From c3b6eff1910aad742971b8c08fa7cf2c3303a9a9 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 30 Oct 2016 16:44:21 -0700 Subject: [PATCH 1/3] Add DsaRef --- openssl/src/dsa.rs | 170 +++++++++++++++++++++++++-------------------- 1 file changed, 94 insertions(+), 76 deletions(-) diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index 9351d852..cec1466d 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -1,13 +1,15 @@ -use ffi; -use std::fmt; use error::ErrorStack; -use std::ptr; +use ffi; use libc::{c_int, c_char, c_void}; +use std::fmt; +use std::ops::Deref; +use std::ptr; use {cvt, cvt_p}; use bn::BigNumRef; use bio::{MemBio, MemBioSlice}; use util::{CallbackState, invoke_passwd_cb}; +use opaque::Opaque; /// Builder for upfront DSA parameter generation pub struct DsaParams(*mut ffi::DSA); @@ -46,6 +48,90 @@ impl Drop for DsaParams { } } +pub struct DsaRef(Opaque); + +impl DsaRef { + pub unsafe fn from_ptr<'a>(ptr: *mut ffi::DSA) -> &'a DsaRef { + &*(ptr as *mut _) + } + + pub fn as_ptr(&self) -> *mut ffi::DSA { + self as *const _ as *mut _ + } + + /// Writes an DSA private key as unencrypted PEM formatted data + pub fn private_key_to_pem(&self) -> Result, ErrorStack> { + assert!(self.has_private_key()); + let mem_bio = try!(MemBio::new()); + + unsafe { + try!(cvt(ffi::PEM_write_bio_DSAPrivateKey(mem_bio.as_ptr(), self.as_ptr(), + ptr::null(), ptr::null_mut(), 0, + None, ptr::null_mut()))) + }; + + Ok(mem_bio.get_buf().to_owned()) + } + + /// Writes an DSA public key as PEM formatted data + pub fn public_key_to_pem(&self) -> Result, ErrorStack> { + let mem_bio = try!(MemBio::new()); + unsafe { + try!(cvt(ffi::PEM_write_bio_DSA_PUBKEY(mem_bio.as_ptr(), self.as_ptr()))); + } + Ok(mem_bio.get_buf().to_owned()) + } + + pub fn size(&self) -> Option { + if self.q().is_some() { + unsafe { Some(ffi::DSA_size(self.as_ptr()) as u32) } + } else { + None + } + } + + pub fn p(&self) -> Option<&BigNumRef> { + unsafe { + let p = compat::pqg(self.as_ptr())[0]; + if p.is_null() { + None + } else { + Some(BigNumRef::from_ptr(p as *mut _)) + } + } + } + + pub fn q(&self) -> Option<&BigNumRef> { + unsafe { + let q = compat::pqg(self.as_ptr())[1]; + if q.is_null() { + None + } else { + Some(BigNumRef::from_ptr(q as *mut _)) + } + } + } + + pub fn g(&self) -> Option<&BigNumRef> { + unsafe { + let g = compat::pqg(self.as_ptr())[2]; + if g.is_null() { + None + } else { + Some(BigNumRef::from_ptr(g as *mut _)) + } + } + } + + pub fn has_public_key(&self) -> bool { + unsafe { !compat::keys(self.as_ptr())[0].is_null() } + } + + pub fn has_private_key(&self) -> bool { + unsafe { !compat::keys(self.as_ptr())[1].is_null() } + } +} + pub struct Dsa(*mut ffi::DSA); impl Drop for Dsa { @@ -104,20 +190,6 @@ impl Dsa { } } - /// Writes an DSA private key as unencrypted PEM formatted data - pub fn private_key_to_pem(&self) -> Result, ErrorStack> { - assert!(self.has_private_key()); - let mem_bio = try!(MemBio::new()); - - unsafe { - try!(cvt(ffi::PEM_write_bio_DSAPrivateKey(mem_bio.as_ptr(), self.0, - ptr::null(), ptr::null_mut(), 0, - None, ptr::null_mut()))) - }; - - Ok(mem_bio.get_buf().to_owned()) - } - /// Reads an DSA public key from PEM formatted data. pub fn public_key_from_pem(buf: &[u8]) -> Result { ffi::init(); @@ -131,67 +203,13 @@ impl Dsa { Ok(Dsa(dsa)) } } +} - /// Writes an DSA public key as PEM formatted data - pub fn public_key_to_pem(&self) -> Result, ErrorStack> { - let mem_bio = try!