diff options
Diffstat (limited to 'openssl/src/crypto')
| -rw-r--r-- | openssl/src/crypto/hash.rs | 77 | ||||
| -rw-r--r-- | openssl/src/crypto/hmac.rs | 372 | ||||
| -rw-r--r-- | openssl/src/crypto/mod.rs | 33 | ||||
| -rw-r--r-- | openssl/src/crypto/pkcs5.rs | 377 | ||||
| -rw-r--r-- | openssl/src/crypto/pkey.rs | 259 | ||||
| -rw-r--r-- | openssl/src/crypto/rand.rs | 4 | ||||
| -rw-r--r-- | openssl/src/crypto/symm.rs | 130 | ||||
| -rw-r--r-- | openssl/src/crypto/symm_internal.rs | 4 |
8 files changed, 619 insertions, 637 deletions
diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs index 801d8ca5..78465851 100644 --- a/openssl/src/crypto/hash.rs +++ b/openssl/src/crypto/hash.rs @@ -14,7 +14,7 @@ pub enum Type { SHA256, SHA384, SHA512, - RIPEMD160 + RIPEMD160, } impl Type { @@ -112,7 +112,12 @@ impl Hasher { }; let md = ty.evp_md(); - let mut h = Hasher { ctx: ctx, md: md, type_: ty, state: Finalized }; + let mut h = Hasher { + ctx: ctx, + md: md, + type_: ty, + state: Finalized, + }; h.init(); h } @@ -121,7 +126,9 @@ impl Hasher { fn init(&mut self) { match self.state { Reset => return, - Updated => { self.finalize(); }, + Updated => { + self.finalize(); + } Finalized => (), } unsafe { @@ -137,8 +144,7 @@ impl Hasher { self.init(); } unsafe { - let r = ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(), - data.len() as c_uint); + let r = ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(), data.len() as c_uint); assert_eq!(r, 1); } self.state = Updated; @@ -190,7 +196,12 @@ impl Clone for Hasher { assert_eq!(r, 1); ctx }; - Hasher { ctx: ctx, md: self.md, type_: self.type_, state: self.state } + Hasher { + ctx: ctx, + md: self.md, + type_: self.type_, + state: self.state, + } } } @@ -233,21 +244,32 @@ mod tests { // Test vectors from http://www.nsrl.nist.gov/testdata/ #[allow(non_upper_case_globals)] - const md5_tests: [(&'static str, &'static str); 13] = [ - ("", "d41d8cd98f00b204e9800998ecf8427e"), - ("7F", "83acb6e67e50e31db6ed341dd2de1595"), - ("EC9C", "0b07f0d4ca797d8ac58874f887cb0b68"), - ("FEE57A", "e0d583171eb06d56198fc0ef22173907"), - ("42F497E0", "7c430f178aefdf1487fee7144e9641e2"), - ("C53B777F1C", "75ef141d64cb37ec423da2d9d440c925"), - ("89D5B576327B", "ebbaf15eb0ed784c6faa9dc32831bf33"), - ("5D4CCE781EB190", "ce175c4b08172019f05e6b5279889f2c"), - ("81901FE94932D7B9", "cd4d2f62b8cdb3a0cf968a735a239281"), - ("C9FFDEE7788EFB4EC9", "e0841a231ab698db30c6c0f3f246c014"), - ("66AC4B7EBA95E53DC10B", "a3b3cea71910d9af56742aa0bb2fe329"), - ("A510CD18F7A56852EB0319", "577e216843dd11573574d3fb209b97d8"), - ("AAED18DBE8938C19ED734A8D", "6f80fb775f27e0a4ce5c2f42fc72c5f1") - ]; + const md5_tests: [(&'static str, &'static str); 13] = [("", + "d41d8cd98f00b204e9800998ecf8427e"), + ("7F", + "83acb6e67e50e31db6ed341dd2de1595"), + ("EC9C", + "0b07f0d4ca797d8ac58874f887cb0b68"), + ("FEE57A", + "e0d583171eb06d56198fc0ef22173907"), + ("42F497E0", + "7c430f178aefdf1487fee7144e9641e2"), + ("C53B777F1C", + "75ef141d64cb37ec423da2d9d440c925"), + ("89D5B576327B", + "ebbaf15eb0ed784c6faa9dc32831bf33"), + ("5D4CCE781EB190", + "ce175c4b08172019f05e6b5279889f2c"), + ("81901FE94932D7B9", + "cd4d2f62b8cdb3a0cf968a735a239281"), + ("C9FFDEE7788EFB4EC9", + "e0841a231ab698db30c6c0f3f246c014"), + ("66AC4B7EBA95E53DC10B", + "a3b3cea71910d9af56742aa0bb2fe329"), + ("A510CD18F7A56852EB0319", + "577e216843dd11573574d3fb209b97d8"), + ("AAED18DBE8938C19ED734A8D", + "6f80fb775f27e0a4ce5c2f42fc72c5f1")]; #[test] fn test_md5() { @@ -305,9 +327,7 @@ mod tests { #[test] fn test_sha1() { - let tests = [ - ("616263", "a9993e364706816aba3e25717850c26c9cd0d89d"), - ]; + let tests = [("616263", "a9993e364706816aba3e25717850c26c9cd0d89d")]; for test in tests.iter() { hash_test(Type::SHA1, test); @@ -316,9 +336,8 @@ mod tests { #[test] fn test_sha256() { - let tests = [ - ("616263", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad") - ]; + let tests = [("616263", + "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")]; for test in tests.iter() { hash_test(Type::SHA256, test); @@ -327,9 +346,7 @@ mod tests { #[test] fn test_ripemd160() { - let tests = [ - ("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc") - ]; + let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")]; for test in tests.iter() { hash_test(Type::RIPEMD160, test); diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs index 2c329c1b..866087b0 100644 --- a/openssl/src/crypto/hmac.rs +++ b/openssl/src/crypto/hmac.rs @@ -1,18 +1,17 @@ -/* - * Copyright 2013 Jack Lloyd - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2013 Jack Lloyd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// use libc::{c_int, c_uint}; use std::iter::repeat; @@ -81,7 +80,11 @@ impl HMAC { }; let md = ty.evp_md(); - let mut h = HMAC { ctx: ctx, type_: ty, state: Finalized }; + let mut h = HMAC { + ctx: ctx, + type_: ty, + state: Finalized, + }; h.init_once(md, key); h } @@ -92,7 +95,8 @@ impl HMAC { let r = ffi_extras::HMAC_Init_ex(&mut self.ctx, key.as_ptr(), key.len() as c_int, - md, 0 as *const _); + md, + 0 as *const _); assert_eq!(r, 1); } self.state = Reset; @@ -102,15 +106,19 @@ impl HMAC { fn init(&mut self) { match self.state { Reset => return, - Updated => { self.finalize(); }, + Updated => { + self.finalize(); + } Finalized => (), } // If the key and/or md is not supplied it's reused from the last time // avoiding redundant initializations unsafe { let r = ffi_extras::HMAC_Init_ex(&mut self.ctx, - 0 as *const _, 0, - 0 as *const _, 0 as *const _); + 0 as *const _, + 0, + 0 as *const _, + 0 as *const _); assert_eq!(r, 1); } self.state = Reset; @@ -173,7 +181,11 @@ impl Clone for HMAC { let r = ffi_extras::HMAC_CTX_copy(&mut ctx, &self.ctx); assert_eq!(r, 1); } - HMAC { ctx: ctx, type_: self.type_, state: self.state } + HMAC { + ctx: ctx, + type_: self.type_, + state: self.state, + } } } @@ -221,43 +233,45 @@ mod tests { #[test] fn test_hmac_md5() { // test vectors from RFC 2202 - let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [ - (repeat(0x0b_u8).take(16).collect(), b"Hi There".to_vec(), - "9294727a3638bb1c13f48ef8158bfc9d".from_hex().unwrap()), - (b"Jefe".to_vec(), - b"what do ya want for nothing?".to_vec(), - "750c783e6ab0b503eaa86e310a5db738".from_hex().unwrap()), - (repeat(0xaa_u8).take(16).collect(), repeat(0xdd_u8).take(50).collect(), - "56be34521d144c88dbb8c733f0e8b3f6".from_hex().unwrap()), - ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), - repeat(0xcd_u8).take(50).collect(), - "697eaf0aca3a3aea3a75164746ffaa79".from_hex().unwrap()), - (repeat(0x0c_u8).take(16).collect(), - b"Test With Truncation".to_vec(), - "56461ef2342edc00f9bab995690efd4c".