aboutsummaryrefslogtreecommitdiff
path: root/openssl/src/crypto
diff options
context:
space:
mode:
authorSteven Fackler <[email protected]>2016-05-16 23:04:10 -0700
committerSteven Fackler <[email protected]>2016-05-16 23:04:10 -0700
commit163a3413ee68e4279f869734a8f470882a7e602d (patch)
tree79dac1073e45efcc708d7c52bff68aa249e8c681 /openssl/src/crypto
parentMerge branch 'release-v0.7.11' into release (diff)
parentRelease v0.7.12 (diff)
downloadrust-openssl-0.7.12.tar.xz
rust-openssl-0.7.12.zip
Merge branch 'release-v0.7.12' into releasev0.7.12
Diffstat (limited to 'openssl/src/crypto')
-rw-r--r--openssl/src/crypto/hash.rs48
-rw-r--r--openssl/src/crypto/hmac.rs3
-rw-r--r--openssl/src/crypto/mod.rs6
-rw-r--r--openssl/src/crypto/pkey.rs39
-rw-r--r--openssl/src/crypto/rsa.rs207
5 files changed, 235 insertions, 68 deletions
diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs
index 78465851..69d3a350 100644
--- a/openssl/src/crypto/hash.rs
+++ b/openssl/src/crypto/hash.rs
@@ -2,9 +2,11 @@ use libc::c_uint;
use std::iter::repeat;
use std::io::prelude::*;
use std::io;
-
use ffi;
+use crypto::HashTypeInternals;
+use nid::Nid;
+
/// Message digest (hash) type.
#[derive(Copy, Clone)]
pub enum Type {
@@ -17,19 +19,32 @@ pub enum Type {
RIPEMD160,
}
+impl HashTypeInternals for Type {
+ fn as_nid(&self) -> Nid {
+ match *self {
+ Type::MD5 => Nid::MD5,
+ Type::SHA1 => Nid::SHA1,
+ Type::SHA224 => Nid::SHA224,
+ Type::SHA256 => Nid::SHA256,
+ Type::SHA384 => Nid::SHA384,
+ Type::SHA512 => Nid::SHA512,
+ Type::RIPEMD160 => Nid::RIPEMD160,
+ }
+ }
+}
+
impl Type {
/// Returns the length of the message digest.
#[inline]
pub fn md_len(&self) -> usize {
- use self::Type::*;
match *self {
- MD5 => 16,
- SHA1 => 20,
- SHA224 => 28,
- SHA256 => 32,
- SHA384 => 48,
- SHA512 => 64,
- RIPEMD160 => 20,
+ Type::MD5 => 16,
+ Type::SHA1 => 20,
+ Type::SHA224 => 28,
+ Type::SHA256 => 32,
+ Type::SHA384 => 48,
+ Type::SHA512 => 64,
+ Type::RIPEMD160 => 20,
}
}
@@ -37,15 +52,14 @@ impl Type {
#[inline]
pub fn evp_md(&self) -> *const ffi::EVP_MD {
unsafe {
- use self::Type::*;
match *self {
- MD5 => ffi::EVP_md5(),
- SHA1 => ffi::EVP_sha1(),
- SHA224 => ffi::EVP_sha224(),
- SHA256 => ffi::EVP_sha256(),
- SHA384 => ffi::EVP_sha384(),
- SHA512 => ffi::EVP_sha512(),
- RIPEMD160 => ffi::EVP_ripemd160(),
+ Type::MD5 => ffi::EVP_md5(),
+ Type::SHA1 => ffi::EVP_sha1(),
+ Type::SHA224 => ffi::EVP_sha224(),
+ Type::SHA256 => ffi::EVP_sha256(),
+ Type::SHA384 => ffi::EVP_sha384(),
+ Type::SHA512 => ffi::EVP_sha512(),
+ Type::RIPEMD160 => ffi::EVP_ripemd160(),
}
}
}
diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs
index 866087b0..143c7b75 100644
--- a/openssl/src/crypto/hmac.rs
+++ b/openssl/src/crypto/hmac.rs
@@ -387,8 +387,7 @@ mod tests {
let tests: [(Vec<u8>, Vec<u8>); 6] =
[(repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()),
(b"Jefe".to_vec(), b"what do ya want for nothing?".to_vec()),
- (repeat(0xaa_u8).take(20).collect(),
- repeat(0xdd_u8).take(50).collect()),
+ (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()),
("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(),
repeat(0xcd_u8).take(50).collect()),
(repeat(0xaa_u8).take(131).collect(),
diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs
index bb77453f..95b27022 100644
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@@ -14,6 +14,8 @@
// limitations under the License.
