Merge pull request #353 from bluejekyll/master

adding functionality to directly get and set RSA public key material
author: Steven Fackler <[email protected]> 2016-03-05 13:57:53 -0800
committer: Steven Fackler <[email protected]> 2016-03-05 13:57:53 -0800
commit: 23fd427900ff9d76278ad88865d7739afc61f2a2 (patch)
tree: 2d414d8a9ef2bcbc1113ae03d0d27e75f534c682
parent: Stop testing sslv2 feature on Travis (diff)
parent: making from_raw() unsafe (diff)
download: rust-openssl-23fd427900ff9d76278ad88865d7739afc61f2a2.tar.xz
rust-openssl-23fd427900ff9d76278ad88865d7739afc61f2a2.zip
4 files changed, 80 insertions, 1 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index eaa2188f..d638b38a 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -589,6 +589,7 @@ extern "C" {
 
     pub fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int;
 
+    pub fn RSA_new() -> *mut RSA;
     pub fn RSA_free(rsa: *mut RSA);
     pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA;
     pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *const c_void) -> c_int;
diff --git a/openssl/src/bn/mod.rs b/openssl/src/bn/mod.rs
index 00a0a0ca..d548e9ef 100644
--- a/openssl/src/bn/mod.rs
+++ b/openssl/src/bn/mod.rs
@@ -1,7 +1,7 @@
 use libc::{c_int, c_ulong, c_void};
 use std::ffi::{CStr, CString};
 use std::cmp::Ordering;
-use std::{fmt, ptr};
+use std::{fmt, ptr, mem};
 
 use ffi;
 use ssl::error::SslError;
@@ -473,6 +473,11 @@ impl BigNum {
         n
     }
 
+    pub fn into_raw(self) -> *mut ffi::BIGNUM {
+        let mut me = self;
+        mem::replace(&mut me.0, ptr::null_mut())
+    }
+
     pub fn to_vec(&self) -> Vec<u8> {
         let size = self.num_bytes() as usize;
         let mut v = Vec::with_capacity(size);
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index e556730d..cafd50ad 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -205,6 +205,28 @@ impl PKey {
         }
     }
 
+    /// assign RSA key to this pkey
+    pub fn set_rsa(&mut self, rsa: &RSA) {
+        unsafe {
+            // this needs to be a reference as the set1_RSA ups the reference count
+            let rsa_ptr = rsa.as_ptr();
+            if ffi::EVP_PKEY_set1_RSA(self.evp, rsa_ptr) == 1 {
+                if rsa.has_e() && rsa.has_n() {
+                    self.parts = Parts::Public;
+                }
+            }
+        }
+    }
+
+    /// get a reference to the interal RSA key for direct access to the key components
+    pub fn get_rsa(&self) -> RSA {
+        unsafe {
+            let evp_pkey: *mut ffi::EVP_PKEY = self.evp;
+            // this is safe as the ffi increments a reference counter to the internal key
+            RSA::from_raw(ffi::EVP_PKEY_get1_RSA(evp_pkey))
+        }
+    }
+
     /**
      * Returns a DER serialized form of the public key, suitable for load_pub().
      */
@@ -604,6 +626,7 @@ mod tests {
     use std::path::Path;
     use std::fs::File;
     use crypto::hash::Type::{MD5, SHA1};
+    use crypto::rsa::RSA;
 
     #[test]
     fn test_gen_pub() {
@@ -791,6 +814,28 @@ mod tests {
     }
 
     #[test]
+    fn test_public_key_from_raw() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8];
+
+        k0.gen(512);
+        let sig = k0.sign(&msg);
+
+        let r0 = k0.get_rsa();
+        let r1 = RSA::from_public_components(r0.n().expect("n"), r0.e().expect("e")).expect("r1");
+        k1.set_rsa(&r1);
+
+        assert!(k1.can(super::Role::Encrypt));
+        assert!(!k1.can(super::Role::Decrypt));
+        assert!(k1.can(super::Role::Verify));
+        assert!(!k1.can(super::Role::Sign));
+
+        let rv = k1.verify(&msg, &sig);
+        assert!(rv == true);
+    }
+
+    #[test]
     #[should_panic(expected = "Could not get RSA key for encryption")]
     fn test_nokey_encrypt() {
         let mut pkey = super::PKey::new();
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index ee0d9ec4..6fcb5b07 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -18,6 +18,22 @@ impl Drop for RSA {
 }
 
 impl RSA {
+    /// only useful for associating the key material directly with the key, it's safer to use
+    /// the supplied load and save methods for DER formatted keys.
+    pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, SslError> {
+        unsafe {
+            let rsa = try_ssl_null!(ffi::RSA_new());
+            (*rsa).n = n.into_raw();
+            (*rsa).e = e.into_raw();
+            Ok(RSA(rsa))
+        }
+    }
+
+    /// the caller should assert that the rsa pointer is valid.
+    pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
+        RSA(rsa)
+    }
+
     /// Reads an RSA private key from PEM formatted data.
     pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
     where R: Read
@@ -61,6 +77,12 @@ impl RSA {
         }
     }
 
+    pub fn has_n(&self) -> bool {
+        unsafe {
+            !(*self.0).n.is_null()
+        }
+    }
+
     pub fn d(&self) -> Result<BigNum, SslError> {
         unsafe {
             BigNum::new_from_ffi((*self.0).d)
@@ -73,6 +95,12 @@ impl RSA {
         }
     }
 
+    pub fn has_e(&self) -> bool {
+        unsafe {
+            !(*self.0).e.is_null()
+        }
+    }
+
     pub fn p(&self) -> Result<BigNum, SslError> {
         unsafe {
             BigNum::new_from_ffi((*self.0).p)
author	Steven Fackler <[email protected]>	2016-03-05 13:57:53 -0800
committer	Steven Fackler <[email protected]>	2016-03-05 13:57:53 -0800
commit	23fd427900ff9d76278ad88865d7739afc61f2a2 (patch)
tree	2d414d8a9ef2bcbc1113ae03d0d27e75f534c682
parent	Stop testing sslv2 feature on Travis (diff)
parent	making from_raw() unsafe (diff)
download	rust-openssl-23fd427900ff9d76278ad88865d7739afc61f2a2.tar.xz rust-openssl-23fd427900ff9d76278ad88865d7739afc61f2a2.zip