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()) - ]; + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = + [(repeat(0x0b_u8).take(16).collect(), + b"Hi There".to_vec(), + "9294727a3638bb1c13f48ef8158bfc9d".from_hex().unwrap()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec(), + "750c783e6ab0b503eaa86e310a5db738".from_hex().unwrap()), + (repeat(0xaa_u8).take(16).collect(), + repeat(0xdd_u8).take(50).collect(), + "56be34521d144c88dbb8c733f0e8b3f6".from_hex().unwrap()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect(), + "697eaf0aca3a3aea3a75164746ffaa79".from_hex().unwrap()), + (repeat(0x0c_u8).take(16).collect(), + b"Test With Truncation".to_vec(), + "56461ef2342edc00f9bab995690efd4c".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; test_hmac(MD5, &tests); } #[test] fn test_hmac_md5_recycle() { - let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [ - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()) - ]; + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = + [(repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; let mut h = HMAC::new(MD5, &*tests[0].0); for i in 0..100usize { @@ -283,15 +297,15 @@ mod tests { #[test] fn test_clone() { - let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [ - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()), - ]; + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = + [(repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; let p = tests[0].0.len() / 2; let h0 = HMAC::new(Type::MD5, &*tests[0].0); @@ -319,43 +333,45 @@ mod tests { #[test] fn test_hmac_sha1() { // test vectors from RFC 2202 - let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [ - (repeat(0x0b_u8).take(20).collect(), b"Hi There".to_vec(), - "b617318655057264e28bc0b6fb378c8ef146be00".from_hex().unwrap()), - (b"Jefe".to_vec(), - b"what do ya want for nothing?".to_vec(), - "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79".from_hex().unwrap()), - (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect(), - "125d7342b9ac11cd91a39af48aa17b4f63f175d3".from_hex().unwrap()), - ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), - repeat(0xcd_u8).take(50).collect(), - "4c9007f4026250c6bc8414f9bf50c86c2d7235da".from_hex().unwrap()), - (repeat(0x0c_u8).take(20).collect(), - b"Test With Truncation".to_vec(), - "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap()) - ]; + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = + [(repeat(0x0b_u8).take(20).collect(), + b"Hi There".to_vec(), + "b617318655057264e28bc0b6fb378c8ef146be00".from_hex().unwrap()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec(), + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79".from_hex().unwrap()), + (repeat(0xaa_u8).take(20).collect(), + repeat(0xdd_u8).take(50).collect(), + "125d7342b9ac11cd91a39af48aa17b4f63f175d3".from_hex().unwrap()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect(), + "4c9007f4026250c6bc8414f9bf50c86c2d7235da".from_hex().unwrap()), + (repeat(0x0c_u8).take(20).collect(), + b"Test With Truncation".to_vec(), + "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())]; test_hmac(SHA1, &tests); } #[test] fn test_hmac_sha1_recycle() { - let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [ - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap()) - ]; + let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = + [(repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())]; let mut h = HMAC::new(SHA1, &*tests[0].0); for i in 0..100usize { @@ -368,20 +384,20 @@ mod tests { fn test_sha2(ty: Type, results: &[Vec<u8>]) { // test vectors from RFC 4231 - let tests: [(Vec<u8>, Vec<u8>); 6] = [ - (repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()), - (b"Jefe".to_vec(), - b"what do ya want for nothing?".to_vec()), - (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()), - ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), - repeat(0xcd_u8).take(50).collect()), - (repeat(0xaa_u8).take(131).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec()), - (repeat(0xaa_u8).take(131).collect(), - b"This is a test using a larger than block-size key and a \ + let tests: [(Vec<u8>, Vec<u8>); 6] = + [(repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()), + (b"Jefe".to_vec(), b"what do ya want for nothing?".to_vec()), + (repeat(0xaa_u8).take(20).collect(), + repeat(0xdd_u8).take(50).collect()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect()), + (repeat(0xaa_u8).take(131).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec()), + (repeat(0xaa_u8).take(131).collect(), + b"This is a test using a larger than block-size key and a \ larger than block-size data. The key needs to be hashed \ - before being used by the HMAC algorithm.".to_vec()) - ]; + before being used by the HMAC algorithm." + .to_vec())]; for (&(ref key, ref data), res) in tests.iter().zip(results.iter()) { assert_eq!(hmac(ty, &**key, &**data), *res); @@ -398,83 +414,105 @@ mod tests { #[test] fn test_hmac_sha224() { - let results = [ - "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22".from_hex().unwrap(), - "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44".from_hex().unwrap(), - "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea".from_hex().unwrap(), - "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a".from_hex().unwrap(), - "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e".from_hex().unwrap(), - "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1".from_hex().unwrap() - ]; + let results = ["896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22" + .from_hex() + .unwrap(), + "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44" + .from_hex() + .unwrap(), + "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea" + .from_hex() + .unwrap(), + "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a" + .from_hex() + .unwrap(), + "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e" + .from_hex() + .unwrap(), + "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1" + .from_hex() + .unwrap()]; test_sha2(SHA224, &results); } #[test] fn test_hmac_sha256() { - let results = [ - "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7".from_hex().unwrap(), - "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843".from_hex().unwrap(), - "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe".from_hex().unwrap(), - "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b".from_hex().unwrap(), - "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54".from_hex().unwrap(), - "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2".from_hex().unwrap() - ]; + let