min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #389 from cmsd2/master 

expose rsa from raw private key and rsa sign and verify
This commit is contained in:
Steven Fackler 2016-05-06 15:12:19 -07:00
parent 6deb9c7f2a f82a1c4f75
commit dce59a63c5
5 changed files with 241 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssl-sys/src/lib.rs
View File

@ -627,6 +627,12 @@ extern "C" {
callback: Option<PasswordCallback>, callback: Option<PasswordCallback>,
user_data: *mut c_void) -> c_int; user_data: *mut c_void) -> c_int;
pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int;
pub fn PEM_write_bio_RSAPrivateKey(bp: *mut BIO, rsa: *mut RSA, cipher: *const EVP_CIPHER,
kstr: *mut c_char, klen: c_int,
callback: Option<PasswordCallback>,
user_data: *mut c_void) -> c_int;
pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *mut RSA) -> c_int;
pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int;
pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int;
pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int;

160
openssl/src/crypto/rsa.rs
View File

@ -2,10 +2,11 @@ use ffi;
use std::fmt; use std::fmt;
use ssl::error::{SslError, StreamError}; use ssl::error::{SslError, StreamError};
use std::ptr; use std::ptr;
use std::io::{self, Read}; use std::io::{self, Read, Write};
use bn::BigNum; use bn::BigNum;
use bio::MemBio; use bio::MemBio;
use nid::Nid;
pub struct RSA(*mut ffi::RSA); pub struct RSA(*mut ffi::RSA);
@ -28,6 +29,21 @@ impl RSA {
Ok(RSA(rsa)) Ok(RSA(rsa))
} }
} }
pub fn from_private_components(n: BigNum, e: BigNum, d: BigNum, p: BigNum, q: BigNum, dp: BigNum, dq: BigNum, qi: BigNum) -> Result<RSA, SslError> {
unsafe {
let rsa = try_ssl_null!(ffi::RSA_new());
(*rsa).n = n.into_raw();
(*rsa).e = e.into_raw();
(*rsa).d = d.into_raw();
(*rsa).p = p.into_raw();
(*rsa).q = q.into_raw();
(*rsa).dmp1 = dp.into_raw();
(*rsa).dmq1 = dq.into_raw();
(*rsa).iqmp = qi.into_raw();
Ok(RSA(rsa))
}
}
/// the caller should assert that the rsa pointer is valid. /// the caller should assert that the rsa pointer is valid.
pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA { pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA {
@ -49,6 +65,25 @@ impl RSA {
Ok(RSA(rsa)) Ok(RSA(rsa))
} }
} }
/// Writes an RSA private key as unencrypted PEM formatted data
pub fn private_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
where W: Write
{
let mut mem_bio = try!(MemBio::new());
let result = unsafe {
ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(), self.0, ptr::null(), ptr::null_mut(), 0, None, ptr::null_mut())
};
if result == 1 {
try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
Ok(())
} else {
Err(SslError::OpenSslErrors(vec![]))
}
}
/// Reads an RSA public key from PEM formatted data. /// Reads an RSA public key from PEM formatted data.
pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError> pub fn public_key_from_pem<R>(reader: &mut R) -> Result<RSA, SslError>
@ -65,6 +100,60 @@ impl RSA {
Ok(RSA(rsa)) Ok(RSA(rsa))
} }
} }
/// Writes an RSA public key as PEM formatted data
pub fn public_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
where W: Write
{
let mut mem_bio = try!(MemBio::new());
let result = unsafe {
ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0)
};
if result == 1 {
try!(io::copy(&mut mem_bio, writer).map_err(StreamError));
Ok(())
} else {
Err(SslError::OpenSslErrors(vec![]))
}
}
pub fn size(&self) -> Result<u32, SslError> {
if self.has_n() {
unsafe {
Ok(ffi::RSA_size(self.0) as u32)
}
} else {
Err(SslError::OpenSslErrors(vec![]))
}
}
pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result<Vec<u8>, SslError> {
let k_len = try!(self.size());
let mut sig = vec![0;k_len as usize];
let mut sig_len = k_len;
unsafe {
let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0);
assert!(sig_len == k_len);
if result == 1 {
Ok(sig)
} else {
Err(SslError::OpenSslErrors(vec![]))
}
}
}
pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
unsafe {
let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0);
Ok(result == 1)
}
}
pub fn as_ptr(&self) -> *mut ffi::RSA { pub fn as_ptr(&self) -> *mut ffi::RSA {
self.0 self.0
@ -119,3 +208,72 @@ impl fmt::Debug for RSA {
write!(f, "RSA") write!(f, "RSA")
} }
} }
#[cfg(test)]
mod test {
use nid;
use std::fs::File;
use std::io::Write;
use super::*;
use crypto::hash::*;
fn signing_input_rs256() -> Vec<u8> {
vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73,
49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105,
74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72,
65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68,
65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76,
121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118,
98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48,
99, 110, 86, 108, 102, 81]
}
fn signature_rs256() -> Vec<u8> {
vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69,
243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125,
131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81,
102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69,
229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,
61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7,
16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31,
190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244,
74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1,
48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,
253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239,
177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202,
173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157,
105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69,
34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,
234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90,
193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238,
251, 71]
}
#[test]
pub fn test_sign() {
let mut buffer = File::open("test/rsa.pem").unwrap();
let private_key = RSA::private_key_from_pem(&mut buffer).unwrap();
let mut sha = Hasher::new(Type::SHA256);
sha.write_all(&signing_input_rs256()).unwrap();
let digest = sha.finish();
let result = private_key.sign(nid::Nid::SHA256, &digest).unwrap();
assert_eq!(result, signature_rs256());
}
#[test]
pub fn test_verify() {
let mut buffer = File::open("test/rsa.pem.pub").unwrap();
let public_key = RSA::public_key_from_pem(&mut buffer).unwrap();
let mut sha = Hasher::new(Type::SHA256);
sha.write_all(&signing_input_rs256()).unwrap();
let digest = sha.finish();
let result = public_key.verify(nid::Nid::SHA256, &digest, &signature_rs256()).unwrap();
assert!(result);
}
}

