diff options
| author | Kevin Ballard <[email protected]> | 2013-04-20 01:12:03 -0700 |
|---|---|---|
| committer | Kevin Ballard <[email protected]> | 2013-04-20 01:12:03 -0700 |
| commit | 9d09a98664624dc360e5411832507fb874891e7e (patch) | |
| tree | ee52f7141b50bf0cd178b9f59380a089c8786f61 | |
| parent | Remove GCM support for now, EVP is more complicated than that (diff) | |
| download | rust-openssl-9d09a98664624dc360e5411832507fb874891e7e.tar.xz rust-openssl-9d09a98664624dc360e5411832507fb874891e7e.zip | |
Update for Rust 0.6
Also disable AES_128_CTR and AES_256_CTR because they cause link
failures on OS X.
| -rw-r--r-- | hash.rs | 75 | ||||
| -rw-r--r-- | hex.rs | 25 | ||||
| -rw-r--r-- | hmac.rs | 42 | ||||
| -rw-r--r-- | pkcs5.rs | 46 | ||||
| -rw-r--r-- | pkey.rs | 394 | ||||
| -rw-r--r-- | rand.rs | 10 | ||||
| -rw-r--r-- | symm.rs | 176 |
7 files changed, 420 insertions, 348 deletions
@@ -1,4 +1,4 @@ -use libc::c_uint; +use core::libc::c_uint; pub enum HashType { MD5, @@ -10,10 +10,10 @@ pub enum HashType { } #[allow(non_camel_case_types)] -type EVP_MD_CTX = *libc::c_void; +pub type EVP_MD_CTX = *libc::c_void; #[allow(non_camel_case_types)] -type EVP_MD = *libc::c_void; +pub type EVP_MD = *libc::c_void; #[link_name = "crypto"] #[abi = "cdecl"] @@ -32,14 +32,16 @@ extern mod libcrypto { fn EVP_DigestFinal(ctx: EVP_MD_CTX, res: *mut u8, n: *u32); } -fn evpmd(t: HashType) -> (EVP_MD, uint) { - match t { - MD5 => (libcrypto::EVP_md5(), 16u), - SHA1 => (libcrypto::EVP_sha1(), 20u), - SHA224 => (libcrypto::EVP_sha224(), 28u), - SHA256 => (libcrypto::EVP_sha256(), 32u), - SHA384 => (libcrypto::EVP_sha384(), 48u), - SHA512 => (libcrypto::EVP_sha512(), 64u), +pub fn evpmd(t: HashType) -> (EVP_MD, uint) { + unsafe { + match t { + MD5 => (libcrypto::EVP_md5(), 16u), + SHA1 => (libcrypto::EVP_sha1(), 20u), + SHA224 => (libcrypto::EVP_sha224(), 28u), + SHA256 => (libcrypto::EVP_sha256(), 32u), + SHA384 => (libcrypto::EVP_sha384(), 48u), + SHA512 => (libcrypto::EVP_sha512(), 64u), + } } } @@ -50,23 +52,29 @@ pub struct Hasher { } pub fn Hasher(ht: HashType) -> Hasher { - let ctx = libcrypto::EVP_MD_CTX_create(); - let (evp, mdlen) = evpmd(ht); - let h = Hasher { evp: evp, ctx: ctx, len: mdlen }; - h.init(); - h + unsafe { + let ctx = libcrypto::EVP_MD_CTX_create(); + let (evp, mdlen) = evpmd(ht); + let h = Hasher { evp: evp, ctx: ctx, len: mdlen }; + h.init(); + h + } } pub impl Hasher { /// Initializes this hasher - fn init() unsafe { - libcrypto::EVP_DigestInit(self.ctx, self.evp); + fn init(&self) { + unsafe { + libcrypto::EVP_DigestInit(self.ctx, self.evp); + } } /// Update this hasher with more input bytes - fn update(data: &[u8]) unsafe { - do vec::as_imm_buf(data) |pdata, len| { - libcrypto::EVP_DigestUpdate(self.ctx, pdata, len as c_uint) + fn update(&self, data: &[u8]) { + unsafe { + do vec::as_imm_buf(data) |pdata, len| { + libcrypto::EVP_DigestUpdate(self.ctx, pdata, len as c_uint) + } } } @@ -74,12 +82,14 @@ pub impl Hasher { * Return the digest of all bytes added to this hasher since its last * initialization */ - fn final() -> ~[u8] unsafe { - let mut res = vec::from_elem(self.len, 0u8); - do vec::as_mut_buf(res) |pres, _len| { - libcrypto::EVP_DigestFinal(self.ctx, pres, ptr::null()); + fn final(&self) -> ~[u8] { + unsafe { + let mut res = vec::from_elem(self.len, 0u8); + do vec::as_mut_buf(res) |pres, _len| { + libcrypto::EVP_DigestFinal(self.ctx, pres, ptr::null()); + } + res } - res } } @@ -87,14 +97,17 @@ pub impl Hasher { * Hashes the supplied input data using hash t, returning the resulting hash * value */ -pub fn hash(t: HashType, data: &[u8]) -> ~[u8] unsafe { - let h = Hasher(t); - h.update(data); - h.final() +pub fn hash(t: HashType, data: &[u8]) -> ~[u8] { + unsafe { + let h = Hasher(t); + h.update(data); + h.final() + } } #[cfg(test)] mod tests { + use super::*; use hex::FromHex; use hex::ToHex; @@ -117,7 +130,7 @@ mod tests { io::println(fmt!