results = ["b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7" + .from_hex() + .unwrap(), + "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843" + .from_hex() + .unwrap(), + "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe" + .from_hex() + .unwrap(), + "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b" + .from_hex() + .unwrap(), + "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54" + .from_hex() + .unwrap(), + "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2" + .from_hex() + .unwrap()]; test_sha2(SHA256, &results); } #[test] fn test_hmac_sha384() { - let results = [ - "afd03944d84895626b0825f4ab46907f\ - 15f9dadbe4101ec682aa034c7cebc59c\ - faea9ea9076ede7f4af152e8b2fa9cb6".from_hex().unwrap(), - "af45d2e376484031617f78d2b58a6b1b\ - 9c7ef464f5a01b47e42ec3736322445e\ - 8e2240ca5e69e2c78b3239ecfab21649".from_hex().unwrap(), - "88062608d3e6ad8a0aa2ace014c8a86f\ - 0aa635d947ac9febe83ef4e55966144b\ - 2a5ab39dc13814b94e3ab6e101a34f27".from_hex().unwrap(), - "3e8a69b7783c25851933ab6290af6ca7\ - 7a9981480850009cc5577c6e1f573b4e\ - 6801dd23c4a7d679ccf8a386c674cffb".from_hex().unwrap(), - "4ece084485813e9088d2c63a041bc5b4\ - 4f9ef1012a2b588f3cd11f05033ac4c6\ - 0c2ef6ab4030fe8296248df163f44952".from_hex().unwrap(), - "6617178e941f020d351e2f254e8fd32c\ - 602420feb0b8fb9adccebb82461e99c5\ - a678cc31e799176d3860e6110c46523e".from_hex().unwrap() - ]; + let results = ["afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea90\ + 76ede7f4af152e8b2fa9cb6" + .from_hex() + .unwrap(), + "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5\ + e69e2c78b3239ecfab21649" + .from_hex() + .unwrap(), + "88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc\ + 13814b94e3ab6e101a34f27" + .from_hex() + .unwrap(), + "3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c\ + 4a7d679ccf8a386c674cffb" + .from_hex() + .unwrap(), + "4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4\ + 030fe8296248df163f44952" + .from_hex() + .unwrap(), + "6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e\ + 799176d3860e6110c46523e" + .from_hex() + .unwrap()]; test_sha2(SHA384, &results); } #[test] fn test_hmac_sha512() { - let results = [ - "87aa7cdea5ef619d4ff0b4241a1d6cb0\ - 2379f4e2ce4ec2787ad0b30545e17cde\ - daa833b7d6b8a702038b274eaea3f4e4\ - be9d914eeb61f1702e696c203a126854".from_hex().unwrap(), - "164b7a7bfcf819e2e395fbe73b56e0a3\ - 87bd64222e831fd610270cd7ea250554\ - 9758bf75c05a994a6d034f65f8f0e6fd\ - caeab1a34d4a6b4b636e070a38bce737".from_hex().unwrap(), - "fa73b0089d56a284efb0f0756c890be9\ - b1b5dbdd8ee81a3655f83e33b2279d39\ - bf3e848279a722c806b485a47e67c807\ - b946a337bee8942674278859e13292fb".from_hex().unwrap(), - "b0ba465637458c6990e5a8c5f61d4af7\ - e576d97ff94b872de76f8050361ee3db\ - a91ca5c11aa25eb4d679275cc5788063\ - a5f19741120c4f2de2adebeb10a298dd".from_hex().unwrap(), - "80b24263c7c1a3ebb71493c1dd7be8b4\ - 9b46d1f41b4aeec1121b013783f8f352\ - 6b56d037e05f2598bd0fd2215d6a1e52\ - 95e64f73f63f0aec8b915a985d786598".from_hex().unwrap(), - "e37b6a775dc87dbaa4dfa9f96e5e3ffd\ - debd71f8867289865df5a32d20cdc944\ - b6022cac3c4982b10d5eeb55c3e4de15\ - 134676fb6de0446065c97440fa8c6a58".from_hex().unwrap() - ]; + let results = ["87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d\ + 6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854" + .from_hex() + .unwrap(), + "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c\ + 05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737" + .from_hex() + .unwrap(), + "fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e84827\ + 9a722c806b485a47e67c807b946a337bee8942674278859e13292fb" + .from_hex() + .unwrap(), + "b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11\ + aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd" + .from_hex() + .unwrap(), + "80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e\ + 05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598" + .from_hex() + .unwrap(), + "e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3\ + c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58" + .from_hex() + .unwrap()]; test_sha2(SHA512, &results); } } diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index a33c5eb8..0868ee95 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -1,19 +1,18 @@ -/* - * Copyright 2011 Google Inc. - * 2013 Jack Lloyd - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2011 Google Inc. +// 2013 Jack Lloyd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// pub mod hash; pub mod hmac; @@ -23,4 +22,4 @@ pub mod rand; pub mod symm; pub mod memcmp; -mod symm_internal;
\ No newline at end of file +mod symm_internal; diff --git a/openssl/src/crypto/pkcs5.rs b/openssl/src/crypto/pkcs5.rs index 07e86fb1..0ba005cc 100644 --- a/openssl/src/crypto/pkcs5.rs +++ b/openssl/src/crypto/pkcs5.rs @@ -7,10 +7,9 @@ use crypto::symm; use ffi; #[derive(Clone, Eq, PartialEq, Hash, Debug)] -pub struct KeyIvPair -{ +pub struct KeyIvPair { pub key: Vec<u8>, - pub iv: Vec<u8> + pub iv: Vec<u8>, } /// Derives a key and an IV from various parameters. @@ -23,9 +22,12 @@ pub struct KeyIvPair /// /// New applications should not use this and instead use `pbkdf2_hmac_sha1` or /// another more modern key derivation algorithm. -pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, message_digest_type: hash::Type, - data: &[u8], salt: Option<&[u8]>, - count: u32) -> KeyIvPair { +pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, + message_digest_type: hash::Type, + data: &[u8], + salt: Option<&[u8]>, + count: u32) + -> KeyIvPair { unsafe { @@ -33,8 +35,8 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, message_digest_type: Some(salt) => { assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize); salt.as_ptr() - }, - None => null() + } + None => null(), }; ffi::init(); @@ -56,11 +58,8 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, message_digest_type: key.as_mut_ptr(), iv.as_mut_ptr()); assert!(ret == keylen as c_int); - - KeyIvPair { - key: key, - iv: iv - } + + KeyIvPair { key: key, iv: iv } } } @@ -74,13 +73,17 @@ pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> ffi::init(); - let r = ffi::PKCS5_PBKDF2_HMAC_SHA1( - pass.as_ptr(), pass.len() as c_int, - salt.as_ptr(), salt.len() as c_int, - iter as c_int, keylen as c_int, - out.as_mut_ptr()); + let r = ffi::PKCS5_PBKDF2_HMAC_SHA1(pass.as_ptr(), + pass.len() as c_int, + salt.as_ptr(), + salt.len() as c_int, + iter as c_int, + keylen as c_int, + out.as_mut_ptr()); - if r != 1 { panic!