De-enumify message digests
This commit is contained in:
Steven Fackler
parent
6609a81685
commit
c171be551a
|
|
@ -8,47 +8,56 @@ use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free};
|
||||||
#[cfg(any(ossl101, ossl102))]
|
#[cfg(any(ossl101, ossl102))]
|
||||||
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
|
use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
|
||||||
|
|
||||||
use HashTypeInternals;
|
|
||||||
use error::ErrorStack;
|
use error::ErrorStack;
|
||||||
use nid::Nid;
|
|
||||||
|
|
||||||
/// Message digest (hash) type.
|
|
||||||
#[derive(Copy, Clone)]
|
#[derive(Copy, Clone)]
|
||||||
pub enum Type {
|
pub struct MessageDigest(*const ffi::EVP_MD);
|
||||||
MD5,
|
|
||||||
SHA1,
|
|
||||||
SHA224,
|
|
||||||
SHA256,
|
|
||||||
SHA384,
|
|
||||||
SHA512,
|
|
||||||
RIPEMD160,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl HashTypeInternals for Type {
|
impl MessageDigest {
|
||||||
fn as_nid(&self) -> Nid {
|
pub fn md5() -> MessageDigest {
|
||||||
match *self {
|
|
||||||
Type::MD5 => Nid::MD5,
|
|
||||||
Type::SHA1 => Nid::SHA1,
|
|
||||||
Type::SHA224 => Nid::SHA224,
|
|
||||||
Type::SHA256 => Nid::SHA256,
|
|
||||||
Type::SHA384 => Nid::SHA384,
|
|
||||||
Type::SHA512 => Nid::SHA512,
|
|
||||||
Type::RIPEMD160 => Nid::RIPEMD160,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn evp_md(&self) -> *const ffi::EVP_MD {
|
|
||||||
unsafe {
|
unsafe {
|
||||||
match *self {
|
MessageDigest(ffi::EVP_md5())
|
||||||
Type::MD5 => ffi::EVP_md5(),
|
|
||||||
Type::SHA1 => ffi::EVP_sha1(),
|
|
||||||
Type::SHA224 => ffi::EVP_sha224(),
|
|
||||||
Type::SHA256 => ffi::EVP_sha256(),
|
|
||||||
Type::SHA384 => ffi::EVP_sha384(),
|
|
||||||
Type::SHA512 => ffi::EVP_sha512(),
|
|
||||||
Type::RIPEMD160 => ffi::EVP_ripemd160(),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn sha1() -> MessageDigest {
|
||||||
|
unsafe {
|
||||||
|
MessageDigest(ffi::EVP_sha1())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sha224() -> MessageDigest {
|
||||||
|
unsafe {
|
||||||
|
MessageDigest(ffi::EVP_sha224())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sha256() -> MessageDigest {
|
||||||
|
unsafe {
|
||||||
|
MessageDigest(ffi::EVP_sha256())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sha384() -> MessageDigest {
|
||||||
|
unsafe {
|
||||||
|
MessageDigest(ffi::EVP_sha384())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sha512() -> MessageDigest {
|
||||||
|
unsafe {
|
||||||
|
MessageDigest(ffi::EVP_sha512())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn ripemd160() -> MessageDigest {
|
||||||
|
unsafe {
|
||||||
|
MessageDigest(ffi::EVP_ripemd160())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn as_ptr(&self) -> *const ffi::EVP_MD {
|
||||||
|
self.0
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -68,20 +77,22 @@ use self::State::*;
|
||||||
/// Calculate a hash in one go.
|
/// Calculate a hash in one go.
|
||||||
///
|
///
|
||||||
/// ```
|
/// ```
|
||||||
/// use openssl::crypto::hash::{hash, Type};
|
/// use openssl::crypto::hash::{hash, MessageDigest};
|
||||||
|
///
|
||||||
/// let data = b"\x42\xF4\x97\xE0";
|
/// let data = b"\x42\xF4\x97\xE0";
|
||||||
/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2";
|
/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2";
|
||||||
/// let res = hash(Type::MD5, data).unwrap();
|
/// let res = hash(MessageDigest::md5(), data).unwrap();
|
||||||
/// assert_eq!(res, spec);
|
/// assert_eq!(res, spec);
|
||||||
/// ```
|
/// ```
|
||||||
///
|
///
|
||||||
/// Use the `Write` trait to supply the input in chunks.
|
/// Use the `Write` trait to supply the input in chunks.
|
||||||
///
|
///
|
||||||
/// ```
|
/// ```
|
||||||
/// use openssl::crypto::hash::{Hasher, Type};
|
/// use openssl::crypto::hash::{Hasher, MessageDigest};
|
||||||
|
///
|
||||||
/// let data = [b"\x42\xF4", b"\x97\xE0"];
|
/// let data = [b"\x42\xF4", b"\x97\xE0"];
|
||||||
/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2";
|
/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2";
|
||||||
/// let mut h = Hasher::new(Type::MD5).unwrap();
|
/// let mut h = Hasher::new(MessageDigest::md5()).unwrap();
|
||||||
/// h.update(data[0]).unwrap();
|
/// h.update(data[0]).unwrap();
|
||||||
/// h.update(data[1]).unwrap();
|
/// h.update(data[1]).unwrap();
|
||||||
/// let res = h.finish().unwrap();
|
/// let res = h.finish().unwrap();
|
||||||
|
|
@ -96,21 +107,20 @@ use self::State::*;
|
||||||
pub struct Hasher {
|
pub struct Hasher {
|
||||||
ctx: *mut ffi::EVP_MD_CTX,
|
ctx: *mut ffi::EVP_MD_CTX,
|
||||||
md: *const ffi::EVP_MD,
|
md: *const ffi::EVP_MD,
|
||||||
type_: Type,
|
type_: MessageDigest,
|
||||||
state: State,
|
state: State,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Hasher {
|
impl Hasher {
|
||||||
/// Creates a new `Hasher` with the specified hash type.