("Test failed - %s != %s", calced, hashtest.expected_output)); } - assert calced == hashtest.expected_output; + assert!(calced == hashtest.expected_output); } // Test vectors from http://www.nsrl.nist.gov/testdata/ @@ -17,13 +17,13 @@ extern mod std; pub trait ToHex { - pure fn to_hex() -> ~str; + fn to_hex(&self) -> ~str; } -impl &[u8]: ToHex { - pure fn to_hex() -> ~str { +impl<'self> ToHex for &'self [u8] { + fn to_hex(&self) -> ~str { - let chars = str::chars(~"0123456789ABCDEF"); + let chars = str::to_chars(~"0123456789ABCDEF"); let mut s = ~""; @@ -45,20 +45,20 @@ impl &[u8]: ToHex { } pub trait FromHex { - pure fn from_hex() -> ~[u8]; + fn from_hex(&self) -> ~[u8]; } -impl &str: FromHex { - pure fn from_hex() -> ~[u8] { +impl<'self> FromHex for &'self str { + fn from_hex(&self) -> ~[u8] { let mut vec = vec::with_capacity(self.len() / 2); - for str::each_chari(self) |i,c| { + for str::each_chari(*self) |i,c| { let nibble = if c >= '0' && c <= '9' { (c as u8) - 0x30 } else if c >= 'a' && c <= 'f' { (c as u8) - (0x61 - 10) } else if c >= 'A' && c <= 'F' { (c as u8) - (0x41 - 10) } - else { fail ~"bad hex character"; }; + else { fail!(~"bad hex character"); }; if i % 2 == 0 { unsafe { @@ -76,15 +76,16 @@ impl &str: FromHex { #[cfg(test)] mod tests { + use super::*; #[test] pub fn test() { - assert [05u8, 0xffu8, 0x00u8, 0x59u8].to_hex() == ~"05FF0059"; + assert!([05u8, 0xffu8, 0x00u8, 0x59u8].to_hex() == ~"05FF0059"); - assert "00FFA9D1F5".from_hex() == ~[0, 0xff, 0xa9, 0xd1, 0xf5]; + assert!("00FFA9D1F5".from_hex() == ~[0, 0xff, 0xa9, 0xd1, 0xf5]); - assert "00FFA9D1F5".from_hex().to_hex() == ~"00FFA9D1F5"; + assert!("00FFA9D1F5".from_hex().to_hex() == ~"00FFA9D1F5"); } @@ -17,13 +17,13 @@ use hash::*; #[allow(non_camel_case_types)] -struct HMAC_CTX { - mut md: EVP_MD, - mut md_ctx: EVP_MD_CTX, - mut i_ctx: EVP_MD_CTX, - mut o_ctx: EVP_MD_CTX, - mut key_length: libc::c_uint, - mut key: [libc::c_uchar * 128] +pub struct HMAC_CTX { + md: EVP_MD, + md_ctx: EVP_MD_CTX, + i_ctx: EVP_MD_CTX, + o_ctx: EVP_MD_CTX, + key_length: libc::c_uint, + key: [libc::c_uchar, ..128] } #[link_name = "crypto"] @@ -38,7 +38,7 @@ extern mod libcrypto { } pub struct HMAC { - priv mut ctx: HMAC_CTX, + priv ctx: HMAC_CTX, priv len: uint, } @@ -66,25 +66,29 @@ pub fn HMAC(ht: HashType, key: ~[u8]) -> HMAC { } pub impl HMAC { - fn update(data: &[u8]) unsafe { - do vec::as_imm_buf(data) |pdata, len| { - libcrypto::HMAC_Update(&mut self.ctx, pdata, len as libc::c_uint) + fn update(&mut self, data: &[u8]) { + unsafe { + do vec::as_imm_buf(data) |pdata, len| { + libcrypto::HMAC_Update(&mut self.ctx, pdata, len as libc::c_uint) + } } } - fn final() -> ~[u8] unsafe { - let mut res = vec::from_elem(self.len, 0u8); - let mut outlen: libc::c_uint = 0; - do vec::as_mut_buf(res) |pres, _len| { - libcrypto::HMAC_Final(&mut self.ctx, pres, &mut outlen); - assert self.len == outlen as uint + fn final(&mut self) -> ~[u8] { + unsafe { + let mut res = vec::from_elem(self.len, 0u8); + let mut outlen: libc::c_uint = 0; + do vec::as_mut_buf(res) |pres, _len| { + libcrypto::HMAC_Final(&mut self.ctx, pres, &mut outlen); + assert!(self.len == outlen as uint) + } + res } - res } } fn main() { - let h = HMAC(SHA512, ~[00u8]); + let mut h = HMAC(SHA512, ~[00u8]); h.update(~[00u8]); @@ -1,4 +1,4 @@ -use libc::{c_char, c_uchar, c_int}; +use core::libc::c_int; #[link_name = "crypto"] #[abi = "cdecl"] @@ -14,21 +14,23 @@ Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm. "] pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: uint, keylen: uint) -> ~[u8] { - assert iter >= 1u; - assert keylen >= 1u; + assert!(iter >= 1u); + assert!