.
|
||||||
|
@ -622,21 +626,24 @@ proc `$`*(key: RsaPrivateKey): string =
|
||||||
result.add($key.seck.nBitlen)
|
result.add($key.seck.nBitlen)
|
||||||
result.add(" bits)\n")
|
result.add(" bits)\n")
|
||||||
result.add("p = ")
|
result.add("p = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.seck.p, key.seck.plen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.seck.p, key.seck.plen)))
|
||||||
result.add("\nq = ")
|
result.add("\nq = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.seck.q, key.seck.qlen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.seck.q, key.seck.qlen)))
|
||||||
result.add("\ndp = ")
|
result.add("\ndp = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.seck.dp, key.seck.dplen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.seck.dp,
|
||||||
|
key.seck.dplen)))
|
||||||
result.add("\ndq = ")
|
result.add("\ndq = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.seck.dq, key.seck.dqlen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.seck.dq,
|
||||||
|
key.seck.dqlen)))
|
||||||
result.add("\niq = ")
|
result.add("\niq = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.seck.iq, key.seck.iqlen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.seck.iq,
|
||||||
|
key.seck.iqlen)))
|
||||||
result.add("\npre = ")
|
result.add("\npre = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.pexp, key.pexplen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.pexp, key.pexplen)))
|
||||||
result.add("\nm = ")
|
result.add("\nm = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.pubk.n, key.pubk.nlen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.pubk.n, key.pubk.nlen)))
|
||||||
result.add("\npue = ")
|
result.add("\npue = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.pubk.e, key.pubk.elen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.pubk.e, key.pubk.elen)))
|
||||||
result.add("\n")
|
result.add("\n")
|
||||||
|
|
||||||
proc `$`*(key: RsaPublicKey): string =
|
proc `$`*(key: RsaPublicKey): string =
|
||||||
|
@ -648,9 +655,9 @@ proc `$`*(key: RsaPublicKey): string =
|
||||||
result = "RSA key ("
|
result = "RSA key ("
|
||||||
result.add($nbitlen)
|
result.add($nbitlen)
|
||||||
result.add(" bits)\nn = ")
|
result.add(" bits)\nn = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.key.n, key.key.nlen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.key.n, key.key.nlen)))
|
||||||
result.add("\ne = ")
|
result.add("\ne = ")
|
||||||
result.add(toHex(getArray(key.buffer, key.key.e, key.key.elen)))
|
result.add(ncrutils.toHex(getArray(key.buffer, key.key.e, key.key.elen)))
|
||||||
result.add("\n")
|
result.add("\n")
|
||||||
|
|
||||||
proc `$`*(sig: RsaSignature): string =
|
proc `$`*(sig: RsaSignature): string =
|
||||||
|
@ -659,7 +666,7 @@ proc `$`*(sig: RsaSignature): string =
|
||||||
result = "Empty or uninitialized RSA signature"
|
result = "Empty or uninitialized RSA signature"
|
||||||
else:
|
else:
|
||||||
result = "RSA signature ("
|
result = "RSA signature ("
|
||||||
result.add(toHex(sig.buffer))
|
result.add(ncrutils.toHex(sig.buffer))
|
||||||
result.add(")")
|
result.add(")")
|
||||||
|
|
||||||
proc `==`*(a, b: RsaPrivateKey): bool =
|
proc `==`*(a, b: RsaPrivateKey): bool =
|
||||||
|
|
Loading…
Reference in New Issue