Support ECDSA with secp256k1 curve in AwsLcRsAlgorithm

Cargo.toml

@@ -21,7 +21,7 @@ license = "ISC"
 name = "rustls-webpki"
 readme = "README.md"
 repository = "https://github.com/rustls/webpki"
-version = "0.104.0-alpha.2"
+version = "0.104.0-alpha.3"
 
 include = [
     "Cargo.toml",
@@ -80,7 +80,7 @@ std = ["alloc", "pki-types/std"]
 
 [dependencies]
 aws-lc-rs = { version = "1.14", optional = true, default-features = false }
-pki-types = { package = "rustls-pki-types", version = "1.13", default-features = false }
+pki-types = { package = "rustls-pki-types", version = "1.13.2", default-features = false }
 ring = { version = "0.17", default-features = false, optional = true }
 untrusted = "0.9"
 

src/aws_lc_rs_algs.rs

@@ -32,7 +32,7 @@ impl SignatureVerificationAlgorithm for AwsLcRsAlgorithm {
     ) -> Result<(), InvalidSignature> {
         if matches!(
             self.public_key_alg_id,
-            alg_id::ECDSA_P256 | alg_id::ECDSA_P384 | alg_id::ECDSA_P521
+            alg_id::ECDSA_P256 | alg_id::ECDSA_P256K1 | alg_id::ECDSA_P384 | alg_id::ECDSA_P521
         ) {
             // Restrict the allowed encodings of EC public keys.
             //
@@ -87,6 +87,14 @@ pub static ML_DSA_87: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
     in_fips_submission: false,
 };
 
+/// ECDSA signatures using the K-256 curve and SHA-256.
+pub static ECDSA_P256K1_SHA256: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
+    public_key_alg_id: alg_id::ECDSA_P256K1,
+    signature_alg_id: alg_id::ECDSA_SHA256,
+    verification_alg: &signature::ECDSA_P256K1_SHA256_ASN1,
+    in_fips_submission: false,
+};
+
 /// ECDSA signatures using the P-256 curve and SHA-256.
 pub static ECDSA_P256_SHA256: &dyn SignatureVerificationAlgorithm = &AwsLcRsAlgorithm {
     public_key_alg_id: alg_id::ECDSA_P256,
@@ -308,6 +316,7 @@ mod tests {
 
     static SUPPORTED_ALGORITHMS_IN_TESTS: &[&dyn super::SignatureVerificationAlgorithm] = &[
         // Reasonable algorithms.
+        super::ECDSA_P256K1_SHA256,
         super::ECDSA_P256_SHA256,
         super::ECDSA_P384_SHA384,
         super::ECDSA_P521_SHA256,

src/lib.rs

@@ -111,9 +111,9 @@ pub mod ring {
 /// Signature verification algorithm implementations using the aws-lc-rs crypto library.
 pub mod aws_lc_rs {
     pub use super::aws_lc_rs_algs::{
-        ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P256_SHA512, ECDSA_P384_SHA256,
-        ECDSA_P384_SHA384, ECDSA_P384_SHA512, ECDSA_P521_SHA256, ECDSA_P521_SHA384,
-        ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256,
+        ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P256_SHA512, ECDSA_P256K1_SHA256,
+        ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P384_SHA512, ECDSA_P521_SHA256,
+        ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256,
         RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS, RSA_PKCS1_2048_8192_SHA384,
         RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS, RSA_PKCS1_2048_8192_SHA512,
         RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS, RSA_PKCS1_3072_8192_SHA384,
@@ -159,6 +159,8 @@ pub static ALL_VERIFICATION_ALGS: &[&dyn pki_types::SignatureVerificationAlgorit
     #[cfg(all(feature = "ring", feature = "alloc"))]
     ring::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
     #[cfg(feature = "aws-lc-rs")]
+    aws_lc_rs::ECDSA_P256K1_SHA256,
+    #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P256_SHA256,
     #[cfg(feature = "aws-lc-rs")]
     aws_lc_rs::ECDSA_P256_SHA384,