(MemBio::new()); - unsafe { - try!(cvt(ffi::PEM_write_bio_DSA_PUBKEY(mem_bio.as_ptr(), self.0))); - } - Ok(mem_bio.get_buf().to_owned()) - } +impl Deref for Dsa { + type Target = DsaRef; - pub fn size(&self) -> Option { - if self.q().is_some() { - unsafe { Some(ffi::DSA_size(self.0) as u32) } - } else { - None - } - } - - pub fn as_ptr(&self) -> *mut ffi::DSA { - self.0 - } - - pub fn p(&self) -> Option<&BigNumRef> { - unsafe { - let p = compat::pqg(self.0)[0]; - if p.is_null() { - None - } else { - Some(BigNumRef::from_ptr(p as *mut _)) - } - } - } - - pub fn q(&self) -> Option<&BigNumRef> { - unsafe { - let q = compat::pqg(self.0)[1]; - if q.is_null() { - None - } else { - Some(BigNumRef::from_ptr(q as *mut _)) - } - } - } - - pub fn g(&self) -> Option<&BigNumRef> { - unsafe { - let g = compat::pqg(self.0)[2]; - if g.is_null() { - None - } else { - Some(BigNumRef::from_ptr(g as *mut _)) - } - } - } - - pub fn has_public_key(&self) -> bool { - unsafe { !compat::keys(self.0)[0].is_null() } - } - - pub fn has_private_key(&self) -> bool { - unsafe { !compat::keys(self.0)[1].is_null() } + fn deref(&self) -> &DsaRef { + unsafe { DsaRef::from_ptr(self.0) } } } From 610403a562450099a3744a60c23678ffc3b0dd5f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 30 Oct 2016 16:59:06 -0700 Subject: [PATCH 2/3] Add RsaRef --- openssl/src/pkey.rs | 4 +- openssl/src/rsa.rs | 400 +++++++++++++++++++++++--------------------- 2 files changed, 211 insertions(+), 193 deletions(-) diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index fc48c8b4..8e4041b1 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -7,7 +7,7 @@ use ffi; use {cvt, cvt_p}; use bio::{MemBio, MemBioSlice}; use dsa::Dsa; -use rsa::Rsa; +use rsa::{Rsa, RsaRef}; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb}; use opaque::Opaque; @@ -156,7 +156,7 @@ impl PKey { } /// Assign an RSA key to this pkey. - pub fn set_rsa(&mut self, rsa: &Rsa) -> Result<(), ErrorStack> { + pub fn set_rsa(&mut self, rsa: &RsaRef) -> Result<(), ErrorStack> { unsafe { // this needs to be a reference as the set1_RSA ups the reference count let rsa_ptr = rsa.as_ptr(); diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs index 666b99dd..c6c96223 100644 --- a/openssl/src/rsa.rs +++ b/openssl/src/rsa.rs @@ -2,6 +2,7 @@ use ffi; use std::fmt; use std::ptr; use std::mem; +use std::ops::Deref; use libc::{c_int, c_void, c_char}; use {cvt, cvt_p, cvt_n}; @@ -9,6 +10,7 @@ use bn::{BigNum, BigNumRef}; use bio::{MemBio, MemBioSlice}; use error::ErrorStack; use util::{CallbackState, invoke_passwd_cb}; +use opaque::Opaque; /// Type of encryption padding to use. #[derive(Copy, Clone)] @@ -18,6 +20,204 @@ pub const NO_PADDING: Padding = Padding(ffi::RSA_NO_PADDING); pub const PKCS1_PADDING: Padding = Padding(ffi::RSA_PKCS1_PADDING); pub const PKCS1_OAEP_PADDING: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING); +pub struct RsaRef(Opaque); + +impl RsaRef { + pub unsafe fn from_ptr<'a>(ptr: *mut ffi::RSA) -> &'a RsaRef { + &*(ptr as *mut _) + } + + pub fn as_ptr(&self) -> *mut ffi::RSA { + self as *const _ as *mut _ + } + + /// Writes an RSA private key as unencrypted PEM formatted data + pub fn private_key_to_pem(&self) -> Result, ErrorStack> { + let mem_bio = try!(MemBio::new()); + + unsafe { + try!