|
/// Creates a new `Hasher` with the specified hash type.
|
||||||
pub fn new(ty: Type) -> Result<Hasher, ErrorStack> {
|
pub fn new(ty: MessageDigest) -> Result<Hasher, ErrorStack> {
|
||||||
ffi::init();
|
ffi::init();
|
||||||
|
|
||||||
let ctx = unsafe { try_ssl_null!(EVP_MD_CTX_new()) };
|
let ctx = unsafe { try_ssl_null!(EVP_MD_CTX_new()) };
|
||||||
let md = ty.evp_md();
|
|
||||||
|
|
||||||
let mut h = Hasher {
|
let mut h = Hasher {
|
||||||
ctx: ctx,
|
ctx: ctx,
|
||||||
md: md,
|
md: ty.as_ptr(),
|
||||||
type_: ty,
|
type_: ty,
|
||||||
state: Finalized,
|
state: Finalized,
|
||||||
};
|
};
|
||||||
|
|
@ -204,7 +214,7 @@ impl Drop for Hasher {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Computes the hash of the `data` with the hash `t`.
|
/// Computes the hash of the `data` with the hash `t`.
|
||||||
pub fn hash(t: Type, data: &[u8]) -> Result<Vec<u8>, ErrorStack> {
|
pub fn hash(t: MessageDigest, data: &[u8]) -> Result<Vec<u8>, ErrorStack> {
|
||||||
let mut h = try!(Hasher::new(t));
|
let mut h = try!(Hasher::new(t));
|
||||||
try!(h.update(data));
|
try!(h.update(data));
|
||||||
h.finish()
|
h.finish()
|
||||||
|
|
@ -213,10 +223,10 @@ pub fn hash(t: Type, data: &[u8]) -> Result<Vec<u8>, ErrorStack> {
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use serialize::hex::{FromHex, ToHex};
|
use serialize::hex::{FromHex, ToHex};
|
||||||
use super::{hash, Hasher, Type};
|
use super::{hash, Hasher, MessageDigest};
|
||||||
use std::io::prelude::*;
|
use std::io::prelude::*;
|
||||||
|
|
||||||
fn hash_test(hashtype: Type, hashtest: &(&str, &str)) {
|
fn hash_test(hashtype: MessageDigest, hashtest: &(&str, &str)) {
|
||||||
let res = hash(hashtype, &*hashtest.0.from_hex().unwrap()).unwrap();
|
let res = hash(hashtype, &*hashtest.0.from_hex().unwrap()).unwrap();
|
||||||
assert_eq!(res.to_hex(), hashtest.1);
|
assert_eq!(res.to_hex(), hashtest.1);
|
||||||
}
|
}
|
||||||
|
|
@ -259,13 +269,13 @@ mod tests {
|
||||||
#[test]
|
#[test]
|
||||||
fn test_md5() {
|
fn test_md5() {
|
||||||
for test in md5_tests.iter() {
|
for test in md5_tests.iter() {
|
||||||
hash_test(Type::MD5, test);
|
hash_test(MessageDigest::md5(), test);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_md5_recycle() {
|
fn test_md5_recycle() {
|
||||||
let mut h = Hasher::new(Type::MD5).unwrap();
|
let mut h = Hasher::new(MessageDigest::md5()).unwrap();
|
||||||
for test in md5_tests.iter() {
|
for test in md5_tests.iter() {
|
||||||
hash_recycle_test(&mut h, test);
|
hash_recycle_test(&mut h, test);
|
||||||
}
|
}
|
||||||
|
|
@ -273,11 +283,11 @@ mod tests {
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_finish_twice() {
|
fn test_finish_twice() {
|
||||||
let mut h = Hasher::new(Type::MD5).unwrap();
|
let mut h = Hasher::new(MessageDigest::md5()).unwrap();
|
||||||
h.write_all(&*md5_tests[6].0.from_hex().unwrap()).unwrap();
|
h.write_all(&*md5_tests[6].0.from_hex().unwrap()).unwrap();
|
||||||
h.finish().unwrap();
|
h.finish().unwrap();
|
||||||
let res = h.finish().unwrap();
|
let res = h.finish().unwrap();
|
||||||
let null = hash(Type::MD5, &[]).unwrap();
|
let null = hash(MessageDigest::md5(), &[]).unwrap();
|
||||||
assert_eq!(res, null);
|
assert_eq!(res, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -287,7 +297,7 @@ mod tests {
|
||||||
let inp = md5_tests[i].0.from_hex().unwrap();
|
let inp = md5_tests[i].0.from_hex().unwrap();
|
||||||
assert!(inp.len() > 2);
|
assert!(inp.len() > 2);
|
||||||
let p = inp.len() / 2;
|
let p = inp.len() / 2;
|
||||||
let h0 = Hasher::new(Type::MD5).unwrap();
|
let h0 = Hasher::new(MessageDigest::md5()).unwrap();
|
||||||
|
|
||||||
println!("Clone a new hasher");
|
println!("Clone a new hasher");
|
||||||
let mut h1 = h0.clone();
|
let mut h1 = h0.clone();
|
||||||
|
|
@ -315,7 +325,7 @@ mod tests {
|
||||||
let tests = [("616263", "a9993e364706816aba3e25717850c26c9cd0d89d")];
|
let tests = [("616263", "a9993e364706816aba3e25717850c26c9cd0d89d")];
|
||||||
|
|
||||||
for test in tests.iter() {
|
for test in tests.iter() {
|
||||||
hash_test(Type::SHA1, test);
|
hash_test(MessageDigest::sha1(), test);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -325,7 +335,7 @@ mod tests {
|
||||||
"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")];
|
"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")];
|
||||||
|
|
||||||
for test in tests.iter() {
|
for test in tests.iter() {
|
||||||
hash_test(Type::SHA256, test);
|
hash_test(MessageDigest::sha256(), test);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -334,7 +344,7 @@ mod tests {
|
||||||
let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")];
|
let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")];
|
||||||
|
|
||||||
for test in tests.iter() {
|
for test in tests.iter() {
|
||||||
hash_test(Type::RIPEMD160, test);
