From fb8f201b97a570ae81d033695635d8c0cc531849 Mon Sep 17 00:00:00 2001 From: Erick Tryzelaar Date: Thu, 27 Sep 2012 23:32:12 -0700 Subject: [PATCH] Update to rust HEAD --- crypto.rc | 4 +- hash.rs | 139 +++++++-------- pkcs5.rs | 72 +++++--- pkey.rs | 508 ++++++++++++++++++++++++++++++------------------------ rand.rs | 15 +- symm.rs | 232 +++++++++++++------------ 6 files changed, 527 insertions(+), 443 deletions(-) diff --git a/crypto.rc b/crypto.rc index 4b0d6306..023c044d 100644 --- a/crypto.rc +++ b/crypto.rc @@ -15,11 +15,11 @@ */ #[link(name = "crypto", - vers = "0.1", + vers = "0.2", uuid = "38297409-b4c2-4499-8131-a99a7e44dad3")]; #[crate_type = "lib"]; -use std; // FIXME https://github.com/mozilla/rust/issues/1127 +extern mod std; // FIXME https://github.com/mozilla/rust/issues/1127 mod hash; mod pkey; diff --git a/hash.rs b/hash.rs index 693c8223..6e0af07a 100644 --- a/hash.rs +++ b/hash.rs @@ -1,36 +1,18 @@ -import libc::c_uint; +use libc::c_uint; -export hasher; -export hashtype; -export hash; -export libcrypto; - -export md5, sha1, sha224, sha256, sha384, sha512; - -iface hasher { - #[doc = "Initializes this hasher"] - fn init(); - - #[doc = "Update this hasher with more input bytes"] - fn update(~[u8]); - - #[doc = " - Return the digest of all bytes added to this hasher since its last - initialization - "] - fn final() -> ~[u8]; -} - -enum hashtype { - md5, - sha1, - sha224, - sha256, - sha384, - sha512 +pub enum HashType { + MD5, + SHA1, + SHA224, + SHA256, + SHA384, + SHA512 } +#[allow(non_camel_case_types)] type EVP_MD_CTX = *libc::c_void; + +#[allow(non_camel_case_types)] type EVP_MD = *libc::c_void; #[link_name = "crypto"] @@ -47,61 +29,68 @@ extern mod libcrypto { fn EVP_DigestInit(ctx: EVP_MD_CTX, typ: EVP_MD); fn EVP_DigestUpdate(ctx: EVP_MD_CTX, data: *u8, n: c_uint); - fn EVP_DigestFinal(ctx: EVP_MD_CTX, res: *u8, n: *u32); + fn EVP_DigestFinal(ctx: EVP_MD_CTX, res: *mut u8, n: *u32); } -fn evpmd(t: hashtype) -> (EVP_MD, uint) { - alt t { - md5 { (libcrypto::EVP_md5(), 16u) } - sha1 { (libcrypto::EVP_sha1(), 20u) } - sha224 { (libcrypto::EVP_sha224(), 28u) } - sha256 { (libcrypto::EVP_sha256(), 32u) } - sha384 { (libcrypto::EVP_sha384(), 48u) } - sha512 { (libcrypto::EVP_sha512(), 64u) } +fn evpmd(t: HashType) -> (EVP_MD, uint) { + match t { + MD5 => (libcrypto::EVP_md5(), 16u), + SHA1 => (libcrypto::EVP_sha1(), 20u), + SHA224 => (libcrypto::EVP_sha224(), 28u), + SHA256 => (libcrypto::EVP_sha256(), 32u), + SHA384 => (libcrypto::EVP_sha384(), 48u), + SHA512 => (libcrypto::EVP_sha512(), 64u), } } -fn hasher(ht: hashtype) -> hasher { - type hasherstate = { - evp: EVP_MD, - ctx: EVP_MD_CTX, - len: uint - }; - - impl of hasher for hasherstate { - fn init() unsafe { - libcrypto::EVP_DigestInit(self.ctx, self.evp); - } - - fn update(data: ~[u8]) unsafe { - let pdata: *u8 = vec::unsafe::to_ptr::(data); - libcrypto::EVP_DigestUpdate(self.ctx, pdata, vec::len(data) as c_uint); - } - - fn final() -> ~[u8] unsafe { - let res = vec::to_mut(vec::from_elem::(self.len, 0u8)); - let pres = vec::unsafe::to_ptr::(res); - libcrypto::EVP_DigestFinal(self.ctx, pres, ptr::null::()); - vec::from_mut::(res) - } - } +pub struct Hasher { + priv evp: EVP_MD, + priv ctx: EVP_MD_CTX, + priv len: uint, +} +pub fn Hasher(ht: HashType) -> Hasher { let ctx = libcrypto::EVP_MD_CTX_create(); let (evp, mdlen) = evpmd(ht); - let st = { evp: evp, ctx: ctx, len: mdlen }; - let h = st as hasher; + let h = Hasher { evp: evp, ctx: ctx, len: mdlen }; h.init(); - ret h; + h } -#[doc = " -Hashes the supplied input data using hash t, returning the resulting hash value -"] -fn hash(t: hashtype, data: ~[u8]) -> ~[u8] unsafe { - let h = hasher(t); - h.init(); +pub impl Hasher { + /// Initializes this hasher + fn init() unsafe { + libcrypto::EVP_DigestInit(self.ctx, self.evp); + } + + /// Update this hasher with more input bytes + fn update(data: &[u8]) unsafe { + do vec::as_imm_buf(data) |pdata, len| { + libcrypto::EVP_DigestUpdate(self.ctx, pdata, len as c_uint) + } + } + + /** + * Return