58
openssl/src/nid.rs
View File

@ -2,7 +2,7 @@
#[derive(Copy, Clone, Hash, PartialEq, Eq)] #[derive(Copy, Clone, Hash, PartialEq, Eq)]
#[repr(usize)] #[repr(usize)]
pub enum Nid { pub enum Nid {
Undefined, Undefined, // 0
Rsadsi, Rsadsi,
Pkcs, Pkcs,
MD2, MD2,
@ -12,7 +12,7 @@ pub enum Nid {
RsaEncryption, RsaEncryption,
RSA_MD2, RSA_MD2,
RSA_MD5, RSA_MD5,
PBE_MD2_DES, PBE_MD2_DES, // 10
X500, X500,
x509, x509,
CN, CN,
@ -22,7 +22,7 @@ pub enum Nid {
O, O,
OU, OU,
RSA, RSA,
Pkcs7, Pkcs7, // 20
Pkcs7_data, Pkcs7_data,
Pkcs7_signedData, Pkcs7_signedData,
Pkcs7_envelopedData, Pkcs7_envelopedData,
@ -32,7 +32,7 @@ pub enum Nid {
Pkcs3, Pkcs3,
DhKeyAgreement, DhKeyAgreement,
DES_ECB, DES_ECB,
DES_CFB, DES_CFB, // 30
DES_CBC, DES_CBC,
DES_EDE, DES_EDE,
DES_EDE3, DES_EDE3,
@ -42,7 +42,7 @@ pub enum Nid {
RC2_CBC, RC2_CBC,
RC2_ECB, RC2_ECB,
RC2_CFB, RC2_CFB,
RC2_OFB, RC2_OFB, // 40
SHA, SHA,
RSA_SHA, RSA_SHA,
DES_EDE_CBC, DES_EDE_CBC,
@ -52,7 +52,7 @@ pub enum Nid {
Pkcs9, Pkcs9,
Email, Email,
UnstructuredName, UnstructuredName,
ContentType, ContentType, // 50
MessageDigest, MessageDigest,
SigningTime, SigningTime,
CounterSignature, CounterSignature,
@ -62,7 +62,7 @@ pub enum Nid {
Netscape, Netscape,
NetscapeCertExtention, NetscapeCertExtention,
NetscapeDatatype, NetscapeDatatype,
DES_EDE_CFB64, DES_EDE_CFB64, // 60
DES_EDE3_CFB64, DES_EDE3_CFB64,
DES_EDE_OFB64, DES_EDE_OFB64,
DES_EDE3_OFB64, DES_EDE3_OFB64,
@ -72,7 +72,7 @@ pub enum Nid {
DSA_OLD, DSA_OLD,
PBE_SHA1_RC2_64, PBE_SHA1_RC2_64,
PBKDF2, PBKDF2,
DSA_SHA1_OLD, DSA_SHA1_OLD, // 70
NetscapeCertType, NetscapeCertType,
NetscapeBaseUrl, NetscapeBaseUrl,
NetscapeRevocationUrl, NetscapeRevocationUrl,
@ -82,7 +82,7 @@ pub enum Nid {
NetscapeSSLServerName, NetscapeSSLServerName,
NetscapeComment, NetscapeComment,
NetscapeCertSequence, NetscapeCertSequence,
DESX_CBC, DESX_CBC, // 80
ID_CE, ID_CE,
SubjectKeyIdentifier, SubjectKeyIdentifier,
KeyUsage, KeyUsage,
@ -92,7 +92,7 @@ pub enum Nid {
BasicConstraints, BasicConstraints,
