From ddc0066211fb9adadd658bd04547dc143dcfbc5a Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Fri, 27 Jan 2017 18:16:22 -0800 Subject: [PATCH 1/8] Add the necessary constants to access the pkey ctx stuff. --- openssl-sys/src/lib.rs | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 01be1b23..6b61aab7 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -151,6 +151,8 @@ pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey; +pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000; + pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9; pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10; pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11; @@ -1121,6 +1123,10 @@ pub const RSA_NO_PADDING: c_int = 3; pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; pub const RSA_X931_PADDING: c_int = 5; +pub const RSA_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; + +pub const RSA_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; + pub const SSL_CTRL_SET_TMP_DH: c_int = 3; pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4; pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; @@ -1726,6 +1732,7 @@ extern { pub fn RSA_new() -> *mut RSA; pub fn RSA_free(rsa: *mut RSA); pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *mut BN_GENCB) -> c_int; + pub fn RSA_pkey_ctx_ctrl(ctx: *mut EVP_PKEY_CTX, optype: c_int, cmd: c_int, p1: c_int, p2: *mut c_void) -> c_int; pub fn RSA_private_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int; pub fn RSA_public_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, @@ -1996,3 +2003,12 @@ extern { md: *mut c_uchar, len: *mut c_uint) -> c_int; } + +// EVP_PKEY_CTX_ctrl macros +unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { + RSA_pkey_ctx_ctrl(ctx, -1, RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) +} + +unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { + RSA_pkey_ctx_ctrl(ctx, -1, RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) +} From 588fd33552f9c84e8ed67c4cff35264b671362d9 Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Mon, 30 Jan 2017 10:08:25 -0800 Subject: [PATCH 2/8] Testing first version that works with signer. --- openssl-sys/src/lib.rs | 12 +++++++----- openssl/src/pkey.rs | 6 ++++++ openssl/src/rsa.rs | 19 ++++++++++++++++++- openssl/src/sign.rs | 17 ++++++++++++----- 4 files changed, 43 insertions(+), 11 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 6b61aab7..7ef5f7fe 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1638,6 +1638,9 @@ extern { key: *const c_uchar, keylen: c_int) -> *mut EVP_PKEY; + + pub fn EVP_PKEY_CTX_ctrl(ctx: *mut EVP_PKEY_CTX, keytype: c_int, optype: c_int, cmd: c_int, p1: c_int, p2: *mut c_void) -> c_int; + pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int; pub fn OCSP_BASICRESP_new() -> *mut OCSP_BASICRESP; @@ -1732,7 +1735,6 @@ extern { pub fn RSA_new() -> *mut RSA; pub fn RSA_free(rsa: *mut RSA); pub fn RSA_generate_key_ex(rsa: *mut RSA, bits: c_int, e: *mut BIGNUM, cb: *mut BN_GENCB) -> c_int; - pub fn RSA_pkey_ctx_ctrl(ctx: *mut EVP_PKEY_CTX, optype: c_int, cmd: c_int, p1: c_int, p2: *mut c_void) -> c_int; pub fn RSA_private_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, pad: c_int) -> c_int; pub fn RSA_public_decrypt(flen: c_int, from: *const u8, to: *mut u8, k: *mut RSA, @@ -2005,10 +2007,10 @@ extern { } // EVP_PKEY_CTX_ctrl macros -unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { - RSA_pkey_ctx_ctrl(ctx, -1, RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) +pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) } -unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - RSA_pkey_ctx_ctrl(ctx, -1, RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) +pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) } diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index 7a32692b..fd963c24 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -151,6 +151,12 @@ impl PKey { } } +pub struct PKeyCtxRef(::util::Opaque); + +impl ::types::OpenSslTypeRef for PKeyCtxRef { + type CType = ffi::EVP_PKEY_CTX; +} + #[cfg(test)] mod tests { use symm::Cipher; diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 8c3507f4..75893545 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -10,9 +10,10 @@ use bio::MemBioSlice; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb_old}; use types::OpenSslTypeRef; +use pkey::PKeyCtxRef; /// Type of encryption padding to use. -#[derive(Copy, Clone)] +#[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct Padding(c_int); pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING); @@ -343,6 +344,22 @@ mod compat { } } +impl PKeyCtxRef { + pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> { + unsafe { + try!(cvt(ffi::EVP_PKEY_CTX_set_rsa_padding(self.as_ptr(), pad.0))); + } + Ok(()) + } + + pub fn get_rsa_padding(&mut self) -> Result { + let mut pad: c_int = 0; + unsafe { + try!(cvt(ffi::EVP_PKEY_CTX_get_rsa_padding(self.as_ptr(), &mut pad))); + }; + Ok(Padding(pad)) + } +} #[cfg(test)] mod test { diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index ec37c885..d1fcffd5 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -68,7 +68,7 @@ use std::ptr; use {cvt, cvt_p}; use hash::MessageDigest; -use pkey::PKeyRef; +use pkey::{PKeyRef, PKeyCtxRef}; use error::ErrorStack; use types::OpenSslTypeRef; @@ -77,7 +77,7 @@ use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free}; #[cfg(any(ossl101, ossl102))] use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; -pub struct Signer<'a>(*mut ffi::EVP_MD_CTX, PhantomData<&'a PKeyRef>); +pub struct Signer<'a>(*mut ffi::EVP_MD_CTX, *mut ffi::EVP_PKEY_CTX, PhantomData<&'a PKeyRef>, PhantomData<&'a PKeyCtxRef>); impl<'a> Drop for Signer<'a> { fn drop(&mut self) { @@ -93,8 +93,9 @@ impl<'a> Signer<'a> { ffi::init(); let ctx = try!(cvt_p(EVP_MD_CTX_new())); + let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut(); let r = ffi::EVP_DigestSignInit(ctx, - ptr::null_mut(), + &mut pctx, type_.as_ptr(), ptr::null_mut(), pkey.as_ptr()); @@ -102,10 +103,14 @@ impl<'a> Signer<'a> { EVP_MD_CTX_free(ctx); return Err(ErrorStack::get()); } - Ok(Signer(ctx, PhantomData)) + Ok(Signer(ctx, pctx, PhantomData, PhantomData)) } } + pub fn pkey_ctx(&mut self) -> Option<&mut PKeyCtxRef> { + unsafe { self.1.as_mut().map(|ctx| ::types::OpenSslTypeRef::from_ptr_mut(ctx)) } + } + pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ()) @@ -219,7 +224,7 @@ mod test { use sign::{Signer, Verifier}; use ec::{EcGroup, EcKey}; use nid; - use rsa::Rsa; + use rsa::{Rsa, PKCS1_PADDING}; use dsa::Dsa; use pkey::PKey; @@ -254,6 +259,8 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); + assert_eq!