(); } + if r != 1 { + panic!(); + } out.set_len(keylen); @@ -102,7 +105,12 @@ pub fn pbkdf2_hmac_sha512(pass: &str, salt: &[u8], iter: usize, keylen: usize) - /// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function. #[cfg(feature = "pkcs5_pbkdf2_hmac")] -fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP_MD, keylen: usize) -> Vec<u8> { +fn pbkdf2_hmac_sha(pass: &str, + salt: &[u8], + iter: usize, + digest: *const ffi::EVP_MD, + keylen: usize) + -> Vec<u8> { unsafe { assert!(iter >= 1); assert!(keylen >= 1); @@ -111,13 +119,18 @@ fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP ffi::init(); - let r = ffi::PKCS5_PBKDF2_HMAC( - pass.as_ptr(), pass.len() as c_int, - salt.as_ptr(), salt.len() as c_int, - iter as c_int, digest, keylen as c_int, - out.as_mut_ptr()); - - if r != 1 { panic!(); } + let r = ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr(), + pass.len() as c_int, + salt.as_ptr(), + salt.len() as c_int, + iter as c_int, + digest, + keylen as c_int, + out.as_mut_ptr()); + + if r != 1 { + panic!(); + } out.set_len(keylen); @@ -134,90 +147,38 @@ mod tests { // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 #[test] fn test_pbkdf2_hmac_sha1() { - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 1, - 20 - ), - vec!( - 0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, - 0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, - 0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 2, - 20 - ), - vec!( - 0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, - 0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, - 0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 4096, - 20 - ), - vec!( - 0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, - 0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, - 0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 16777216, - 20 - ), - vec!( - 0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, - 0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, - 0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "passwordPASSWORDpassword", - "saltSALTsaltSALTsaltSALTsaltSALTsalt".as_bytes(), - 4096, - 25 - ), - vec!( - 0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, - 0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, - 0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, - 0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "pass\x00word", - "sa\x00lt".as_bytes(), - 4096, - 16 - ), - vec!( - 0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, - 0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, - 0xe0_u8, 0xc3_u8 - ) - ); + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 1, 20), + vec![0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, 0x71_u8, + 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, 0x12_u8, 0x06_u8, + 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 2, 20), + vec![0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, 0x8c_u8, + 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, 0x41_u8, 0xf0_u8, + 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 4096, 20), + vec![0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, 0x9a_u8, + 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, 0x21_u8, 0xd0_u8, + 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 16777216, 20), + vec![0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, 0xe4_u8, + 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, 0x15_u8, 0x8c_u8, + 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("passwordPASSWORDpassword", + "saltSALTsaltSALTsaltSALTsaltSALTsalt".as_bytes(), + 4096, + 25), + vec![0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, 0x9b_u8, + 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, 0xe4_u8, 0x4a_u8, + 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, 0xf2_u8, 0xf0_u8, 0x70_u8, + 0x38_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("pass\x00word", "sa\x00lt".as_bytes(), 4096, 16), + vec![0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, 0x9d_u8, + 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, 0xe0_u8, 0xc3_u8]); } // Test vectors from @@ -225,33 +186,13 @@ mod tests { #[test] #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha256() { - assert_eq!( - super::pbkdf2_hmac_sha256( - "passwd", - "salt".as_bytes(), - 1, - 16 - ), - vec!( - 0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, - 0x9f_u8, 0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, - 0xb6_u8, 0x05_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha256( - "Password", - "NaCl".as_bytes(), - 80000, - 16 - ), - vec!( - 0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, - 0x21_u8, 0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, - 0x01_u8, 0xf9_u8 - ) - ); + assert_eq!(super::pbkdf2_hmac_sha256("passwd", "salt".as_bytes(), 1, 16), + vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, + 0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]); + + assert_eq!(super::pbkdf2_hmac_sha256("Password", "NaCl".as_bytes(), 80000, 16), + vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, + 0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]); } // Test vectors from @@ -259,109 +200,67 @@ mod tests { #[test] #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha512() { - assert_eq!( - super::pbkdf2_hmac_sha512( - "password", - "NaCL".as_bytes(), - 1, - 64 - ), - vec!( - 0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, - 0x4f_u8, 0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, - 0xb8_u8, 0x8b_u8, 0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, - 0xcf_u8, 0xb5_u8, 0x0c_u8, 0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, - 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, 0xf8_u8, 0x14_u8, 0x8e_u8, - 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, 0xb2_u8, 0xb8_u8, - 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8, 0x60_u8, - 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8, - 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, - 0x06_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha512( - "pass\0word", - "sa\0lt".as_bytes(), - 1, - 64 - ), - vec!