CrlNumber, CrlNumber,
CertificatePolicies, CertificatePolicies,
AuthorityKeyIdentifier, AuthorityKeyIdentifier, // 90
BF_CBC, BF_CBC,
BF_ECB, BF_ECB,
BF_CFB, BF_CFB,
@ -102,7 +102,7 @@ pub enum Nid {
RC4_40, RC4_40,
RC2_40_CBC, RC2_40_CBC,
G, G,
S, S, // 100
I, I,
/// uniqueIdentifier /// uniqueIdentifier
UID, UID,
@ -113,7 +113,7 @@ pub enum Nid {
D, D,
CAST5_CBC, CAST5_CBC,
CAST5_ECB, CAST5_ECB,
CAST5_CFB, CAST5_CFB, // 110
CAST5_OFB, CAST5_OFB,
PbeWithMD5AndCast5CBC, PbeWithMD5AndCast5CBC,
DSA_SHA1, DSA_SHA1,
@ -123,7 +123,7 @@ pub enum Nid {
RIPEMD160, RIPEMD160,
// 118 missing // 118 missing
RSA_RIPEMD160 = 119, RSA_RIPEMD160 = 119,
RC5_CBC, RC5_CBC, // 120
RC5_ECB, RC5_ECB,
RC5_CFB, RC5_CFB,
RC5_OFB, RC5_OFB,
@ -133,7 +133,7 @@ pub enum Nid {
PKIX, PKIX,
ID_KP, ID_KP,
ServerAuth, ServerAuth,
ClientAuth, ClientAuth, // 130
CodeSigning, CodeSigning,
EmailProtection, EmailProtection,
TimeStamping, TimeStamping,
@ -143,7 +143,7 @@ pub enum Nid {
MsSGC, MsSGC,
MsEFS, MsEFS,
NsSGC, NsSGC,
DeltaCRL, DeltaCRL, // 140
CRLReason, CRLReason,
InvalidityDate, InvalidityDate,
SXNetID, SXNetID,
@ -153,7 +153,7 @@ pub enum Nid {
PBE_SHA1_2DES, PBE_SHA1_2DES,
PBE_SHA1_RC2_128, PBE_SHA1_RC2_128,
PBE_SHA1_RC2_40, PBE_SHA1_RC2_40,
KeyBag, KeyBag, // 150
Pkcs8ShroudedKeyBag, Pkcs8ShroudedKeyBag,
CertBag, CertBag,
CrlBag, CrlBag,
@ -163,7 +163,7 @@ pub enum Nid {
LocalKeyID, LocalKeyID,
X509Certificate, X509Certificate,
SdsiCertificate, SdsiCertificate,
X509Crl, X509Crl, // 160
PBES2, PBES2,
PBMAC1, PBMAC1,
HmacWithSha1, HmacWithSha1,
@ -171,6 +171,28 @@ pub enum Nid {
ID_QT_UNOTICE, ID_QT_UNOTICE,
RC2_64_CBC, RC2_64_CBC,
SMIMECaps, SMIMECaps,
PBE_MD2_RC2_64,
PBE_MD5_RC2_64,
PBE_SHA1_DES,
MicrosoftExtensionRequest,
ExtensionRequest,
Name,
DnQualifier,
IdPe,
IdAd,
AuthorityInfoAccess,
OCSP,
CaIssuers,
OCSPSigning, // 180
// 181 and up are from openssl's obj_mac.h
/// Shown as UID in cert subject /// Shown as UID in cert subject
UserId = 458 UserId = 458,
SHA256 = 672,
SHA384,
SHA512,
} }

