Merge pull request #840 from olehermanse/master

Add des_ede3_cbc cipher and more tests/examples
2018-02-21 23:03:33 -08:00 · 2018-02-21 23:03:33 -08:00 · 950c39c2e6
parent 38470bd351 7e02c09861
commit 950c39c2e6
3 changed files with 93 additions and 1 deletions
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -1915,6 +1915,7 @@ extern "C" {
    pub fn EVP_des_cbc() -> *const EVP_CIPHER;
    pub fn EVP_des_ecb() -> *const EVP_CIPHER;
    pub fn EVP_des_ede3() -> *const EVP_CIPHER;
+    pub fn EVP_des_ede3_cbc() -> *const EVP_CIPHER;

    pub fn EVP_BytesToKey(
        typ: *const EVP_CIPHER,
--- a/openssl/src/rsa.rs
+++ b/openssl/src/rsa.rs
@ -754,9 +754,55 @@ mod test {

    #[test]
    #[should_panic]
-    fn test_public_key_from_pem_pkcs1_panic() {
+    fn test_public_key_from_pem_pkcs1_file_panic() {
        let key = include_bytes!("../test/key.pem.pub");
        Rsa::public_key_from_pem_pkcs1(key).unwrap();
    }

+    #[test]
+    fn test_public_key_to_pem_pkcs1() {
+        let keypair = super::Rsa::generate(512).unwrap();
+        let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
+        super::Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
+    }
+
+    #[test]
+    #[should_panic]
+    fn test_public_key_from_pem_pkcs1_generate_panic() {
+        let keypair = super::Rsa::generate(512).unwrap();
+        let pubkey_pem = keypair.public_key_to_pem().unwrap();
+        super::Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
+    }
+
+    #[test]
+    fn test_pem_pkcs1_encrypt() {
+        let keypair = super::Rsa::generate(2048).unwrap();
+        let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
+        let pubkey = super::Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
+        let msg = "Hello, world!".as_bytes();
+
+        let mut encrypted = vec![0; pubkey.size() as usize];
+        let len = pubkey.public_encrypt(&msg, &mut encrypted, Padding::PKCS1).unwrap();
+        assert!(len > msg.len());
+        let mut decrypted = vec![0; keypair.size() as usize];
+        let len = keypair.private_decrypt(&encrypted, &mut decrypted, Padding::PKCS1).unwrap();
+        assert_eq!(len, msg.len());
+        assert_eq!("Hello, world!", String::from_utf8_lossy(&decrypted[..len]));
+    }
+
+    #[test]
+    fn test_pem_pkcs1_padding() {
+        let keypair = super::Rsa::generate(512).unwrap();
+        let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
+        let pubkey = super::Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
+        let msg = "foo".as_bytes();
+
+        let mut encrypted1 = vec![0; pubkey.size() as usize];
+        let mut encrypted2 = vec![0; pubkey.size() as usize];
+        let len1 = pubkey.public_encrypt(&msg, &mut encrypted1, Padding::PKCS1).unwrap();
+        let len2 = pubkey.public_encrypt(&msg, &mut encrypted2, Padding::PKCS1).unwrap();
+        assert!(len1 > (msg.len() + 1));
+        assert_eq!(len1, len2);
+        assert_ne!(encrypted1, encrypted2);
+    }
 }
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@ -22,6 +22,36 @@
 //!       \xFB\x3C\x5E\xC4\x59\x72\x4A\xF4\x7C\xA1",
 //!     &ciphertext[..]);
 //! ```
+//!
+//! Encrypting an assymetric key with a symmetric cipher
+//!
+//! ```
+//! use openssl::rsa::{Padding, Rsa};
+//! use openssl::symm::Cipher;
+//!
+//! // Generate keypair and encrypt private key:
+//! let keypair = Rsa::generate(2048).unwrap();
+//! let cipher = Cipher::aes_256_cbc();
+//! let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
+//! let privkey_pem = keypair.private_key_to_pem_passphrase(cipher, b"Rust").unwrap();
+//! // pubkey_pem and privkey_pem could be written to file here.
+//!
+//! // Load private and public key from string:
+//! let pubkey = Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
+//! let privkey = Rsa::private_key_from_pem_passphrase(&privkey_pem, b"Rust").unwrap();
+//!
+//! // Use the asymmetric keys to encrypt and decrypt a short message:
+//! let msg = b"Foo bar";
+//! let mut encrypted = vec![0; pubkey.size() as usize];
+//! let mut decrypted = vec![0; privkey.size() as usize];
+//! let len = pubkey.public_encrypt(msg, &mut encrypted, Padding::PKCS1).unwrap();
+//! assert!(len > msg.len());
+//! let len = privkey.private_decrypt(&encrypted, &mut decrypted, Padding::PKCS1).unwrap();
+//! let output_string = String::from_utf8(decrypted[..len].to_vec()).unwrap();
+//! assert_eq!("Foo bar", output_string);
+//! println!("Decrypted: '{}'", output_string);
+//! ```
+
 use std::cmp;
 use std::ptr;
 use libc::c_int;
@ -137,6 +167,10 @@ impl Cipher {
        unsafe { Cipher(ffi::EVP_des_ede3()) }
    }

+    pub fn des_ede3_cbc() -> Cipher {
+        unsafe { Cipher(ffi::EVP_des_ede3_cbc()) }
+    }
+
    pub fn rc4() -> Cipher {
        unsafe { Cipher(ffi::EVP_rc4()) }
    }
@ -927,6 +961,17 @@ mod tests {
        cipher_test(super::Cipher::des_ede3(), pt, ct, key, iv);
    }

+    #[test]
+    fn test_des_ede3_cbc() {
+
+        let pt = "54686973206973206120746573742e";
+        let ct = "6f2867cfefda048a4046ef7e556c7132";
+        let key = "7cb66337f3d3c0fe7cb66337f3d3c0fe7cb66337f3d3c0fe";
+        let iv = "0001020304050607";
+
+        cipher_test(super::Cipher::des_ede3_cbc(), pt, ct, key, iv);
+    }
+
    #[test]
    fn test_aes128_gcm() {
        let key = "0e00c76561d2bd9b40c3c15427e2b08f";