the digest of all bytes added to this hasher since its last + * initialization + */ + fn final() -> ~[u8] unsafe { + let mut res = vec::from_elem(self.len, 0u8); + do vec::as_mut_buf(res) |pres, _len| { + libcrypto::EVP_DigestFinal(self.ctx, pres, ptr::null()); + } + res + } +} + +/** + * Hashes the supplied input data using hash t, returning the resulting hash + * value + */ +pub fn hash(t: HashType, data: &[u8]) -> ~[u8] unsafe { + let h = Hasher(t); h.update(data); - ret h.final(); + h.final() } #[cfg(test)] @@ -113,7 +102,7 @@ mod tests { let d0 = ~[0x90u8, 0x01u8, 0x50u8, 0x98u8, 0x3cu8, 0xd2u8, 0x4fu8, 0xb0u8, 0xd6u8, 0x96u8, 0x3fu8, 0x7du8, 0x28u8, 0xe1u8, 0x7fu8, 0x72u8]; - assert(hash(md5, s0) == d0); + assert(hash(MD5, s0) == d0); } #[test] @@ -123,7 +112,7 @@ mod tests { ~[0xa9u8, 0x99u8, 0x3eu8, 0x36u8, 0x47u8, 0x06u8, 0x81u8, 0x6au8, 0xbau8, 0x3eu8, 0x25u8, 0x71u8, 0x78u8, 0x50u8, 0xc2u8, 0x6cu8, 0x9cu8, 0xd0u8, 0xd8u8, 0x9du8]; - assert(hash(sha1, s0) == d0); + assert(hash(SHA1, s0) == d0); } #[test] @@ -134,6 +123,6 @@ mod tests { 0x41u8, 0x41u8, 0x40u8, 0xdeu8, 0x5du8, 0xaeu8, 0x22u8, 0x23u8, 0xb0u8, 0x03u8, 0x61u8, 0xa3u8, 0x96u8, 0x17u8, 0x7au8, 0x9cu8, 0xb4u8, 0x10u8, 0xffu8, 0x61u8, 0xf2u8, 0x00u8, 0x15u8, 0xadu8]; - assert(hash(sha256, s0) == d0); + assert(hash(SHA256, s0) == d0); } } diff --git a/pkcs5.rs b/pkcs5.rs index 5ce59218..e5438ea7 100644 --- a/pkcs5.rs +++ b/pkcs5.rs @@ -1,36 +1,36 @@ -import libc::{c_char, c_uchar, c_int}; +use libc::{c_char, c_uchar, c_int}; #[link_name = "crypto"] #[abi = "cdecl"] extern mod libcrypto { - fn PKCS5_PBKDF2_HMAC_SHA1(pass: *c_char, passlen: c_int, - salt: *c_uchar, saltlen: c_int, + fn PKCS5_PBKDF2_HMAC_SHA1(pass: *u8, passlen: c_int, + salt: *u8, saltlen: c_int, iter: c_int, keylen: c_int, - out: *c_uchar) -> c_int; + out: *mut u8) -> c_int; } #[doc = " Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm. "] -fn pbkdf2_hmac_sha1(pass: str, salt: ~[u8], iter: uint, keylen: uint) -> ~[u8] { +pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: uint, + keylen: uint) -> ~[u8] { assert iter >= 1u; assert keylen >= 1u; - do str::as_c_str(pass) |pass_buf| { - do vec::as_buf(salt) |salt_buf| { - let mut out = ~[]; - vec::reserve(out, keylen); + do str::as_buf(pass) |pass_buf, pass_len| { + do vec::as_imm_buf(salt) |salt_buf, salt_len| { + let mut out = vec::with_capacity(keylen); - do vec::as_buf(out) |out_buf| { + do vec::as_mut_buf(out) |out_buf, _out_len| { let r = libcrypto::PKCS5_PBKDF2_HMAC_SHA1( - pass_buf, str::len(pass) as c_int, - salt_buf, vec::len(salt) as c_int, + pass_buf, pass_len as c_int, + salt_buf, salt_len as c_int, iter as c_int, keylen as c_int, out_buf); if r != 1 as c_int { fail; } - unsafe { vec::unsafe::set_len(out, keylen); } + unsafe { vec::raw::set_len(out, keylen); } } out @@ -44,44 +44,68 @@ mod tests { // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 #[test] fn test_pbkdf2_hmac_sha1() { - assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 1u, 20u) == ~[ + assert pbkdf2_hmac_sha1( + "password", + str::to_bytes("salt"), + 1u, + 20u + ) == ~[ 0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, 0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, 0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8 ]; - assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 2u, 20u) == ~[ + assert pbkdf2_hmac_sha1( + "password", + str::to_bytes("salt"), + 2u, + 20u + ) == ~[ 0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, 0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, 0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8 ]; - assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 4096u, - 20u) == ~[ + assert pbkdf2_hmac_sha1( + "password", + str::to_bytes("salt"), + 4096u, + 20u + ) == ~[ 0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, 0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, 0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8 ]; - assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 16777216u, - 