min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up RSA signature API

This commit is contained in:
Steven Fackler 2016-05-16 23:02:02 -07:00
parent 8fbc17ee7b
commit 2077449bc8
5 changed files with 52 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
openssl/src/crypto/hash.rs
View File

@ -2,9 +2,11 @@ use libc::c_uint;
use std::iter::repeat; use std::iter::repeat;
use std::io::prelude::*; use std::io::prelude::*;
use std::io; use std::io;
use ffi; use ffi;
use crypto::HashTypeInternals;
use nid::Nid;
/// Message digest (hash) type. /// Message digest (hash) type.
#[derive(Copy, Clone)] #[derive(Copy, Clone)]
pub enum Type { pub enum Type {
@ -17,19 +19,32 @@ pub enum Type {
RIPEMD160, RIPEMD160,
} }
impl HashTypeInternals for Type {
fn as_nid(&self) -> Nid {
match *self {
Type::MD5 => Nid::MD5,
Type::SHA1 => Nid::SHA1,
Type::SHA224 => Nid::SHA224,
Type::SHA256 => Nid::SHA256,
Type::SHA384 => Nid::SHA384,
Type::SHA512 => Nid::SHA512,
Type::RIPEMD160 => Nid::RIPEMD160,
}
}
}
impl Type { impl Type {
/// Returns the length of the message digest. /// Returns the length of the message digest.
#[inline] #[inline]
pub fn md_len(&self) -> usize { pub fn md_len(&self) -> usize {
use self::Type::*;
match *self { match *self {
MD5 => 16, Type::MD5 => 16,
SHA1 => 20, Type::SHA1 => 20,
SHA224 => 28, Type::SHA224 => 28,
SHA256 => 32, Type::SHA256 => 32,
SHA384 => 48, Type::SHA384 => 48,
SHA512 => 64, Type::SHA512 => 64,
RIPEMD160 => 20, Type::RIPEMD160 => 20,
} }
} }
@ -37,15 +52,14 @@ impl Type {
#[inline] #[inline]
pub fn evp_md(&self) -> *const ffi::EVP_MD { pub fn evp_md(&self) -> *const ffi::EVP_MD {
unsafe { unsafe {
use self::Type::*;
match *self { match *self {
MD5 => ffi::EVP_md5(), Type::MD5 => ffi::EVP_md5(),
SHA1 => ffi::EVP_sha1(), Type::SHA1 => ffi::EVP_sha1(),
SHA224 => ffi::EVP_sha224(), Type::SHA224 => ffi::EVP_sha224(),
SHA256 => ffi::EVP_sha256(), Type::SHA256 => ffi::EVP_sha256(),
SHA384 => ffi::EVP_sha384(), Type::SHA384 => ffi::EVP_sha384(),
SHA512 => ffi::EVP_sha512(), Type::SHA512 => ffi::EVP_sha512(),
RIPEMD160 => ffi::EVP_ripemd160(), Type::RIPEMD160 => ffi::EVP_ripemd160(),
} }
} }
} }

6
openssl/src/crypto/mod.rs
View File

@ -14,6 +14,8 @@
// limitations under the License. // limitations under the License.
// //
use nid::Nid;
pub mod hash; pub mod hash;
pub mod hmac; pub mod hmac;
pub mod pkcs5; pub mod pkcs5;
@ -24,3 +26,7 @@ pub mod memcmp;
pub mod rsa; pub mod rsa;
mod symm_internal; mod symm_internal;
trait HashTypeInternals {
fn as_nid(&self) -> Nid;
}