(keylen >= 1u); do str::as_buf(pass) |pass_buf, pass_len| { do vec::as_imm_buf(salt) |salt_buf, salt_len| { let mut out = vec::with_capacity(keylen); do vec::as_mut_buf(out) |out_buf, _out_len| { - let r = libcrypto::PKCS5_PBKDF2_HMAC_SHA1( - pass_buf, pass_len as c_int, - salt_buf, salt_len as c_int, - iter as c_int, keylen as c_int, - out_buf); + unsafe { + let r = libcrypto::PKCS5_PBKDF2_HMAC_SHA1( + pass_buf, pass_len as c_int, + salt_buf, salt_len as c_int, + iter as c_int, keylen as c_int, + out_buf); - if r != 1 as c_int { fail; } + if r != 1 as c_int { fail!(); } + } } unsafe { vec::raw::set_len(&mut out, keylen); } @@ -40,11 +42,13 @@ pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: uint, #[cfg(test)] mod tests { + use super::*; + // Test vectors from // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 #[test] fn test_pbkdf2_hmac_sha1() { - assert pbkdf2_hmac_sha1( + assert!(pbkdf2_hmac_sha1( "password", str::to_bytes("salt"), 1u, @@ -53,9 +57,9 @@ mod tests { 0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, 0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, 0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8 - ]; + ]); - assert pbkdf2_hmac_sha1( + assert!(pbkdf2_hmac_sha1( "password", str::to_bytes("salt"), 2u, @@ -64,9 +68,9 @@ mod tests { 0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, 0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, 0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8 - ]; + ]); - assert pbkdf2_hmac_sha1( + assert!(pbkdf2_hmac_sha1( "password", str::to_bytes("salt"), 4096u, @@ -75,9 +79,9 @@ mod tests { 0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, 0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, 0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8 - ]; + ]); - assert pbkdf2_hmac_sha1( + assert!(pbkdf2_hmac_sha1( "password", str::to_bytes("salt"), 16777216u, @@ -86,9 +90,9 @@ mod tests { 0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, 0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, 0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8 - ]; + ]); - assert pbkdf2_hmac_sha1( + assert!(pbkdf2_hmac_sha1( "passwordPASSWORDpassword", str::to_bytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"), 4096u, @@ -98,9 +102,9 @@ mod tests { 0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, 0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, 0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8 - ]; + ]); - assert pbkdf2_hmac_sha1( + assert!(pbkdf2_hmac_sha1( "pass\x00word", str::to_bytes("sa\x00lt"), 4096u, @@ -109,6 +113,6 @@ mod tests { 0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, 0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, 0xe0_u8, 0xc3_u8 - ]; + ]); } } @@ -1,4 +1,4 @@ -use libc::{c_int, c_uint}; +use core::libc::{c_int, c_uint}; use hash::{HashType, MD5, SHA1, SHA224, SHA256, SHA384, SHA512}; #[allow(non_camel_case_types)] @@ -74,107 +74,130 @@ fn openssl_hash_nid(hash: HashType) -> c_int { } } -fn rsa_to_any(rsa: *RSA) -> *ANYKEY unsafe { - cast::reinterpret_cast(&rsa) +fn rsa_to_any(rsa: *RSA) -> *ANYKEY { + unsafe { + cast::reinterpret_cast(&rsa) + } } -fn any_to_rsa(anykey: *ANYKEY) -> *RSA unsafe { - cast::reinterpret_cast(&anykey) +fn any_to_rsa(anykey: *ANYKEY) -> *RSA { + unsafe { + cast::reinterpret_cast(&anykey) + } } pub struct PKey { - priv mut evp: *EVP_PKEY, - priv mut parts: Parts, + priv evp: *EVP_PKEY, + priv parts: Parts, } pub fn PKey() -> PKey { - PKey { evp: libcrypto::EVP_PKEY_new(), parts: Neither } + unsafe { + PKey { evp: libcrypto::EVP_PKEY_new(), parts: Neither } + } } +///Represents a public key, optionally with a private key attached. priv impl PKey { - fn _tostr(f: fn@(*EVP_PKEY, &*mut u8) -> c_int) -> ~[u8] unsafe { - let buf = ptr::mut_null(); - let len = f(self.evp, &buf); - if len < 0 as c_int { return ~[]; } - let mut s = vec::from_elem(len as uint, 0u8); - - let r = do vec::as_mut_buf(s) |ps, _len| { - f(self.evp, &ps) - }; - - vec::slice(s, 0u, r as uint) + priv fn _tostr(&self, f: @fn(*EVP_PKEY, &*mut u8) -> c_int) -> ~[u8] { + unsafe { + let buf = ptr::mut_null(); + let len = f(self.evp, &buf); + if len < 