(signer.pkey_ctx().unwrap().get_rsa_padding().unwrap(), PKCS1_PADDING); + signer.pkey_ctx().unwrap().set_rsa_padding(PKCS1_PADDING).unwrap(); signer.update(INPUT).unwrap(); let result = signer.finish().unwrap(); From 20eed1e762f01ddac0a46b6471105dca8284ff8b Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Mon, 30 Jan 2017 10:19:06 -0800 Subject: [PATCH 3/8] Simplify code, so that openssl-sys really doesn't contain anything aside from bindings --- openssl-sys/src/lib.rs | 9 ------- openssl/src/rsa.rs | 13 ++++++++-- openssl/src/sign.rs | 54 ++++++++++++++++++++++++++++++++---------- 3 files changed, 52 insertions(+), 24 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 7ef5f7fe..9f89762b 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2005,12 +2005,3 @@ extern { md: *mut c_uchar, len: *mut c_uint) -> c_int; } - -// EVP_PKEY_CTX_ctrl macros -pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) -} - -pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) -} diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 75893545..63ed874a 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -344,10 +344,19 @@ mod compat { } } +// EVP_PKEY_CTX_ctrl macros +unsafe fn pkey_ctx_set_rsa_padding(ctx: *mut ffi::EVP_PKEY_CTX, pad: c_int) -> c_int { + ffi::EVP_PKEY_CTX_ctrl(ctx, ffi::EVP_PKEY_RSA, -1, ffi::RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) +} + +unsafe fn pkey_ctx_get_rsa_padding(ctx: *mut ffi::EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { + ffi::EVP_PKEY_CTX_ctrl(ctx, ffi::EVP_PKEY_RSA, -1, ffi::RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) +} + impl PKeyCtxRef { pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> { unsafe { - try!(cvt(ffi::EVP_PKEY_CTX_set_rsa_padding(self.as_ptr(), pad.0))); + try!(cvt(pkey_ctx_set_rsa_padding(self.as_ptr(), pad.0))); } Ok(()) } @@ -355,7 +364,7 @@ impl PKeyCtxRef { pub fn get_rsa_padding(&mut self) -> Result { let mut pad: c_int = 0; unsafe { - try!(cvt(ffi::EVP_PKEY_CTX_get_rsa_padding(self.as_ptr(), &mut pad))); + try!(cvt(pkey_ctx_get_rsa_padding(self.as_ptr(), &mut pad))); }; Ok(Padding(pad)) } diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index d1fcffd5..41314a84 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -77,12 +77,18 @@ use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free}; #[cfg(any(ossl101, ossl102))] use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}; -pub struct Signer<'a>(*mut ffi::EVP_MD_CTX, *mut ffi::EVP_PKEY_CTX, PhantomData<&'a PKeyRef>, PhantomData<&'a PKeyCtxRef>); +pub struct Signer<'a> { + md_ctx: *mut ffi::EVP_MD_CTX, + pkey_ctx: *mut ffi::EVP_PKEY_CTX, + pkey_pd: PhantomData<&'a PKeyRef>, + pkey_ctx_pd: PhantomData<&'a PKeyCtxRef> +} impl<'a> Drop for Signer<'a> { fn drop(&mut self) { + // pkey_ctx is owned by the md_ctx, so no need to explicitly free it. unsafe { - EVP_MD_CTX_free(self.0); + EVP_MD_CTX_free(self.md_ctx); } } } @@ -103,26 +109,31 @@ impl<'a> Signer<'a> { EVP_MD_CTX_free(ctx); return Err(ErrorStack::get()); } - Ok(Signer(ctx, pctx, PhantomData, PhantomData)) + Ok(Signer { + md_ctx: ctx, + pkey_ctx: pctx, + pkey_pd: PhantomData, + pkey_ctx_pd: PhantomData + }) } } pub fn pkey_ctx(&mut self) -> Option<&mut PKeyCtxRef> { - unsafe { self.1.as_mut().map(|ctx| ::types::OpenSslTypeRef::from_ptr_mut(ctx)) } + unsafe { self.pkey_ctx.as_mut().map(|ctx| ::types::OpenSslTypeRef::from_ptr_mut(ctx)) } } pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ()) + cvt(ffi::EVP_DigestUpdate(self.md_ctx, buf.as_ptr() as *const _, buf.len())).map(|_| ()) } } pub fn finish(&self) -> Result, ErrorStack> { unsafe { let mut len = 0; - try!(cvt(ffi::EVP_DigestSignFinal(self.0, ptr::null_mut(), &mut len))); + try!(cvt(ffi::EVP_DigestSignFinal(self.md_ctx, ptr::null_mut(), &mut len))); let mut buf = vec![0; len]; - try!(cvt(ffi::EVP_DigestSignFinal(self.0, buf.as_mut_ptr() as *mut _, &mut len))); + try!