crypto/ecdsa: Restore HashSign and HashVerify (#189)

* Restore HashSign and HashVerify

* Fix signature on functions, fix imports

* fix tests

* fix test

---------

Co-authored-by: Derek Parker <[email protected]>

patches/015-add-hash-sign-verify.patch

@@ -0,0 +1,124 @@
+diff --git a/src/crypto/ecdsa/ecdsa_hash_sign_verify.go b/src/crypto/ecdsa/ecdsa_hash_sign_verify.go
+new file mode 100644
+index 0000000000..50a39f5d0a
+--- /dev/null
++++ b/src/crypto/ecdsa/ecdsa_hash_sign_verify.go
+@@ -0,0 +1,45 @@
++package ecdsa
++
++import (
++	"crypto"
++	"crypto/internal/randutil"
++	"io"
++
++	boring "crypto/internal/backend"
++)
++
++func HashSign(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) ([]byte, error) {
++	randutil.MaybeReadByte(rand)
++
++	if boring.Enabled() {
++		b, err := boringPrivateKey(priv)
++		if err != nil {
++			return nil, err
++		}
++		return boring.HashSignECDSA(b, h, msg)
++	}
++	boring.UnreachableExceptTests()
++
++	hash := h.New()
++	hash.Write(msg)
++	d := hash.Sum(nil)
++
++	return SignASN1(rand, priv, d)
++}
++
++func HashVerify(pub *PublicKey, msg, sig []byte, h crypto.Hash) bool {
++	if boring.Enabled() {
++		bpk, err := boringPublicKey(pub)
++		if err != nil {
++			return false
++		}
++		return boring.HashVerifyECDSA(bpk, h, msg, sig)
++	}
++	boring.UnreachableExceptTests()
++
++	hash := h.New()
++	hash.Write(msg)
++	d := hash.Sum(nil)
++
++	return VerifyASN1(pub, d, sig)
++}
+diff --git a/src/crypto/ecdsa/ecdsa_hashsignverify_test.go b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go
+new file mode 100644
+index 0000000000..65ca8a4b77
+--- /dev/null
++++ b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go
+@@ -0,0 +1,43 @@
++package ecdsa
++
++import (
++	"crypto"
++	"crypto/elliptic"
++	boring "crypto/internal/backend"
++	"crypto/rand"
++	"testing"
++)
++
++func testHashSignAndHashVerify(t *testing.T, c elliptic.Curve, tag string) {
++	priv, err := GenerateKey(c, rand.Reader)
++	if priv == nil {
++		t.Fatal(err)
++	}
++
++	msg := []byte("testing")
++	h := crypto.SHA256
++	hsm, err := HashSign(rand.Reader, priv, msg, h)
++	if err != nil {
++		t.Errorf("%s: error signing: %s", tag, err)
++		return
++	}
++
++	if !HashVerify(&priv.PublicKey, msg, hsm, h) {
++		t.Errorf("%s: Verify failed", tag)
++	}
++
++	msg[0] ^= 0xff
++	if HashVerify(&priv.PublicKey, msg, hsm, h) {
++		t.Errorf("%s: Verify should not have succeeded", tag)
++	}
++}
++
++func TestHashSignAndHashVerify(t *testing.T) {
++	testHashSignAndHashVerify(t, elliptic.P256(), "p256")
++
++	if testing.Short() && !boring.Enabled() {
++		return
++	}
++	testHashSignAndHashVerify(t, elliptic.P384(), "p384")
++	testHashSignAndHashVerify(t, elliptic.P521(), "p521")
++}
+diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
+index 5b0e356dff..e509805288 100644
+--- a/src/crypto/internal/backend/nobackend.go
++++ b/src/crypto/internal/backend/nobackend.go
+@@ -14,7 +14,6 @@ import (
+ 	"crypto/internal/boring/sig"
+ 	"hash"
+ 	"io"
+-	"math/big"
+ )
+
+ func init() {
+@@ -167,9 +166,9 @@ func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, er
+ func SupportsHKDF() bool {
+ 	panic("boringcrypto: not available")
+ }
+-func HashVerifyECDSA(pub *PublicKeyECDSA, msg []byte, r, s *big.Int, h crypto.Hash) bool {
++func HashVerifyECDSA(pub *PublicKeyECDSA, h crypto.Hash, msg, sig []byte) bool {
+ 	panic("boringcrypto: not available")
+ }
+-func HashSignECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) (*big.Int, *big.Int, error) {
++func HashSignECDSA(priv *PrivateKeyECDSA, h crypto.Hash, msg []byte) ([]byte, error) {
+ 	panic("boringcrypto: not available")
+ }