Implement and test SigningKey::public_key()

ctz · ctz · commit 057a4c522134 · 2025-03-11T21:12:17.000Z
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/graviola/src/high/ecdsa.rs b/graviola/src/high/ecdsa.rs
@@ -122,6 +122,31 @@ impl<C: Curve> SigningKey<C> {
         output.get(..used).ok_or(Error::WrongLength)
     }
 
+    /// Encode this private key's corresponding public key in SubjectPublicKeyInfo DER format.
+    ///
+    /// The encoding is written to the start of `output`, and the used span is
+    /// returned.  [`Error::WrongLength`] is returned if `output` is not sufficient
+    /// to contain the full encoding.
+    pub fn to_spki_der<'a>(&self, output: &'a mut [u8]) -> Result<&'a [u8], Error> {
+        let mut pub_key_buffer = [0u8; MAX_UNCOMPRESSED_PUBLIC_KEY_LEN];
+        let pub_key_buffer = self
+            .private_key
+            .public_key_encode_uncompressed(&mut pub_key_buffer)?;
+
+        let spki = asn1::pkix::SubjectPublicKeyInfo {
+            algorithm: asn1::pkix::AlgorithmIdentifier {
+                algorithm: asn1::oid::id_ecPublicKey.clone(),
+                parameters: Some(asn1::Any::ObjectId(C::oid())),
+            },
+            subjectPublicKey: asn1::BitString::new(pub_key_buffer),
+        };
+
+        let len = spki
+            .encode(&mut asn1::Encoder::new(output))
+            .map_err(Error::Asn1Error)?;
+        Ok(&output[..len])
+    }
+
     /// ECDSA signing, returning a fixed-length signature.
     ///
     /// The `message` is hashed using `H`.  The message is a sequence of byte
diff --git a/graviola/src/high/rsa.rs b/graviola/src/high/rsa.rs
@@ -44,6 +44,45 @@ impl VerifyingKey {
         Ok(Self(pub_key))
     }
 
+    /// Encodes this RSA verification key in SubjectPublicKeyInfo DER format.
+    ///
+    /// The `SubjectPublicKeyInfo.algorithm` identifier is `rsaEncryption`.
+    ///
+    /// `output` is the output buffer, and the encoding is written to the start
+    /// of this buffer.  An error is returned if the encoding is larger than
+    /// the supplied buffer.  Otherwise, on success, the range containing the
+    /// encoding is returned.
+    pub fn to_spki_der<'a>(&self, output: &'a mut [u8]) -> Result<&'a [u8], Error> {
+        let _entry = Entry::new_public();
+
+        let mut buffer = [0u8; rsa_pub::MAX_PUBLIC_MODULUS_BYTES + 1];
+        let public_modulus = self.0.n.to_bytes_asn1(&mut buffer)?;
+        let public_exponent = self.0.e.to_be_bytes();
+
+        let pub_key = pkix::RSAPublicKey {
+            modulus: asn1::Integer::new(public_modulus),
+            publicExponent: asn1::Integer::new(&public_exponent),
+        };
+        let mut pub_key_buffer = [0u8; rsa_pub::MAX_PUBLIC_MODULUS_BYTES + 64];
+        let used = pub_key
+            .encode(&mut asn1::Encoder::new(&mut pub_key_buffer))
+            .map_err(Error::Asn1Error)?;
+        let pub_key_buffer = &pub_key_buffer[..used];
+
+        let spki = pkix::SubjectPublicKeyInfo {
+            algorithm: pkix::AlgorithmIdentifier {
+                algorithm: asn1::oid::rsaEncryption.clone(),
+                parameters: Some(asn1::Any::Null(asn1::Null)),
+            },
+            subjectPublicKey: asn1::BitString::new(pub_key_buffer),
+        };
+
+        let len = spki
+            .encode(&mut asn1::Encoder::new(output))
+            .map_err(Error::Asn1Error)?;
+        Ok(&output[..len])
+    }
+
     /// Verifies `signature`, using RSASSA-PKCS1-v1_5 with SHA-256.
     ///
     /// `message` is the (unhashed) signed message.  It is hashed
diff --git a/graviola/src/mid/rsa_priv.rs b/graviola/src/mid/rsa_priv.rs
@@ -104,6 +104,8 @@ impl RsaPrivateKey {
         let dq = self.dq.to_bytes_asn1(dq)?;
         let iqmp = self.iqmp.to_bytes_asn1(iqmp)?;
 
