Merge remote-tracking branch 'origin/master' into breaks

author: Steven Fackler <[email protected]> 2016-07-31 15:15:47 -0700
committer: Steven Fackler <[email protected]> 2016-07-31 15:15:47 -0700
commit: f0ffa246b83102d70bc59f76d136981efdafb1e7 (patch)
tree: 0f6036a20ba4eb7b333986206962abeb4bab6c2f /openssl/src/crypto/rsa.rs
parent: Revert "Add a new trait based Nid setup" (diff)
parent: Merge pull request #402 from bbatha/feat/dsa-ffi (diff)
download: rust-openssl-f0ffa246b83102d70bc59f76d136981efdafb1e7.tar.xz
rust-openssl-f0ffa246b83102d70bc59f76d136981efdafb1e7.zip
1 files changed, 211 insertions, 9 deletions
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index 11970933..b403eab5 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -1,11 +1,19 @@
 use ffi;
 use std::fmt;
 use std::ptr;
-use std::io::{self, Read};
+use std::io::{self, Read, Write};
+use libc::c_int;
 
 use bn::BigNum;
 use bio::MemBio;
 use error::ErrorStack;
+use crypto::HashTypeInternals;
+use crypto::hash;
+
+#[cfg(feature = "catch_unwind")]
+use libc::{c_void, c_char};
+#[cfg(feature = "catch_unwind")]
+use crypto::util::{CallbackState, invoke_passwd_cb};
 
 pub struct RSA(*mut ffi::RSA);
 
@@ -29,6 +37,29 @@ impl RSA {
         }
     }
 
+    pub fn from_private_components(n: BigNum,
+                                   e: BigNum,
+                                   d: BigNum,
+                                   p: BigNum,
+                                   q: BigNum,
+                                   dp: BigNum,
+                                   dq: BigNum,
+                                   qi: BigNum)
+                                   -> Result<RSA, ErrorStack> {
+        unsafe {
+            let rsa = try_ssl_null!(ffi::RSA_new());
+            (*rsa).n = n.into_raw();
+            (*rsa).e = e.into_raw();
+            (*rsa).d = d.into_raw();
+            (*rsa).p = p.into_raw();
+            (*rsa).q = q.into_raw();
+            (*rsa).dmp1 = dp.into_raw();
+            (*rsa).dmq1 = dq.into_raw();
+            (*rsa).iqmp = qi.into_raw();
+            Ok(RSA(rsa))
+        }
+    }
+
     /// the caller should assert that the rsa pointer is valid.
     pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
         RSA(rsa)
@@ -36,7 +67,7 @@ impl RSA {
 
     /// Reads an RSA private key from PEM formatted data.
     pub fn private_key_from_pem<R>(reader: &mut R) -> io::Result<RSA>
-    where R: Read
+        where R: Read
     {
         let mut mem_bio = try!(MemBio::new());
         try!(io::copy(reader, &mut mem_bio));
@@ -50,9 +81,51 @@ impl RSA {
         }
     }
 
+    /// Reads an RSA private key from PEM formatted data and supplies a password callback.
+    ///
+    /// Requires the `catch_unwind` feature.
+    #[cfg(feature = "catch_unwind")]
+    pub fn private_key_from_pem_cb<R, F>(reader: &mut R, pass_cb: F) -> Result<RSA, ErrorStack>
+        where R: Read, F: FnOnce(&mut [c_char]) -> usize
+    {
+        let mut cb = CallbackState::new(pass_cb);
+
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+
+        unsafe {
+            let cb_ptr = &mut cb as *mut _ as *mut c_void;
+            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(),
+                                                                    ptr::null_mut(),
+                                                                    Some(invoke_passwd_cb::<F>),
+                                                                    cb_ptr));
+
+            Ok(RSA(rsa))
+        }
+    }
+
+    /// Writes an RSA private key as unencrypted PEM formatted data
+    pub fn private_key_to_pem<W>(&self, writer: &mut W) -> io::Result<()>
+        where W: Write
+    {
+        let mut mem_bio = try!(MemBio::new());
+
+        unsafe {
+            try_ssl!(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(),
+                                             self.0,
+                                             ptr::null(),
+                                             ptr::null_mut(),
+                                             0,
+                                             None,
+                                             ptr::null_mut()));
+        }
+        try!(io::copy(&mut mem_bio, writer));
+        Ok(())
+    }
+
     /// Reads an RSA public key from PEM formatted data.
     pub fn public_key_from_pem<R>(reader: &mut R) -> io::Result<RSA>
-    where R: Read
+        where R: Read
     {
         let mut mem_bio = try!(MemBio::new());
         try!(io::copy(reader, &mut mem_bio));
@@ -66,6 +139,58 @@ impl RSA {
         }
     }
 