20u) == ~[ + assert pbkdf2_hmac_sha1( + "password", + str::to_bytes("salt"), + 16777216u, + 20u + ) == ~[ 0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, 0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, 0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8 ]; assert pbkdf2_hmac_sha1( - "passwordPASSWORDpassword", - str::bytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"), - 4096u, 25u) == ~[ + "passwordPASSWORDpassword", + str::to_bytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + 4096u, + 25u + ) == ~[ 0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, 0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, 0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, 0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8 ]; - assert pbkdf2_hmac_sha1("pass\x00word", str::bytes("sa\x00lt"), 4096u, - 16u) == ~[ + assert pbkdf2_hmac_sha1( + "pass\x00word", + str::to_bytes("sa\x00lt"), + 4096u, + 16u + ) == ~[ 0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, 0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, 0xe0_u8, 0xc3_u8 diff --git a/pkey.rs b/pkey.rs index 2b80fd27..2917a318 100644 --- a/pkey.rs +++ b/pkey.rs @@ -1,11 +1,12 @@ -import libc::{c_int, c_uint}; - -export pkeyrole, encrypt, decrypt, sign, verify; -export pkey; -export libcrypto; +use libc::{c_int, c_uint}; +#[allow(non_camel_case_types)] type EVP_PKEY = *libc::c_void; + +#[allow(non_camel_case_types)] type ANYKEY = *libc::c_void; + +#[allow(non_camel_case_types)] type RSA = *libc::c_void; #[link_name = "crypto"] @@ -16,281 +17,336 @@ extern mod libcrypto { fn EVP_PKEY_assign(k: *EVP_PKEY, t: c_int, inner: *ANYKEY); fn EVP_PKEY_get1_RSA(k: *EVP_PKEY) -> *RSA; - fn i2d_PublicKey(k: *EVP_PKEY, buf: **u8) -> c_int; - fn d2i_PublicKey(t: c_int, k: **EVP_PKEY, buf: **u8, len: c_uint) -> *EVP_PKEY; - fn i2d_PrivateKey(k: *EVP_PKEY, buf: **u8) -> c_int; - fn d2i_PrivateKey(t: c_int, k: **EVP_PKEY, buf: **u8, len: c_uint) -> *EVP_PKEY; + fn i2d_PublicKey(k: *EVP_PKEY, buf: &*mut u8) -> c_int; + fn d2i_PublicKey(t: c_int, k: &*EVP_PKEY, buf: &*u8, len: c_uint) -> *EVP_PKEY; + fn i2d_PrivateKey(k: *EVP_PKEY, buf: &*mut u8) -> c_int; + fn d2i_PrivateKey(t: c_int, k: &*EVP_PKEY, buf: &*u8, len: c_uint) -> *EVP_PKEY; fn RSA_generate_key(modsz: c_uint, e: c_uint, cb: *u8, cbarg: *u8) -> *RSA; fn RSA_size(k: *RSA) -> c_uint; - fn RSA_public_encrypt(flen: c_uint, from: *u8, to: *u8, k: *RSA, + fn RSA_public_encrypt(flen: c_uint, from: *u8, to: *mut u8, k: *RSA, pad: c_int) -> c_int; - fn RSA_private_decrypt(flen: c_uint, from: *u8, to: *u8, k: *RSA, + fn RSA_private_decrypt(flen: c_uint, from: *u8, to: *mut u8, k: *RSA, pad: c_int) -> c_int; - fn RSA_sign(t: c_int, m: *u8, mlen: c_uint, sig: *u8, siglen: *c_uint, + fn RSA_sign(t: c_int, m: *u8, mlen: c_uint, sig: *mut u8, siglen: *c_uint, k: *RSA) -> c_int; fn RSA_verify(t: c_int, m: *u8, mlen: c_uint, sig: *u8, siglen: c_uint, k: *RSA) -> c_int; } -enum pkeyparts { - neither, - public, - both +enum Parts { + Neither, + Public, + Both } #[doc = "Represents a role an asymmetric key might be appropriate for."] -enum pkeyrole { - encrypt, - decrypt, - sign, - verify -} - -#[doc = "Represents a public key, optionally with a private key attached."] -iface pkey { - #[doc = " - Returns a serialized form of the public key, suitable for load_pub(). - "] - fn save_pub() -> ~[u8]; - - #[doc = " - Loads a serialized form of the public key, as produced by save_pub(). - "] - fn load_pub(s: ~[u8]); - - #[doc = " - Returns a serialized form of the public and private keys, suitable for - load_priv(). - "] - fn save_priv() -> ~[u8]; - - #[doc = " - Loads a serialized form of the public and private keys, as produced by - save_priv(). - "] - fn load_priv(s: ~[u8]); - - #[doc = "Returns the size of the public key modulus."] - fn size() -> uint; - - #[doc = "Generates a public/private keypair of the specified size."] - fn gen(keysz: uint); - - #[doc = " - Returns whether this pkey object can perform the specified role. - "] - fn