+        // We are exporting this key; it is leaving the confines of this
+        // library and becoming public data.
         low::ct::public_slice(p);
         low::ct::public_slice(q);
         low::ct::public_slice(d);
diff --git a/rustls-graviola/Cargo.toml b/rustls-graviola/Cargo.toml
@@ -20,7 +20,7 @@ http-body-util = "0.1"
 hyper = { version = "1", default-features = false }
 hyper-rustls = { version = "0.27", default-features = false, features = ["native-tokio", "http1", "tls12", "logging"] }
 hyper-util = { version = "0.1", default-features = false, features = ["server-auto"] }
-rustls = { version = "0.23", default-features = false, features = ["ring"] }
+rustls = { version = "0.23.23", default-features = false, features = ["ring"] }
 rustls-pemfile = "2"
 tokio = { version = "1.0", features = ["io-std", "macros", "net", "rt-multi-thread"] }
 tokio-rustls = { version = "0.26", default-features = false }
diff --git a/rustls-graviola/src/sign.rs b/rustls-graviola/src/sign.rs
@@ -3,6 +3,7 @@ use std::sync::Arc;
 
 use graviola::hashing;
 use graviola::signing::{ecdsa, rsa};
+use rustls::pki_types::SubjectPublicKeyInfoDer;
 use rustls::{SignatureScheme, pki_types, sign};
 
 #[derive(Debug)]
@@ -112,6 +113,17 @@ impl sign::SigningKey for Rsa {
     fn algorithm(&self) -> rustls::SignatureAlgorithm {
         rustls::SignatureAlgorithm::RSA
     }
+
+    fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'static>> {
+        let size = self.0.modulus_len_bytes() + 64;
+        let mut buffer = vec![0u8; size];
+
+        let pk = self.0.public_key();
+        let used = pk.to_spki_der(&mut buffer).ok()?.len();
+
+        buffer.truncate(used);
+        Some(SubjectPublicKeyInfoDer::from(buffer))
+    }
 }
 
 impl fmt::Debug for Rsa {
@@ -170,6 +182,15 @@ impl sign::SigningKey for EcdsaP256 {
     fn algorithm(&self) -> rustls::SignatureAlgorithm {
         rustls::SignatureAlgorithm::ECDSA
     }
+
+    fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'static>> {
+        let mut buffer = vec![0u8; 128];
+
+        let used = self.0.to_spki_der(&mut buffer).ok()?.len();
+
+        buffer.truncate(used);
+        Some(SubjectPublicKeyInfoDer::from(buffer))
+    }
 }
 
 impl sign::Signer for EcdsaP256 {
@@ -211,6 +232,15 @@ impl sign::SigningKey for EcdsaP384 {
     fn algorithm(&self) -> rustls::SignatureAlgorithm {
         rustls::SignatureAlgorithm::ECDSA
     }
+
+    fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'static>> {
+        let mut buffer = vec![0u8; 128];
+
+        let used = self.0.to_spki_der(&mut buffer).ok()?.len();
+
+        buffer.truncate(used);
+        Some(SubjectPublicKeyInfoDer::from(buffer))
+    }
 }
 
 impl sign::Signer for EcdsaP384 {
diff --git a/rustls-graviola/tests/pair.rs b/rustls-graviola/tests/pair.rs
@@ -5,6 +5,7 @@ use rustls::crypto::ring::default_provider as baseline;
 use rustls::crypto::{CryptoProvider, SupportedKxGroup};
 use rustls::pki_types::pem::PemObject;
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
+use rustls::sign::CertifiedKey;
 use rustls::{
     ClientConfig, ClientConnection, HandshakeKind, RootCertStore, ServerConfig, ServerConnection,
 };
@@ -20,6 +21,7 @@ fn all_suites() {
             rustls_graviola::suites::TLS13_CHACHA20_POLY1305_SHA256,
             *key_type,
         );
+        test_keys_match(&rustls_graviola::default_provider(), *key_type);
     }
 
     for key_type in KeyType::RSA {
@@ -167,6 +169,13 @@ fn exercise(client_config: Arc<ClientConfig>, server_config: Arc<ServerConfig>)
     server.handshake_kind().unwrap()
 }
 
+fn test_keys_match(provider: &CryptoProvider, key_type: KeyType) {
+    CertifiedKey::from_der(key_type.cert_chain(), key_type.key(), provider)
+        .unwrap()
+        .keys_match()
+        .unwrap();
+}
+
 #[derive(Clone, Copy, Debug)]
 enum KeyType {
     Rsa2048,
