diff --git a/openssl/src/asn1/mod.rs b/openssl/src/asn1/mod.rs index c250096fd52db782016c3e78eec1e2b57041ec77..d5561b6278db81ec07c8b8f3bad6ee34a721741d 100644 --- a/openssl/src/asn1/mod.rs +++ b/openssl/src/asn1/mod.rs @@ -1,13 +1,13 @@ -use libc::{c_long}; +use libc::c_long; use std::ptr; use ffi; -use ssl::error::{SslError}; +use ssl::error::SslError; pub struct Asn1Time { handle: *mut ffi::ASN1_TIME, - owned: bool + owned: bool, } impl Asn1Time { @@ -15,7 +15,7 @@ impl Asn1Time { pub fn new(handle: *mut ffi::ASN1_TIME) -> Asn1Time { Asn1Time { handle: handle, - owned: true + owned: true, } } @@ -23,8 +23,7 @@ impl Asn1Time { ffi::init(); let handle = unsafe { - try_ssl_null!(ffi::X509_gmtime_adj(ptr::null_mut(), - period as c_long)) + try_ssl_null!(ffi::X509_gmtime_adj(ptr::null_mut(), period as c_long)) }; Ok(Asn1Time::new(handle)) } @@ -36,7 +35,7 @@ impl Asn1Time { /// Returns raw handle pub unsafe fn get_handle(&self) -> *mut ffi::ASN1_TIME { - return self.handle + return self.handle; } } diff --git a/openssl/src/bio/mod.rs b/openssl/src/bio/mod.rs index a0c4b533aab75ad2a48d14a903bfe718126c09cb..4c9b20b0f814432e81046755129d8a5e821d34b1 100644 --- a/openssl/src/bio/mod.rs +++ b/openssl/src/bio/mod.rs @@ -6,11 +6,11 @@ use std::cmp; use ffi; use ffi_extras; -use ssl::error::{SslError}; +use ssl::error::SslError; pub struct MemBio { bio: *mut ffi::BIO, - owned: bool + owned: bool, } impl Drop for MemBio { @@ -33,7 +33,7 @@ impl MemBio { Ok(MemBio { bio: bio, - owned: true + owned: true, }) } @@ -41,7 +41,7 @@ impl MemBio { pub fn borrowed(bio: *mut ffi::BIO) -> MemBio { MemBio { bio: bio, - owned: false + owned: false, } } @@ -60,17 +60,21 @@ impl MemBio { /// Sets the BIO's EOF state. pub fn set_eof(&self, eof: bool) { - let v = if eof { 0 } else { -1 }; - unsafe { ffi_extras::BIO_set_mem_eof_return(self.bio, v); } + let v = if eof { + 0 + } else { + -1 + }; + unsafe { + ffi_extras::BIO_set_mem_eof_return(self.bio, v); + } } } impl Read for MemBio { fn read(&mut self, buf: &mut [u8]) -> io::Result { let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int; - let ret = unsafe { - ffi::BIO_read(self.bio, buf.as_ptr() as *mut c_void, len) - }; + let ret = unsafe { ffi::BIO_read(self.bio, buf.as_ptr() as *mut c_void, len) }; if ret <= 0 { let is_eof = unsafe { ffi_extras::BIO_eof(self.bio) }; @@ -88,9 +92,7 @@ impl Read for MemBio { impl Write for MemBio { fn write(&mut self, buf: &[u8]) -> io::Result { let len = cmp::min(c_int::max_value() as usize, buf.len()) as c_int; - let ret = unsafe { - ffi::BIO_write(self.bio, buf.as_ptr() as *const c_void, len) - }; + let ret = unsafe { ffi::BIO_write(self.bio, buf.as_ptr() as *const c_void, len) }; if ret < 0 { Err(io::Error::new(io::ErrorKind::Other, SslError::get())) diff --git a/openssl/src/bn/mod.rs b/openssl/src/bn/mod.rs index 2d678da25ce802021f3ed5a2b1522ebd9582de5a..51a492411d6a705dfb3b57d51c5edb3bd48b2e68 100644 --- a/openssl/src/bn/mod.rs +++ b/openssl/src/bn/mod.rs @@ -111,55 +111,73 @@ impl BigNum { pub fn checked_sqr(&self) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_sqr(r.raw(), self.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_sqr(r.raw(), self.raw(), ctx) == 1 + }) } } pub fn checked_nnmod(&self, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_nnmod(r.raw(), self.raw(), n.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_nnmod(r.raw(), self.raw(), n.raw(), ctx) == 1 + }) } } pub fn checked_mod_add(&self, a: &BigNum, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_mod_add(r.raw(), self.raw(), a.raw(), n.