27
openssl/test/rsa.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd/wWJcyQoTbji9k0
l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL+yRT+SFd2lZS+pC
gNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb/7OMg0LOL+bSf63kpaSHSX
ndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uD
Zlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxXFvUK+DWNmoudF8NAco9/h9iaGNj8
q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQIDAQABAoIBABKucaRpzQorw35S
bEUAVx8dYXUdZOlJcHtiWQ+dC6V8ljxAHj/PLyzTveyI5QO/xkObCyjIL303l2cf
UhPu2MFaJdjVzqACXuOrLot/eSFvxjvqVidTtAZExqFRJ9mylUVAoLvhowVWmC1O
n95fZCXxTUtxNEG1Xcc7m0rtzJKs45J+N/V9DP1edYH6USyPSWGp6wuA+KgHRnKK
Vf9GRx80JQY7nVNkL17eHoTWEwga+lwi0FEoW9Y7lDtWXYmKBWhUE+U8PGxlJf8f
40493HDw1WRQ/aSLoS4QTp3rn7gYgeHEvfJdkkf0UMhlknlo53M09EFPdadQ4TlU
bjqKc50CgYEA4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH/5IB3jw3bcxGn6QLvnE
tfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw/Py5PJdTJNPY8cQn7ouZ2KKDcmnPG
BY5t7yLc1QlQ5xHdwW1VhvKn+nXqhJTBgIPgtldC+KDV5z+y2XDwGUcCgYEAuQPE
fgmVtjL0Uyyx88GZFF1fOunH3+7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYs
p1ZSe7zFYHj7C6ul7TjeLQeZD/YwD66t62wDmpe/HlB+TnBA+njbglfIsRLtXlnD
zQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdcCgYAHAp9XcCSrn8wVkMVkKdb7
DOX4IKjzdahm+ctDAJN4O/y7OW5FKebvUjdAIt2GuoTZ71iTG+7F0F+lP88jtjP4
U4qe7VHoewl4MKOfXZKTe+YCS1XbNvfgwJ3Ltyl1OH9hWvu2yza7q+d5PCsDzqtm
27kxuvULVeya+TEdAB1ijQKBgQCH/3r6YrVH/uCWGy6bzV1nGNOdjKc9tmkfOJmN
54dxdixdpozCQ6U4OxZrsj3FcOhHBsqAHvX2uuYjagqvo3cOj1TRqNocX40omfCC
Mx3bD1yPPf/6TI2XECva/ggqEY2mYzmIiA5LVVmc5nrybr+lssFKneeyxN2Wq93S
0iJMdQKBgCGHewxzoa1r8ZMD0LETNrToK423K377UCYqXfg5XMclbrjPbEC3YI1Z
NqMtuhdBJqUnBi6tjKMF+34Xf0CUN8ncuXGO2CAYvO8PdyCixHX52ybaDjy1FtCE
6yUXjoKNXKvUm7MWGsAYH6f4IegOetN5NvmUMFStCSkh7ixZLkN1
-----END RSA PRIVATE KEY-----

9
openssl/test/rsa.pem.pub Normal file
View File

@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgWCuLjybRlzo0tZWJj
NiuSfb4p4fAkd/wWJcyQoTbji9k0l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEz
P1Pt0Bm4d4QlL+yRT+SFd2lZS+pCgNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo
9wGzjb/7OMg0LOL+bSf63kpaSHSXndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTB
EMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxX
FvUK+DWNmoudF8NAco9/h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXp
oQIDAQAB
-----END PUBLIC KEY-----