tests/client_auth_revocation.rs

@@ -26,6 +26,8 @@ static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
     #[cfg(feature = "ring")]
     webpki::ring::ECDSA_P256_SHA256,
     #[cfg(feature = "aws-lc-rs")]
+    webpki::aws_lc_rs::ECDSA_P256K1_SHA256,
+    #[cfg(feature = "aws-lc-rs")]
     webpki::aws_lc_rs::ECDSA_P256_SHA256,
 ];
 

tests/generate.py

@@ -560,6 +560,7 @@ def signatures(force: bool) -> None:
     all_key_types: dict[str, ANY_PRIV_KEY] = {
         "ed25519": ed25519.Ed25519PrivateKey.generate(),
         "ecdsa_p256": ec.generate_private_key(ec.SECP256R1(), backend),
+        "ecdsa_p256k1": ec.generate_private_key(ec.SECP256K1(), backend),
         "ecdsa_p384": ec.generate_private_key(ec.SECP384R1(), backend),
         "ecdsa_p521": ec.generate_private_key(ec.SECP521R1(), backend),
         "rsa_1024_not_supported": rsa.generate_private_key(
@@ -588,6 +589,7 @@ def signatures(force: bool) -> None:
     webpki_algs: dict[str, Iterable[str]] = {
         "ed25519": ["ED25519"],
         "ecdsa_p256": ["ECDSA_P256_SHA384", "ECDSA_P256_SHA256"],
+        "ecdsa_p256k1": ["ECDSA_P256K1_SHA256"],
         "ecdsa_p384": ["ECDSA_P384_SHA384", "ECDSA_P384_SHA256"],
         "ecdsa_p521": ["ECDSA_P521_SHA512", "ECDSA_P521_SHA256", "ECDSA_P521_SHA384"],
         "rsa_2048": rsa_types,
@@ -607,6 +609,9 @@ def signatures(force: bool) -> None:
 
     how_to_sign: dict[str, SIGNER] = {
         "ED25519": lambda key, message: key.sign(message),
+        "ECDSA_P256K1_SHA256": lambda key, message: key.sign(
+            message, ec.ECDSA(hashes.SHA256())
+        ),
         "ECDSA_P256_SHA256": lambda key, message: key.sign(
             message, ec.ECDSA(hashes.SHA256())
         ),

tests/signatures.rs

@@ -28,11 +28,11 @@ use webpki::ring::{
 
 #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
 use webpki::aws_lc_rs::{
-    ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ECDSA_P521_SHA256,
-    ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519, RSA_PKCS1_2048_8192_SHA256,
-    RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_3072_8192_SHA384,
-    RSA_PSS_2048_8192_SHA256_LEGACY_KEY, RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
-    RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
+    ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P256K1_SHA256, ECDSA_P384_SHA256,
+    ECDSA_P384_SHA384, ECDSA_P521_SHA256, ECDSA_P521_SHA384, ECDSA_P521_SHA512, ED25519,
+    RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
+    RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
+    RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
 };
 
