diff options
| author | Steven Fackler <[email protected]> | 2015-02-07 21:28:54 -0800 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2015-02-07 21:30:05 -0800 |
| commit | ec65b0c67b452539fded5e06cbb6ce1d165074e0 (patch) | |
| tree | c50c22c2ce4ca095149c96a0f3a3b935b4012a5c /openssl/src/crypto | |
| parent | Fix deprecation warnings in openssl-sys (diff) | |
| download | rust-openssl-ec65b0c67b452539fded5e06cbb6ce1d165074e0.tar.xz rust-openssl-ec65b0c67b452539fded5e06cbb6ce1d165074e0.zip | |
Move docs to this repo and auto build
Diffstat (limited to 'openssl/src/crypto')
| -rw-r--r-- | openssl/src/crypto/hash.rs | 333 | ||||
| -rw-r--r-- | openssl/src/crypto/hmac.rs | 474 | ||||
| -rw-r--r-- | openssl/src/crypto/memcmp.rs | 39 | ||||
| -rw-r--r-- | openssl/src/crypto/mod.rs | 24 | ||||
| -rw-r--r-- | openssl/src/crypto/pkcs5.rs | 119 | ||||
| -rw-r--r-- | openssl/src/crypto/pkey.rs | 423 | ||||
| -rw-r--r-- | openssl/src/crypto/rand.rs | 27 | ||||
| -rw-r--r-- | openssl/src/crypto/symm.rs | 314 |
8 files changed, 1753 insertions, 0 deletions
diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs new file mode 100644 index 00000000..f81532c9 --- /dev/null +++ b/openssl/src/crypto/hash.rs @@ -0,0 +1,333 @@ +use libc::c_uint; +use std::iter::repeat; +use std::old_io::{IoError, Writer}; + +use ffi; + +/// Message digest (hash) type. +#[derive(Copy)] +pub enum Type { + MD5, + SHA1, + SHA224, + SHA256, + SHA384, + SHA512, + RIPEMD160 +} + +impl Type { + /// Returns the length of the message digest. + #[inline] + pub fn md_len(&self) -> usize { + use self::Type::*; + match *self { + MD5 => 16, + SHA1 => 20, + SHA224 => 28, + SHA256 => 32, + SHA384 => 48, + SHA512 => 64, + RIPEMD160 => 20, + } + } + + /// Internal interface subject to removal. + #[inline] + pub fn evp_md(&self) -> *const ffi::EVP_MD { + unsafe { + use self::Type::*; + match *self { + MD5 => ffi::EVP_md5(), + SHA1 => ffi::EVP_sha1(), + SHA224 => ffi::EVP_sha224(), + SHA256 => ffi::EVP_sha256(), + SHA384 => ffi::EVP_sha384(), + SHA512 => ffi::EVP_sha512(), + RIPEMD160 => ffi::EVP_ripemd160(), + } + } + } +} + +#[derive(PartialEq, Copy)] +enum State { + Reset, + Updated, + Finalized, +} + +use self::State::*; + +/// Provides message digest (hash) computation. +/// +/// # Examples +/// +/// Calculate a hash in one go. +/// +/// ``` +/// use openssl::crypto::hash::{hash, Type}; +/// let data = b"\x42\xF4\x97\xE0"; +/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2"; +/// let res = hash(Type::MD5, data); +/// assert_eq!(res, spec); +/// ``` +/// +/// Use the `Writer` trait to supply the input in chunks. +/// +/// ``` +/// use std::old_io::Writer; +/// use openssl::crypto::hash::{Hasher, Type}; +/// let data = [b"\x42\xF4", b"\x97\xE0"]; +/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2"; +/// let mut h = Hasher::new(Type::MD5); +/// h.write_all(data[0]); +/// h.write_all(data[1]); +/// let res = h.finish(); +/// assert_eq!(res, spec); +/// ``` +/// +/// # Warning +/// +/// Don't actually use MD5 and SHA-1 hashes, they're not secure anymore. +/// +/// Don't ever hash passwords, use `crypto::pkcs5` or bcrypt/scrypt instead. +pub struct Hasher { + ctx: *mut ffi::EVP_MD_CTX, + md: *const ffi::EVP_MD, + type_: Type, + state: State, +} + +impl Hasher { + /// Creates a new `Hasher` with the specified hash type. + pub fn new(ty: Type) -> Hasher { + ffi::init(); + + let ctx = unsafe { + let r = ffi::EVP_MD_CTX_create(); + assert!(!r.is_null()); + r + }; + let md = ty.evp_md(); + + let mut h = Hasher { ctx: ctx, md: md, type_: ty, state: Finalized }; + h.init(); + h + } + + #[inline] + fn init(&mut self) { + match self.state { + Reset => return, + Updated => { self.finalize(); }, + Finalized => (), + } + unsafe { + let r = ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *const _); + assert_eq!(r, 1); + } + self.state = Reset; + } + + #[inline] + fn update(&mut self, data: &[u8]) { + if self.state == Finalized { + self.init(); + } + unsafe { + let r = ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(), + data.len() as c_uint); + assert_eq!(r, 1); + } + self.state = Updated; + } + + #[inline] + fn finalize(&mut self) -> Vec<u8> { + if self.state == Finalized { + self.init(); + } + let md_len = self.type_.md_len(); + let mut res: Vec<u8> = repeat(0).take(md_len).collect(); + unsafe { + let mut len = 0; + let r = ffi::EVP_DigestFinal_ex(self.ctx, res.as_mut_ptr(), &mut len); + self.state = Finalized; + assert_eq!(len as usize, md_len); + assert_eq!(r, 1); + } + res + } + + /// Returns the hash of the data written since creation or + /// the last `finish` and resets the hasher. + #[inline] + pub fn finish(&mut self) -> Vec<u8> { + self.finalize() + } +} + +impl Writer for Hasher { + #[inline] + fn write_all(&mut self, buf: &[u8]) -> Result<(), IoError> { + self.update(buf); + Ok(()) + } +} + +impl Clone for Hasher { + fn clone(&self) -> Hasher { + let ctx = unsafe { + let ctx = ffi::EVP_MD_CTX_create(); + assert!(!ctx.is_null()); + let r = ffi::EVP_MD_CTX_copy_ex(ctx, self.ctx); + assert_eq!(r, 1); + ctx + }; + Hasher { ctx: ctx, md: self.md, type_: self.type_, state: self.state } + } +} + +impl Drop for Hasher { + fn drop(&mut self) { + unsafe { + if self.state != Finalized { + let mut buf: Vec<u8> = repeat(0).take(self.type_.md_len()).collect(); + let mut len = 0; + ffi::EVP_DigestFinal_ex(self.ctx, buf.as_mut_ptr(), &mut len); + } + ffi::EVP_MD_CTX_destroy(self.ctx); + } + } +} + +/// Computes the hash of the `data` with the hash `t`. +pub fn hash(t: Type, data: &[u8]) -> Vec<u8> { + let mut h = Hasher::new(t); + let _ = h.write_all(data); + h.finish() +} + +#[cfg(test)] +mod tests { + use serialize::hex::{FromHex, ToHex}; + use super::{hash, Hasher, Type}; + use std::old_io::Writer; + + fn hash_test(hashtype: Type, hashtest: &(&str, &str)) { + let res = hash(hashtype, &*hashtest.0.from_hex().unwrap()); + assert_eq!