|
hash_test(MessageDigest::ripemd160(), test);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,7 @@ mod compat {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use crypto::hash::Type::SHA1;
|
use crypto::hash::MessageDigest;
|
||||||
use serialize::hex::ToHex;
|
use serialize::hex::ToHex;
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
@ -108,11 +108,11 @@ mod test {
|
||||||
let pkcs12 = Pkcs12::from_der(der).unwrap();
|
let pkcs12 = Pkcs12::from_der(der).unwrap();
|
||||||
let parsed = pkcs12.parse("mypass").unwrap();
|
let parsed = pkcs12.parse("mypass").unwrap();
|
||||||
|
|
||||||
assert_eq!(parsed.cert.fingerprint(SHA1).unwrap().to_hex(),
|
assert_eq!(parsed.cert.fingerprint(MessageDigest::sha1()).unwrap().to_hex(),
|
||||||
"59172d9313e84459bcff27f967e79e6e9217e584");
|
"59172d9313e84459bcff27f967e79e6e9217e584");
|
||||||
|
|
||||||
assert_eq!(parsed.chain.len(), 1);
|
assert_eq!(parsed.chain.len(), 1);
|
||||||
assert_eq!(parsed.chain[0].fingerprint(SHA1).unwrap().to_hex(),
|
assert_eq!(parsed.chain[0].fingerprint(MessageDigest::sha1()).unwrap().to_hex(),
|
||||||
"c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875");
|
"c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,7 @@ use libc::c_int;
|
||||||
use std::ptr;
|
use std::ptr;
|
||||||
use ffi;
|
use ffi;
|
||||||
|
|
||||||
use HashTypeInternals;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::hash;
|
|
||||||
use crypto::symm;
|
use crypto::symm;
|
||||||
use error::ErrorStack;
|
use error::ErrorStack;
|
||||||
|
|
||||||
|
|
@ -24,7 +23,7 @@ pub struct KeyIvPair {
|
||||||
/// New applications should not use this and instead use `pbkdf2_hmac_sha1` or
|
/// New applications should not use this and instead use `pbkdf2_hmac_sha1` or
|
||||||
/// another more modern key derivation algorithm.
|
/// another more modern key derivation algorithm.
|
||||||
pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type,
|
pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type,
|
||||||
message_digest_type: hash::Type,
|
message_digest_type: MessageDigest,
|
||||||
data: &[u8],
|
data: &[u8],
|
||||||
salt: Option<&[u8]>,
|
salt: Option<&[u8]>,
|
||||||
count: u32)
|
count: u32)
|
||||||
|
|
@ -41,7 +40,7 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type,
|
||||||
ffi::init();
|
ffi::init();
|
||||||
|
|
||||||
let typ = typ.as_ptr();
|
let typ = typ.as_ptr();
|
||||||
let message_digest_type = message_digest_type.evp_md();
|
let message_digest_type = message_digest_type.as_ptr();
|
||||||
|
|
||||||
let len = ffi::EVP_BytesToKey(typ,
|
let len = ffi::EVP_BytesToKey(typ,
|
||||||
message_digest_type,
|
message_digest_type,
|
||||||
|
|
@ -97,7 +96,7 @@ pub fn pbkdf2_hmac_sha1(pass: &[u8],
|
||||||
pub fn pbkdf2_hmac(pass: &[u8],
|
pub fn pbkdf2_hmac(pass: &[u8],
|
||||||
salt: &[u8],
|
salt: &[u8],
|
||||||
iter: usize,
|
iter: usize,
|
||||||
hash: hash::Type,
|
hash: MessageDigest,
|
||||||
keylen: usize)
|
keylen: usize)
|
||||||
-> Result<Vec<u8>, ErrorStack> {
|
-> Result<Vec<u8>, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
|
|
@ -108,7 +107,7 @@ pub fn pbkdf2_hmac(pass: &[u8],
|
||||||
salt.as_ptr(),
|
salt.as_ptr(),
|
||||||
salt.len() as c_int,
|
salt.len() as c_int,
|
||||||
iter as c_int,
|
iter as c_int,
|
||||||
hash.evp_md(),
|
hash.as_ptr(),
|
||||||
keylen as c_int,
|
keylen as c_int,
|
||||||
out.as_mut_ptr()));
|
out.as_mut_ptr()));
|
||||||
Ok(out)
|
Ok(out)
|
||||||
|
|
@ -117,7 +116,7 @@ pub fn pbkdf2_hmac(pass: &[u8],
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use crypto::hash;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::symm;
|
use crypto::symm;
|
||||||
|
|
||||||
// Test vectors from
|
// Test vectors from
|
||||||
|
|
@ -162,11 +161,11 @@ mod tests {
|
||||||
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
||||||
#[test]
|
#[test]
|
||||||
fn test_pbkdf2_hmac_sha256() {
|
fn test_pbkdf2_hmac_sha256() {
|
||||||
assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, hash::Type::SHA256, 16).unwrap(),
|
assert_eq!(super::pbkdf2_hmac(b"passwd", b"salt", 1, MessageDigest::sha256(), 16).unwrap(),
|
||||||
vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8,
|
vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8,
|
||||||
0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]);
|
0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]);
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac(b"Password", b"NaCl", 80000, hash::Type::SHA256, 16).unwrap(),
|
assert_eq!(super::pbkdf2_hmac(b"Password", b"NaCl", 80000, MessageDigest::sha256(), 16).unwrap(),
|
||||||
vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8,
|
vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8,
|
||||||
0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]);
|
0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]);