can(role: pkeyrole) -> bool; - - #[doc = " - Returns the maximum amount of data that can be encrypted by an encrypt() - call. - "] - fn max_data() -> uint; - - #[doc = " - Encrypts data using OAEP padding, returning the encrypted data. The supplied - data must not be larger than max_data(). - "] - fn encrypt(s: ~[u8]) -> ~[u8]; - - #[doc = " - Decrypts data, expecting OAEP padding, returning the decrypted data. - "] - fn decrypt(s: ~[u8]) -> ~[u8]; - - #[doc = " - Signs data, using OpenSSL's default scheme and sha256. Unlike encrypt(), can - process an arbitrary amount of data; returns the signature. - "] - fn sign(s: ~[u8]) -> ~[u8]; - - #[doc = " - Verifies a signature s (using OpenSSL's default scheme and sha256) on a - message m. Returns true if the signature is valid, and false otherwise. - "] - fn verify(m: ~[u8], s: ~[u8]) -> bool; +pub enum Role { + Encrypt, + Decrypt, + Sign, + Verify } fn rsa_to_any(rsa: *RSA) -> *ANYKEY unsafe { - unsafe::reinterpret_cast::<*RSA, *ANYKEY>(rsa) + cast::reinterpret_cast(&rsa) } fn any_to_rsa(anykey: *ANYKEY) -> *RSA unsafe { - unsafe::reinterpret_cast::<*ANYKEY, *RSA>(anykey) + cast::reinterpret_cast(&anykey) } -fn pkey() -> pkey { - type pkeystate = { - mut evp: *EVP_PKEY, - mut parts: pkeyparts - }; +pub struct PKey { + priv mut evp: *EVP_PKEY, + priv mut parts: Parts, +} - fn _tostr(st: pkeystate, - f: fn@(*EVP_PKEY, **u8) -> c_int) -> ~[u8] unsafe { - let len = f(st.evp, ptr::null()); - if len < 0 as c_int { ret ~[]; } - let s = vec::to_mut(vec::from_elem::(len as uint, 0u8)); - let ps = vec::unsafe::to_ptr::(s); - let pps = ptr::addr_of(ps); - let r = f(st.evp, pps); - let bytes = vec::slice::(s, 0u, r as uint); - ret bytes; +pub fn PKey() -> PKey { + PKey { evp: libcrypto::EVP_PKEY_new(), parts: Neither } +} + +priv impl PKey { + fn _tostr(f: fn@(*EVP_PKEY, &*mut u8) -> c_int) -> ~[u8] unsafe { + let buf = ptr::mut_null(); + let len = f(self.evp, &buf); + if len < 0 as c_int { return ~[]; } + let mut s = vec::from_elem(len as uint, 0u8); + + let r = do vec::as_mut_buf(s) |ps, _len| { + f(self.evp, &ps) + }; + + vec::slice(s, 0u, r as uint) } - fn _fromstr(st: pkeystate, - f: fn@(c_int, **EVP_PKEY, **u8, c_uint) -> *EVP_PKEY, - s: ~[u8]) unsafe { - let ps: *u8 = vec::unsafe::to_ptr::(s); - let pps: **u8 = ptr::addr_of(ps); - let evp: *EVP_PKEY = ptr::null(); - let pevp: **EVP_PKEY = ptr::addr_of(evp); - f(6 as c_int, pevp, pps, vec::len(s) as c_uint); - st.evp = *pevp; + fn _fromstr( + s: &[u8], + f: fn@(c_int, &*EVP_PKEY, &*u8, c_uint) -> *EVP_PKEY + ) unsafe { + do vec::as_imm_buf(s) |ps, len| { + let evp = ptr::null(); + f(6 as c_int, &evp, &ps, len as c_uint); + self.evp = evp; + } + } +} + +///Represents a public key, optionally with a private key attached. +pub impl PKey { + fn gen(keysz: uint) unsafe { + let rsa = libcrypto::RSA_generate_key( + keysz as c_uint, + 65537u as c_uint, + ptr::null(), + ptr::null() + ); + + let rsa_ = rsa_to_any(rsa); + // XXX: 6 == NID_rsaEncryption + libcrypto::EVP_PKEY_assign(self.evp, 6 as c_int, rsa_); + self.parts = Both; } - impl of pkey for pkeystate { - fn gen(keysz: uint) unsafe { - let rsa = libcrypto::RSA_generate_key(keysz as c_uint, 65537u as c_uint, - ptr::null(), ptr::null()); - let rsa_ = rsa_to_any(rsa); - // XXX: 6 == NID_rsaEncryption - libcrypto::EVP_PKEY_assign(self.evp, 6 as c_int, rsa_); - self.parts = both; - } + /** + * Returns a serialized form of the public key, suitable for load_pub(). + */ + fn save_pub() -> ~[u8] { + self._tostr(libcrypto::i2d_PublicKey) + } - fn save_pub() -> ~[u8] { - _tostr(self, libcrypto::i2d_PublicKey) + /** + * Loads a serialized form of the public key, as produced by save_pub(). + */ + fn load_pub(s: &[u8]) { + self._fromstr(s, libcrypto::d2i_PublicKey); + self.parts = Public; + } + + /** + * Returns a serialized form of the public and private keys, suitable for + * load_priv(). + */ + fn save_priv() -> ~[u8] { + self._tostr(libcrypto::i2d_PrivateKey) + } + /** + * Loads a serialized form of the public and private keys, as