(res.to_hex(), hashtest.1); + } + + fn hash_recycle_test(h: &mut Hasher, hashtest: &(&str, &str)) { + let _ = h.write_all(&*hashtest.0.from_hex().unwrap()); + let res = h.finish(); + assert_eq!(res.to_hex(), hashtest.1); + } + + // Test vectors from http://www.nsrl.nist.gov/testdata/ + #[allow(non_upper_case_globals)] + const md5_tests: [(&'static str, &'static str); 13] = [ + ("", "d41d8cd98f00b204e9800998ecf8427e"), + ("7F", "83acb6e67e50e31db6ed341dd2de1595"), + ("EC9C", "0b07f0d4ca797d8ac58874f887cb0b68"), + ("FEE57A", "e0d583171eb06d56198fc0ef22173907"), + ("42F497E0", "7c430f178aefdf1487fee7144e9641e2"), + ("C53B777F1C", "75ef141d64cb37ec423da2d9d440c925"), + ("89D5B576327B", "ebbaf15eb0ed784c6faa9dc32831bf33"), + ("5D4CCE781EB190", "ce175c4b08172019f05e6b5279889f2c"), + ("81901FE94932D7B9", "cd4d2f62b8cdb3a0cf968a735a239281"), + ("C9FFDEE7788EFB4EC9", "e0841a231ab698db30c6c0f3f246c014"), + ("66AC4B7EBA95E53DC10B", "a3b3cea71910d9af56742aa0bb2fe329"), + ("A510CD18F7A56852EB0319", "577e216843dd11573574d3fb209b97d8"), + ("AAED18DBE8938C19ED734A8D", "6f80fb775f27e0a4ce5c2f42fc72c5f1") + ]; + + #[test] + fn test_md5() { + for test in md5_tests.iter() { + hash_test(Type::MD5, test); + } + } + + #[test] + fn test_md5_recycle() { + let mut h = Hasher::new(Type::MD5); + for test in md5_tests.iter() { + hash_recycle_test(&mut h, test); + } + } + + #[test] + fn test_finish_twice() { + let mut h = Hasher::new(Type::MD5); + let _ = h.write_all(&*md5_tests[6].0.from_hex().unwrap()); + let _ = h.finish(); + let res = h.finish(); + let null = hash(Type::MD5, &[]); + assert_eq!(res, null); + } + + #[test] + fn test_clone() { + let i = 7; + let inp = md5_tests[i].0.from_hex().unwrap(); + assert!(inp.len() > 2); + let p = inp.len() / 2; + let h0 = Hasher::new(Type::MD5); + + println!("Clone a new hasher"); + let mut h1 = h0.clone(); + let _ = h1.write_all(&inp[..p]); + { + println!("Clone an updated hasher"); + let mut h2 = h1.clone(); + let _ = h2.write_all(&inp[p..]); + let res = h2.finish(); + assert_eq!(res.to_hex(), md5_tests[i].1); + } + let _ = h1.write_all(&inp[p..]); + let res = h1.finish(); + assert_eq!(res.to_hex(), md5_tests[i].1); + + println!("Clone a finished hasher"); + let mut h3 = h1.clone(); + let _ = h3.write_all(&*md5_tests[i + 1].0.from_hex().unwrap()); + let res = h3.finish(); + assert_eq!(res.to_hex(), md5_tests[i + 1].1); + } + + #[test] + fn test_sha1() { + let tests = [ + ("616263", "a9993e364706816aba3e25717850c26c9cd0d89d"), + ]; + + for test in tests.iter() { + hash_test(Type::SHA1, test); + } + } + + #[test] + fn test_sha256() { + let tests = [ + ("616263", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad") + ]; + + for test in tests.iter() { + hash_test(Type::SHA256, test); + } + } + + #[test] + fn test_ripemd160() { + let tests = [ + ("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc") + ]; + + for test in tests.iter() { + hash_test(Type::RIPEMD160, test); + } + } +} diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs new file mode 100644 index 00000000..65808e58 --- /dev/null +++ b/openssl/src/crypto/hmac.rs @@ -0,0 +1,474 @@ +/* + * Copyright 2013 Jack Lloyd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +use libc::{c_int, c_uint}; +use std::iter::repeat; +use std::old_io::{IoError, Writer}; + +use crypto::hash::Type; +use ffi; + +#[derive(PartialEq, Copy)] +enum State { + Reset, + Updated, + Finalized, +} + +use self::State::*; + +/// Provides HMAC computation. +/// +/// # Examples +/// +/// Calculate a HMAC in one go. +/// +/// ``` +/// use openssl::crypto::hash::Type; +/// use openssl::crypto::hmac::hmac; +/// let key = b"Jefe"; +/// let data = b"what do ya want for nothing?"; +/// let spec = b"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"; +/// let res = hmac(Type::MD5, key, data); +/// assert_eq!(spec, res); +/// ``` +/// +/// Use the `Writer` trait to supply the input in chunks. +/// +/// ``` +/// use std::old_io::Writer; +/// use openssl::crypto::hash::Type; +/// use openssl::crypto::hmac::HMAC; +/// let key = b"Jefe"; +/// let data = [b"what do ya ", b"want for nothing?"]; +/// let spec = b"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"; +/// let mut h = HMAC::new(Type::MD5, &*key); +/// h.write_all(data[0]); +/// h.write_all(data[1]); +/// let res = h.finish(); +/// assert_eq!(spec, res); +/// ``` +pub struct HMAC { + ctx: ffi::HMAC_CTX, + type_: Type, + state: State, +} + +impl HMAC { + /// Creates a new `HMAC` with the specified hash type using the `key`. + pub fn new(ty: Type, key: &[u8]) -> HMAC { + ffi::init(); + + let ctx = unsafe { + let mut ctx = ::std::mem::uninitialized(); + ffi::HMAC_CTX_init(&mut ctx); + ctx + }; + let md = ty.evp_md(); + + let mut h = HMAC { ctx: ctx, type_: ty, state: Finalized }; + h.init_once(md, key); + h + } + + #[inline] + fn init_once(&mut self, md: *const ffi::EVP_MD, key: &[u8]) { + unsafe { + let r = ffi::HMAC_Init_ex(&mut self.ctx, + key.as_ptr(), key.len() as c_int, + md, 0 as *const _); + assert_eq!(r, 1); + } + self.state = Reset; + } + + #[inline] + fn init(&mut self) { + match self.state { + Reset => return, + Updated => { self.finalize(); }, + Finalized => (), + } + // If the key and/or md is not supplied it's reused from the last time + // avoiding redundant initializations + unsafe { + let r = ffi::HMAC_Init_ex(&mut self.ctx, + 0 as *const _, 0, + 0 as *const _, 0 as *const _); + assert_eq!(r, 1); + } + self.state = Reset; + } + + #[inline] + fn update(&mut self, data: &[u8]) { + if self.state == Finalized { + self.init(); + } + unsafe { + let r = ffi::HMAC_Update(&mut self.ctx, data.as_ptr(), + data.len() as c_uint); + assert_eq!(r, 1); + } + self.state = Updated; + } + + #[inline] + fn finalize(&mut self) -> Vec<u8> { + if self.state == Finalized { + self.init(); + } + let md_len = self.type_.md_len(); + let mut res: Vec<u8> = repeat(0).take(md_len).collect(); + unsafe { + let mut len = 0; + let r = ffi::HMAC_Final(&mut self.ctx, res.as_mut_ptr(), &mut len); + self.state = Finalized; + assert_eq!(len as usize, md_len); + assert_eq!(r, 1); + } + res + } + + /// Returns the hash of the data written since creation or + /// the last `finish` and resets the hasher. + #[inline] + pub fn finish(&mut self) -> Vec<u8> { + self.finalize() + } +} + +impl Writer for HMAC { + #[inline] + fn write_all(&mut self, buf: &[u8]) -> Result<(), IoError> { + self.update(buf); + Ok(()) + } +} + +impl Clone for HMAC { + fn clone(&self) -> HMAC { + let mut ctx: ffi::HMAC_CTX; + unsafe { + ctx = ::std::mem::uninitialized(); + let r = ffi::HMAC_CTX_copy(&mut ctx, &self.ctx); + assert_eq!(r, 1); + } + HMAC { ctx: ctx, type_: self.type_, state: self.state } + } +} + +impl Drop for HMAC { + fn drop(&mut self) { + unsafe { + if self.state != Finalized { + let mut buf: Vec<u8> = repeat(0).take(self.type_.md_len()).collect(); + let mut len = 0; + ffi::HMAC_Final(&mut self.ctx, buf.as_mut_ptr(), &mut len); + } + ffi::HMAC_CTX_cleanup(&mut self.ctx); + } + } +} + +/// Computes the HMAC of the `data` with the hash `t` and `key`. +pub fn hmac(t: Type, key: &[u8], data: &[u8]) -> Vec<u8> { + let mut h = HMAC::new(t, key); + let _ = h.write_all(data); + h.finish() +} + +#[cfg(test)] +mod tests { + use std::iter::repeat; + use serialize::hex::FromHex; + use crypto::hash::Type; + use crypto::hash::Type::*; + use super::{hmac, HMAC}; + use std::old_io::Writer; + + fn test_hmac(ty: Type, tests: &[(Vec<u8>, Vec<u8>, Vec<u8>)]) { + for &(ref key, ref data, ref res) in tests.iter() { + assert_eq!(hmac(ty, &**key, &**data), *res); + } + } + + fn test_hmac_recycle(h: &mut HMAC, test: &(Vec<u8>, Vec<u8>, Vec<u8>)) { + let &(_, ref data, ref res) = test; + let _ = h.write_all(&**data); + assert_eq!(h.finish(), *res); + } + + #[test] + fn test_hmac_md5() { + // test vectors from RFC 2202 + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [ + (repeat(0x0b_u8).take(16).collect(), b"Hi There".to_vec(), + "9294727a3638bb1c13f48ef8158bfc9d".from_hex().unwrap()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec(), + "750c783e6ab0b503eaa86e310a5db738".from_hex().unwrap()), + (repeat(0xaa_u8).take(16).collect(), repeat(0xdd_u8).take(50).collect(), + "56be34521d144c88dbb8c733f0e8b3f6".from_hex().unwrap()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect(), + "697eaf0aca3a3aea3a75164746ffaa79".from_hex().unwrap()), + (repeat(0x0c_u8).take(16).collect(), + b"Test With Truncation".to_vec(), + "56461ef2342edc00f9bab995690efd4c".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data".to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()) + ]; + + test_hmac(MD5, &tests); + } + + #[test] + fn test_hmac_md5_recycle() { + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [ + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data".to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()) + ]; + + let mut h = HMAC::new(MD5, &*tests[0].0); + for i in 0..100us { + let test = &tests[i % 2]; + test_hmac_recycle(&mut h, test); + } + } + + #[test] + fn test_finish_twice() { + let test: (Vec<u8>, Vec<u8>, Vec<u8>) = + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()); + + let mut h = HMAC::new(Type::MD5, &*test.0); + let _ = h.write_all(&*test.1); + let _ = h.finish(); + let res = h.finish(); + let null = hmac(Type::MD5, &*test.0, &[]); + assert_eq!(res, null); + } + + #[test] + fn test_clone() { + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [ + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data".to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()), + ]; + let p = tests[0].0.len() / 2; + let h0 = HMAC::new(Type::MD5, &*tests[0].0); + + println!("Clone a new hmac"); + let mut h1 = h0.clone(); + let _ = h1.write_all(&tests[0].1[..p]); + { + println!("Clone an updated hmac"); + let mut h2 = h1.clone(); + let _ = h2.write_all(&tests[0].1[p..]); + let res = h2.finish(); + assert_eq!(res, tests[0].2); + } + let _ = h1.write_all(&tests[0].1[p..]); + let res = h1.finish(); + assert_eq!(res, tests[0].2); + + println!("Clone a finished hmac"); + let mut h3 = h1.clone(); + let _ = h3.write_all(&*tests[1].1); + let res = h3.finish(); + assert_eq!(res, tests[1].2); + } + + #[test] + fn test_hmac_sha1() { + // test vectors from RFC 2202 + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [ + (repeat(0x0b_u8).take(20).collect(), b"Hi There".to_vec(), + "b617318655057264e28bc0b6fb378c8ef146be00".from_hex().unwrap()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec(), + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79".from_hex().unwrap()), + (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect(), + "125d7342b9ac11cd91a39af48aa17b4f63f175d3".from_hex().unwrap()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect(), + "4c9007f4026250c6bc8414f9bf50c86c2d7235da".from_hex().unwrap()), + (repeat(0x0c_u8).take(20).collect(), + b"Test With Truncation".to_vec(), + "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data".to_vec(), + "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap()) + ]; + + test_hmac(SHA1, &tests); + } + + #[test] + fn test_hmac_sha1_recycle() { + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [ + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data".to_vec(), + "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap()) + ]; + + let mut h = HMAC::new(SHA1, &*tests[0].0); + for i in 0..100us { + let test = &tests[i % 2]; + test_hmac_recycle(&mut h, test); + } + } + + + + fn test_sha2(ty: Type, results: &[Vec<u8>]) { + // test vectors from RFC 4231 + let tests: [(Vec<u8>, Vec<u8>); 6] = [ + (repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec()), + (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect()), + (repeat(0xaa_u8).take(131).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec()), + (repeat(0xaa_u8).take(131).collect(), + b"This is a test using a larger than block-size key and a \ + larger than block-size data. The key needs to be hashed \ + before being used by the HMAC algorithm.".to_vec()) + ]; + + for (&(ref key, ref data), res) in tests.iter().zip(results.iter()) { + assert_eq!(hmac(ty, &**key, &**data), *res); + } + + // recycle test + let mut h = HMAC::new(ty, &*tests[5].0); + for i in 0..100us { + let test = &tests[4 + i % 2]; + let tup = (test.0.clone(), test.1.clone(), results[4 + i % 2].clone()); + test_hmac_recycle(&mut h, &tup); + } + } + + #[test] + fn test_hmac_sha224() { + let results = [ + "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22".from_hex().unwrap(), + "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44".from_hex().unwrap(), + "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea".from_hex().unwrap(), + "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a".from_hex().unwrap(), + "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e".from_hex().unwrap(), + "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1".from_hex().unwrap() + ]; + test_sha2(SHA224, &results); + } + + #[test] + fn test_hmac_sha256() { + let results = [ + "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7".from_hex().unwrap(), + "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843".from_hex().unwrap(), + "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe".from_hex().unwrap(), + "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b".from_hex().unwrap(), + "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54".from_hex().unwrap(), + "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2".from_hex().unwrap() + ]; + test_sha2(SHA256, &results); + } + + #[test] + fn test_hmac_sha384() { + let results = [ + "afd03944d84895626b0825f4ab46907f\ + 15f9dadbe4101ec682aa034c7cebc59c\ + faea9ea9076ede7f4af152e8b2fa9cb6".from_hex().unwrap(), + "af45d2e376484031617f78d2b58a6b1b\ + 9c7ef464f5a01b47e42ec3736322445e\ + 8e2240ca5e69e2c78b3239ecfab21649".from_hex().unwrap(), + "88062608d3e6ad8a0aa2ace014c8a86f\ + 0aa635d947ac9febe83ef4e55966144b\ + 2a5ab39dc13814b94e3ab6e101a34f27".from_hex().unwrap(), + "3e8a69b7783c25851933ab6290af6ca7\ + 7a9981480850009cc5577c6e1f573b4e\ + 6801dd23c4a7d679ccf8a386c674cffb".from_hex().unwrap(), + "4ece084485813e9088d2c63a041bc5b4\ + 4f9ef1012a2b588f3cd11f05033ac4c6\ + 0c2ef6ab4030fe8296248df163f44952".from_hex().unwrap(), + "6617178e941f020d351e2f254e8fd32c\ + 602420feb0b8fb9adccebb82461e99c5\ + a678cc31e799176d3860e6110c46523e".from_hex().unwrap() + ]; + test_sha2(SHA384, &results); + } + + #[test] + fn test_hmac_sha512() { + let results = [ + "87aa7cdea5ef619d4ff0b4241a1d6cb0\ + 2379f4e2ce4ec2787ad0b30545e17cde\ + daa833b7d6b8a702038b274eaea3f4e4\ + be9d914eeb61f1702e696c203a126854".from_hex().unwrap(), + "164b7a7bfcf819e2e395fbe73b56e0a3\ + 87bd64222e831fd610270cd7ea250554\ + 9758bf75c05a994a6d034f65f8f0e6fd\ + caeab1a34d4a6b4b636e070a38bce737".from_hex().unwrap(), + "fa73b0089d56a284efb0f0756c890be9\ + b1b5dbdd8ee81a3655f83e33b2279d39\ + bf3e848279a722c806b485a47e67c807\ + b946a337bee8942674278859e13292fb".from_hex().unwrap(), + "b0ba465637458c6990e5a8c5f61d4af7\ + e576d97ff94b872de76f8050361ee3db\ + a91ca5c11aa25eb4d679275cc5788063\ + a5f19741120c4f2de2adebeb10a298dd".from_hex().unwrap(), + "80b24263c7c1a3ebb71493c1dd7be8b4\ + 9b46d1f41b4aeec1121b013783f8f352\ + 6b56d037e05f2598bd0fd2215d6a1e52\ + 95e64f73f63f0aec8b915a985d786598".from_hex().unwrap(), + "e37b6a775dc87dbaa4dfa9f96e5e3ffd\ + debd71f8867289865df5a32d20cdc944\ + b6022cac3c4982b10d5eeb55c3e4de15\ + 134676fb6de0446065c97440fa8c6a58".from_hex().unwrap() + ]; + test_sha2(SHA512, &results); + } +} diff --git a/openssl/src/crypto/memcmp.rs b/openssl/src/crypto/memcmp.rs new file mode 100644 index 00000000..299effa9 --- /dev/null +++ b/openssl/src/crypto/memcmp.rs @@ -0,0 +1,39 @@ +use libc::size_t; +use ffi; + +/// Returns `true` iff `a` and `b` contain the same bytes. +/// +/// This operation takes an amount of time dependent on the length of the two +/// arrays given, but is independent of the contents of a and b. +/// +/// # Failure +/// +/// This function will panic the current task if `a` and `b` do not have the same +/// length. +pub fn eq(a: &[u8], b: &[u8]) -> bool { + assert!(a.len() == b.len()); + let ret = unsafe { + ffi::CRYPTO_memcmp(a.as_ptr() as *const _, + b.as_ptr() as *const _, + a.len() as size_t) + }; + ret == 0 +} + +#[cfg(test)] +mod tests { + use super::eq; + + #[test] + fn test_eq() { + assert!(eq(&[], &[])); + assert!(eq(&[1], &[1])); + assert!(!eq(&[1, 2, 3], &[1, 2, 4])); + } + + #[test] + #[should_fail] + fn test_diff_lens() { + eq(&[], &[1]); + } +} diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs new file mode 100644 index 00000000..e695de33 --- /dev/null +++ b/openssl/src/crypto/mod.rs @@ -0,0 +1,24 @@ +/* + * Copyright 2011 Google Inc. + * 2013 Jack Lloyd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +pub mod hash; +pub mod hmac; +pub mod pkcs5; +pub mod pkey; +pub mod rand; +pub mod symm; +pub mod memcmp; diff --git a/openssl/src/crypto/pkcs5.rs b/openssl/src/crypto/pkcs5.rs new file mode 100644 index 00000000..b101c3ed --- /dev/null +++ b/openssl/src/crypto/pkcs5.rs @@ -0,0 +1,119 @@ +use libc::c_int; +use ffi; + +/// Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm. +pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec<u8> { + unsafe { + assert!(iter >= 1); + assert!(keylen >= 1); + + let mut out = Vec::with_capacity(keylen); + + ffi::init(); + + let r = ffi::PKCS5_PBKDF2_HMAC_SHA1( + pass.as_ptr(), pass.len() as c_int, + salt.as_ptr(), salt.len() as c_int, + iter as c_int, keylen as c_int, + out.as_mut_ptr()); + + if r != 1 { panic!(); } + + out.set_len(keylen); + + out + } +} + +#[cfg(test)] +mod tests { + // Test vectors from + // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 + #[test] + fn test_pbkdf2_hmac_sha1() { + assert_eq!( + super::pbkdf2_hmac_sha1( + "password", + "salt".as_bytes(), + 1, + 20 + ), + vec!( + 0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, + 0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, + 0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8 + ) + ); + + assert_eq!( + super::pbkdf2_hmac_sha1( + "password", + "salt".as_bytes(), + 2, + 20 + ), + vec!( + 0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, + 0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, + 0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8 + ) + ); + + assert_eq!( + super::pbkdf2_hmac_sha1( + "password", + "salt".as_bytes(), + 4096, + 20 + ), + vec!( + 0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, + 0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, + 0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8 + ) + ); + + assert_eq!( + super::pbkdf2_hmac_sha1( + "password", + "salt".as_bytes(), + 16777216, + 20 + ), + vec!( + 0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, + 0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, + 0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8 + ) + ); + + assert_eq!( + super::pbkdf2_hmac_sha1( + "passwordPASSWORDpassword", + "saltSALTsaltSALTsaltSALTsaltSALTsalt".as_bytes(), + 4096, + 25 + ), + vec!( + 0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, + 0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, + 0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, + 0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8 + ) + ); + + assert_eq!( + super::pbkdf2_hmac_sha1( + "pass\x00word", + "sa\x00lt".as_bytes(), + 4096, + 16 + ), + vec!( + 0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, + 0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, + 0xe0_u8, 0xc3_u8 + ) + ); + } +} diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs new file mode 100644 index 00000000..c20fae4f --- /dev/null +++ b/openssl/src/crypto/pkey.rs @@ -0,0 +1,423 @@ +use libc::{c_int, c_uint, c_ulong}; +use std::iter::repeat; +use std::mem; +use std::ptr; +use bio::{MemBio}; +use crypto::hash; +use crypto::hash::Type as HashType; +use ffi; +use ssl::error::{SslError, StreamError}; + +#[derive(Copy)] +enum Parts { + Neither, + Public, + Both +} + +/// Represents a role an asymmetric key might be appropriate for. +#[derive(Copy)] +pub enum Role { + Encrypt, + Decrypt, + Sign, + Verify +} + +/// Type of encryption padding to use. +#[derive(Copy)] +pub enum EncryptionPadding { + OAEP, + PKCS1v15 +} + +fn openssl_padding_code(padding: EncryptionPadding) -> c_int { + match padding { + EncryptionPadding::OAEP => 4, + EncryptionPadding::PKCS1v15 => 1 + } +} + +fn openssl_hash_nid(hash: HashType) -> c_int { + match hash { + HashType::MD5 => 4, // NID_md5, + HashType::SHA1 => 64, // NID_sha1 + HashType::SHA224 => 675, // NID_sha224 + HashType::SHA256 => 672, // NID_sha256 + HashType::SHA384 => 673, // NID_sha384 + HashType::SHA512 => 674, // NID_sha512 + HashType::RIPEMD160 => 117, // NID_ripemd160 + } +} + +pub struct PKey { + evp: *mut ffi::EVP_PKEY, + parts: Parts, +} + +/// Represents a public key, optionally with a private key attached. +impl PKey { + pub fn new() -> PKey { + unsafe { + ffi::init(); + + PKey { + evp: ffi::EVP_PKEY_new(), + parts: Parts::Neither, + } + } + } + + fn _tostr(&self, f: unsafe extern "C" fn(*mut ffi::RSA, *const *mut u8) -> c_int) -> Vec<u8> { + unsafe { + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + let len = f(rsa, ptr::null()); + if len < 0 as c_int { return vec!(); } + let mut s = repeat(0u8).take(len as usize).collect::<Vec<_>>(); + + let r = f(rsa, &s.as_mut_ptr()); + + s.truncate(r as usize); + s + } + } + + fn _fromstr(&mut self, s: &[u8], f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) -> *mut ffi::RSA) { + unsafe { + let rsa = ptr::null_mut(); + f(&rsa, &s.as_ptr(), s.len() as c_uint); + ffi::EVP_PKEY_set1_RSA(self.evp, rsa); + } + } + + pub fn gen(&mut self, keysz: usize) { + unsafe { + let rsa = ffi::RSA_generate_key( + keysz as c_int, + 65537 as c_ulong, + ptr::null(), + ptr::null() + ); + + // XXX: 6 == NID_rsaEncryption + ffi::EVP_PKEY_assign( + self.evp, + 6 as c_int, + mem::transmute(rsa)); + + self.parts = Parts::Both; + } + } + + /** + * Returns a serialized form of the public key, suitable for load_pub(). + */ + pub fn save_pub(&self) -> Vec<u8> { + self._tostr(ffi::i2d_RSA_PUBKEY) + } + + /** + * Loads a serialized form of the public key, as produced by save_pub(). + */ + pub fn load_pub(&mut self, s: &[u8]) { + self._fromstr(s, ffi::d2i_RSA_PUBKEY); + self.parts = Parts::Public; + } + + /** + * Returns a serialized form of the public and private keys, suitable for + * load_priv(). + */ + pub fn save_priv(&self) -> Vec<u8> { + self._tostr(ffi::i2d_RSAPrivateKey) + } + /** + * Loads a serialized form of the public and private keys, as produced by + * save_priv(). + */ + pub fn load_priv(&mut self, s: &[u8]) { + self._fromstr(s, ffi::d2i_RSAPrivateKey); + self.parts = Parts::Both; + } + + /// Stores private key as a PEM + // FIXME: also add password and encryption + pub fn write_pem(&self, writer: &mut Writer/*, password: Option<String>*/) -> Result<(), SslError> { + let mut mem_bio = try!(MemBio::new()); + unsafe { + try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), self.evp, ptr::null(), + ptr::null_mut(), -1, None, ptr::null_mut())); + + } + let buf = try!(mem_bio.read_to_end().map_err(StreamError)); + writer.write_all(buf.as_slice()).map_err(StreamError) + } + + /** + * Returns the size of the public key modulus. + */ + pub fn size(&self) -> usize { + unsafe { + ffi::RSA_size(ffi::EVP_PKEY_get1_RSA(self.evp)) as usize + } + } + + /** + * Returns whether this pkey object can perform the specified role. + */ + pub fn can(&self, r: Role) -> bool { + match r { + Role::Encrypt => + match self.parts { + Parts::Neither => false, + _ => true, + }, + Role::Verify => + match self.parts { + Parts::Neither => false, + _ => true, + }, + Role::Decrypt => + match self.parts { + Parts::Both => true, + _ => false, + }, + Role::Sign => + match self.parts { + Parts::Both => true, + _ => false, + }, + } + } + + /** + * Returns the maximum amount of data that can be encrypted by an encrypt() + * call. + */ + pub fn max_data(&self) -> usize { + unsafe { + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + let len = ffi::RSA_size(rsa); + + // 41 comes from RSA_public_encrypt(3) for OAEP + len as usize - 41 + } + } + + pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> { + unsafe { + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + let len = ffi::RSA_size(rsa); + + assert!(s.len() < self.max_data()); + + let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); + + let rv = ffi::RSA_public_encrypt( + s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); + + if rv < 0 as c_int { + vec!() + } else { + r.truncate(rv as usize); + r + } + } + } + + pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> { + unsafe { + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + let len = ffi::RSA_size(rsa); + + assert_eq!(s.len() as c_int, ffi::RSA_size(rsa)); + + let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); + + let rv = ffi::RSA_private_decrypt( + s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); + + if rv < 0 as c_int { + vec!() + } else { + r.truncate(rv as usize); + r + } + } + } + + /** + * Encrypts data using OAEP padding, returning the encrypted data. The + * supplied data must not be larger than max_data(). + */ + pub fn encrypt(&self, s: &[u8]) -> Vec<u8> { self.encrypt_with_padding(s, EncryptionPadding::OAEP) } + + /** + * Decrypts data, expecting OAEP padding, returning the decrypted data. + */ + pub fn decrypt(&self, s: &[u8]) -> Vec<u8> { self.decrypt_with_padding(s, EncryptionPadding::OAEP) } + + /** + * Signs data, using OpenSSL's default scheme and sha256. Unlike encrypt(), + * can process an arbitrary amount of data; returns the signature. + */ + pub fn sign(&self, s: &[u8]) -> Vec<u8> { self.sign_with_hash(s, HashType::SHA256) } + + /** + * Verifies a signature s (using OpenSSL's default scheme and sha256) on a + * message m. Returns true if the signature is valid, and false otherwise. + */ + pub fn verify(&self, m: &[u8], s: &[u8]) -> bool { self.verify_with_hash(m, s, HashType::SHA256) } + + pub fn sign_with_hash(&self, s: &[u8], hash: hash::Type) -> Vec<u8> { + unsafe { + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + let len = ffi::RSA_size(rsa); + let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); + + let mut len = 0; + let rv = ffi::RSA_sign( + openssl_hash_nid(hash), + s.as_ptr(), + s.len() as c_uint, + r.as_mut_ptr(), + &mut len, + rsa); + + if rv < 0 as c_int { + vec!() + } else { + r.truncate(len as usize); + r + } + } + } + + pub fn verify_with_hash(&self, m: &[u8], s: &[u8], hash: hash::Type) -> bool { + unsafe { + let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); + + let rv = ffi::RSA_verify( + openssl_hash_nid(hash), + m.as_ptr(), + m.len() as c_uint, + s.as_ptr(), + s.len() as c_uint, + rsa + ); + + rv == 1 as c_int + } + } + + pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY { + return self.evp + } +} + +impl Drop for PKey { + fn drop(&mut self) { + unsafe { + ffi::EVP_PKEY_free(self.evp); + } + } +} + +#[cfg(test)] +mod tests { + use crypto::hash::Type::{MD5, SHA1}; + + #[test] + fn test_gen_pub() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + k0.gen(512); + k1.load_pub(k0.save_pub().as_slice()); + assert_eq!(k0.save_pub(), k1.save_pub()); + assert_eq!(k0.size(), k1.size()); + assert!(k0.can(super::Role::Encrypt)); + assert!(k0.can(super::Role::Decrypt)); + assert!(k0.can(super::Role::Verify)); + assert!(k0.can(super::Role::Sign)); + assert!(k1.can(super::Role::Encrypt)); + assert!(!k1.can(super::Role::Decrypt)); + assert!(k1.can(super::Role::Verify)); + assert!(!k1.can(super::Role::Sign)); + } + + #[test] + fn test_gen_priv() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + k0.gen(512); + k1.load_priv(k0.save_priv().as_slice()); + assert_eq!(k0.save_priv(), k1.save_priv()); + assert_eq!(k0.size(), k1.size()); + assert!(k0.can(super::Role::Encrypt)); + assert!(k0.can(super::Role::Decrypt)); + assert!(k0.can(super::Role::Verify)); + assert!(k0.can(super::Role::Sign)); + assert!(k1.can(super::Role::Encrypt)); + assert!(k1.can(super::Role::Decrypt)); + assert!(k1.can(super::Role::Verify)); + assert!(k1.can(super::Role::Sign)); + } + + #[test] + fn test_encrypt() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + k0.gen(512); + k1.load_pub(k0.save_pub().as_slice()); + let emsg = k1.encrypt(msg.as_slice()); + let dmsg = k0.decrypt(emsg.as_slice()); + assert!(msg == dmsg); + } + + #[test] + fn test_encrypt_pkcs() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + k0.gen(512); + k1.load_pub(k0.save_pub().as_slice()); + let emsg = k1.encrypt_with_padding(msg.as_slice(), super::EncryptionPadding::PKCS1v15); + let dmsg = k0.decrypt_with_padding(emsg.as_slice(), super::EncryptionPadding::PKCS1v15); + assert!(msg == dmsg); + } + + #[test] + fn test_sign() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + k0.gen(512); + k1.load_pub(k0.save_pub().as_slice()); + let sig = k0.sign(msg.as_slice()); + let rv = k1.verify(msg.as_slice(), sig.as_slice()); + assert!(rv == true); + } + + #[test] + fn test_sign_hashes() { + let mut k0 = super::PKey::new(); + let mut k1 = super::PKey::new(); + let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + k0.gen(512); + k1.load_pub(k0.save_pub().as_slice()); + + let sig = k0.sign_with_hash(msg.as_slice(), MD5); + + assert!(k1.verify_with_hash(msg.as_slice(), sig.as_slice(), MD5)); + assert!(!k1.verify_with_hash(msg.as_slice(), sig.as_slice(), SHA1)); + } +} diff --git a/openssl/src/crypto/rand.rs b/openssl/src/crypto/rand.rs new file mode 100644 index 00000000..dc338a3d --- /dev/null +++ b/openssl/src/crypto/rand.rs @@ -0,0 +1,27 @@ +use libc::c_int; +use ffi; + +pub fn rand_bytes(len: usize) -> Vec<u8> { + unsafe { + let mut out = Vec::with_capacity(len); + + ffi::init(); + let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int); + if r != 1 as c_int { panic!() } + + out.set_len(len); + + out + } +} + +#[cfg(test)] +mod tests { + use super::rand_bytes; + + #[test] + fn test_rand_bytes() { + let bytes = rand_bytes(32); + println!("{:?}", bytes); + } +} diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs new file mode 100644 index 00000000..922137c0 --- /dev/null +++ b/openssl/src/crypto/symm.rs @@ -0,0 +1,314 @@ +use std::iter::repeat; +use libc::{c_int}; + +use ffi; + +#[derive(Copy)] +pub enum Mode { + Encrypt, + Decrypt, +} + +#[allow(non_camel_case_types)] +#[derive(Copy)] +pub enum Type { + AES_128_ECB, + AES_128_CBC, + /// Requires the `aes_xts` feature + #[cfg(feature = "aes_xts")] + AES_128_XTS, + // AES_128_CTR, + //AES_128_GCM, + + AES_256_ECB, + AES_256_CBC, + /// Requires the `aes_xts` feature + #[cfg(feature = "aes_xts")] + AES_256_XTS, + // AES_256_CTR, + //AES_256_GCM, + + RC4_128, +} + +fn evpc(t: Type) -> (*const ffi::EVP_CIPHER, u32, u32) { + unsafe { + match t { + Type::AES_128_ECB => (ffi::EVP_aes_128_ecb(), 16, 16), + Type::AES_128_CBC => (ffi::EVP_aes_128_cbc(), 16, 16), + #[cfg(feature = "aes_xts")] + Type::AES_128_XTS => (ffi::EVP_aes_128_xts(), 32, 16), + // AES_128_CTR => (EVP_aes_128_ctr(), 16, 0), + //AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), + + Type::AES_256_ECB => (ffi::EVP_aes_256_ecb(), 32, 16), + Type::AES_256_CBC => (ffi::EVP_aes_256_cbc(), 32, 16), + #[cfg(feature = "aes_xts")] + Type::AES_256_XTS => (ffi::EVP_aes_256_xts(), 64, 16), + // AES_256_CTR => (EVP_aes_256_ctr(), 32, 0), + //AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), + + Type::RC4_128 => (ffi::EVP_rc4(), 16, 0), + } + } +} + +/// Represents a symmetric cipher context. +pub struct Crypter { + evp: *const ffi::EVP_CIPHER, + ctx: *mut ffi::EVP_CIPHER_CTX, + keylen: u32, + blocksize: u32, +} + +impl Crypter { + pub fn new(t: Type) -> Crypter { + ffi::init(); + + let ctx = unsafe { ffi::EVP_CIPHER_CTX_new() }; + let (evp, keylen, blocksz) = evpc(t); + Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz } + } + + /** + * Enables or disables padding. If padding is disabled, total amount of + * data encrypted must be a multiple of block size. + */ + pub fn pad(&self, padding: bool) { + if self.blocksize > 0 { + unsafe { + let v = if padding { 1 as c_int } else { 0 }; + ffi::EVP_CIPHER_CTX_set_padding(self.ctx, v); + } + } + } + + /** + * Initializes this crypter. + */ + pub fn init(&self, mode: Mode, key: &[u8], iv: Vec<u8>) { + unsafe { + let mode = match mode { + Mode::Encrypt => 1 as c_int, + Mode::Decrypt => 0 as c_int, + }; + assert_eq!(key.len(), self.keylen as usize); + + ffi::EVP_CipherInit( + self.ctx, + self.evp, + key.as_ptr(), + iv.as_ptr(), + mode + ); + } + } + + /** + * Update this crypter with more data to encrypt or decrypt. Returns + * encrypted or decrypted bytes. + */ + pub fn update(&self, data: &[u8]) -> Vec<u8> { + unsafe { + let sum = data.len() + (self.blocksize as usize); + let mut res = repeat(0u8).take(sum).collect::<Vec<_>>(); + let mut reslen = sum as c_int; + + ffi::EVP_CipherUpdate( + self.ctx, + res.as_mut_ptr(), + &mut reslen, + data.as_ptr(), + data.len() as c_int + ); + + res.truncate(reslen as usize); + res + } + } + + /** + * Finish crypting. Returns the remaining partial block of output, if any. + */ + pub fn finalize(&self) -> Vec<u8> { + unsafe { + let mut res = repeat(0u8).take(self.blocksize as usize).collect::<Vec<_>>(); + let mut reslen = self.blocksize as c_int; + + ffi::EVP_CipherFinal(self.ctx, + res.as_mut_ptr(), + &mut reslen); + + res.truncate(reslen as usize); + res + } + } +} + +impl Drop for Crypter { + fn drop(&mut self) { + unsafe { + ffi::EVP_CIPHER_CTX_free(self.ctx); + } + } +} + +/** + * Encrypts data, using the specified crypter type in encrypt mode with the + * specified key and iv; returns the resulting (encrypted) data. + */ +pub fn encrypt(t: Type, key: &[u8], iv: Vec<u8>, data: &[u8]) -> Vec<u8> { + let c = Crypter::new(t); + c.init(Mode::Encrypt, key, iv); + let mut r = c.update(data); + let rest = c.finalize(); + r.extend(rest.into_iter()); + r +} + +/** + * Decrypts data, using the specified crypter type in decrypt mode with the + * specified key and iv; returns the resulting (decrypted) data. + */ +pub fn decrypt(t: Type, key: &[u8], iv: Vec<u8>, data: &[u8]) -> Vec<u8> { + let c = Crypter::new(t); + c.init(Mode::Decrypt, key, iv); + let mut r = c.update(data); + let rest = c.finalize(); + r.extend(rest.into_iter()); + r +} + +#[cfg(test)] +mod tests { + use serialize::hex::FromHex; + + // Test vectors from FIPS-197: + // http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf + #[test] + fn test_aes_256_ecb() { + let k0 = + vec!(0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, + 0x08u8, 0x09u8, 0x0au8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, + 0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8, 0x16u8, 0x17u8, + 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8); + let p0 = + vec!(0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, + 0x88u8, 0x99u8, 0xaau8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8); + let c0 = + vec!(0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, + 0xeau8, 0xfcu8, 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8); + let c = super::Crypter::new(super::Type::AES_256_ECB); + c.init(super::Mode::Encrypt, k0.as_slice(), vec![]); + c.pad(false); + let mut r0 = c.update(p0.as_slice()); + r0.extend(c.finalize().into_iter()); + assert!(r0 == c0); + c.init(super::Mode::Decrypt, k0.as_slice(), vec![]); + c.pad(false); + let mut p1 = c.update(r0.as_slice()); + p1.extend(c.finalize().into_iter()); + assert!(p1 == p0); + } + + #[test] + fn test_aes_256_cbc_decrypt() { + let cr = super::Crypter::new(super::Type::AES_256_CBC); + let iv = vec![ + 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, + 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8 + ]; + let data = [ + 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, + 241_u8, 242_u8, 31_u8, 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, + 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, + 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8 + ]; + let ciphered_data = [ + 0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8, + 0xea_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8 + ]; + cr.init(super::Mode::Decrypt, &data, iv); + cr.pad(false); + let unciphered_data_1 = cr.update(&ciphered_data); + let unciphered_data_2 = cr.finalize(); + + let expected_unciphered_data = b"I love turtles.\x01"; + + assert!(unciphered_data_2.len() == 0); + + assert_eq!( + unciphered_data_1.as_slice(), + expected_unciphered_data + ); + } + + fn cipher_test(ciphertype: super::Type, pt: &str, ct: &str, key: &str, iv: &str) { + use serialize::hex::ToHex; + + let cipher = super::Crypter::new(ciphertype); + cipher.init(super::Mode::Encrypt, key.from_hex().unwrap().as_slice(), iv.from_hex().unwrap()); + + let expected = ct.from_hex().unwrap().as_slice().to_vec(); + let mut computed = cipher.update(pt.from_hex().unwrap().as_slice()); + computed.extend(cipher.finalize().into_iter()); + + if computed != expected { + println!("Computed: {}", computed.as_slice().to_hex()); + println!("Expected: {}", expected.as_slice().to_hex()); + if computed.len() != expected.len() { + println!("Lengths differ: {} in computed vs {} expected", + computed.len(), expected.len()); + } + panic!("test failure"); + } + } + + #[test] + fn test_rc4() { + + let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000"; + let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4"; + let key = "97CD440324DA5FD1F7955C1C13B6B466"; + let iv = ""; + + cipher_test(super::Type::RC4_128, pt, ct, key, iv); + } + + #[test] + #[cfg(feature = "aes_xts")] + fn test_aes256_xts() { + // Test case 174 from + // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip + let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f6503f462611dc542"; + let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e84f0b81d8725dbbc7"; + let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b4180026ad640b74243b3133e7b9fae629403f6733423dae28"; + let iv = "db200efb7eaaa737dbdf40babb68953f"; + + cipher_test(super::Type::AES_256_XTS, pt, ct, key, iv); + } + + /*#[test] + fn test_aes128_ctr() { + + let pt = ~"6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; + let ct = ~"874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E5B4F09020DB03EAB1E031DDA2FBE03D1792170A0F3009CEE"; + let key = ~"2B7E151628AED2A6ABF7158809CF4F3C"; + let iv = ~"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF"; + + cipher_test(super::AES_128_CTR, pt, ct, key, iv); + }*/ + + /*#[test] + fn test_aes128_gcm() { + // Test case 3 in GCM spec + let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; + let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4"; + let key = ~"feffe9928665731c6d6a8f9467308308"; + let iv = ~"cafebabefacedbaddecaf888"; + + cipher_test(super::AES_128_GCM, pt, ct, key, iv); + }*/ +} |