|
||||||
}
|
}
|
||||||
|
|
@ -175,7 +174,7 @@ mod tests {
|
||||||
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
// https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
|
||||||
#[test]
|
#[test]
|
||||||
fn test_pbkdf2_hmac_sha512() {
|
fn test_pbkdf2_hmac_sha512() {
|
||||||
assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, hash::Type::SHA512, 64).unwrap(),
|
assert_eq!(super::pbkdf2_hmac(b"password", b"NaCL", 1, MessageDigest::sha512(), 64).unwrap(),
|
||||||
vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8,
|
vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8,
|
||||||
0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8,
|
0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8,
|
||||||
0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8,
|
0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8,
|
||||||
|
|
@ -185,7 +184,7 @@ mod tests {
|
||||||
0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8,
|
0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8,
|
||||||
0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]);
|
0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]);
|
||||||
|
|
||||||
assert_eq!(super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, hash::Type::SHA512, 64).unwrap(),
|
assert_eq!(super::pbkdf2_hmac(b"pass\0word", b"sa\0lt", 1, MessageDigest::sha512(), 64).unwrap(),
|
||||||
vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8,
|
vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8,
|
||||||
0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8,
|
0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8,
|
||||||
0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8,
|
0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8,
|
||||||
|
|
@ -198,7 +197,7 @@ mod tests {
|
||||||
assert_eq!(super::pbkdf2_hmac(b"passwordPASSWORDpassword",
|
assert_eq!(super::pbkdf2_hmac(b"passwordPASSWORDpassword",
|
||||||
b"salt\0\0\0",
|
b"salt\0\0\0",
|
||||||
50,
|
50,
|
||||||
hash::Type::SHA512,
|
MessageDigest::sha512(),
|
||||||
64).unwrap(),
|
64).unwrap(),
|
||||||
vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8,
|
vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8,
|
||||||
0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8,
|
0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8,
|
||||||
|
|
@ -230,7 +229,7 @@ mod tests {
|
||||||
0_u8, 0_u8, 0_u8];
|
0_u8, 0_u8, 0_u8];
|
||||||
|
|
||||||
assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(symm::Type::AES_256_CBC,
|
assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(symm::Type::AES_256_CBC,
|
||||||
hash::Type::SHA1,
|
MessageDigest::sha1(),
|
||||||
&data,
|
&data,
|
||||||
Some(&salt),
|
Some(&salt),
|
||||||
1).unwrap(),
|
1).unwrap(),
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
//! use openssl::crypto::sign::{Signer, Verifier};
|
//! use openssl::crypto::sign::{Signer, Verifier};
|
||||||
//! use openssl::crypto::rsa::RSA;
|
//! use openssl::crypto::rsa::RSA;
|
||||||
//! use openssl::crypto::pkey::PKey;
|
//! use openssl::crypto::pkey::PKey;
|
||||||
//! use openssl::crypto::hash::Type;
|
//! use openssl::crypto::hash::MessageDigest;
|
||||||
//!
|
//!
|
||||||
//! // Generate a keypair
|
//! // Generate a keypair
|
||||||
//! let keypair = RSA::generate(2048).unwrap();
|
//! let keypair = RSA::generate(2048).unwrap();
|
||||||
|
|
@ -23,13 +23,13 @@
|
||||||
//! let data2 = b"hola, mundo!";
|
//! let data2 = b"hola, mundo!";
|
||||||
//!
|
//!
|
||||||
//! // Sign the data
|
//! // Sign the data
|
||||||
//! let mut signer = Signer::new(Type::SHA256, &keypair).unwrap();
|
//! let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
|
||||||
//! signer.update(data).unwrap();
|
//! signer.update(data).unwrap();
|
||||||
//! signer.update(data2).unwrap();
|
//! signer.update(data2).unwrap();
|
||||||
//! let signature = signer.finish().unwrap();
|
//! let signature = signer.finish().unwrap();
|
||||||
//!
|
//!
|
||||||
//! // Verify the data
|
//! // Verify the data
|
||||||
//! let mut verifier = Verifier::new(Type::SHA256, &keypair).unwrap();
|
//! let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap();
|
||||||
//! verifier.update(data).unwrap();
|
//! verifier.update(data).unwrap();
|
||||||
//! verifier.update(data2).unwrap();
|
//! verifier.update(data2).unwrap();
|
||||||
//! assert!(verifier.finish(&signature).unwrap());
|
//! assert!(verifier.finish(&signature).unwrap());
|
||||||
|
|
@ -40,7 +40,7 @@
|
||||||
//! ```rust
|
//! ```rust
|
||||||
//! use openssl::crypto::sign::Signer;
|
//! use openssl::crypto::sign::Signer;
|
||||||
//! use openssl::crypto::pkey::PKey;
|
//! use openssl::crypto::pkey::PKey;
|
||||||
//! use openssl::crypto::hash::Type;
|
//! use openssl::crypto::hash::MessageDigest;
|
||||||
//!