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_mod_add(r.raw(), self.raw(), a.raw(), n.raw(), ctx) == 1 + }) } } pub fn checked_mod_sub(&self, a: &BigNum, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_mod_sub(r.raw(), self.raw(), a.raw(), n.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_mod_sub(r.raw(), self.raw(), a.raw(), n.raw(), ctx) == 1 + }) } } pub fn checked_mod_mul(&self, a: &BigNum, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_mod_mul(r.raw(), self.raw(), a.raw(), n.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_mod_mul(r.raw(), self.raw(), a.raw(), n.raw(), ctx) == 1 + }) } } pub fn checked_mod_sqr(&self, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_mod_sqr(r.raw(), self.raw(), n.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_mod_sqr(r.raw(), self.raw(), n.raw(), ctx) == 1 + }) } } pub fn checked_exp(&self, p: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_exp(r.raw(), self.raw(), p.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_exp(r.raw(), self.raw(), p.raw(), ctx) == 1 + }) } } pub fn checked_mod_exp(&self, p: &BigNum, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_mod_exp(r.raw(), self.raw(), p.raw(), n.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_mod_exp(r.raw(), self.raw(), p.raw(), n.raw(), ctx) == 1 + }) } } pub fn checked_mod_inv(&self, n: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { !ffi::BN_mod_inverse(r.raw(), self.raw(), n.raw(), ctx).is_null() }) + with_bn_in_ctx!(r, ctx, { + !ffi::BN_mod_inverse(r.raw(), self.raw(), n.raw(), ctx).is_null() + }) } } @@ -217,17 +235,28 @@ impl BigNum { pub fn checked_gcd(&self, a: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_gcd(r.raw(), self.raw(), a.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_gcd(r.raw(), self.raw(), a.raw(), ctx) == 1 + }) } } - pub fn checked_generate_prime(bits: i32, safe: bool, add: Option<&BigNum>, rem: Option<&BigNum>) -> Result { + pub fn checked_generate_prime(bits: i32, + safe: bool, + add: Option<&BigNum>, + rem: Option<&BigNum>) + -> Result { unsafe { with_bn_in_ctx!(r, ctx, { let add_arg = add.map(|a| a.raw()).unwrap_or(ptr::null_mut()); let rem_arg = rem.map(|r| r.raw()).unwrap_or(ptr::null_mut()); - ffi::BN_generate_prime_ex(r.raw(), bits as c_int, safe as c_int, add_arg, rem_arg, ptr::null()) == 1 + ffi::BN_generate_prime_ex(r.raw(), + bits as c_int, + safe as c_int, + add_arg, + rem_arg, + ptr::null()) == 1 }) } } @@ -243,32 +272,47 @@ impl BigNum { pub fn is_prime_fast(&self, checks: i32, do_trial_division: bool) -> Result { unsafe { with_ctx!(ctx, { - Ok(ffi::BN_is_prime_fasttest_ex(self.raw(), checks as c_int, ctx, do_trial_division as c_int, ptr::null()) == 1) + Ok(ffi::BN_is_prime_fasttest_ex(self.raw(), + checks as c_int, + ctx, + do_trial_division as c_int, + ptr::null()) == 1) }) } } pub fn checked_new_random(bits: i32, prop: RNGProperty, odd: bool) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_rand(r.raw(), bits as c_int, prop as c_int, odd as c_int) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_rand(r.raw(), bits as c_int, prop as c_int, odd as c_int) == 1 + }) } } - pub fn checked_new_pseudo_random(bits: i32, prop: RNGProperty, odd: bool) -> Result { + pub fn checked_new_pseudo_random(bits: i32, + prop: RNGProperty, + odd: bool) + -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_pseudo_rand(r.raw(), bits as c_int, prop as c_int, odd as c_int) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_pseudo_rand(r.raw(), bits as c_int, prop as c_int, odd as c_int) == 1 + }) } } pub fn