diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index b141fa9d..6966bb8f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -17,6 +17,7 @@ pub type ASN1_INTEGER = c_void; pub type ASN1_STRING = c_void; pub type ASN1_TIME = c_void; pub type BN_CTX = c_void; +pub type BN_GENCB = c_void; pub type COMP_METHOD = c_void; pub type DH = c_void; pub type ENGINE = c_void; @@ -295,6 +296,8 @@ pub const NID_key_usage: c_int = 83; pub const PKCS5_SALT_LEN: c_int = 8; +pub const RSA_F4: c_long = 0x10001; + pub const SSL_CTRL_SET_TMP_DH: c_int = 3; pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; pub const SSL_CTRL_OPTIONS: c_int = 32; @@ -800,7 +803,7 @@ extern "C" { pub fn RSA_new() -> *mut RSA; pub fn RSA_free(rsa: *mut RSA); pub fn RSA_generate_key(modsz: c_int, e: c_ulong, cb: *const c_void, cbarg: *const c_void) -> *mut RSA; - pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *const c_void) -> c_int; + pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *mut BN_GENCB) -> c_int; pub fn RSA_private_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int; pub fn RSA_public_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 3410239f..ba73d215 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -55,11 +55,25 @@ impl RSA { } } - /// the caller should assert that the rsa pointer is valid. pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA { RSA(rsa) } + /// Generates a public/private key pair with the specified size. + /// + /// The public exponent will be 65537. + pub fn generate(bits: u32) -> Result { + unsafe { + let rsa = try_ssl_null!(ffi::RSA_new()); + let rsa = RSA(rsa); + let e = try!(BigNum::new_from(ffi::RSA_F4 as _)); + + try_ssl!(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.raw(), ptr::null_mut())); + + Ok(rsa) + } + } + /// Reads an RSA private key from PEM formatted data. pub fn private_key_from_pem(buf: &[u8]) -> Result { let mem_bio = try!(MemBioSlice::new(buf)); @@ -90,6 +104,18 @@ impl RSA { } } + /// Reads an RSA public key from PEM formatted data. + pub fn public_key_from_pem(buf: &[u8]) -> Result { + let mem_bio = try!(MemBioSlice::new(buf)); + unsafe { + let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.handle(), + ptr::null_mut(), + None, + ptr::null_mut())); + Ok(RSA(rsa)) + } + } + /// Writes an RSA private key as unencrypted PEM formatted data pub fn private_key_to_pem(&self) -> Result, ErrorStack> { let mem_bio = try!(MemBio::new()); @@ -106,18 +132,6 @@ impl RSA { Ok(mem_bio.get_buf().to_owned()) } - /// Reads an RSA public key from PEM formatted data. - pub fn public_key_from_pem(buf: &[u8]) -> Result { - let mem_bio = try!(MemBioSlice::new(buf)); - unsafe { - let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.handle(), - ptr::null_mut(), - None, - ptr::null_mut())); - Ok(RSA(rsa)) - } - } - /// Writes an RSA public key as PEM formatted data pub fn public_key_to_pem(&self) -> Result, ErrorStack> { let mem_bio = try!(MemBio::new()); diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 86b5f92b..aedcaf55 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -2,6 +2,7 @@ use serialize::hex::FromHex; use crypto::hash::Type::SHA1; use crypto::pkey::PKey; +use crypto::rsa::RSA; use x509::{X509, X509Generator}; use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr}; use x509::extension::AltNameOption as SAN; @@ -61,19 +62,20 @@ fn test_cert_gen_extension_bad_ordering() { assert!(result.is_err()); } +*/ #[test] fn test_req_gen() { - let mut pkey = PKey::new(); - pkey.gen(512); + let rsa = RSA::generate(512).unwrap(); + let mut pkey = PKey::new().unwrap(); + pkey.set_rsa(&rsa).unwrap(); let req = get_generator().request(&pkey).unwrap(); - req.write_pem().unwrap(); + req.to_pem().unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509_REQ getters } -*/ #[test] fn test_cert_loading() {