|
//!
|
||||||
//! // Create a PKey
|
//! // Create a PKey
|
||||||
//! let key = PKey::hmac(b"my secret").unwrap();
|
//! let key = PKey::hmac(b"my secret").unwrap();
|
||||||
|
|
@ -49,7 +49,7 @@
|
||||||
//! let data2 = b"hola, mundo!";
|
//! let data2 = b"hola, mundo!";
|
||||||
//!
|
//!
|
||||||
//! // Compute the HMAC
|
//! // Compute the HMAC
|
||||||
//! let mut signer = Signer::new(Type::SHA256, &key).unwrap();
|
//! let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
|
||||||
//! signer.update(data).unwrap();
|
//! signer.update(data).unwrap();
|
||||||
//! signer.update(data2).unwrap();
|
//! signer.update(data2).unwrap();
|
||||||
//! let hmac = signer.finish().unwrap();
|
//! let hmac = signer.finish().unwrap();
|
||||||
|
|
@ -59,8 +59,7 @@ use std::io::{self, Write};
|
||||||
use std::marker::PhantomData;
|
use std::marker::PhantomData;
|
||||||
use std::ptr;
|
use std::ptr;
|
||||||
|
|
||||||
use HashTypeInternals;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::hash::Type;
|
|
||||||
use crypto::pkey::PKey;
|
use crypto::pkey::PKey;
|
||||||
use error::ErrorStack;
|
use error::ErrorStack;
|
||||||
|
|
||||||
|
|
@ -80,14 +79,14 @@ impl<'a> Drop for Signer<'a> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> Signer<'a> {
|
impl<'a> Signer<'a> {
|
||||||
pub fn new(type_: Type, pkey: &'a PKey) -> Result<Signer<'a>, ErrorStack> {
|
pub fn new(type_: MessageDigest, pkey: &'a PKey) -> Result<Signer<'a>, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
ffi::init();
|
ffi::init();
|
||||||
|
|
||||||
let ctx = try_ssl_null!(EVP_MD_CTX_new());
|
let ctx = try_ssl_null!(EVP_MD_CTX_new());
|
||||||
let r = ffi::EVP_DigestSignInit(ctx,
|
let r = ffi::EVP_DigestSignInit(ctx,
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
type_.evp_md(),
|
type_.as_ptr(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
pkey.as_ptr());
|
pkey.as_ptr());
|
||||||
if r != 1 {
|
if r != 1 {
|
||||||
|
|
@ -142,14 +141,14 @@ impl<'a> Drop for Verifier<'a> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> Verifier<'a> {
|
impl<'a> Verifier<'a> {
|
||||||
pub fn new(type_: Type, pkey: &'a PKey) -> Result<Verifier<'a>, ErrorStack> {
|
pub fn new(type_: MessageDigest, pkey: &'a PKey) -> Result<Verifier<'a>, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
ffi::init();
|
ffi::init();
|
||||||
|
|
||||||
let ctx = try_ssl_null!(EVP_MD_CTX_new());
|
let ctx = try_ssl_null!(EVP_MD_CTX_new());
|
||||||
let r = ffi::EVP_DigestVerifyInit(ctx,
|
let r = ffi::EVP_DigestVerifyInit(ctx,
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
type_.evp_md(),
|
type_.as_ptr(),
|
||||||
ptr::null_mut(),
|
ptr::null_mut(),
|
||||||
pkey.as_ptr());
|
pkey.as_ptr());
|
||||||
if r != 1 {
|
if r != 1 {
|
||||||
|
|
@ -212,7 +211,7 @@ mod test {
|
||||||
use serialize::hex::FromHex;
|
use serialize::hex::FromHex;
|
||||||
use std::iter;
|
use std::iter;
|
||||||
|
|
||||||
use crypto::hash::Type;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::sign::{Signer, Verifier};
|
use crypto::sign::{Signer, Verifier};
|
||||||
use crypto::rsa::RSA;
|
use crypto::rsa::RSA;
|
||||||
use crypto::dsa::DSA;
|
use crypto::dsa::DSA;
|
||||||
|
|
@ -248,7 +247,7 @@ mod test {
|
||||||
let private_key = RSA::private_key_from_pem(key).unwrap();
|
let private_key = RSA::private_key_from_pem(key).unwrap();
|
||||||
let pkey = PKey::from_rsa(private_key).unwrap();
|
let pkey = PKey::from_rsa(private_key).unwrap();
|
||||||
|
|
||||||
let mut signer = Signer::new(Type::SHA256, &pkey).unwrap();
|
let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
|
||||||
signer.update(INPUT).unwrap();
|
signer.update(INPUT).unwrap();
|
||||||
let result = signer.finish().unwrap();
|
let result = signer.finish().unwrap();
|
||||||
|
|
||||||
|
|
@ -261,7 +260,7 @@ mod test {
|
||||||
let private_key = RSA::private_key_from_pem(key).unwrap();
|
let private_key = RSA::private_key_from_pem(key).unwrap();
|
||||||
let pkey = PKey::from_rsa(private_key).unwrap();
|
let pkey = PKey::from_rsa(private_key).unwrap();
|
||||||
|
|
||||||
let mut verifier = Verifier::new(Type::SHA256, &pkey).unwrap();
|
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
|
||||||
verifier.update(INPUT).unwrap();
|
verifier.update(INPUT).unwrap();
|
||||||
assert!(verifier.finish(SIGNATURE).unwrap());
|
assert!(verifier.finish(SIGNATURE).unwrap());
|
||||||
}
|
}
|
||||||
|
|
@ -272,7 +271,7 @@ mod test {
|
||||||
let private_key = RSA::private_key_from_pem(key).unwrap();
|
let private_key = RSA::private_key_from_pem(key).unwrap();