 fn check_sig(
@@ -111,6 +111,8 @@ fn ed25519_key_rejected_by_other_algorithms() {
         ECDSA_P521_SHA384,
         #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
         ECDSA_P521_SHA512,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
         ECDSA_P256_SHA256,
         ECDSA_P256_SHA384,
         ECDSA_P384_SHA256,
@@ -234,6 +236,94 @@ fn ecdsa_p256_key_rejected_by_other_algorithms() {
         ECDSA_P521_SHA384,
         #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
         ECDSA_P521_SHA512,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
+        ECDSA_P384_SHA256,
+        ECDSA_P384_SHA384,
+        ED25519,
+        RSA_PKCS1_2048_8192_SHA256,
+        RSA_PKCS1_2048_8192_SHA384,
+        RSA_PKCS1_2048_8192_SHA512,
+        RSA_PKCS1_3072_8192_SHA384,
+        RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
+        RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
+        RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
+    ] {
+        assert!(matches!(
+            check_sig(ee, *algorithm, b"", b""),
+            Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey(_))
+        ));
+    }
+}
+
+#[test]
+#[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+fn ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_good_signature() {
+    let ee = include_bytes!("signatures/ecdsa_p256k1.ee.der");
+    let message = include_bytes!("signatures/message.bin");
+    let signature = include_bytes!(
+        "signatures/ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_good_signature.sig.bin"
+    );
+    assert_eq!(
+        check_sig(ee, ECDSA_P256K1_SHA256, message, signature),
+        Ok(())
+    );
+}
+
+#[test]
+#[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+fn ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_good_signature_rpk() {
+    let rpk = include_bytes!("signatures/ecdsa_p256k1.spki.der");
+    let message = include_bytes!("signatures/message.bin");
+    let signature = include_bytes!(
+        "signatures/ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_good_signature.sig.bin"
+    );
+    assert_eq!(
+        check_sig_rpk(rpk, ECDSA_P256K1_SHA256, message, signature),
+        Ok(())
+    );
+}
+
+#[test]
+#[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+fn ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_detects_bad_signature() {
+    let ee = include_bytes!("signatures/ecdsa_p256k1.ee.der");
+    let message = include_bytes!("signatures/message.bin");
+    let signature = include_bytes!(
+        "signatures/ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_detects_bad_signature.sig.bin"
+    );
+    assert_eq!(
+        check_sig(ee, ECDSA_P256K1_SHA256, message, signature),
+        Err(webpki::Error::InvalidSignatureForPublicKey)
+    );
+}
+
+#[test]
+#[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+fn ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_detects_bad_signature_rpk() {
+    let rpk = include_bytes!("signatures/ecdsa_p256k1.spki.der");
+    let message = include_bytes!("signatures/message.bin");
+    let signature = include_bytes!(
+        "signatures/ecdsa_p256k1_key_and_ecdsa_p256k1_sha256_detects_bad_signature.sig.bin"
+    );
+    assert_eq!(
+        check_sig_rpk(rpk, ECDSA_P256K1_SHA256, message, signature),
+        Err(webpki::Error::InvalidSignatureForPublicKey)
+    );
+}
+
+#[test]
+fn ecdsa_p256k1_key_rejected_by_other_algorithms() {
+    let ee = include_bytes!("signatures/ecdsa_p256k1.ee.der");
+    for algorithm in &[
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P521_SHA256,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P521_SHA384,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P521_SHA512,
+        ECDSA_P256_SHA256,
+        ECDSA_P256_SHA384,
         ECDSA_P384_SHA256,
         ECDSA_P384_SHA384,
         ED25519,
@@ -356,6 +446,8 @@ fn ecdsa_p384_key_rejected_by_other_algorithms() {
         ECDSA_P521_SHA384,
         #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
         ECDSA_P521_SHA512,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
         ECDSA_P256_SHA256,
         ECDSA_P256_SHA384,
         ED25519,
@@ -531,6 +623,8 @@ fn ecdsa_p521_key_and_ecdsa_p521_sha384_detects_bad_signature_rpk() {
 fn ecdsa_p521_key_rejected_by_other_algorithms() {
     let ee = include_bytes!("signatures/ecdsa_p521.ee.der");
     for algorithm in &[
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
         ECDSA_P256_SHA256,
         ECDSA_P256_SHA384,
         ECDSA_P384_SHA256,
@@ -873,6 +967,8 @@ fn rsa_2048_key_rejected_by_other_algorithms() {
         ECDSA_P521_SHA384,
         #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
         ECDSA_P521_SHA512,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
         ECDSA_P256_SHA256,
         ECDSA_P256_SHA384,
         ECDSA_P384_SHA256,
@@ -1260,6 +1356,8 @@ fn rsa_3072_key_rejected_by_other_algorithms() {
         ECDSA_P521_SHA384,
         #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
         ECDSA_P521_SHA512,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
         ECDSA_P256_SHA256,
         ECDSA_P256_SHA384,
         ECDSA_P384_SHA256,
@@ -1647,6 +1745,8 @@ fn rsa_4096_key_rejected_by_other_algorithms() {
         ECDSA_P521_SHA384,
         #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
         ECDSA_P521_SHA512,
+        #[cfg(all(not(feature = "ring"), feature = "aws-lc-rs"))]
+        ECDSA_P256K1_SHA256,
         ECDSA_P256_SHA256,
         ECDSA_P256_SHA384,
         ECDSA_P384_SHA256,