+    /// Writes an RSA public key as PEM formatted data
+    pub fn public_key_to_pem<W>(&self, writer: &mut W) -> io::Result<()>
+        where W: Write
+    {
+        let mut mem_bio = try!(MemBio::new());
+
+        unsafe {
+            try_ssl!(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0))
+        };
+
+        try!(io::copy(&mut mem_bio, writer));
+        Ok(())
+    }
+
+    pub fn size(&self) -> Option<u32> {
+        if self.has_n() {
+            unsafe { Some(ffi::RSA_size(self.0) as u32) }
+        } else {
+            None
+        }
+    }
+
+    pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result<Vec<u8>, ErrorStack> {
+        let k_len = self.size().expect("RSA missing an n");
+        let mut sig = vec![0; k_len as usize];
+        let mut sig_len = k_len;
+
+        unsafe {
+            try_ssl!(ffi::RSA_sign(hash.as_nid() as c_int,
+                                       message.as_ptr(),
+                                       message.len() as u32,
+                                       sig.as_mut_ptr(),
+                                       &mut sig_len,
+                                       self.0));
+            assert!(sig_len == k_len);
+            Ok(sig)
+        }
+    }
+
+    pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result<bool, ErrorStack> {
+        unsafe {
+            let result = ffi::RSA_verify(hash.as_nid() as c_int,
+                                         message.as_ptr(),
+                                         message.len() as u32,
+                                         sig.as_ptr(),
+                                         sig.len() as u32,
+                                         self.0);
+            try_ssl_if!(result == -1);
+            Ok(result == 1)
+        }
+    }
+
     pub fn as_ptr(&self) -> *mut ffi::RSA {
         self.0
     }
@@ -78,9 +203,7 @@ impl RSA {
     }
 
     pub fn has_n(&self) -> bool {
-        unsafe {
-            !(*self.0).n.is_null()
-        }
+        unsafe { !(*self.0).n.is_null() }
     }
 
     pub fn d(&self) -> Result<BigNum, ErrorStack> {
@@ -96,9 +219,7 @@ impl RSA {
     }
 
     pub fn has_e(&self) -> bool {
-        unsafe {
-            !(*self.0).e.is_null()
-        }
+        unsafe { !(*self.0).e.is_null() }
     }
 
     pub fn p(&self) -> Result<BigNum, ErrorStack> {
@@ -119,3 +240,84 @@ impl fmt::Debug for RSA {
         write!(f, "RSA")
     }
 }
+
+#[cfg(test)]
+mod test {
+    use std::fs::File;
+    use std::io::Write;
+    use super::*;
+    use crypto::hash::*;
+
+    fn signing_input_rs256() -> Vec<u8> {
+        vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57,
+             46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48,
+             75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107,
+             122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121,
+             57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99,
+             49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81]
+    }
+
+    fn signature_rs256() -> Vec<u8> {
+        vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174,
+             27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60,
+             150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237,
+             16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,
+             61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129,
+             96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111,
+             36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18,
+             142, 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,
+             253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163,
+             204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35,
+             185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195,
+             212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,
+             234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160,
+             112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71]
+    }
+
+    #[test]
+    pub fn test_sign() {
+        let mut buffer = File::open("test/rsa.pem").unwrap();
+        let private_key = RSA::private_key_from_pem(&mut buffer).unwrap();
+
+        let mut sha = Hasher::new(Type::SHA256);
+        sha.write_all(&signing_input_rs256()).unwrap();
+        let digest = sha.finish();
+
+        let result = private_key.sign(Type::SHA256, &digest).unwrap();
+
+        assert_eq!(result, signature_rs256());
+    }
+
+    #[test]
+    pub fn test_verify() {
+        let mut buffer = File::open("test/rsa.pem.pub").unwrap();
+        let public_key = RSA::public_key_from_pem(&mut buffer).unwrap();
+
+        let mut sha = Hasher::new(Type::SHA256);
+        sha.write_all(&signing_input_rs256()).unwrap();
+        let digest = sha.finish();
+
+        let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap();
+
+        assert!(result);
+    }
+
+    #[test]
+    #[cfg(feature = "catch_unwind")]
+    pub fn test_password() {
+        let mut password_queried = false;
+        let mut buffer = File::open("test/rsa-encrypted.pem").unwrap();
+        RSA::private_key_from_pem_cb(&mut buffer, |password| {
+            password_queried = true;
+            password[0] = b'm' as _;
+            password[1] = b'y' as _;
+            password[2] = b'p' as _;
+            password[3] = b'a' as _;
+            password[4] = b's' as _;
+            password[5] = b's' as _;
+            6
+        }).unwrap();
+
+        assert!(password_queried);
+    }
+}
author	Steven Fackler <[email protected]>	2016-07-31 15:15:47 -0700
committer	Steven Fackler <[email protected]>	2016-07-31 15:15:47 -0700
commit	f0ffa246b83102d70bc59f76d136981efdafb1e7 (patch)
tree	0f6036a20ba4eb7b333986206962abeb4bab6c2f /openssl/src/crypto/rsa.rs
parent	Revert "Add a new trait based Nid setup" (diff)
parent	Merge pull request #402 from bbatha/feat/dsa-ffi (diff)
download	rust-openssl-f0ffa246b83102d70bc59f76d136981efdafb1e7.tar.xz rust-openssl-f0ffa246b83102d70bc59f76d136981efdafb1e7.zip