(cvt(ffi::EVP_DigestSignFinal(self.md_ctx, buf.as_mut_ptr() as *mut _, &mut len))); // The advertised length is not always equal to the real length for things like DSA buf.truncate(len); Ok(buf) @@ -141,12 +152,18 @@ impl<'a> Write for Signer<'a> { } } -pub struct Verifier<'a>(*mut ffi::EVP_MD_CTX, PhantomData<&'a PKeyRef>); +pub struct Verifier<'a> { + md_ctx: *mut ffi::EVP_MD_CTX, + pkey_ctx: *mut ffi::EVP_PKEY_CTX, + pkey_pd: PhantomData<&'a PKeyRef>, + pkey_ctx_pd: PhantomData<&'a PKeyCtxRef>, +} impl<'a> Drop for Verifier<'a> { fn drop(&mut self) { + // pkey_ctx is owned by the md_ctx, so no need to explicitly free it. unsafe { - EVP_MD_CTX_free(self.0); + EVP_MD_CTX_free(self.md_ctx); } } } @@ -157,8 +174,9 @@ impl<'a> Verifier<'a> { ffi::init(); let ctx = try!(cvt_p(EVP_MD_CTX_new())); + let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut(); let r = ffi::EVP_DigestVerifyInit(ctx, - ptr::null_mut(), + &mut pctx, type_.as_ptr(), ptr::null_mut(), pkey.as_ptr()); @@ -167,19 +185,28 @@ impl<'a> Verifier<'a> { return Err(ErrorStack::get()); } - Ok(Verifier(ctx, PhantomData)) + Ok(Verifier { + md_ctx: ctx, + pkey_ctx: pctx, + pkey_pd: PhantomData, + pkey_ctx_pd: PhantomData, + }) } } + pub fn pkey_ctx(&mut self) -> Option<&mut PKeyCtxRef> { + unsafe { self.pkey_ctx.as_mut().map(|ctx| ::types::OpenSslTypeRef::from_ptr_mut(ctx)) } + } + pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::EVP_DigestUpdate(self.0, buf.as_ptr() as *const _, buf.len())).map(|_| ()) + cvt(ffi::EVP_DigestUpdate(self.md_ctx, buf.as_ptr() as *const _, buf.len())).map(|_| ()) } } pub fn finish(&self, signature: &[u8]) -> Result { unsafe { - let r = EVP_DigestVerifyFinal(self.0, signature.as_ptr() as *const _, signature.len()); + let r = EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *const _, signature.len()); match r { 1 => Ok(true), 0 => { @@ -274,6 +301,7 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap(); + assert_eq!(verifier.pkey_ctx().unwrap().get_rsa_padding().unwrap(), PKCS1_PADDING); verifier.update(INPUT).unwrap(); assert!(verifier.finish(SIGNATURE).unwrap()); } From e1fc5b2b7ea46161d83f91f4e372fd52423107b9 Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Mon, 30 Jan 2017 10:29:06 -0800 Subject: [PATCH 4/8] Simplify protocol based on the semantics defined by openssl. --- openssl/src/sign.rs | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 41314a84..fe38a9a8 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -109,6 +109,9 @@ impl<'a> Signer<'a> { EVP_MD_CTX_free(ctx); return Err(ErrorStack::get()); } + + assert!(!pctx.is_null()); + Ok(Signer { md_ctx: ctx, pkey_ctx: pctx, @@ -118,8 +121,8 @@ impl<'a> Signer<'a> { } } - pub fn pkey_ctx(&mut self) -> Option<&mut PKeyCtxRef> { - unsafe { self.pkey_ctx.as_mut().map(|ctx| ::types::OpenSslTypeRef::from_ptr_mut(ctx)) } + pub fn pkey_ctx(&mut self) -> &mut PKeyCtxRef { + unsafe { ::types::OpenSslTypeRef::from_ptr_mut(self.pkey_ctx) } } pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { @@ -185,6 +188,8 @@ impl<'a> Verifier<'a> { return Err(ErrorStack::get()); } + assert!(!pctx.is_null()); + Ok(Verifier { md_ctx: ctx, pkey_ctx: pctx, @@ -194,8 +199,8 @@ impl<'a> Verifier<'a> { } } - pub fn pkey_ctx(&mut self) -> Option<&mut PKeyCtxRef> { - unsafe { self.pkey_ctx.as_mut().map(|ctx| ::types::OpenSslTypeRef::from_ptr_mut(ctx)) } + pub fn pkey_ctx(&mut self) -> &mut PKeyCtxRef { + unsafe { ::types::OpenSslTypeRef::from_ptr_mut(self.pkey_ctx) } } pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> { @@ -286,8 +291,8 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); - assert_eq!