|
||||||
let pkey = PKey::from_rsa(private_key).unwrap();
|
let pkey = PKey::from_rsa(private_key).unwrap();
|
||||||
|
|
||||||
let mut verifier = Verifier::new(Type::SHA256, &pkey).unwrap();
|
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
|
||||||
verifier.update(INPUT).unwrap();
|
verifier.update(INPUT).unwrap();
|
||||||
verifier.update(b"foobar").unwrap();
|
verifier.update(b"foobar").unwrap();
|
||||||
assert!(!verifier.finish(SIGNATURE).unwrap());
|
assert!(!verifier.finish(SIGNATURE).unwrap());
|
||||||
|
|
@ -292,11 +291,11 @@ mod test {
|
||||||
PKey::from_dsa(DSA::public_key_from_pem(key).unwrap()).unwrap()
|
PKey::from_dsa(DSA::public_key_from_pem(key).unwrap()).unwrap()
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut signer = Signer::new(Type::SHA1, &private_key).unwrap();
|
let mut signer = Signer::new(MessageDigest::sha1(), &private_key).unwrap();
|
||||||
signer.update(&input).unwrap();
|
signer.update(&input).unwrap();
|
||||||
let sig = signer.finish().unwrap();
|
let sig = signer.finish().unwrap();
|
||||||
|
|
||||||
let mut verifier = Verifier::new(Type::SHA1, &public_key).unwrap();
|
let mut verifier = Verifier::new(MessageDigest::sha1(), &public_key).unwrap();
|
||||||
verifier.update(&input).unwrap();
|
verifier.update(&input).unwrap();
|
||||||
assert!(verifier.finish(&sig).unwrap());
|
assert!(verifier.finish(&sig).unwrap());
|
||||||
}
|
}
|
||||||
|
|
@ -315,12 +314,12 @@ mod test {
|
||||||
PKey::from_dsa(DSA::public_key_from_pem(key).unwrap()).unwrap()
|
PKey::from_dsa(DSA::public_key_from_pem(key).unwrap()).unwrap()
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut signer = Signer::new(Type::SHA1, &private_key).unwrap();
|
let mut signer = Signer::new(MessageDigest::sha1(), &private_key).unwrap();
|
||||||
signer.update(&input).unwrap();
|
signer.update(&input).unwrap();
|
||||||
let mut sig = signer.finish().unwrap();
|
let mut sig = signer.finish().unwrap();
|
||||||
sig[0] -= 1;
|
sig[0] -= 1;
|
||||||
|
|
||||||
let mut verifier = Verifier::new(Type::SHA1, &public_key).unwrap();
|
let mut verifier = Verifier::new(MessageDigest::sha1(), &public_key).unwrap();
|
||||||
verifier.update(&input).unwrap();
|
verifier.update(&input).unwrap();
|
||||||
match verifier.finish(&sig) {
|
match verifier.finish(&sig) {
|
||||||
Ok(true) => panic!("unexpected success"),
|
Ok(true) => panic!("unexpected success"),
|
||||||
|
|
@ -328,7 +327,7 @@ mod test {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn test_hmac(ty: Type, tests: &[(Vec<u8>, Vec<u8>, Vec<u8>)]) {
|
fn test_hmac(ty: MessageDigest, tests: &[(Vec<u8>, Vec<u8>, Vec<u8>)]) {
|
||||||
for &(ref key, ref data, ref res) in tests.iter() {
|
for &(ref key, ref data, ref res) in tests.iter() {
|
||||||
let pkey = PKey::hmac(key).unwrap();
|
let pkey = PKey::hmac(key).unwrap();
|
||||||
let mut signer = Signer::new(ty, &pkey).unwrap();
|
let mut signer = Signer::new(ty, &pkey).unwrap();
|
||||||
|
|
@ -365,7 +364,7 @@ mod test {
|
||||||
.to_vec(),
|
.to_vec(),
|
||||||
"6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())];
|
"6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())];
|
||||||
|
|
||||||
test_hmac(Type::MD5, &tests);
|
test_hmac(MessageDigest::md5(), &tests);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|
@ -396,6 +395,6 @@ mod test {
|
||||||
.to_vec(),
|
.to_vec(),
|
||||||
"e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())];
|
"e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())];
|
||||||
|
|
||||||
test_hmac(Type::SHA1, &tests);
|
test_hmac(MessageDigest::sha1(), &tests);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,6 @@ extern crate tempdir;
|
||||||
#[doc(inline)]
|
#[doc(inline)]
|
||||||
pub use ffi::init;
|
pub use ffi::init;
|
||||||
|
|
||||||
use nid::Nid;
|
|
||||||
|
|
||||||
mod macros;
|
mod macros;
|
||||||
|
|
||||||
pub mod asn1;
|
pub mod asn1;
|
||||||
|
|
@ -30,8 +28,3 @@ pub mod nid;
|
||||||
pub mod ssl;
|
pub mod ssl;
|
||||||
pub mod version;
|
pub mod version;
|
||||||
pub mod x509;
|
pub mod x509;
|
||||||
|
|
||||||
trait HashTypeInternals {
|
|
||||||
fn as_nid(&self) -> Nid;
|
|
||||||
fn evp_md(&self) -> *const ffi::EVP_MD;
|
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ use std::time::Duration;
|
||||||
|
|
||||||
use tempdir::TempDir;
|
use tempdir::TempDir;
|
||||||
|
|
||||||
use crypto::hash::Type::SHA256;
|
use crypto::hash::MessageDigest;
|
||||||
use ssl;
|
use ssl;
|
||||||
use ssl::SSL_VERIFY_PEER;
|
use ssl::SSL_VERIFY_PEER;
|
||||||
use ssl::SslMethod::Tls;
|