0 as c_int { return ~[]; } + let mut s = vec::from_elem(len as uint, 0u8); + + let r = do vec::as_mut_buf(s) |ps, _len| { + f(self.evp, &ps) + }; + + vec::slice(s, 0u, r as uint).to_owned() + } } - fn _fromstr( + priv fn _fromstr( + &mut self, s: &[u8], - f: fn@(c_int, &*EVP_PKEY, &*u8, c_uint) -> *EVP_PKEY - ) unsafe { - do vec::as_imm_buf(s) |ps, len| { - let evp = ptr::null(); - f(6 as c_int, &evp, &ps, len as c_uint); - self.evp = evp; + f: @fn(c_int, &*EVP_PKEY, &*u8, c_uint) -> *EVP_PKEY + ) { + unsafe { + do vec::as_imm_buf(s) |ps, len| { + let evp = ptr::null(); + f(6 as c_int, &evp, &ps, len as c_uint); + self.evp = evp; + } } } } -///Represents a public key, optionally with a private key attached. pub impl PKey { - fn gen(keysz: uint) unsafe { - let rsa = libcrypto::RSA_generate_key( - keysz as c_uint, - 65537u as c_uint, - ptr::null(), - ptr::null() - ); - - let rsa_ = rsa_to_any(rsa); - // XXX: 6 == NID_rsaEncryption - libcrypto::EVP_PKEY_assign(self.evp, 6 as c_int, rsa_); - self.parts = Both; + fn gen(&mut self, keysz: uint) { + unsafe { + let rsa = libcrypto::RSA_generate_key( + keysz as c_uint, + 65537u as c_uint, + ptr::null(), + ptr::null() + ); + + let rsa_ = rsa_to_any(rsa); + // XXX: 6 == NID_rsaEncryption + libcrypto::EVP_PKEY_assign(self.evp, 6 as c_int, rsa_); + self.parts = Both; + } } /** * Returns a serialized form of the public key, suitable for load_pub(). */ - fn save_pub() -> ~[u8] { - self._tostr(libcrypto::i2d_PublicKey) + fn save_pub(&self) -> ~[u8] { + unsafe { + self._tostr(libcrypto::i2d_PublicKey) + } } /** * Loads a serialized form of the public key, as produced by save_pub(). */ - fn load_pub(s: &[u8]) { - self._fromstr(s, libcrypto::d2i_PublicKey); - self.parts = Public; + fn load_pub(&mut self, s: &[u8]) { + unsafe { + self._fromstr(s, libcrypto::d2i_PublicKey); + self.parts = Public; + } } /** * Returns a serialized form of the public and private keys, suitable for * load_priv(). */ - fn save_priv() -> ~[u8] { - self._tostr(libcrypto::i2d_PrivateKey) + fn save_priv(&self, ) -> ~[u8] { + unsafe { + self._tostr(libcrypto::i2d_PrivateKey) + } } /** * Loads a serialized form of the public and private keys, as produced by * save_priv(). */ - fn load_priv(s: &[u8]) { - self._fromstr(s, libcrypto::d2i_PrivateKey); - self.parts = Both; + fn load_priv(&mut self, s: &[u8]) { + unsafe { + self._fromstr(s, libcrypto::d2i_PrivateKey); + self.parts = Both; + } } /** * Returns the size of the public key modulus. */ - fn size() -> uint { - libcrypto::RSA_size(libcrypto::EVP_PKEY_get1_RSA(self.evp)) as uint + fn size(&self) -> uint { + unsafe { + libcrypto::RSA_size(libcrypto::EVP_PKEY_get1_RSA(self.evp)) as uint + } } /** * Returns whether this pkey object can perform the specified role. */ - fn can(r: Role) -> bool { + fn can(&self, r: Role) -> bool { match r { Encrypt => match self.parts { @@ -203,63 +226,69 @@ pub impl PKey { * Returns the maximum amount of data that can be encrypted by an encrypt() * call. */ - fn max_data() -> uint unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); + fn max_data(&self) -> uint { + unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); - // 41 comes from RSA_public_encrypt(3) for OAEP - len as uint - 41u + // 41 comes from RSA_public_encrypt(3) for OAEP + len as uint - 41u + } } - fn encrypt_with_padding(s: &[u8], padding: EncryptionPadding) -> ~[u8] unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - - assert s.len() < self.max_data(); - - let mut r = vec::from_elem(len as uint + 1u, 0u8); - - do vec::as_mut_buf(r) |pr, _len| { - do vec::as_imm_buf(s) |ps, s_len| { - let rv = libcrypto::RSA_public_encrypt( - s_len as c_uint, - ps, - pr, - rsa, - openssl_padding_code(padding) - ); - - if rv < 0 as c_int { - ~[] - } else { - vec::slice(r, 0u, rv as uint) + fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> ~[u8] { + unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + + assert!