(cvt(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), + self.as_ptr(), + ptr::null(), + ptr::null_mut(), + 0, + None, + ptr::null_mut()))); + } + Ok(mem_bio.get_buf().to_owned()) + } + + /// Writes an RSA public key as PEM formatted data + pub fn public_key_to_pem(&self) -> Result, ErrorStack> { + let mem_bio = try!(MemBio::new()); + + unsafe { + try!(cvt(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.as_ptr()))); + } + + Ok(mem_bio.get_buf().to_owned()) + } + + pub fn size(&self) -> usize { + unsafe { + assert!(self.n().is_some()); + + ffi::RSA_size(self.as_ptr()) as usize + } + } + + /// Decrypts data using the private key, returning the number of decrypted bytes. + /// + /// # Panics + /// + /// Panics if `self` has no private components, or if `to` is smaller + /// than `self.size()`. + pub fn private_decrypt(&self, + from: &[u8], + to: &mut [u8], + padding: Padding) + -> Result { + assert!(self.d().is_some(), "private components missing"); + assert!(from.len() <= i32::max_value() as usize); + assert!(to.len() >= self.size()); + + unsafe { + let len = try!(cvt_n(ffi::RSA_private_decrypt(from.len() as c_int, + from.as_ptr(), + to.as_mut_ptr(), + self.as_ptr(), + padding.0))); + Ok(len as usize) + } + } + + /// Encrypts data using the private key, returning the number of encrypted bytes. + /// + /// # Panics + /// + /// Panics if `self` has no private components, or if `to` is smaller + /// than `self.size()`. + pub fn private_encrypt(&self, + from: &[u8], + to: &mut [u8], + padding: Padding) + -> Result { + assert!(self.d().is_some(), "private components missing"); + assert!(from.len() <= i32::max_value() as usize); + assert!(to.len() >= self.size()); + + unsafe { + let len = try!(cvt_n(ffi::RSA_private_encrypt(from.len() as c_int, + from.as_ptr(), + to.as_mut_ptr(), + self.as_ptr(), + padding.0))); + Ok(len as usize) + } + } + + /// Decrypts data using the public key, returning the number of decrypted bytes. + /// + /// # Panics + /// + /// Panics if `to` is smaller than `self.size()`. + pub fn public_decrypt(&self, + from: &[u8], + to: &mut [u8], + padding: Padding) + -> Result { + assert!(from.len() <= i32::max_value() as usize); + assert!(to.len() >= self.size()); + + unsafe { + let len = try!(cvt_n(ffi::RSA_public_decrypt(from.len() as c_int, + from.as_ptr(), + to.as_mut_ptr(), + self.as_ptr(), + padding.0))); + Ok(len as usize) + } + } + + /// Encrypts data using the private key, returning the number of encrypted bytes. + /// + /// # Panics + /// + /// Panics if `to` is smaller than `self.size()`. + pub fn public_encrypt(&self, + from: &[u8], + to: &mut [u8], + padding: Padding) + -> Result { + assert!(from.len() <= i32::max_value() as usize); + assert!(to.len() >= self.size()); + + unsafe { + let len = try!(cvt_n(ffi::RSA_public_encrypt(from.len() as c_int, + from.as_ptr(), + to.as_mut_ptr(), + self.as_ptr(), + padding.0))); + Ok(len as usize) + } + } + + pub fn n(&self) -> Option<&BigNumRef> { + unsafe { + let n = compat::key(self.as_ptr())[0]; + if n.is_null() { + None + } else { + Some(BigNumRef::from_ptr(n as *mut _)) + } + } + } + + pub fn d(&self) -> Option<&BigNumRef> { + unsafe { + let d = compat::key(self.as_ptr())[2]; + if d.is_null() { + None + } else { + Some(BigNumRef::from_ptr(d as *mut _)) + } + } + } + + pub fn e(&self) -> Option<&BigNumRef> { + unsafe { + let e = compat::key(self.as_ptr())[1]; + if