use ssl::SslMethod::Tls;
|
||||||
|
|
@ -171,7 +171,7 @@ macro_rules! run_test(
|
||||||
use ssl::SslMethod;
|
use ssl::SslMethod;
|
||||||
use ssl::{SslContext, Ssl, SslStream};
|
use ssl::{SslContext, Ssl, SslStream};
|
||||||
use ssl::SSL_VERIFY_PEER;
|
use ssl::SSL_VERIFY_PEER;
|
||||||
use crypto::hash::Type::{SHA1, SHA256};
|
use crypto::hash::MessageDigest;
|
||||||
use x509::X509StoreContext;
|
use x509::X509StoreContext;
|
||||||
use serialize::hex::FromHex;
|
use serialize::hex::FromHex;
|
||||||
use super::Server;
|
use super::Server;
|
||||||
|
|
@ -314,7 +314,7 @@ run_test!(verify_callback_data, |method, stream| {
|
||||||
match cert {
|
match cert {
|
||||||
None => false,
|
None => false,
|
||||||
Some(cert) => {
|
Some(cert) => {
|
||||||
let fingerprint = cert.fingerprint(SHA1).unwrap();
|
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
|
||||||
fingerprint == node_id
|
fingerprint == node_id
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -343,7 +343,7 @@ run_test!(ssl_verify_callback, |method, stream| {
|
||||||
match x509.current_cert() {
|
match x509.current_cert() {
|
||||||
None => false,
|
None => false,
|
||||||
Some(cert) => {
|
Some(cert) => {
|
||||||
let fingerprint = cert.fingerprint(SHA1).unwrap();
|
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
|
||||||
fingerprint == node_id
|
fingerprint == node_id
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -440,7 +440,7 @@ fn test_write_direct() {
|
||||||
run_test!(get_peer_certificate, |method, stream| {
|
run_test!(get_peer_certificate, |method, stream| {
|
||||||
let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap();
|
let stream = SslStream::connect(&SslContext::new(method).unwrap(), stream).unwrap();
|
||||||
let cert = stream.ssl().peer_certificate().unwrap();
|
let cert = stream.ssl().peer_certificate().unwrap();
|
||||||
let fingerprint = cert.fingerprint(SHA1).unwrap();
|
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
|
||||||
let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
|
let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
|
||||||
let node_id = node_hash_str.from_hex().unwrap();
|
let node_id = node_hash_str.from_hex().unwrap();
|
||||||
assert_eq!(node_id, fingerprint)
|
assert_eq!(node_id, fingerprint)
|
||||||
|
|
@ -797,7 +797,7 @@ mod dtlsv1 {
|
||||||
use std::net::TcpStream;
|
use std::net::TcpStream;
|
||||||
use std::thread;
|
use std::thread;
|
||||||
|
|
||||||
use crypto::hash::Type::SHA256;
|
use crypto::hash::MessageDigest;
|
||||||
use ssl::SslMethod;
|
use ssl::SslMethod;
|
||||||
use ssl::SslMethod::Dtls;
|
use ssl::SslMethod::Dtls;
|
||||||
use ssl::{SslContext, SslStream};
|
use ssl::{SslContext, SslStream};
|
||||||
|
|
|
||||||
|
|
@ -10,13 +10,10 @@ use std::slice;
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use std::marker::PhantomData;
|
use std::marker::PhantomData;
|
||||||
|
|
||||||
use HashTypeInternals;
|
|
||||||
use asn1::Asn1Time;
|
use asn1::Asn1Time;
|
||||||
use asn1::Asn1TimeRef;
|
use asn1::Asn1TimeRef;
|
||||||
|
|
||||||
use bio::{MemBio, MemBioSlice};
|
use bio::{MemBio, MemBioSlice};
|
||||||
use crypto::hash;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::hash::Type as HashType;
|
|
||||||
use crypto::pkey::PKey;
|
use crypto::pkey::PKey;
|
||||||
use crypto::rand::rand_bytes;
|
use crypto::rand::rand_bytes;
|
||||||
use ffi;
|
use ffi;
|
||||||
|
|
@ -129,7 +126,7 @@ impl X509StoreContext {
|
||||||
/// # Example
|
/// # Example
|
||||||
///
|
///
|
||||||
/// ```
|
/// ```
|
||||||
/// use openssl::crypto::hash::Type;
|
/// use openssl::crypto::hash::MessageDigest;
|
||||||
/// use openssl::crypto::pkey::PKey;
|
/// use openssl::crypto::pkey::PKey;
|
||||||
/// use openssl::crypto::rsa::RSA;
|
/// use openssl::crypto::rsa::RSA;
|
||||||
/// use openssl::x509::X509Generator;
|
/// use openssl::x509::X509Generator;
|
||||||
|
|
@ -141,7 +138,7 @@ impl X509StoreContext {
|
||||||
/// let gen = X509Generator::new()
|
/// let gen = X509Generator::new()
|
||||||
/// .set_valid_period(365*2)
|
/// .set_valid_period(365*2)
|
||||||
/// .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
|
/// .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
|
||||||
/// .set_sign_hash(Type::SHA256)
|
/// .set_sign_hash(MessageDigest::sha256())
|
||||||
/// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));
|
/// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));
|
||||||
///
|
///
|
||||||
/// let cert = gen.sign(&pkey).unwrap();
|
/// let cert = gen.sign(&pkey).unwrap();
|
||||||
|
|