(signer.pkey_ctx().unwrap().get_rsa_padding().unwrap(), PKCS1_PADDING); - signer.pkey_ctx().unwrap().set_rsa_padding(PKCS1_PADDING).unwrap(); + assert_eq!(signer.pkey_ctx().get_rsa_padding().unwrap(), PKCS1_PADDING); + signer.pkey_ctx().set_rsa_padding(PKCS1_PADDING).unwrap(); signer.update(INPUT).unwrap(); let result = signer.finish().unwrap(); @@ -301,7 +306,7 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap(); - assert_eq!(verifier.pkey_ctx().unwrap().get_rsa_padding().unwrap(), PKCS1_PADDING); + assert_eq!(verifier.pkey_ctx().get_rsa_padding().unwrap(), PKCS1_PADDING); verifier.update(INPUT).unwrap(); assert!(verifier.finish(SIGNATURE).unwrap()); } From ef61b814ff51d516adbc33d522dd0d84f2344196 Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Mon, 30 Jan 2017 10:30:25 -0800 Subject: [PATCH 5/8] Small amount of docs. --- openssl/src/rsa.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 63ed874a..433efd56 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -353,6 +353,7 @@ unsafe fn pkey_ctx_get_rsa_padding(ctx: *mut ffi::EVP_PKEY_CTX, ppad: *mut c_int ffi::EVP_PKEY_CTX_ctrl(ctx, ffi::EVP_PKEY_RSA, -1, ffi::RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) } +// This is needed here, as it needs access to the privade data of Padding. impl PKeyCtxRef { pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> { unsafe { From 72a10f3e65c1bed4689ba609d67865fbe766c92f Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Mon, 30 Jan 2017 10:35:57 -0800 Subject: [PATCH 6/8] Fixing typo --- openssl/src/rsa.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 433efd56..d9e599c8 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -353,7 +353,7 @@ unsafe fn pkey_ctx_get_rsa_padding(ctx: *mut ffi::EVP_PKEY_CTX, ppad: *mut c_int ffi::EVP_PKEY_CTX_ctrl(ctx, ffi::EVP_PKEY_RSA, -1, ffi::RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) } -// This is needed here, as it needs access to the privade data of Padding. +// This is needed here, as it needs access to the private data of Padding. impl PKeyCtxRef { pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> { unsafe { From 302ee77d32acb0b92fe563f29c36882e3b9b7d62 Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Mon, 30 Jan 2017 16:51:10 -0800 Subject: [PATCH 7/8] Adding suggestions from review. --- openssl-sys/src/lib.rs | 9 +++++++++ openssl/src/pkey.rs | 19 ++++++++++++++++++- openssl/src/rsa.rs | 38 ++++++++++---------------------------- openssl/src/sign.rs | 14 +++++--------- 4 files changed, 42 insertions(+), 38 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9f89762b..1859c3ba 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -1310,6 +1310,15 @@ pub unsafe fn BIO_set_retry_write(b: *mut BIO) { BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY) } +// EVP_PKEY_CTX_ctrl macros +pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) +} + +pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) +} + pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut()) } diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index fd963c24..0d8de1dd 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -8,7 +8,7 @@ use bio::MemBioSlice; use dh::Dh; use dsa::Dsa; use ec::EcKey; -use rsa::Rsa; +use rsa::{Rsa, Padding}; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb_old}; use types::{OpenSslType, OpenSslTypeRef}; @@ -153,6 +153,23 @@ impl PKey { pub struct PKeyCtxRef(::util::Opaque); +impl PKeyCtxRef { + pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> { + unsafe { + try!(cvt(ffi::EVP_PKEY_CTX_set_rsa_padding(self.as_ptr(), pad.as_raw()))); + } + Ok(()) + } + + pub fn rsa_padding(&mut self) -> Result { + let mut pad: c_int = 0; + unsafe { + try!(cvt(ffi::EVP_PKEY_CTX_get_rsa_padding(self.as_ptr(), &mut pad))); + }; + Ok(Padding::from_raw(pad)) + } +} + impl ::types::OpenSslTypeRef for PKeyCtxRef { type CType = ffi::EVP_PKEY_CTX; } diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index d9e599c8..dc760f7a 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -10,12 +10,21 @@ use bio::MemBioSlice; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb_old}; use types::OpenSslTypeRef; -use pkey::PKeyCtxRef; /// Type of encryption padding to use. #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub struct Padding(c_int); +impl Padding { + pub fn from_raw(value: c_int) -> Padding { + Padding(value) + } + + pub fn as_raw(&self) -> c_int { + self.0 + } +} + pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING); pub const PKCS1_PADDING: Padding = Padding(ffi::RSA_PKCS1_PADDING); pub const PKCS1_OAEP_PADDING: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); @@ -344,33 +353,6 @@ mod compat { } } -// EVP_PKEY_CTX_ctrl macros -unsafe fn pkey_ctx_set_rsa_padding(ctx: *mut ffi::EVP_PKEY_CTX, pad: c_int) -> c_int { - ffi::EVP_PKEY_CTX_ctrl(ctx, ffi::EVP_PKEY_RSA, -1, ffi::RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) -} - -unsafe fn pkey_ctx_get_rsa_padding(ctx: *mut ffi::EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - ffi::EVP_PKEY_CTX_ctrl(ctx, ffi::EVP_PKEY_RSA, -1, ffi::RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) -} - -// This is needed here, as it needs access to the private data of Padding. -impl PKeyCtxRef { - pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> { - unsafe { - try!(cvt(pkey_ctx_set_rsa_padding(self.as_ptr(), pad.0))); - } - Ok(()) - } - - pub fn get_rsa_padding(&mut self) -> Result { - let mut pad: c_int = 0; - unsafe { - try!(cvt(pkey_ctx_get_rsa_padding(self.as_ptr(), &mut pad))); - }; - Ok(Padding(pad)) - } -} - #[cfg(test)] mod test { use symm::Cipher; diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index fe38a9a8..3ae8f1a2 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -81,7 +81,6 @@ pub struct Signer<'a> { md_ctx: *mut ffi::EVP_MD_CTX, pkey_ctx: *mut ffi::EVP_PKEY_CTX, pkey_pd: PhantomData<&'a PKeyRef>, - pkey_ctx_pd: PhantomData<&'a PKeyCtxRef> } impl<'a> Drop for Signer<'a> { @@ -116,12 +115,11 @@ impl<'a> Signer<'a> { md_ctx: ctx, pkey_ctx: pctx, pkey_pd: PhantomData, - pkey_ctx_pd: PhantomData }) } } - pub fn pkey_ctx(&mut self) -> &mut PKeyCtxRef { + pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef { unsafe { ::types::OpenSslTypeRef::from_ptr_mut(self.pkey_ctx) } } @@ -159,7 +157,6 @@ pub struct Verifier<'a> { md_ctx: *mut ffi::EVP_MD_CTX, pkey_ctx: *mut ffi::EVP_PKEY_CTX, pkey_pd: PhantomData<&'a PKeyRef>, - pkey_ctx_pd: PhantomData<&'a PKeyCtxRef>, } impl<'a> Drop for Verifier<'a> { @@ -194,12 +191,11 @@ impl<'a> Verifier<'a> { md_ctx: ctx, pkey_ctx: pctx, pkey_pd: PhantomData, - pkey_ctx_pd: PhantomData, }) } } - pub fn pkey_ctx(&mut self) -> &mut PKeyCtxRef { + pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef { unsafe { ::types::OpenSslTypeRef::from_ptr_mut(self.pkey_ctx) } } @@ -291,8 +287,8 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap(); - assert_eq!(signer.pkey_ctx().get_rsa_padding().unwrap(), PKCS1_PADDING); - signer.pkey_ctx().set_rsa_padding(PKCS1_PADDING).unwrap(); + assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING); + signer.pkey_ctx_mut().set_rsa_padding(PKCS1_PADDING).unwrap(); signer.update(INPUT).unwrap(); let result = signer.finish().unwrap(); @@ -306,7 +302,7 @@ mod test { let pkey = PKey::from_rsa(private_key).unwrap(); let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap(); - assert_eq!(verifier.pkey_ctx().get_rsa_padding().unwrap(), PKCS1_PADDING); + assert_eq!(verifier.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING); verifier.update(INPUT).unwrap(); assert!(verifier.finish(SIGNATURE).unwrap()); } From 4900d3fe5d8fe9f581940bd60e2d919155839fa8 Mon Sep 17 00:00:00 2001 From: Brian Chin Date: Tue, 31 Jan 2017 11:59:59 -0800 Subject: [PATCH 8/8] Fixed constant names from openssl/rsa.h Fixed PKeyCtxRef method that didn't need to be mutable. Added non-mutable accessors for PKeyCtxRef for Signer and Verifier. --- openssl-sys/src/lib.rs | 12 ++++++------ openssl/src/pkey.rs | 2 +- openssl/src/sign.rs | 8 ++++++++ 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 1859c3ba..d18fa5ad 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -153,6 +153,10 @@ pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey; pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000; +pub const EVP_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; + +pub const EVP_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; + pub const EVP_CTRL_GCM_SET_IVLEN: c_int = 0x9; pub const EVP_CTRL_GCM_GET_TAG: c_int = 0x10; pub const EVP_CTRL_GCM_SET_TAG: c_int = 0x11; @@ -1123,10 +1127,6 @@ pub const RSA_NO_PADDING: c_int = 3; pub const RSA_PKCS1_OAEP_PADDING: c_int = 4; pub const RSA_X931_PADDING: c_int = 5; -pub const RSA_PKEY_CTRL_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 1; - -pub const RSA_PKEY_CTRL_GET_RSA_PADDING: c_int = EVP_PKEY_ALG_CTRL + 6; - pub const SSL_CTRL_SET_TMP_DH: c_int = 3; pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4; pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; @@ -1312,11 +1312,11 @@ pub unsafe fn BIO_set_retry_write(b: *mut BIO) { // EVP_PKEY_CTX_ctrl macros pub unsafe fn EVP_PKEY_CTX_set_rsa_padding(ctx: *mut EVP_PKEY_CTX, pad: c_int) -> c_int { - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, ptr::null_mut()) } pub unsafe fn EVP_PKEY_CTX_get_rsa_padding(ctx: *mut EVP_PKEY_CTX, ppad: *mut c_int) -> c_int { - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, RSA_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad as *mut c_void) } pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long { diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index 0d8de1dd..c9f5ec1b 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -161,7 +161,7 @@ impl PKeyCtxRef { Ok(()) } - pub fn rsa_padding(&mut self) -> Result { + pub fn rsa_padding(&self) -> Result { let mut pad: c_int = 0; unsafe { try!(cvt(ffi::EVP_PKEY_CTX_get_rsa_padding(self.as_ptr(), &mut pad))); diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs index 3ae8f1a2..ac33bd07 100644 --- a/openssl/src/sign.rs +++ b/openssl/src/sign.rs @@ -119,6 +119,10 @@ impl<'a> Signer<'a> { } } + pub fn pkey_ctx(&self) -> &PKeyCtxRef { + unsafe { ::types::OpenSslTypeRef::from_ptr(self.pkey_ctx) } + } + pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef { unsafe { ::types::OpenSslTypeRef::from_ptr_mut(self.pkey_ctx) } } @@ -195,6 +199,10 @@ impl<'a> Verifier<'a> { } } + pub fn pkey_ctx(&self) -> &PKeyCtxRef { + unsafe { ::types::OpenSslTypeRef::from_ptr(self.pkey_ctx) } + } + pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef { unsafe { ::types::OpenSslTypeRef::from_ptr_mut(self.pkey_ctx) } }