e.is_null() { + None + } else { + Some(BigNumRef::from_ptr(e as *mut _)) + } + } + } + + pub fn p(&self) -> Option<&BigNumRef> { + unsafe { + let p = compat::factors(self.as_ptr())[0]; + if p.is_null() { + None + } else { + Some(BigNumRef::from_ptr(p as *mut _)) + } + } + } + + pub fn q(&self) -> Option<&BigNumRef> { + unsafe { + let q = compat::factors(self.as_ptr())[1]; + if q.is_null() { + None + } else { + Some(BigNumRef::from_ptr(q as *mut _)) + } + } + } +} + pub struct Rsa(*mut ffi::RSA); impl Drop for Rsa { @@ -121,201 +321,19 @@ impl Rsa { Ok(Rsa(rsa)) } } - - /// Writes an RSA private key as unencrypted PEM formatted data - pub fn private_key_to_pem(&self) -> Result, ErrorStack> { - let mem_bio = try!(MemBio::new()); - - unsafe { - try!(cvt(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), - self.0, - ptr::null(), - ptr::null_mut(), - 0, - None, - ptr::null_mut()))); - } - Ok(mem_bio.get_buf().to_owned()) - } - - /// Writes an RSA public key as PEM formatted data - pub fn public_key_to_pem(&self) -> Result, ErrorStack> { - let mem_bio = try!(MemBio::new()); - - unsafe { - try!(cvt(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0))); - } - - Ok(mem_bio.get_buf().to_owned()) - } - - pub fn size(&self) -> usize { - unsafe { - assert!(self.n().is_some()); - - ffi::RSA_size(self.0) as usize - } - } - - /// Decrypts data using the private key, returning the number of decrypted bytes. - /// - /// # Panics - /// - /// Panics if `self` has no private components, or if `to` is smaller - /// than `self.size()`. - pub fn private_decrypt(&self, - from: &[u8], - to: &mut [u8], - padding: Padding) - -> Result { - assert!(self.d().is_some(), "private components missing"); - assert!(from.len() <= i32::max_value() as usize); - assert!(to.len() >= self.size()); - - unsafe { - let len = try!(cvt_n(ffi::RSA_private_decrypt(from.len() as c_int, - from.as_ptr(), - to.as_mut_ptr(), - self.0, - padding.0))); - Ok(len as usize) - } - } - - /// Encrypts data using the private key, returning the number of encrypted bytes. - /// - /// # Panics - /// - /// Panics if `self` has no private components, or if `to` is smaller - /// than `self.size()`. - pub fn private_encrypt(&self, - from: &[u8], - to: &mut [u8], - padding: Padding) - -> Result { - assert!(self.d().is_some(), "private components missing"); - assert!(from.len() <= i32::max_value() as usize); - assert!(to.len() >= self.size()); - - unsafe { - let len = try!(cvt_n(ffi::RSA_private_encrypt(from.len() as c_int, - from.as_ptr(), - to.as_mut_ptr(), - self.0, - padding.0))); - Ok(len as usize) - } - } - - /// Decrypts data using the public key, returning the number of decrypted bytes. - /// - /// # Panics - /// - /// Panics if `to` is smaller than `self.size()`. - pub fn public_decrypt(&self, - from: &[u8], - to: &mut [u8], - padding: Padding) - -> Result { - assert!(from.len() <= i32::max_value() as usize); - assert!(to.len() >= self.size()); - - unsafe { - let len = try!(cvt_n(ffi::RSA_public_decrypt(from.len() as c_int, - from.as_ptr(), - to.as_mut_ptr(), - self.0, - padding.0))); - Ok(len as usize) - } - } - - /// Encrypts data using the private key, returning the number of encrypted bytes. - /// - /// # Panics - /// - /// Panics if `to` is smaller than `self.size()`. - pub fn public_encrypt(&self, - from: &[u8], - to: &mut [u8], - padding: Padding) - -> Result { - assert!