@ -152,7 +149,7 @@ pub struct X509Generator {
|
||||||
days: u32,
|
days: u32,
|
||||||
names: Vec<(String, String)>,
|
names: Vec<(String, String)>,
|
||||||
extensions: Extensions,
|
extensions: Extensions,
|
||||||
hash_type: HashType,
|
hash_type: MessageDigest,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl X509Generator {
|
impl X509Generator {
|
||||||
|
|
@ -168,7 +165,7 @@ impl X509Generator {
|
||||||
days: 365,
|
days: 365,
|
||||||
names: vec![],
|
names: vec![],
|
||||||
extensions: Extensions::new(),
|
extensions: Extensions::new(),
|
||||||
hash_type: HashType::SHA1,
|
hash_type: MessageDigest::sha1(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -239,7 +236,7 @@ impl X509Generator {
|
||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn set_sign_hash(mut self, hash_type: hash::Type) -> X509Generator {
|
pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator {
|
||||||
self.hash_type = hash_type;
|
self.hash_type = hash_type;
|
||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
@ -358,7 +355,7 @@ impl X509Generator {
|
||||||
&ext.to_string()));
|
&ext.to_string()));
|
||||||
}
|
}
|
||||||
|
|
||||||
let hash_fn = self.hash_type.evp_md();
|
let hash_fn = self.hash_type.as_ptr();
|
||||||
try_ssl!(ffi::X509_sign(x509.as_ptr(), p_key.as_ptr(), hash_fn));
|
try_ssl!(ffi::X509_sign(x509.as_ptr(), p_key.as_ptr(), hash_fn));
|
||||||
Ok(x509)
|
Ok(x509)
|
||||||
}
|
}
|
||||||
|
|
@ -380,7 +377,7 @@ impl X509Generator {
|
||||||
try_ssl!(ffi::X509_REQ_add_extensions(req, exts as *mut _));
|
try_ssl!(ffi::X509_REQ_add_extensions(req, exts as *mut _));
|
||||||
}
|
}
|
||||||
|
|
||||||
let hash_fn = self.hash_type.evp_md();
|
let hash_fn = self.hash_type.as_ptr();
|
||||||
try_ssl!(ffi::X509_REQ_sign(req, p_key.as_ptr(), hash_fn));
|
try_ssl!(ffi::X509_REQ_sign(req, p_key.as_ptr(), hash_fn));
|
||||||
|
|
||||||
Ok(X509Req::new(req))
|
Ok(X509Req::new(req))
|
||||||
|
|
@ -438,9 +435,9 @@ impl<'a> X509Ref<'a> {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returns certificate fingerprint calculated using provided hash
|
/// Returns certificate fingerprint calculated using provided hash
|
||||||
pub fn fingerprint(&self, hash_type: hash::Type) -> Result<Vec<u8>, ErrorStack> {
|
pub fn fingerprint(&self, hash_type: MessageDigest) -> Result<Vec<u8>, ErrorStack> {
|
||||||
unsafe {
|
unsafe {
|
||||||
let evp = hash_type.evp_md();
|
let evp = hash_type.as_ptr();
|
||||||
let mut len = ffi::EVP_MAX_MD_SIZE;
|
let mut len = ffi::EVP_MAX_MD_SIZE;
|
||||||
let mut buf = vec![0u8; len as usize];
|
let mut buf = vec![0u8; len as usize];
|
||||||
try_ssl!(ffi::X509_digest(self.0, evp, buf.as_mut_ptr() as *mut _, &mut len));
|
try_ssl!(ffi::X509_digest(self.0, evp, buf.as_mut_ptr() as *mut _, &mut len));
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
use serialize::hex::FromHex;
|
use serialize::hex::FromHex;
|
||||||
|
|
||||||
use crypto::hash::Type::SHA1;
|
use crypto::hash::MessageDigest;
|
||||||
use crypto::pkey::PKey;
|
use crypto::pkey::PKey;
|
||||||
use crypto::rsa::RSA;
|
use crypto::rsa::RSA;
|
||||||
use x509::{X509, X509Generator};
|
use x509::{X509, X509Generator};
|
||||||
|
|
@ -14,7 +14,7 @@ fn get_generator() -> X509Generator {
|
||||||
X509Generator::new()
|
X509Generator::new()
|
||||||
.set_valid_period(365 * 2)
|
.set_valid_period(365 * 2)
|
||||||
.add_name("CN".to_string(), "test_me".to_string())
|
.add_name("CN".to_string(), "test_me".to_string())
|
||||||
.set_sign_hash(SHA1)
|
.set_sign_hash(MessageDigest::sha1())
|
||||||
.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
|
.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
|
||||||
.add_extension(ExtKeyUsage(vec![ClientAuth,
|
.add_extension(ExtKeyUsage(vec![ClientAuth,
|
||||||
ServerAuth,
|
ServerAuth,
|
||||||
|
|
@ -83,7 +83,7 @@ fn test_req_gen() {
|
||||||
fn test_cert_loading() {
|
fn test_cert_loading() {
|
||||||
let cert = include_bytes!("../../test/cert.pem");
|
let cert = include_bytes!("../../test/cert.pem");
|
||||||
let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
|
let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
|
||||||
let fingerprint = cert.fingerprint(SHA1).unwrap();
|
let fingerprint = cert.fingerprint(MessageDigest::sha1()).unwrap();
|
||||||
|
|
||||||
let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
|
let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
|
||||||
let hash_vec = hash_str.from_hex().unwrap();
|
let hash_vec = hash_str.from_hex().unwrap();
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue