summaryrefslogtreecommitdiff
path: root/ext/crypto/lib.rs
diff options
context:
space:
mode:
Diffstat (limited to 'ext/crypto/lib.rs')
-rw-r--r--ext/crypto/lib.rs16
1 files changed, 16 insertions, 0 deletions
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
index 7c4010f53..f2df7ba10 100644
--- a/ext/crypto/lib.rs
+++ b/ext/crypto/lib.rs
@@ -33,6 +33,8 @@ use ring::rand as RingRand;
use ring::rand::SecureRandom;
use ring::signature::EcdsaKeyPair;
use ring::signature::EcdsaSigningAlgorithm;
+use ring::signature::EcdsaVerificationAlgorithm;
+use ring::signature::KeyPair;
use rsa::padding::PaddingScheme;
use rsa::pkcs8::FromPrivateKey;
use rsa::pkcs8::ToPrivateKey;
@@ -407,6 +409,7 @@ pub struct VerifyArg {
salt_length: Option<u32>,
hash: Option<CryptoHash>,
signature: ZeroCopyBuf,
+ named_curve: Option<CryptoNamedCurve>,
}
pub async fn op_crypto_verify_key(
@@ -528,6 +531,19 @@ pub async fn op_crypto_verify_key(
let key = HmacKey::new(hash, &*args.key.data);
ring::hmac::verify(&key, data, &*args.signature).is_ok()
}
+ Algorithm::Ecdsa => {
+ let signing_alg: &EcdsaSigningAlgorithm =
+ args.named_curve.ok_or_else(not_supported)?.try_into()?;
+ let verify_alg: &EcdsaVerificationAlgorithm =
+ args.named_curve.ok_or_else(not_supported)?.try_into()?;
+
+ let private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &*args.key.data)?;
+ let public_key_bytes = private_key.public_key().as_ref();
+ let public_key =
+ ring::signature::UnparsedPublicKey::new(verify_alg, public_key_bytes);
+
+ public_key.verify(data, &*args.signature).is_ok()
+ }
_ => return Err(type_error("Unsupported algorithm".to_string())),
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 08:13:18 +0000