(s.len() < self.max_data()); + + let mut r = vec::from_elem(len as uint + 1u, 0u8); + + do vec::as_mut_buf(r) |pr, _len| { + do vec::as_imm_buf(s) |ps, s_len| { + let rv = libcrypto::RSA_public_encrypt( + s_len as c_uint, + ps, + pr, + rsa, + openssl_padding_code(padding) + ); + + if rv < 0 as c_int { + ~[] + } else { + vec::const_slice(r, 0u, rv as uint).to_owned() + } } } } } - fn decrypt_with_padding(s: &[u8], padding: EncryptionPadding) -> ~[u8] unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - - assert s.len() as c_uint == libcrypto::RSA_size(rsa); - - let mut r = vec::from_elem(len as uint + 1u, 0u8); - - do vec::as_mut_buf(r) |pr, _len| { - do vec::as_imm_buf(s) |ps, s_len| { - let rv = libcrypto::RSA_private_decrypt( - s_len as c_uint, - ps, - pr, - rsa, - openssl_padding_code(padding) - ); - - if rv < 0 as c_int { - ~[] - } else { - vec::slice(r, 0u, rv as uint) + fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> ~[u8] { + unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + + assert!(s.len() as c_uint == libcrypto::RSA_size(rsa)); + + let mut r = vec::from_elem(len as uint + 1u, 0u8); + + do vec::as_mut_buf(r) |pr, _len| { + do vec::as_imm_buf(s) |ps, s_len| { + let rv = libcrypto::RSA_private_decrypt( + s_len as c_uint, + ps, + pr, + rsa, + openssl_padding_code(padding) + ); + + if rv < 0 as c_int { + ~[] + } else { + vec::const_slice(r, 0u, rv as uint).to_owned() + } } } } @@ -269,66 +298,70 @@ pub impl PKey { * Encrypts data using OAEP padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - fn encrypt(s: &[u8]) -> ~[u8] unsafe { self.encrypt_with_padding(s, OAEP) } + fn encrypt(&self, s: &[u8]) -> ~[u8] { unsafe { self.encrypt_with_padding(s, OAEP) } } /** * Decrypts data, expecting OAEP padding, returning the decrypted data. */ - fn decrypt(s: &[u8]) -> ~[u8] unsafe { self.decrypt_with_padding(s, OAEP) } + fn decrypt(&self, s: &[u8]) -> ~[u8] { unsafe { self.decrypt_with_padding(s, OAEP) } } /** * Signs data, using OpenSSL's default scheme and sha256. Unlike encrypt(), * can process an arbitrary amount of data; returns the signature. */ - fn sign(s: &[u8]) -> ~[u8] unsafe { self.sign_with_hash(s, SHA256) } + fn sign(&self, s: &[u8]) -> ~[u8] { unsafe { self.sign_with_hash(s, SHA256) } } /** * Verifies a signature s (using OpenSSL's default scheme and sha256) on a * message m. Returns true if the signature is valid, and false otherwise. */ - fn verify(m: &[u8], s: &[u8]) -> bool unsafe { self.verify_with_hash(m, s, SHA256) } - - fn sign_with_hash(s: &[u8], hash: HashType) -> ~[u8] unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - let mut r = vec::from_elem(len as uint + 1u, 0u8); - - do vec::as_mut_buf(r) |pr, _len| { - do vec::as_imm_buf(s) |ps, s_len| { - let plen = ptr::addr_of(&len); - - let rv = libcrypto::RSA_sign( - openssl_hash_nid(hash), - ps, - s_len as c_uint, - pr, - plen, - rsa); - - if rv < 0 as c_int { - ~[] - } else { - vec::slice(r, 0u, *plen as uint) + fn verify(&self, m: &[u8], s: &[u8]) -> bool { unsafe { self.verify_with_hash(m, s, SHA256) } } + + fn sign_with_hash(&self, s: &[u8], hash: HashType) -> ~[u8] { + unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + let mut r = vec::from_elem(len as uint + 1u, 0u8); + + do vec::as_mut_buf(r) |pr, _len| { + do vec::as_imm_buf(s) |ps, s_len| { + let plen = ptr::addr_of(&len); + + let rv = libcrypto::RSA_sign( + openssl_hash_nid(hash), + ps, + s_len as c_uint, + pr, + plen, + rsa); + + if rv < 0 as c_int { + ~[] + } else { + vec::const_slice(r, 0u, *plen as uint).to_owned() + } } } } } - fn verify_with_hash(m: &[u8], s: &[u8], hash: HashType) -> bool unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - - do vec::as_imm_buf(m) |pm, m_len| { - do vec::as_imm_buf(s) |ps, s_len| { - let rv = libcrypto::RSA_verify( - openssl_hash_nid(hash), - pm, - m_len as c_uint, - ps, - s_len as c_uint, - rsa - ); - - rv == 1 as c_int + fn verify_with_hash(&self, m: &[u8], s: &[u8], hash: HashType) -> bool { + unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + + do vec::as_imm_buf(m) |pm, m_len| { + do vec::as_imm_buf(s) |ps, s_len| { + let rv = libcrypto::RSA_verify( + openssl_hash_nid(hash), + pm, + m_len as c_uint, + ps, + s_len as c_uint, + rsa + ); + + rv == 1 as c_int + } } } } @@ -336,90 +369,93 @@ pub impl PKey { #[cfg(test)] mod tests { + use super::*; + use hash::{MD5, SHA1}; + #[test] fn test_gen_pub() { - let k0 = PKey(); - let k1 = PKey(); + let mut k0 = PKey(); + let mut k1 = PKey(); k0.gen(512u); k1.load_pub(k0.save_pub()); - assert(k0.save_pub() == k1.save_pub()); - assert(k0.size() == k1.size()); - assert(k0.can(Encrypt)); - assert(k0.can(Decrypt)); - assert(k0.can(Verify)); - assert(k0.can(Sign)); - assert(k1.can(Encrypt)); - assert(!k1.can(Decrypt)); - assert(k1.can(Verify)); - assert(!k1.can(Sign)); + assert!(k0.save_pub() == k1.save_pub()); + assert!(k0.size() == k1.size()); + assert!(k0.can(Encrypt)); + assert!(k0.can(Decrypt)); + assert!(k0.can(Verify)); + assert!(k0.can(Sign)); + assert!(k1.can(Encrypt)); + assert!(!k1.can(Decrypt)); + assert!(k1.can(Verify)); + assert!(!k1.can(Sign)); } #[test] fn test_gen_priv() { - let k0 = PKey(); - let k1 = PKey(); + let mut k0 = PKey(); + let mut k1 = PKey(); k0.gen(512u); k1.load_priv(k0.save_priv()); - assert(k0.save_priv() == k1.save_priv()); - assert(k0.size() == k1.size()); - assert(k0.can(Encrypt)); - assert(k0.can(Decrypt)); - assert(k0.can(Verify)); - assert(k0.can(Sign)); - assert(k1.can(Encrypt)); - assert(k1.can(Decrypt)); - assert(k1.can(Verify)); - assert(k1.can(Sign)); + assert!(k0.save_priv() == k1.save_priv()); + assert!(k0.size() == k1.size()); + assert!(k0.can(Encrypt)); + assert!(k0.can(Decrypt)); + assert!(k0.can(Verify)); + assert!(k0.can(Sign)); + assert!(k1.can(Encrypt)); + assert!(k1.can(Decrypt)); + assert!(k1.can(Verify)); + assert!(k1.can(Sign)); } #[test] fn test_encrypt() { - let k0 = PKey(); - let k1 = PKey(); + let mut k0 = PKey(); + let mut k1 = PKey(); let msg = ~[0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512u); k1.load_pub(k0.save_pub()); let emsg = k1.encrypt(msg); let dmsg = k0.decrypt(emsg); - assert(msg == dmsg); + assert!(msg == dmsg); } #[test] fn test_encrypt_pkcs() { - let k0 = PKey(); - let k1 = PKey(); + let mut k0 = PKey(); + let mut k1 = PKey(); let msg = ~[0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512u); k1.load_pub(k0.save_pub()); let emsg = k1.encrypt_with_padding(msg, PKCS1v15); let dmsg = k0.decrypt_with_padding(emsg, PKCS1v15); - assert(msg == dmsg); + assert!(msg == dmsg); } #[test] fn test_sign() { - let k0 = PKey(); - let k1 = PKey(); + let mut k0 = PKey(); + let mut k1 = PKey(); let msg = ~[0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512u); k1.load_pub(k0.save_pub()); let sig = k0.sign(msg); let rv = k1.verify(msg, sig); - assert(rv == true); + assert!(rv == true); } #[test] fn test_sign_hashes() { - let k0 = PKey(); - let k1 = PKey(); + let mut k0 = PKey(); + let mut k1 = PKey(); let msg = ~[0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512u); k1.load_pub(k0.save_pub()); let sig = k0.sign_with_hash(msg, MD5); - assert k1.verify_with_hash(msg, sig, MD5); - assert !k1.verify_with_hash(msg, sig, SHA1); + assert!(k1.verify_with_hash(msg, sig, MD5)); + assert!(!k1.verify_with_hash(msg, sig, SHA1)); } } @@ -1,4 +1,4 @@ -use libc::{c_uchar, c_int}; +use core::libc::c_int; #[link_name = "crypto"] #[abi = "cdecl"] @@ -10,8 +10,10 @@ pub fn rand_bytes(len: uint) -> ~[u8] { let mut out = vec::with_capacity(len); do vec::as_mut_buf(out) |out_buf, len| { - let r = libcrypto::RAND_bytes(out_buf, len as c_int); - if r != 1 as c_int { fail } + unsafe { + let r = libcrypto::RAND_bytes(out_buf, len as c_int); + if r != 1 as c_int { fail!() } + } } unsafe { vec::raw::set_len(&mut out, len); } @@ -21,6 +23,8 @@ pub fn rand_bytes(len: uint) -> ~[u8] { #[cfg(test)] mod tests { + use super::*; + #[test] fn test_rand_bytes() { let bytes = rand_bytes(32u); @@ -1,8 +1,4 @@ -use libc::{c_int, c_uint}; - -export encryptmode, decryptmode; -export encrypt, decrypt; -export libcrypto; +use core::libc::{c_int, c_uint}; #[allow(non_camel_case_types)] type EVP_CIPHER_CTX = *libc::c_void; @@ -18,13 +14,13 @@ extern mod libcrypto { fn EVP_aes_128_ecb() -> EVP_CIPHER; fn EVP_aes_128_cbc() -> EVP_CIPHER; - fn EVP_aes_128_ctr() -> EVP_CIPHER; - fn EVP_aes_128_gcm() -> EVP_CIPHER; + // fn EVP_aes_128_ctr() -> EVP_CIPHER; + // fn EVP_aes_128_gcm() -> EVP_CIPHER; fn EVP_aes_256_ecb() -> EVP_CIPHER; fn EVP_aes_256_cbc() -> EVP_CIPHER; - fn EVP_aes_256_ctr() -> EVP_CIPHER; - fn EVP_aes_256_gcm() -> EVP_CIPHER; + // fn EVP_aes_256_ctr() -> EVP_CIPHER; + // fn EVP_aes_256_gcm() -> EVP_CIPHER; fn EVP_rc4() -> EVP_CIPHER; @@ -44,30 +40,32 @@ pub enum Mode { pub enum Type { AES_128_ECB, AES_128_CBC, - AES_128_CTR, + // AES_128_CTR, //AES_128_GCM, AES_256_ECB, AES_256_CBC, - AES_256_CTR, + // AES_256_CTR, //AES_256_GCM, RC4_128, } fn evpc(t: Type) -> (EVP_CIPHER, uint, uint) { - match t { - AES_128_ECB => (libcrypto::EVP_aes_128_ecb(), 16u, 16u), - AES_128_CBC => (libcrypto::EVP_aes_128_cbc(), 16u, 16u), - AES_128_CTR => (libcrypto::EVP_aes_128_ctr(), 16u, 0u), - //AES_128_GCM => (libcrypto::EVP_aes_128_gcm(), 16u, 16u), - - AES_256_ECB => (libcrypto::EVP_aes_256_ecb(), 32u, 16u), - AES_256_CBC => (libcrypto::EVP_aes_256_cbc(), 32u, 16u), - AES_256_CTR => (libcrypto::EVP_aes_256_ctr(), 32u, 0u), - //AES_256_GCM => (libcrypto::EVP_aes_256_gcm(), 32u, 16u), - - RC4_128 => (libcrypto::EVP_rc4(), 16u, 0u), + unsafe { + match t { + AES_128_ECB => (libcrypto::EVP_aes_128_ecb(), 16u, 16u), + AES_128_CBC => (libcrypto::EVP_aes_128_cbc(), 16u, 16u), + // AES_128_CTR => (libcrypto::EVP_aes_128_ctr(), 16u, 0u), + //AES_128_GCM => (libcrypto::EVP_aes_128_gcm(), 16u, 16u), + + AES_256_ECB => (libcrypto::EVP_aes_256_ecb(), 32u, 16u), + AES_256_CBC => (libcrypto::EVP_aes_256_cbc(), 32u, 16u), + // AES_256_CTR => (libcrypto::EVP_aes_256_ctr(), 32u, 0u), + //AES_256_GCM => (libcrypto::EVP_aes_256_gcm(), 32u, 16u), + + RC4_128 => (libcrypto::EVP_rc4(), 16u, 0u), + } } } @@ -80,9 +78,11 @@ pub struct Crypter { } pub fn Crypter(t: Type) -> Crypter { - let ctx = libcrypto::EVP_CIPHER_CTX_new(); - let (evp, keylen, blocksz) = evpc(t); - Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz } + unsafe { + let ctx = libcrypto::EVP_CIPHER_CTX_new(); + let (evp, keylen, blocksz) = evpc(t); + Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz } + } } pub impl Crypter { @@ -90,32 +90,36 @@ pub impl Crypter { * Enables or disables padding. If padding is disabled, total amount of * data encrypted must be a multiple of block size. */ - fn pad(padding: bool) { + fn pad(&self, padding: bool) { if self.blocksize > 0 { - let v = if padding { 1 } else { 0 } as c_int; - libcrypto::EVP_CIPHER_CTX_set_padding(self.ctx, v); + unsafe { + let v = if padding { 1 } else { 0 } as c_int; + libcrypto::EVP_CIPHER_CTX_set_padding(self.ctx, v); + } } } /** * Initializes this crypter. */ - fn init(mode: Mode, key: &[u8], iv: &[u8]) unsafe { - let mode = match mode { - Encrypt => 1 as c_int, - Decrypt => 0 as c_int, - }; - assert key.len() == self.keylen; - - do vec::as_imm_buf(key) |pkey, _len| { - do vec::as_imm_buf(iv) |piv, _len| { - libcrypto::EVP_CipherInit( - self.ctx, - self.evp, - pkey, - piv, - mode - ) + fn init(&self, mode: Mode, key: &[u8], iv: &[u8]) { + unsafe { + let mode = match mode { + Encrypt => 1 as c_int, + Decrypt => 0 as c_int, + }; + assert!