( - 0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, - 0x67_u8, 0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, - 0x83_u8, 0x52_u8, 0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, - 0x56_u8, 0x3c_u8, 0x4d_u8, 0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, - 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, 0xe7_u8, 0x66_u8, 0x04_u8, - 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, 0xc9_u8, 0xf5_u8, - 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8, 0xb2_u8, - 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8, - 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, - 0xa7_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha512( - "passwordPASSWORDpassword", - "salt\0\0\0".as_bytes(), - 50, - 64 - ), - vec!( - 0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, - 0x96_u8, 0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, - 0x28_u8, 0x02_u8, 0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, - 0xf5_u8, 0xad_u8, 0xca_u8, 0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, - 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, 0x1b_u8, 0x6f_u8, 0x0b_u8, - 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, 0x54_u8, 0x12_u8, - 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8, 0x2e_u8, - 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8, - 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, - 0x39_u8 - ) - ); + assert_eq!(super::pbkdf2_hmac_sha512("password", "NaCL".as_bytes(), 1, 64), + vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, + 0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, + 0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, + 0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, + 0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, + 0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8, + 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8, + 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]); + + assert_eq!(super::pbkdf2_hmac_sha512("pass\0word", "sa\0lt".as_bytes(), 1, 64), + vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, + 0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, + 0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, + 0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, + 0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, + 0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8, + 0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8, + 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8]); + + assert_eq!(super::pbkdf2_hmac_sha512("passwordPASSWORDpassword", + "salt\0\0\0".as_bytes(), + 50, + 64), + vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, + 0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, + 0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8, + 0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, + 0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, + 0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8, + 0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8, + 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8]); } #[test] fn test_evp_bytes_to_key_pbkdf1_compatible() { - let salt = [ - 16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8 - ]; - - let data = [ - 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, - 241_u8, 242_u8, 31_u8, 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, - 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, - 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8 - ]; - - - - let expected_key = vec![ - 249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, 58_u8, - 87_u8, 234_u8, 3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, 98_u8, - 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8, 224_u8, - 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8 - ]; - let expected_iv = vec![ - 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, - 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8 - ]; - - assert_eq!( - super::evp_bytes_to_key_pbkdf1_compatible( - symm::Type::AES_256_CBC, - hash::Type::SHA1, - &data, - Some(&salt), - 1 - ), - super::KeyIvPair { - key: expected_key, - iv: expected_iv - } - ); + let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8]; + + let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, + 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, + 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, + 65_u8, 207_u8]; + + + + let expected_key = vec![249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, + 58_u8, 87_u8, 234_u8, 3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, + 98_u8, 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8, + 224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8]; + let expected_iv = vec![4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, + 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8]; + + assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(symm::Type::AES_256_CBC, + hash::Type::SHA1, + &data, + Some(&salt), + 1), + super::KeyIvPair { + key: expected_key, + iv: expected_iv, + }); } } diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 741c6749..10891224 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -4,7 +4,7 @@ use std::io::prelude::*; use std::iter::repeat; use std::mem; use std::ptr; -use bio::{MemBio}; +use bio::MemBio; use crypto::hash; use crypto::hash::Type as HashType; use ffi; @@ -14,7 +14,7 @@ use ssl::error::{SslError, StreamError}; pub enum Parts { Neither, Public, - Both + Both, } /// Represents a role an asymmetric key might be appropriate for. @@ -23,31 +23,31 @@ pub enum Role { Encrypt, Decrypt, Sign, - Verify + Verify, } /// Type of encryption padding to use. #[derive(Copy, Clone)] pub enum EncryptionPadding { OAEP, - PKCS1v15 + PKCS1v15, } fn openssl_padding_code(padding: EncryptionPadding) -> c_int { match padding { EncryptionPadding::OAEP => 4, - EncryptionPadding::PKCS1v15 => 1 + EncryptionPadding::PKCS1v15 => 1, } } fn openssl_hash_nid(hash: HashType) -> c_int { match hash { - HashType::MD5 => 4, // NID_md5, - HashType::SHA1 => 64, // NID_sha1 - HashType::SHA224 => 675, // NID_sha224 - HashType::SHA256 => 672, // NID_sha256 - HashType::SHA384 => 673, // NID_sha384 - HashType::SHA512 => 674, // NID_sha512 + HashType::MD5 => 4, // NID_md5, + HashType::SHA1 => 64, // NID_sha1 + HashType::SHA224 => 675, // NID_sha224 + HashType::SHA256 => 672, // NID_sha256 + HashType::SHA384 => 673, // NID_sha384 + HashType::SHA512 => 674, // NID_sha512 HashType::RIPEMD160 => 117, // NID_ripemd160 } } @@ -81,32 +81,38 @@ impl PKey { } /// Reads private key from PEM, takes ownership of handle - pub fn private_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> where R: Read { + pub fn private_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(), ptr::null_mut(), - None, ptr::null_mut())); + None, + ptr::null_mut())); Ok(PKey { - evp: evp, + evp: evp, parts: Parts::Both, }) } } /// Reads public key from PEM, takes ownership of handle - pub fn public_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> where R: Read { + pub fn public_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.get_handle(), - ptr::null_mut(), - None, ptr::null_mut())); + ptr::null_mut(), + None, + ptr::null_mut())); Ok(PKey { - evp: evp, + evp: evp, parts: Parts::Public, }) } @@ -116,7 +122,9 @@ impl PKey { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); let len = f(rsa, ptr::null()); - if len < 0 as c_int { return vec!