(from.len() <= i32::max_value() as usize); - assert!(to.len() >= self.size()); - - unsafe { - let len = try!(cvt_n(ffi::RSA_public_encrypt(from.len() as c_int, - from.as_ptr(), - to.as_mut_ptr(), - self.0, - padding.0))); - Ok(len as usize) - } - } - - pub fn as_ptr(&self) -> *mut ffi::RSA { - self.0 - } - - pub fn n(&self) -> Option<&BigNumRef> { - unsafe { - let n = compat::key(self.0)[0]; - if n.is_null() { - None - } else { - Some(BigNumRef::from_ptr(n as *mut _)) - } - } - } - - pub fn d(&self) -> Option<&BigNumRef> { - unsafe { - let d = compat::key(self.0)[2]; - if d.is_null() { - None - } else { - Some(BigNumRef::from_ptr(d as *mut _)) - } - } - } - - pub fn e(&self) -> Option<&BigNumRef> { - unsafe { - let e = compat::key(self.0)[1]; - if e.is_null() { - None - } else { - Some(BigNumRef::from_ptr(e as *mut _)) - } - } - } - - pub fn p(&self) -> Option<&BigNumRef> { - unsafe { - let p = compat::factors(self.0)[0]; - if p.is_null() { - None - } else { - Some(BigNumRef::from_ptr(p as *mut _)) - } - } - } - - pub fn q(&self) -> Option<&BigNumRef> { - unsafe { - let q = compat::factors(self.0)[1]; - if q.is_null() { - None - } else { - Some(BigNumRef::from_ptr(q as *mut _)) - } - } - } } impl fmt::Debug for Rsa { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "RSA") + write!(f, "Rsa") + } +} + +impl Deref for Rsa { + type Target = RsaRef; + + fn deref(&self) -> &RsaRef { + unsafe { RsaRef::from_ptr(self.0) } } } From 287f6df6c6d76754c713120d02d3d9c5e5624089 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 30 Oct 2016 17:04:55 -0700 Subject: [PATCH 3/3] Remove DsaParams --- openssl/src/dsa.rs | 56 ++++++++++++---------------------------------- 1 file changed, 14 insertions(+), 42 deletions(-) diff --git a/openssl/src/dsa.rs b/openssl/src/dsa.rs index cec1466d..e92b8ca3 100644 --- a/openssl/src/dsa.rs +++ b/openssl/src/dsa.rs @@ -11,43 +11,6 @@ use bio::{MemBio, MemBioSlice}; use util::{CallbackState, invoke_passwd_cb}; use opaque::Opaque; -/// Builder for upfront DSA parameter generation -pub struct DsaParams(*mut ffi::DSA); - -impl DsaParams { - pub fn with_size(size: u32) -> Result { - unsafe { - let dsa = DsaParams(try!(cvt_p(ffi::DSA_new()))); - try!(cvt(ffi::DSA_generate_parameters_ex(dsa.0, - size as c_int, - ptr::null(), - 0, - ptr::null_mut(), - ptr::null_mut(), - ptr::null_mut()))); - Ok(dsa) - } - } - - /// Generate a key pair from the initialized parameters - pub fn generate(self) -> Result { - unsafe { - try!(cvt(ffi::DSA_generate_key(self.0))); - let dsa = Dsa(self.0); - ::std::mem::forget(self); - Ok(dsa) - } - } -} - -impl Drop for DsaParams { - fn drop(&mut self) { - unsafe { - ffi::DSA_free(self.0); - } - } -} - pub struct DsaRef(Opaque); impl DsaRef { @@ -147,11 +110,20 @@ impl Dsa { Dsa(dsa) } - /// Generate a DSA key pair - /// For more complicated key generation scenarios see the `DSAParams` type - pub fn generate(size: u32) -> Result { - let params = try!(DsaParams::with_size(size)); - params.generate() + /// Generate a DSA key pair. + pub fn generate(bits: u32) -> Result { + unsafe { + let dsa = Dsa(try!(cvt_p(ffi::DSA_new()))); + try!(cvt(ffi::DSA_generate_parameters_ex(dsa.0, + bits as c_int, + ptr::null(), + 0, + ptr::null_mut(), + ptr::null_mut(), + ptr::null_mut()))); + try!(cvt(ffi::DSA_generate_key(dsa .0))); + Ok(dsa) + } } /// Reads a DSA private key from PEM formatted data.