//
+use nid::Nid;
+
pub mod hash;
pub mod hmac;
pub mod pkcs5;
@@ -24,3 +26,7 @@ pub mod memcmp;
pub mod rsa;
mod symm_internal;
+
+trait HashTypeInternals {
+ fn as_nid(&self) -> Nid;
+}
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index ba0a16b6..c4111860 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -5,6 +5,8 @@ use std::iter::repeat;
use std::mem;
use std::ptr;
use bio::MemBio;
+
+use crypto::HashTypeInternals;
use crypto::hash;
use crypto::hash::Type as HashType;
use ffi;
@@ -41,18 +43,6 @@ fn openssl_padding_code(padding: EncryptionPadding) -> c_int {
}
}
-fn openssl_hash_nid(hash: HashType) -> c_int {
- match hash {
- HashType::MD5 => 4, // NID_md5,
- HashType::SHA1 => 64, // NID_sha1
- HashType::SHA224 => 675, // NID_sha224
- HashType::SHA256 => 672, // NID_sha256
- HashType::SHA384 => 673, // NID_sha384
- HashType::SHA512 => 674, // NID_sha512
- HashType::RIPEMD160 => 117, // NID_ripemd160
- }
-}
-
pub struct PKey {
evp: *mut ffi::EVP_PKEY,
parts: Parts,
@@ -124,7 +114,7 @@ impl PKey {
/// Reads an RSA private key from PEM, takes ownership of handle
pub fn private_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
- where R: Read
+ where R: Read
{
let rsa = try!(RSA::private_key_from_pem(reader));
unsafe {
@@ -140,7 +130,7 @@ impl PKey {
/// Reads an RSA public key from PEM, takes ownership of handle
pub fn public_rsa_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
- where R: Read
+ where R: Read
{
let rsa = try!(RSA::public_key_from_pem(reader));
unsafe {
@@ -556,7 +546,7 @@ impl PKey {
let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
let mut len = 0;
- let rv = ffi::RSA_sign(openssl_hash_nid(hash),
+ let rv = ffi::RSA_sign(hash.as_nid() as c_int,
s.as_ptr(),
s.len() as c_uint,
r.as_mut_ptr(),
@@ -579,7 +569,7 @@ impl PKey {
panic!("Could not get RSA key for verification");
}
- let rv = ffi::RSA_verify(openssl_hash_nid(hash),
+ let rv = ffi::RSA_verify(hash.as_nid() as c_int,
h.as_ptr(),
h.len() as c_uint,
s.as_ptr(),
@@ -610,16 +600,15 @@ impl Drop for PKey {
impl Clone for PKey {
fn clone(&self) -> Self {
let mut pkey = PKey::from_handle(unsafe { ffi::EVP_PKEY_new() }, self.parts);
- // copy by encoding to DER and back
+ // copy by encoding to DER and back
match self.parts {
Parts::Public => {
pkey.load_pub(&self.save_pub()[..]);
- },
+ }
Parts::Both => {
pkey.load_priv(&self.save_priv()[..]);
- },
- Parts::Neither => {
- },
+ }
+ Parts::Neither => {}
}
pkey
}
@@ -694,8 +683,8 @@ mod tests {
fn test_private_rsa_key_from_pem() {
let key_path = Path::new("test/key.pem");
let mut file = File::open(&key_path)
- .ok()
- .expect("Failed to open `test/key.pem`");
+ .ok()
+ .expect("Failed to open `test/key.pem`");
super::PKey::private_rsa_key_from_pem(&mut file).unwrap();
}
@@ -704,8 +693,8 @@ mod tests {
fn test_public_rsa_key_from_pem() {
let key_path = Path::new("test/key.pem.pub");
let mut file = File::open(&key_path)
- .ok()
- .expect("Failed to open `test/key.pem.pub`");
+ .ok()
+ .expect("Failed to open `test/key.pem.pub`");
super::PKey::public_rsa_key_from_pem(&mut file).unwrap();
}
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index 6fcb5b07..52b8590e 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -2,10 +2,13 @@ use ffi;
use std::fmt;
use ssl::error::{SslError, StreamError};
use std::ptr;
-use std::io::{self, Read};
+use std::io::{self, Read, Write};
+use libc::c_int;
use bn::BigNum;
use bio::MemBio;
+use crypto::HashTypeInternals;
+use crypto::hash;
pub struct RSA(*mut ffi::RSA);
@@ -29,6 +32,29 @@ impl RSA {
}
}
+ pub fn from_private_components(n: BigNum,
+ e: BigNum,
+ d: BigNum,
+ p: BigNum,
+ q: BigNum,
+ dp: BigNum,
+ dq: BigNum,
+ qi: BigNum)
+ -> Result<RSA, SslError> {
+ unsafe {
+ let rsa = try_ssl_null!(ffi::RSA_new());
+ (*rsa).n = n.into_raw();
+ (*rsa).e = e.into_raw();
+ (*rsa).d = d.into_raw();
+ (*rsa).p = p.into_raw();
+ (*rsa).q = q.into_raw();
+ (*rsa).dmp1 = dp.into_raw();
+ (*rsa).dmq1 = dq.into_raw();
+ (*rsa).iqmp = qi.into_raw();
+ Ok(RSA(rsa))
+ }
+ }
+
/// the caller should assert that the rsa pointer is valid.
pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
RSA(rsa)
@@ -36,7 +62,7 @@ impl RSA {
/// Reads an RSA private key from PEM formatted data.
pub fn private_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
- where R: Read
+ where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
@@ -50,9 +76,34 @@ impl RSA {
}
}
+ /// Writes an RSA private key as unencrypted PEM formatted data
+ pub fn private_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
+ where W: Write
+ {
+ let mut mem_bio = try!(MemBio::new());
+
+ let result = unsafe {
+ ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(),
+ self.0,
+ ptr::null(),
+ ptr::null_mut(),
+ 0,
+ None,
+ ptr::null_mut())
+ };
+
+ if result == 1 {
+ try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
+
+ Ok(())
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+
/// Reads an RSA public key from PEM formatted data.
pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
- where R: Read
+ where R: Read
{
let mut mem_bio = try!(MemBio::new());
try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
@@ -66,51 +117,97 @@ impl RSA {
}
}
+ /// Writes an RSA public key as PEM formatted data
+ pub fn public_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
+ where W: Write
+ {
+ let mut mem_bio = try!(MemBio::new());
+
+ let result = unsafe { ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) };
+
+ if result == 1 {
+ try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
+
+ Ok(())
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+
+ pub fn size(&self) -> Result<u32, SslError> {
+ if self.has_n() {
+ unsafe { Ok(ffi::RSA_size(self.0) as u32) }
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+
+ pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result<Vec<u8>, SslError> {
+ let k_len = try!(self.size());
+ let mut sig = vec![0;k_len as usize];
+ let mut sig_len = k_len;
+
+ unsafe {
+ let result = ffi::RSA_sign(hash.as_nid() as c_int,
+ message.as_ptr(),
+ message.len() as u32,
+ sig.as_mut_ptr(),
+ &mut sig_len,
+ self.0);
+ assert!(sig_len == k_len);
+
+ if result == 1 {
+ Ok(sig)
+ } else {
+ Err(SslError::OpenSslErrors(vec![]))
+ }
+ }
+ }
+
+ pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
+ unsafe {
+ let result = ffi::RSA_verify(hash.as_nid() as c_int,
+ message.as_ptr(),
+ message.len() as u32,
+ sig.as_ptr(),
+ sig.len() as u32,
+ self.0);
+
+ Ok(result == 1)
+ }
+ }
+
pub fn as_ptr(&self) -> *mut ffi::RSA {
self.0
}
// The following getters are unsafe, since BigNum::new_from_ffi fails upon null pointers
pub fn n(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).n)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).n) }
}
pub fn has_n(&self) -> bool {
- unsafe {
- !(*self.0).n.is_null()
- }
+ unsafe { !(*self.0).n.is_null() }
}
pub fn d(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).d)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).d) }
}
pub fn e(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).e)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).e) }
}
pub fn has_e(&self) -> bool {
- unsafe {
- !(*self.0).e.is_null()
- }
+ unsafe { !(*self.0).e.is_null() }
}
pub fn p(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).p)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).p) }
}
pub fn q(&self) -> Result<BigNum, SslError> {
- unsafe {
- BigNum::new_from_ffi((*self.0).q)
- }
+ unsafe { BigNum::new_from_ffi((*self.0).q) }
}
}
@@ -119,3 +216,65 @@ impl fmt::Debug for RSA {
write!(f, "RSA")
}
}
+
+#[cfg(test)]
+mod test {
+ use std::fs::File;
+ use std::io::Write;
+ use super::*;
+ use crypto::hash::*;
+
+ fn signing_input_rs256() -> Vec<u8> {
+ vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57,
+ 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48,
+ 75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107,
+ 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121,
+ 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99,
+ 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81]
+ }
+
+ fn signature_rs256() -> Vec<u8> {
+ vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174,
+ 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60,
+ 150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237,
+ 16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,
+ 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129,
+ 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111,
+ 36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18,
+ 142, 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,
+ 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163,
+ 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35,
+ 185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195,
+ 212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,
+ 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160,
+ 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71]
+ }
+
+ #[test]
+ pub fn test_sign() {
+ let mut buffer = File::open("test/rsa.pem").unwrap();
+ let private_key = RSA::private_key_from_pem(&mut buffer).unwrap();
+
+ let mut sha = Hasher::new(Type::SHA256);
+ sha.write_all(&signing_input_rs256()).unwrap();
+ let digest = sha.finish();
+
+ let result = private_key.sign(Type::SHA256, &digest).unwrap();
+
+ assert_eq!(result, signature_rs256());
+ }
+
+ #[test]
+ pub fn test_verify() {
+ let mut buffer = File::open("test/rsa.pem.pub").unwrap();
+ let public_key = RSA::public_key_from_pem(&mut buffer).unwrap();
+
+ let mut sha = Hasher::new(Type::SHA256);
+ sha.write_all(&signing_input_rs256()).unwrap();
+ let digest = sha.finish();
+
+ let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap();
+
+ assert!(result);
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 16:16:01 +0000