produced by + * save_priv(). + */ + fn load_priv(s: &[u8]) { + self._fromstr(s, libcrypto::d2i_PrivateKey); + self.parts = Both; + } + + /** + * Returns the size of the public key modulus. + */ + fn size() -> uint { + libcrypto::RSA_size(libcrypto::EVP_PKEY_get1_RSA(self.evp)) as uint + } + + /** + * Returns whether this pkey object can perform the specified role. + */ + fn can(r: Role) -> bool { + match r { + Encrypt => + match self.parts { + Neither => false, + _ => true, + }, + Verify => + match self.parts { + Neither => false, + _ => true, + }, + Decrypt => + match self.parts { + Both => true, + _ => false, + }, + Sign => + match self.parts { + Both => true, + _ => false, + }, } - fn load_pub(s: ~[u8]) { - _fromstr(self, libcrypto::d2i_PublicKey, s); - self.parts = public; - } - fn save_priv() -> ~[u8] { - _tostr(self, libcrypto::i2d_PrivateKey) - } - fn load_priv(s: ~[u8]) { - _fromstr(self, libcrypto::d2i_PrivateKey, s); - self.parts = both; - } - fn size() -> uint { - libcrypto::RSA_size(libcrypto::EVP_PKEY_get1_RSA(self.evp)) as uint - } - fn can(r: pkeyrole) -> bool { - alt r { - encrypt { self.parts != neither } - verify { self.parts != neither } - decrypt { self.parts == both } - sign { self.parts == both } + } + + /** + * Returns the maximum amount of data that can be encrypted by an encrypt() + * call. + */ + fn max_data() -> uint unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + + // 41 comes from RSA_public_encrypt(3) for OAEP + len as uint - 41u + } + + /** + * Encrypts data using OAEP padding, returning the encrypted data. The + * supplied data must not be larger than max_data(). + */ + fn encrypt(s: &[u8]) -> ~[u8] unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + + // 41 comes from RSA_public_encrypt(3) for OAEP + assert s.len() < libcrypto::RSA_size(rsa) as uint - 41u; + + let mut r = vec::from_elem(len as uint + 1u, 0u8); + + do vec::as_mut_buf(r) |pr, _len| { + do vec::as_imm_buf(s) |ps, s_len| { + // XXX: 4 == RSA_PKCS1_OAEP_PADDING + let rv = libcrypto::RSA_public_encrypt( + s_len as c_uint, + ps, + pr, + rsa, 4 as c_int + ); + + if rv < 0 as c_int { + ~[] + } else { + vec::slice(r, 0u, rv as uint) + } } } - fn max_data() -> uint unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - // 41 comes from RSA_public_encrypt(3) for OAEP - ret len as uint - 41u; - } - fn encrypt(s: ~[u8]) -> ~[u8] unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - // 41 comes from RSA_public_encrypt(3) for OAEP - assert(vec::len(s) < libcrypto::RSA_size(rsa) as uint - 41u); - let r = vec::to_mut(vec::from_elem::(len as uint + 1u, 0u8)); - let pr = vec::unsafe::to_ptr::(r); - let ps = vec::unsafe::to_ptr::(s); - // XXX: 4 == RSA_PKCS1_OAEP_PADDING - let rv = libcrypto::RSA_public_encrypt(vec::len(s) as c_uint, ps, pr, - rsa, 4 as c_int); - if rv < 0 as c_int { ret ~[]; } - ret vec::slice::(r, 0u, rv as uint); - } - fn decrypt(s: ~[u8]) -> ~[u8] unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - assert(vec::len(s) as c_uint == libcrypto::RSA_size(rsa)); - let r = vec::to_mut(vec::from_elem::(len as uint + 1u, 0u8)); - let pr = vec::unsafe::to_ptr::(r); - let ps = vec::unsafe::to_ptr::(s); - // XXX: 4 == RSA_PKCS1_OAEP_PADDING - let rv = libcrypto::RSA_private_decrypt(vec::len(s) as c_uint, ps, - pr, rsa, 4 as c_int); - if rv < 0 as c_int { ret ~[]; } - ret vec::slice::(r, 0u, rv as uint); - } - fn sign(s: ~[u8]) -> ~[u8] unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let len = libcrypto::RSA_size(rsa); - let r = vec::to_mut(vec::from_elem::(len as uint + 1u, 0u8)); - let pr = vec::unsafe::to_ptr::(r); - let ps = vec::unsafe::to_ptr::(s); - let plen = ptr::addr_of(len); - // XXX: 672 == NID_sha256 - let rv = libcrypto::RSA_sign(672 as c_int, ps, - vec::len(s) as c_uint, pr, - plen, rsa); - if rv < 0 as c_int { ret ~[]; } - ret vec::slice::(r, 0u, *plen as uint); - } - fn verify(m: ~[u8], s: ~[u8]) -> bool unsafe { - let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); - let pm: *u8 = vec::unsafe::to_ptr::(m); - let