18
openssl/src/crypto/pkey.rs
View File

@ -5,6 +5,8 @@ use std::iter::repeat;
use std::mem; use std::mem;
use std::ptr; use std::ptr;
use bio::MemBio; use bio::MemBio;
use crypto::HashTypeInternals;
use crypto::hash; use crypto::hash;
use crypto::hash::Type as HashType; use crypto::hash::Type as HashType;
use ffi; use ffi;
@ -41,18 +43,6 @@ fn openssl_padding_code(padding: EncryptionPadding) -> c_int {
} }
} }
fn openssl_hash_nid(hash: HashType) -> c_int {
match hash {
HashType::MD5 => 4, // NID_md5,
HashType::SHA1 => 64, // NID_sha1
HashType::SHA224 => 675, // NID_sha224
HashType::SHA256 => 672, // NID_sha256
HashType::SHA384 => 673, // NID_sha384
HashType::SHA512 => 674, // NID_sha512
HashType::RIPEMD160 => 117, // NID_ripemd160
}
}
pub struct PKey { pub struct PKey {
evp: *mut ffi::EVP_PKEY, evp: *mut ffi::EVP_PKEY,
parts: Parts, parts: Parts,
@ -556,7 +546,7 @@ impl PKey {
let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>(); let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
let mut len = 0; let mut len = 0;
let rv = ffi::RSA_sign(openssl_hash_nid(hash), let rv = ffi::RSA_sign(hash.as_nid() as c_int,
s.as_ptr(), s.as_ptr(),
s.len() as c_uint, s.len() as c_uint,
r.as_mut_ptr(), r.as_mut_ptr(),
@ -579,7 +569,7 @@ impl PKey {
panic!("Could not get RSA key for verification"); panic!("Could not get RSA key for verification");
} }
let rv = ffi::RSA_verify(openssl_hash_nid(hash), let rv = ffi::RSA_verify(hash.as_nid() as c_int,
h.as_ptr(), h.as_ptr(),
h.len() as c_uint, h.len() as c_uint,
s.as_ptr(), s.as_ptr(),

19
openssl/src/crypto/rsa.rs
View File

@ -3,10 +3,12 @@ use std::fmt;
use ssl::error::{SslError, StreamError}; use ssl::error::{SslError, StreamError};
use std::ptr; use std::ptr;
use std::io::{self, Read, Write}; use std::io::{self, Read, Write};
use libc::c_int;
use bn::BigNum; use bn::BigNum;
use bio::MemBio; use bio::MemBio;
use nid::Nid; use crypto::HashTypeInternals;
use crypto::hash;
pub struct RSA(*mut ffi::RSA); pub struct RSA(*mut ffi::RSA);
@ -130,13 +132,13 @@ impl RSA {
} }
} }
pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result<Vec<u8>, SslError> { pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result<Vec<u8>, SslError> {
let k_len = try!(self.size()); let k_len = try!(self.size());
let mut sig = vec![0;k_len as usize]; let mut sig = vec![0;k_len as usize];
let mut sig_len = k_len; let mut sig_len = k_len;
unsafe { unsafe {
let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); let result = ffi::RSA_sign(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0);
assert!(sig_len == k_len); assert!(sig_len == k_len);
if result == 1 { if result == 1 {
@ -147,9 +149,9 @@ impl RSA {
} }
} }
pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result<bool, SslError> { pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
unsafe { unsafe {
let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); let result = ffi::RSA_verify(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0);
Ok(result == 1) Ok(result == 1)
} }
@ -211,7 +213,6 @@ impl fmt::Debug for RSA {
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use nid;
use std::fs::File; use std::fs::File;
use std::io::Write; use std::io::Write;
use super::*; use super::*;
@ -258,7 +259,7 @@ mod test {
sha.write_all(&signing_input_rs256()).unwrap(); sha.write_all(&signing_input_rs256()).unwrap();
let digest = sha.finish(); let digest = sha.finish();
let result = private_key.sign(nid::Nid::SHA256, &digest).unwrap(); let result = private_key.sign(Type::SHA256, &digest).unwrap();
assert_eq!(result, signature_rs256()); assert_eq!(result, signature_rs256());
} }
@ -272,8 +273,8 @@ mod test {
sha.write_all(&signing_input_rs256()).unwrap(); sha.write_all(&signing_input_rs256()).unwrap();
let digest = sha.finish(); let digest = sha.finish();
let result = public_key.verify(nid::Nid::SHA256, &digest, &signature_rs256()).unwrap(); let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap();
assert!(result); assert!(result);
} }
} }

1
openssl/src/nid.rs
View File

@ -195,4 +195,5 @@ pub enum Nid {
SHA256 = 672, SHA256 = 672,
SHA384, SHA384,
SHA512, SHA512,
SHA224,
} }