From 279f8ac3e4c77282cbc3d39eea8c97b2ecab931d Mon Sep 17 00:00:00 2001
From: Aydin Mercan <aydin@mercan.dev>
Date: Sat, 17 Sep 2022 15:34:40 +0300
Subject: [PATCH] bearssl/ec: add basic key wrappings

---
 bearssl/src/ec.rs         |  5 +++++
 bearssl/src/ec/private.rs | 31 +++++++++++++++++++++++++++++++
 bearssl/src/ec/public.rs  | 17 +++++++++++++++++
 bearssl/src/lib.rs        |  1 +
 4 files changed, 54 insertions(+)
 create mode 100644 bearssl/src/ec.rs
 create mode 100644 bearssl/src/ec/private.rs
 create mode 100644 bearssl/src/ec/public.rs

diff --git a/bearssl/src/ec.rs b/bearssl/src/ec.rs
new file mode 100644
index 0000000..c7e81d4
--- /dev/null
+++ b/bearssl/src/ec.rs
@@ -0,0 +1,5 @@
+mod private;
+mod public;
+
+pub use private::PrivateKey;
+pub use public::PublicKey;
diff --git a/bearssl/src/ec/private.rs b/bearssl/src/ec/private.rs
new file mode 100644
index 0000000..d7956ed
--- /dev/null
+++ b/bearssl/src/ec/private.rs
@@ -0,0 +1,31 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_ec_private_key;
+
+#[repr(transparent)]
+pub struct PrivateKey(pub(crate) br_ec_private_key);
+
+#[cfg(feature = "zeroize")]
+impl Drop for PrivateKey {
+    fn drop(&mut self) {
+        use zeroize::Zeroize;
+
+        self.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::ZeroizeOnDrop for PrivateKey {}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PrivateKey {
+    fn zeroize(&mut self) {
+        // Safety: Slice constructions should be safe as long as lengths have not been modified
+        // outside what BearSSL set.
+        unsafe {
+            let x = slice::from_raw_parts_mut(self.0.x, self.0.xlen);
+            x.zeroize();
+        }
+    }
+}
diff --git a/bearssl/src/ec/public.rs b/bearssl/src/ec/public.rs
new file mode 100644
index 0000000..a1c0a8a
--- /dev/null
+++ b/bearssl/src/ec/public.rs
@@ -0,0 +1,17 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_ec_public_key;
+
+#[repr(transparent)]
+pub struct PublicKey(pub(crate) br_ec_public_key);
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PublicKey {
+    fn zeroize(&mut self) {
+        unsafe {
+            let q = slice::from_raw_parts_mut(self.0.q, self.0.qlen);
+            q.zeroize();
+        }
+    }
+}
diff --git a/bearssl/src/lib.rs b/bearssl/src/lib.rs
index 77e8525..406271d 100644
--- a/bearssl/src/lib.rs
+++ b/bearssl/src/lib.rs
@@ -3,6 +3,7 @@
 #[cfg(feature = "std")]
 extern crate std;
 
+pub mod ec;
 pub mod engine;
 pub mod profile;
 pub mod rsa;