ps: *u8 = vec::unsafe::to_ptr::(s); - // XXX: 672 == NID_sha256 - let rv = libcrypto::RSA_verify(672 as c_int, pm, - vec::len(m) as c_uint, ps, - vec::len(s) as c_uint, rsa); - ret rv == 1 as c_int; + } + + /** + * Decrypts data, expecting OAEP padding, returning the decrypted data. + */ + fn decrypt(s: &[u8]) -> ~[u8] unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + + assert s.len() as c_uint == libcrypto::RSA_size(rsa); + + let mut r = vec::from_elem(len as uint + 1u, 0u8); + + do vec::as_mut_buf(r) |pr, _len| { + do vec::as_imm_buf(s) |ps, s_len| { + // XXX: 4 == RSA_PKCS1_OAEP_PADDING + let rv = libcrypto::RSA_private_decrypt( + s_len as c_uint, + ps, + pr, + rsa, + 4 as c_int + ); + + if rv < 0 as c_int { + ~[] + } else { + vec::slice(r, 0u, rv as uint) + } + } } } - let st = { mut evp: libcrypto::EVP_PKEY_new(), mut parts: neither }; - let p = st as pkey; - ret p; + /** + * Signs data, using OpenSSL's default scheme and sha256. Unlike encrypt(), + * can process an arbitrary amount of data; returns the signature. + */ + fn sign(s: &[u8]) -> ~[u8] unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + let len = libcrypto::RSA_size(rsa); + let mut r = vec::from_elem(len as uint + 1u, 0u8); + + do vec::as_mut_buf(r) |pr, _len| { + do vec::as_imm_buf(s) |ps, s_len| { + let plen = ptr::addr_of(len); + + // XXX: 672 == NID_sha256 + let rv = libcrypto::RSA_sign( + 672 as c_int, + ps, + s_len as c_uint, + pr, + plen, + rsa); + + if rv < 0 as c_int { + ~[] + } else { + vec::slice(r, 0u, *plen as uint) + } + } + } + } + + /** + * Verifies a signature s (using OpenSSL's default scheme and sha256) on a + * message m. Returns true if the signature is valid, and false otherwise. + */ + fn verify(m: &[u8], s: &[u8]) -> bool unsafe { + let rsa = libcrypto::EVP_PKEY_get1_RSA(self.evp); + + do vec::as_imm_buf(m) |pm, m_len| { + do vec::as_imm_buf(s) |ps, s_len| { + // XXX: 672 == NID_sha256 + let rv = libcrypto::RSA_verify( + 672 as c_int, + pm, + m_len as c_uint, + ps, + s_len as c_uint, + rsa + ); + + rv == 1 as c_int + } + } + } } #[cfg(test)] mod tests { #[test] fn test_gen_pub() { - let k0 = pkey(); - let k1 = pkey(); + let k0 = PKey(); + let k1 = PKey(); k0.gen(512u); k1.load_pub(k0.save_pub()); assert(k0.save_pub() == k1.save_pub()); assert(k0.size() == k1.size()); - assert(k0.can(encrypt)); - assert(k0.can(decrypt)); - assert(k0.can(verify)); - assert(k0.can(sign)); - assert(k1.can(encrypt)); - assert(!k1.can(decrypt)); - assert(k1.can(verify)); - assert(!k1.can(sign)); + assert(k0.can(Encrypt)); + assert(k0.can(Decrypt)); + assert(k0.can(Verify)); + assert(k0.can(Sign)); + assert(k1.can(Encrypt)); + assert(!k1.can(Decrypt)); + assert(k1.can(Verify)); + assert(!k1.can(Sign)); } #[test] fn test_gen_priv() { - let k0 = pkey(); - let k1 = pkey(); + let k0 = PKey(); + let k1 = PKey(); k0.gen(512u); k1.load_priv(k0.save_priv()); assert(k0.save_priv() == k1.save_priv()); assert(k0.size() == k1.size()); - assert(k0.can(encrypt)); - assert(k0.can(decrypt)); - assert(k0.can(verify)); - assert(k0.can(sign)); - assert(k1.can(encrypt)); - assert(k1.can(decrypt)); - assert(k1.can(verify)); - assert(k1.can(sign)); + assert(k0.can(Encrypt)); + assert(k0.can(Decrypt)); + assert(k0.can(Verify)); + assert(k0.can(Sign)); + assert(k1.can(Encrypt)); + assert(k1.can(Decrypt)); + assert(k1.can(Verify)); + assert(k1.can(Sign)); } #[test] fn test_encrypt() { - let k0 = pkey(); - let k1 = pkey(); + let k0 = PKey(); + let k1 = PKey(); let msg = ~[0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512u); k1.load_pub(k0.save_pub()); @@ -301,8 +357,8 @@ mod tests { #[test] fn test_sign() { - let k0 = pkey(); - let k1 = pkey(); + let k0 = PKey(); + let k1 = PKey(); let msg = ~[0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512u); k1.load_pub(k0.save_pub()); diff --git a/rand.rs b/rand.rs index 340defb2..4f018be3 100644 --- a/rand.rs +++ b/rand.rs @@ -1,22 +1,21 @@ -import libc::{c_uchar, c_int}; +use libc::{c_uchar, c_int}; #[link_name = "crypto"] #[abi = "cdecl"] extern