(); } + if len < 0 as c_int { + return vec![]; + } let mut s = repeat(0u8).take(len as usize).collect::<Vec<_>>(); let r = f(rsa, &s.as_mut_ptr()); @@ -127,14 +135,17 @@ impl PKey { } } - fn _fromstr(&mut self, s: &[u8], f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) -> *mut ffi::RSA) -> bool { + fn _fromstr(&mut self, + s: &[u8], + f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) + -> *mut ffi::RSA) + -> bool { unsafe { let rsa = ptr::null_mut(); f(&rsa, &s.as_ptr(), s.len() as c_uint); if !rsa.is_null() { ffi::EVP_PKEY_set1_RSA(self.evp, rsa) == 1 - } - else { + } else { false } } @@ -142,18 +153,13 @@ impl PKey { pub fn gen(&mut self, keysz: usize) { unsafe { - let rsa = ffi::RSA_generate_key( - keysz as c_int, - 65537 as c_ulong, - ptr::null(), - ptr::null() - ); + let rsa = ffi::RSA_generate_key(keysz as c_int, + 65537 as c_ulong, + ptr::null(), + ptr::null()); // XXX: 6 == NID_rsaEncryption - ffi::EVP_PKEY_assign( - self.evp, - 6 as c_int, - mem::transmute(rsa)); + ffi::EVP_PKEY_assign(self.evp, 6 as c_int, mem::transmute(rsa)); self.parts = Parts::Both; } @@ -194,11 +200,18 @@ impl PKey { /// Stores private key as a PEM // FIXME: also add password and encryption - pub fn write_pem<W: Write>(&self, writer: &mut W/*, password: Option<String>*/) -> Result<(), SslError> { + pub fn write_pem<W: Write>(&self, + writer: &mut W /* , password: Option<String> */) + -> Result<(), SslError> { let mut mem_bio = try!(MemBio::new()); unsafe { - try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), self.evp, ptr::null(), - ptr::null_mut(), -1, None, ptr::null_mut())); + try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), + self.evp, + ptr::null(), + ptr::null_mut(), + -1, + None, + ptr::null_mut())); } let mut buf = vec![]; @@ -207,11 +220,11 @@ impl PKey { } /// Stores public key as a PEM - pub fn write_pub_pem<W: Write>(&self, writer: &mut W/*, password: Option<String>*/) -> Result<(), SslError> { + pub fn write_pub_pem<W: Write>(&self, + writer: &mut W /* , password: Option<String> */) + -> Result<(), SslError> { let mut mem_bio = try!(MemBio::new()); - unsafe { - try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.get_handle(), self.evp)) - } + unsafe { try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.get_handle(), self.evp)) } let mut buf = vec![]; try!(mem_bio.read_to_end(&mut buf).map_err(StreamError)); writer.write_all(&buf).map_err(StreamError) @@ -225,8 +238,7 @@ impl PKey { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); if rsa.is_null() { 0 - } - else { + } else { ffi::RSA_size(rsa) as usize } } @@ -237,26 +249,30 @@ impl PKey { */ pub fn can(&self, r: Role) -> bool { match r { - Role::Encrypt => + Role::Encrypt => { match self.parts { Parts::Neither => false, _ => true, - }, - Role::Verify => + } + } + Role::Verify => { match self.parts { Parts::Neither => false, _ => true, - }, - Role::Decrypt => + } + } + Role::Decrypt => { match self.parts { Parts::Both => true, _ => false, - }, - Role::Sign => + } + } + Role::Sign => { match self.parts { Parts::Both => true, _ => false, - }, + } + } } } @@ -289,16 +305,15 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); - let rv = ffi::RSA_private_encrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_private_encrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { // println!("{:?}", SslError::get()); - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -318,15 +333,14 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); - let rv = ffi::RSA_public_encrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_public_encrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -346,15 +360,14 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); - let rv = ffi::RSA_private_decrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_private_decrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -374,15 +387,14 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); - let rv = ffi::RSA_public_decrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_public_decrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -394,46 +406,62 @@ impl PKey { * Encrypts data with the public key, using OAEP padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn encrypt(&self, s: &[u8]) -> Vec<u8> { self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn encrypt(&self, s: &[u8]) -> Vec<u8> { + self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Encrypts data with the public key, using provided padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> { self.public_encrypt_with_padding(s, padding) } + pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> { + self.public_encrypt_with_padding(s, padding) + } /** * Encrypts data with the public key, using OAEP padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn public_encrypt(&self, s: &[u8]) -> Vec<u8> { self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn public_encrypt(&self, s: &[u8]) -> Vec<u8> { + self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Decrypts data with the public key, using PKCS1v15 padding, returning the decrypted data. */ - pub fn public_decrypt(&self, s: &[u8]) -> Vec<u8> { self.public_decrypt_with_padding(s, EncryptionPadding::PKCS1v15) } + pub fn public_decrypt(&self, s: &[u8]) -> Vec<u8> { + self.public_decrypt_with_padding(s, EncryptionPadding::PKCS1v15) + } /** * Decrypts data with the private key, expecting OAEP padding, returning the decrypted data. */ - pub fn decrypt(&self, s: &[u8]) -> Vec<u8> { self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn decrypt(&self, s: &[u8]) -> Vec<u8> { + self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Decrypts data with the private key, using provided padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> { self.private_decrypt_with_padding(s, padding) } + pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> { + self.private_decrypt_with_padding(s, padding) + } /** * Decrypts data with the private key, expecting OAEP padding, returning the decrypted data. */ - pub fn private_decrypt(&self, s: &[u8]) -> Vec<u8> { self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn private_decrypt(&self, s: &[u8]) -> Vec<u8> { + self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Encrypts data with the private key, using PKCS1v15 padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn private_encrypt(&self, s: &[u8]) -> Vec<u8> { self.private_encrypt_with_padding(s, EncryptionPadding::PKCS1v15) } + pub fn private_encrypt(&self, s: &[u8]) -> Vec<u8> { + self.private_encrypt_with_padding(s, EncryptionPadding::PKCS1v15) + } /** * Signs data, using OpenSSL's default scheme and adding sha256 ASN.1 information to the @@ -441,14 +469,18 @@ impl PKey { * The bytes to sign must be the result of a sha256 hashing; * returns the signature. */ - pub fn sign(&self, s: &[u8]) -> Vec<u8> { self.sign_with_hash(s, HashType::SHA256) } + pub fn sign(&self, s: &[u8]) -> Vec<u8> { + self.sign_with_hash(s, HashType::SHA256) + } /** * Verifies a signature s (using OpenSSL's default scheme and sha256) on the SHA256 hash of a * message. * Returns true if the signature is valid, and false otherwise. */ - pub fn verify(&self, h: &[u8], s: &[u8]) -> bool { self.verify_with_hash(h, s, HashType::SHA256) } + pub fn verify(&self, h: &[u8], s: &[u8]) -> bool { + self.verify_with_hash(h, s, HashType::SHA256) + } /** * Signs data, using OpenSSL's default scheme and add ASN.1 information for the given hash type to the @@ -466,16 +498,15 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); let mut len = 0; - let rv = ffi::RSA_sign( - openssl_hash_nid(hash), - s.as_ptr(), - s.len() as c_uint, - r.as_mut_ptr(), - &mut len, - rsa); + let rv = ffi::RSA_sign(openssl_hash_nid(hash), + s.as_ptr(), + s.len() as c_uint, + r.as_mut_ptr(), + &mut len, + rsa); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(len as usize); r @@ -490,21 +521,19 @@ impl PKey { panic!("Could not get RSA key for verification"); } - let rv = ffi::RSA_verify( - openssl_hash_nid(hash), - h.as_ptr(), - h.len() as c_uint, - s.as_ptr(), - s.len() as c_uint, - rsa - ); + let rv = ffi::RSA_verify(openssl_hash_nid(hash), + h.as_ptr(), + h.len() as c_uint, + s.as_ptr(), + s.len() as c_uint, + rsa); rv == 1 as c_int } } pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY { - return self.evp + return self.evp; } pub fn public_eq(&self, other: &PKey) -> bool { @@ -568,8 +597,8 @@ mod tests { fn test_private_key_from_pem() { let key_path = Path::new("test/key.pem"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); super::PKey::private_key_from_pem(&mut file).unwrap(); } @@ -578,8 +607,8 @@ mod tests { fn test_public_key_from_pem() { let key_path = Path::new("test/key.pem.pub"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem.pub`"); + .ok() + .expect("Failed to open `test/key.pem.pub`"); super::PKey::public_key_from_pem(&mut file).unwrap(); } @@ -588,7 +617,7 @@ mod tests { fn test_private_encrypt() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let emsg = k0.private_encrypt(&msg); @@ -600,7 +629,7 @@ mod tests { fn test_public_encrypt() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let emsg = k1.public_encrypt(&msg); @@ -612,7 +641,7 @@ mod tests { fn test_public_encrypt_pkcs() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let emsg = k1.public_encrypt_with_padding(&msg, super::EncryptionPadding::PKCS1v15); @@ -624,7 +653,7 @@ mod tests { fn test_sign() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let sig = k0.sign(&msg); @@ -636,7 +665,7 @@ mod tests { fn test_sign_hashes() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); @@ -674,8 +703,8 @@ mod tests { fn test_pem() { let key_path = Path::new("test/key.pem"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); let key = super::PKey::private_key_from_pem(&mut file).unwrap(); diff --git a/openssl/src/crypto/rand.rs b/openssl/src/crypto/rand.rs index dc338a3d..ba57a8a1 100644 --- a/openssl/src/crypto/rand.rs +++ b/openssl/src/crypto/rand.rs @@ -7,7 +7,9 @@ pub fn rand_bytes(len: usize) -> Vec<u8> { ffi::init(); let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int); - if r != 1 as c_int { panic!() } + if r != 1 as c_int { + panic!() + } out.set_len(len); diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index bc4b65b5..c0e845dc 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -1,5 +1,5 @@ use std::iter::repeat; -use libc::{c_int}; +use libc::c_int; use crypto::symm_internal::evpc; use ffi; @@ -20,7 +20,7 @@ pub enum Type { AES_128_XTS, #[cfg(feature = "aes_ctr")] AES_128_CTR, - //AES_128_GCM, + // AES_128_GCM, AES_128_CFB1, AES_128_CFB128, AES_128_CFB8, @@ -32,7 +32,7 @@ pub enum Type { AES_256_XTS, #[cfg(feature = "aes_ctr")] AES_256_CTR, - //AES_256_GCM, + // AES_256_GCM, AES_256_CFB1, AES_256_CFB128, AES_256_CFB8, @@ -55,7 +55,12 @@ impl Crypter { let ctx = unsafe { ffi::EVP_CIPHER_CTX_new() }; let (evp, keylen, blocksz) = evpc(t); - Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz } + Crypter { + evp: evp, + ctx: ctx, + keylen: keylen, + blocksize: blocksz, + } } /** @@ -65,7 +70,11 @@ impl Crypter { pub fn pad(&self, padding: bool) { if self.blocksize > 0 { unsafe { - let v = if padding { 1 as c_int } else { 0 }; + let v = if padding { + 1 as c_int + } else { + 0 + }; ffi::EVP_CIPHER_CTX_set_padding(self.ctx, v); } } @@ -82,13 +91,7 @@ impl Crypter { }; assert_eq!(key.len(), self.keylen as usize); - ffi::EVP_CipherInit( - self.ctx, - self.evp, - key.as_ptr(), - iv.as_ptr(), - mode - ); + ffi::EVP_CipherInit(self.ctx, self.evp, key.as_ptr(), iv.as_ptr(), mode); } } @@ -102,13 +105,11 @@ impl Crypter { let mut res = repeat(0u8).take(sum).collect::<Vec<_>>(); let mut reslen = sum as c_int; - ffi::EVP_CipherUpdate( - self.ctx, - res.as_mut_ptr(), - &mut reslen, - data.as_ptr(), - data.len() as c_int - ); + ffi::EVP_CipherUpdate(self.ctx, + res.as_mut_ptr(), + &mut reslen, + data.as_ptr(), + data.len() as c_int); res.truncate(reslen as usize); res @@ -123,9 +124,7 @@ impl Crypter { let mut res = repeat(0u8).take(self.blocksize as usize).collect::<Vec<_>>(); let mut reslen = self.blocksize as c_int; - ffi::EVP_CipherFinal(self.ctx, - res.as_mut_ptr(), - &mut reslen); + ffi::EVP_CipherFinal(self.ctx, res.as_mut_ptr(), &mut reslen); res.truncate(reslen as usize); res @@ -175,17 +174,14 @@ mod tests { // http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf #[test] fn test_aes_256_ecb() { - let k0 = - [0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, - 0x08u8, 0x09u8, 0x0au8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, - 0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8, 0x16u8, 0x17u8, - 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8]; - let p0 = - [0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, - 0x88u8, 0x99u8, 0xaau8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8]; - let c0 = - [0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, - 0xeau8, 0xfcu8, 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8]; + let k0 = [0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, 0x08u8, 0x09u8, + 0x0au8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, 0x10u8, 0x11u8, 0x12u8, 0x13u8, + 0x14u8, 0x15u8, 0x16u8, 0x17u8, 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, + 0x1eu8, 0x1fu8]; + let p0 = [0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, 0x88u8, 0x99u8, + 0xaau8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8]; + let c0 = [0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, 0xeau8, 0xfcu8, + 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8]; let c = super::Crypter::new(super::Type::AES_256_ECB); c.init(super::Mode::Encrypt, &k0, &[]); c.pad(false); @@ -202,22 +198,16 @@ mod tests { #[test] fn test_aes_256_cbc_decrypt() { let cr = super::Crypter::new(super::Type::AES_256_CBC); - let iv = [ - 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, - 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8 - ]; - let data = [ - 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, - 241_u8, 242_u8, 31_u8, 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, - 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, - 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8 - ]; - let ciphered_data = [ - 0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8, - 0xea_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8 - ]; + let iv = [4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, + 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8]; + let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, + 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, + 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, + 65_u8, 207_u8]; + let ciphered_data = [0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, + 0xd7_u8, 0xea_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, + 0x65_u8, 0x6f_u8]; cr.init(super::Mode::Decrypt, &data, &iv); cr.pad(false); let unciphered_data_1 = cr.update(&ciphered_data); @@ -234,7 +224,9 @@ mod tests { use serialize::hex::ToHex; let cipher = super::Crypter::new(ciphertype); - cipher.init(super::Mode::Encrypt, &key.from_hex().unwrap(), &iv.from_hex().unwrap()); + cipher.init(super::Mode::Encrypt, + &key.from_hex().unwrap(), + &iv.from_hex().unwrap()); let expected = ct.from_hex().unwrap(); let mut computed = cipher.update(&pt.from_hex().unwrap()); @@ -245,7 +237,8 @@ mod tests { println!("Expected: {}", expected.to_hex()); if computed.len() != expected.len() { println!("Lengths differ: {} in computed vs {} expected", - computed.len(), expected.len()); + computed.len(), + expected.len()); } panic!("test failure"); } @@ -267,9 +260,12 @@ mod tests { fn test_aes256_xts() { // Test case 174 from // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip - let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f6503f462611dc542"; - let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e84f0b81d8725dbbc7"; - let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b4180026ad640b74243b3133e7b9fae629403f6733423dae28"; + let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f\ + 6503f462611dc542"; + let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e8\ + 4f0b81d8725dbbc7"; + let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b\ + 4180026ad640b74243b3133e7b9fae629403f6733423dae28"; let iv = "db200efb7eaaa737dbdf40babb68953f"; cipher_test(super::Type::AES_256_XTS, pt, ct, key, iv); @@ -279,24 +275,26 @@ mod tests { #[cfg(feature = "aes_ctr")] fn test_aes128_ctr() { - let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; - let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E5B4F09020DB03EAB1E031DDA2FBE03D1792170A0F3009CEE"; + let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\ + E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; + let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E\ + 5B4F09020DB03EAB1E031DDA2FBE03D1792170A0F3009CEE"; let key = "2B7E151628AED2A6ABF7158809CF4F3C"; let iv = "F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF"; cipher_test(super::Type::AES_128_CTR, pt, ct, key, iv); } - /*#[test] - fn test_aes128_gcm() { - // Test case 3 in GCM spec - let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; - let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4"; - let key = ~"feffe9928665731c6d6a8f9467308308"; - let iv = ~"cafebabefacedbaddecaf888"; - - cipher_test(super::AES_128_GCM, pt, ct, key, iv); - }*/ + // #[test] + // fn test_aes128_gcm() { + // Test case 3 in GCM spec + // let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; + // let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4"; + // let key = ~"feffe9928665731c6d6a8f9467308308"; + // let iv = ~"cafebabefacedbaddecaf888"; + // + // cipher_test(super::AES_128_GCM, pt, ct, key, iv); + // } #[test] fn test_aes128_cfb1() { diff --git a/openssl/src/crypto/symm_internal.rs b/openssl/src/crypto/symm_internal.rs index fcb3ee71..5c457f3f 100644 --- a/openssl/src/crypto/symm_internal.rs +++ b/openssl/src/crypto/symm_internal.rs @@ -10,7 +10,7 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { symm::Type::AES_128_XTS => (ffi::EVP_aes_128_xts(), 32, 16), #[cfg(feature = "aes_ctr")] symm::Type::AES_128_CTR => (ffi::EVP_aes_128_ctr(), 16, 0), - //AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), + // AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), symm::Type::AES_128_CFB1 => (ffi::EVP_aes_128_cfb1(), 16, 16), symm::Type::AES_128_CFB128 => (ffi::EVP_aes_128_cfb128(), 16, 16), symm::Type::AES_128_CFB8 => (ffi::EVP_aes_128_cfb8(), 16, 16), @@ -21,7 +21,7 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { symm::Type::AES_256_XTS => (ffi::EVP_aes_256_xts(), 64, 16), #[cfg(feature = "aes_ctr")] symm::Type::AES_256_CTR => (ffi::EVP_aes_256_ctr(), 32, 0), - //AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), + // AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), symm::Type::AES_256_CFB1 => (ffi::EVP_aes_256_cfb1(), 32, 16), symm::Type::AES_256_CFB128 => (ffi::EVP_aes_256_cfb128(), 32, 16), symm::Type::AES_256_CFB8 => (ffi::EVP_aes_256_cfb8(), 32, 16), |