(key.len() == self.keylen); + + do vec::as_imm_buf(key) |pkey, _len| { + do vec::as_imm_buf(iv) |piv, _len| { + libcrypto::EVP_CipherInit( + self.ctx, + self.evp, + pkey, + piv, + mode + ) + } } } } @@ -124,45 +128,49 @@ pub impl Crypter { * Update this crypter with more data to encrypt or decrypt. Returns * encrypted or decrypted bytes. */ - fn update(data: &[u8]) -> ~[u8] unsafe { - do vec::as_imm_buf(data) |pdata, len| { - let mut res = vec::from_elem(len + self.blocksize, 0u8); - - let reslen = do vec::as_mut_buf(res) |pres, _len| { - let mut reslen = (len + self.blocksize) as u32; - - libcrypto::EVP_CipherUpdate( - self.ctx, - pres, - &mut reslen, - pdata, - len as c_int - ); - - reslen - }; - - vec::slice(res, 0u, reslen as uint) + fn update(&self, data: &[u8]) -> ~[u8] { + unsafe { + do vec::as_imm_buf(data) |pdata, len| { + let mut res = vec::from_elem(len + self.blocksize, 0u8); + + let reslen = do vec::as_mut_buf(res) |pres, _len| { + let mut reslen = (len + self.blocksize) as u32; + + libcrypto::EVP_CipherUpdate( + self.ctx, + pres, + &mut reslen, + pdata, + len as c_int + ); + + reslen + }; + + vec::slice(res, 0u, reslen as uint).to_owned() + } } } /** * Finish crypting. Returns the remaining partial block of output, if any. */ - fn final() -> ~[u8] unsafe { - let res = vec::to_mut(vec::from_elem(self.blocksize, 0u8)); + fn final(&self) -> ~[u8] { + unsafe { + let mut res = vec::from_elem(self.blocksize, 0u8); - io::println(fmt!("final, res %? long", res.len())); + io::println(fmt!("final, res %? long", res.len())); - let reslen = do vec::as_mut_buf(res) |pres, _len| { - let mut reslen = self.blocksize as c_int; - libcrypto::EVP_CipherFinal(self.ctx, pres, &mut reslen); - reslen - }; + let reslen = do vec::as_mut_buf(res) |pres, _len| { + let mut reslen = self.blocksize as c_int; + libcrypto::EVP_CipherFinal(self.ctx, pres, &mut reslen); + reslen + }; - io::println(fmt!("openssl says %? bytes", reslen)); + io::println(fmt!("openssl says %? bytes", reslen)); - vec::slice(res, 0u, reslen as uint) + vec::slice(res, 0u, reslen as uint).to_owned() + } } } @@ -170,7 +178,7 @@ pub impl Crypter { * Encrypts data, using the specified crypter type in encrypt mode with the * specified key and iv; returns the resulting (encrypted) data. */ -fn encrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { +pub fn encrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { let c = Crypter(t); c.init(Encrypt, key, iv); let r = c.update(data); @@ -182,7 +190,7 @@ fn encrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { * Decrypts data, using the specified crypter type in decrypt mode with the * specified key and iv; returns the resulting (decrypted) data. */ -fn decrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { +pub fn decrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { let c = Crypter(t); c.init(Decrypt, key, iv); let r = c.update(data); @@ -192,6 +200,8 @@ fn decrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { #[cfg(test)] mod tests { + use super::*; + use hex::FromHex; // Test vectors from FIPS-197: @@ -213,11 +223,11 @@ mod tests { c.init(Encrypt, k0, ~[]); c.pad(false); let r0 = c.update(p0) + c.final(); - assert(r0 == c0); + assert!(r0 == c0); c.init(Decrypt, k0, ~[]); c.pad(false); let p1 = c.update(r0) + c.final(); - assert(p1 == p0); + assert!(p1 == p0); } fn cipher_test(ciphertype: Type, pt: ~str, ct: ~str, key: ~str, iv: ~str) { @@ -236,7 +246,7 @@ mod tests { io::println(fmt!("Lengths differ: %u in computed vs %u expected", computed.len(), expected.len())); } - fail ~"test failure"; + fail!(~"test failure"); } } @@ -251,7 +261,7 @@ mod tests { cipher_test(RC4_128, pt, ct, key, iv); } - #[test] + /*#[test] fn test_aes128_ctr() { let pt = ~"6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; @@ -260,9 +270,9 @@ mod tests { let iv = ~"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF"; cipher_test(AES_128_CTR, pt, ct, key, iv); - } + }*/ - #[test] + /*#[test] fn test_aes128_gcm() { // Test case 3 in GCM spec let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; @@ -271,6 +281,6 @@ mod tests { let iv = ~"cafebabefacedbaddecaf888"; cipher_test(AES_128_GCM, pt, ct, key, iv); - } + }*/ } |