mod libcrypto { - fn RAND_bytes(buf: *c_uchar, num: c_int) -> c_int; + fn RAND_bytes(buf: *mut u8, num: c_int) -> c_int; } -fn rand_bytes(len: uint) -> ~[u8] { - let mut out = ~[]; - vec::reserve(out, len); +pub fn rand_bytes(len: uint) -> ~[u8] { + let mut out = vec::with_capacity(len); - do vec::as_buf(out) |out_buf| { + do vec::as_mut_buf(out) |out_buf, len| { let r = libcrypto::RAND_bytes(out_buf, len as c_int); if r != 1 as c_int { fail } - - unsafe { vec::unsafe::set_len(out, len); } } + unsafe { vec::raw::set_len(out, len); } + out } diff --git a/symm.rs b/symm.rs index 7e916ad1..b0b92638 100644 --- a/symm.rs +++ b/symm.rs @@ -1,14 +1,13 @@ -import libc::c_int; +use libc::{c_int, c_uint}; -export crypter; -export cryptermode; export encryptmode, decryptmode; -export cryptertype; -export aes_256_ecb, aes_256_cbc; export encrypt, decrypt; export libcrypto; +#[allow(non_camel_case_types)] type EVP_CIPHER_CTX = *libc::c_void; + +#[allow(non_camel_case_types)] type EVP_CIPHER = *libc::c_void; #[link_name = "crypto"] @@ -25,124 +24,141 @@ extern mod libcrypto { fn EVP_aes_256_cbc() -> EVP_CIPHER; fn EVP_CipherInit(ctx: EVP_CIPHER_CTX, evp: EVP_CIPHER, - key: *u8, iv: *u8, mode: c_int); - fn EVP_CipherUpdate(ctx: EVP_CIPHER_CTX, outbuf: *u8, outlen: *u32, - inbuf: *u8, inlen: u32); - fn EVP_CipherFinal(ctx: EVP_CIPHER_CTX, res: *u8, len: *u32); + key: *u8, iv: *u8, mode: c_int); + fn EVP_CipherUpdate(ctx: EVP_CIPHER_CTX, outbuf: *mut u8, + outlen: &mut c_uint, inbuf: *u8, inlen: c_int); + fn EVP_CipherFinal(ctx: EVP_CIPHER_CTX, res: *mut u8, len: &mut c_int); } -#[doc = "Represents a symmetric cipher context."] -iface crypter { - #[doc = " - Enables or disables padding. If padding is disabled, total amount of data - encrypted must be a multiple of block size. - "] - fn pad(padding: bool); - - #[doc = "Initializes this crypter."] - fn init(mode: cryptermode, key: ~[u8], iv: ~[u8]); - - #[doc = " - Update this crypter with more data to encrypt or decrypt. Returns encrypted - or decrypted bytes. - "] - fn update(data: ~[u8]) -> ~[u8]; - - #[doc = " - Finish crypting. Returns the remaining partial block of output, if any. - "] - fn final() -> ~[u8]; +pub enum Mode { + Encrypt, + Decrypt, } -enum cryptermode { - encryptmode, - decryptmode +#[allow(non_camel_case_types)] +pub enum Type { + AES_256_ECB, + AES_256_CBC, } -enum cryptertype { - aes_256_ecb, - aes_256_cbc -} - -fn evpc(t: cryptertype) -> (EVP_CIPHER, uint, uint) { - alt t { - aes_256_ecb { (libcrypto::EVP_aes_256_ecb(), 32u, 16u) } - aes_256_cbc { (libcrypto::EVP_aes_256_cbc(), 32u, 16u) } +fn evpc(t: Type) -> (EVP_CIPHER, uint, uint) { + match t { + AES_256_ECB => (libcrypto::EVP_aes_256_ecb(), 32u, 16u), + AES_256_CBC => (libcrypto::EVP_aes_256_cbc(), 32u, 16u), } } -fn crypter(t: cryptertype) -> crypter { - type crypterstate = { - evp: EVP_CIPHER, - ctx: EVP_CIPHER_CTX, - keylen: uint, - blocksize: uint - }; - - impl of crypter for crypterstate { - fn pad(padding: bool) { - let v = if padding { 1 } else { 0} as c_int; - libcrypto::EVP_CIPHER_CTX_set_padding(self.ctx, v); - } - - fn init (mode: cryptermode, key: ~[u8], iv: ~[u8]) unsafe { - let m = alt mode { encryptmode { 1 } decryptmode { 0 } } as c_int; - assert(vec::len(key) == self.keylen); - let pkey: *u8 = vec::unsafe::to_ptr::(key); - let piv: *u8 = vec::unsafe::to_ptr::(iv); - libcrypto::EVP_CipherInit(self.ctx, self.evp, pkey, piv, m); - } - - fn update(data: ~[u8]) -> ~[u8] unsafe { - let pdata = vec::unsafe::to_ptr::(data); - let datalen = vec::len(data) as u32; - let reslen = datalen + (self.blocksize as u32); - let preslen = ptr::addr_of(reslen); - let res = vec::to_mut(vec::from_elem::(reslen as uint, 0u8)); - let pres = vec::unsafe::to_ptr::(res); - libcrypto::EVP_CipherUpdate(self.ctx, pres, preslen, pdata, datalen); - ret vec::slice::(res, 0u, *preslen as uint); - } - - fn final() -> ~[u8] unsafe { - let reslen = self.blocksize as u32; - let preslen = ptr::addr_of(reslen); - let res = vec::to_mut(vec::from_elem::(reslen as uint, 0u8)); - let pres = vec::unsafe::to_ptr::(res); - libcrypto::EVP_CipherFinal(self.ctx, pres, preslen); - ret vec::slice::(res, 0u, *preslen as uint); - } - } +/// Represents a symmetric cipher context. +pub struct Crypter { + priv evp: EVP_CIPHER, + priv ctx: EVP_CIPHER_CTX, + priv keylen: uint, + priv blocksize: uint +} +pub fn Crypter(t: Type) -> Crypter { let ctx = libcrypto::EVP_CIPHER_CTX_new(); let (evp, keylen, blocksz) = evpc(t); - let st = { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz }; - let h = st as crypter; - ret h; + Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz } } -#[doc = " -Encrypts data, using the specified crypter type in encrypt mode with the -specified key and iv; returns the resulting (encrypted) data. -"] -fn encrypt(t: cryptertype, key: ~[u8], iv: ~[u8], data: ~[u8]) -> ~[u8] { - let c = crypter(t); - c.init(encryptmode, key, iv); - let r = c.update(data); - let rest = c.final(); - ret r + rest; +pub impl Crypter { + /** + * Enables or disables padding. If padding is disabled, total amount of + * data encrypted must be a multiple of block size. + */ + fn pad(padding: bool) { + let v = if padding { 1 } else { 0} as c_int; + libcrypto::EVP_CIPHER_CTX_set_padding(self.ctx, v); + } + + /** + * Initializes this crypter. + */ + fn init(mode: Mode, key: &[u8], iv: &[u8]) unsafe { + let mode = match mode { + Encrypt => 1 as c_int, + Decrypt => 0 as c_int, + }; + assert key.len() == self.keylen; + + do vec::as_imm_buf(key) |pkey, _len| { + do vec::as_imm_buf(iv) |piv, _len| { + libcrypto::EVP_CipherInit( + self.ctx, + self.evp, + pkey, + piv, + mode + ) + } + } + } + + /** + * Update this crypter with more data to encrypt or decrypt. Returns + * encrypted or decrypted bytes. + */ + fn update(data: &[u8]) -> ~[u8] unsafe { + do vec::as_imm_buf(data) |pdata, len| { + let mut res = vec::from_elem(len + self.blocksize, 0u8); + + let reslen = do vec::as_mut_buf(res) |pres, _len| { + let mut reslen = (len + self.blocksize) as u32; + + libcrypto::EVP_CipherUpdate( + self.ctx, + pres, + &mut reslen, + pdata, + len as c_int + ); + + reslen + }; + + vec::slice(res, 0u, reslen as uint) + } + } + + /** + * Finish crypting. Returns the remaining partial block of output, if any. + */ + fn final() -> ~[u8] unsafe { + let res = vec::to_mut(vec::from_elem(self.blocksize, 0u8)); + + let reslen = do vec::as_mut_buf(res) |pres, _len| { + let mut reslen = self.blocksize as c_int; + libcrypto::EVP_CipherFinal(self.ctx, pres, &mut reslen); + reslen + }; + + vec::slice(res, 0u, reslen as uint) + } } -#[doc = " -Decrypts data, using the specified crypter type in decrypt mode with the -specified key and iv; returns the resulting (decrypted) data. -"] -fn decrypt(t: cryptertype, key: ~[u8], iv: ~[u8], data: ~[u8]) -> ~[u8] { - let c = crypter(t); - c.init(decryptmode, key, iv); +/** + * Encrypts data, using the specified crypter type in encrypt mode with the + * specified key and iv; returns the resulting (encrypted) data. + */ +fn encrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { + let c = Crypter(t); + c.init(Encrypt, key, iv); let r = c.update(data); let rest = c.final(); - ret r + rest; + r + rest +} + +/** + * Decrypts data, using the specified crypter type in decrypt mode with the + * specified key and iv; returns the resulting (decrypted) data. + */ +fn decrypt(t: Type, key: &[u8], iv: ~[u8], data: &[u8]) -> ~[u8] { + let c = Crypter(t); + c.init(Decrypt, key, iv); + let r = c.update(data); + let rest = c.final(); + r + rest } #[cfg(test)] @@ -162,12 +178,12 @@ mod tests { let c0 = ~[ 0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, 0xeau8, 0xfcu8, 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8 ]; - let c = crypter(aes_256_ecb); - c.init(encryptmode, k0, ~[]); + let c = Crypter(AES_256_ECB); + c.init(Encrypt, k0, ~[]); c.pad(false); let r0 = c.update(p0) + c.final(); assert(r0 == c0); - c.init(decryptmode, k0, ~[]); + c.init(Decrypt, k0, ~[]); c.pad(false); let p1 = c.update(r0) + c.final(); assert(p1 == p0);