checked_rand_in_range(&self) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_rand_range(r.raw(), self.raw()) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_rand_range(r.raw(), self.raw()) == 1 + }) } } pub fn checked_pseudo_rand_in_range(&self) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_pseudo_rand_range(r.raw(), self.raw()) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_pseudo_rand_range(r.raw(), self.raw()) == 1 + }) } } @@ -293,9 +337,7 @@ impl BigNum { } pub fn is_bit_set(&self, n: i32) -> bool { - unsafe { - ffi::BN_is_bit_set(self.raw(), n as c_int) == 1 - } + unsafe { ffi::BN_is_bit_set(self.raw(), n as c_int) == 1 } } pub fn mask_bits(&mut self, n: i32) -> Result<(), SslError> { @@ -310,62 +352,78 @@ impl BigNum { pub fn checked_shl1(&self) -> Result { unsafe { - with_bn!(r, { ffi::BN_lshift1(r.raw(), self.raw()) == 1 }) + with_bn!(r, { + ffi::BN_lshift1(r.raw(), self.raw()) == 1 + }) } } pub fn checked_shr1(&self) -> Result { unsafe { - with_bn!(r, { ffi::BN_rshift1(r.raw(), self.raw()) == 1 }) + with_bn!(r, { + ffi::BN_rshift1(r.raw(), self.raw()) == 1 + }) } } pub fn checked_add(&self, a: &BigNum) -> Result { unsafe { - with_bn!(r, { ffi::BN_add(r.raw(), self.raw(), a.raw()) == 1 }) + with_bn!(r, { + ffi::BN_add(r.raw(), self.raw(), a.raw()) == 1 + }) } } pub fn checked_sub(&self, a: &BigNum) -> Result { unsafe { - with_bn!(r, { ffi::BN_sub(r.raw(), self.raw(), a.raw()) == 1 }) + with_bn!(r, { + ffi::BN_sub(r.raw(), self.raw(), a.raw()) == 1 + }) } } pub fn checked_mul(&self, a: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_mul(r.raw(), self.raw(), a.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_mul(r.raw(), self.raw(), a.raw(), ctx) == 1 + }) } } pub fn checked_div(&self, a: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_div(r.raw(), ptr::null_mut(), self.raw(), a.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_div(r.raw(), ptr::null_mut(), self.raw(), a.raw(), ctx) == 1 + }) } } pub fn checked_mod(&self, a: &BigNum) -> Result { unsafe { - with_bn_in_ctx!(r, ctx, { ffi::BN_div(ptr::null_mut(), r.raw(), self.raw(), a.raw(), ctx) == 1 }) + with_bn_in_ctx!(r, ctx, { + ffi::BN_div(ptr::null_mut(), r.raw(), self.raw(), a.raw(), ctx) == 1 + }) } } pub fn checked_shl(&self, a: &i32) -> Result { unsafe { - with_bn!(r, { ffi::BN_lshift(r.raw(), self.raw(), *a as c_int) == 1 }) + with_bn!(r, { + ffi::BN_lshift(r.raw(), self.raw(), *a as c_int) == 1 + }) } } pub fn checked_shr(&self, a: &i32) -> Result { unsafe { - with_bn!(r, { ffi::BN_rshift(r.raw(), self.raw(), *a as c_int) == 1 }) + with_bn!(r, { + ffi::BN_rshift(r.raw(), self.raw(), *a as c_int) == 1 + }) } } pub fn negate(&mut self) { - unsafe { - ffi::BN_set_negative(self.raw(), !self.is_negative() as c_int) - } + unsafe { ffi::BN_set_negative(self.raw(), !self.is_negative() as c_int) } } pub fn abs_cmp(&self, oth: BigNum) -> Ordering { @@ -382,15 +440,11 @@ impl BigNum { } pub fn is_negative(&self) -> bool { - unsafe { - (*self.raw()).neg == 1 - } + unsafe { (*self.raw()).neg == 1 } } pub fn num_bits(&self) -> i32 { - unsafe { - ffi::BN_num_bits(self.raw()) as i32 - } + unsafe { ffi::BN_num_bits(self.raw()) as i32 } } pub fn num_bytes(&self) -> i32 { @@ -421,7 +475,8 @@ impl BigNum { unsafe { let buf = ffi::BN_bn2dec(self.raw()); assert!(!buf.is_null()); - let str = String::from_utf8(CStr::from_ptr(buf as *const _).to_bytes().to_vec()).unwrap(); + let str = String::from_utf8(CStr::from_ptr(buf as *const _).to_bytes().to_vec()) + .unwrap(); ffi::CRYPTO_free(buf as *mut c_void); str } @@ -431,7 +486,8 @@ impl BigNum { unsafe { let buf = ffi::BN_bn2hex(self.raw()); assert!(!buf.is_null()); - let str = String::from_utf8(CStr::from_ptr(buf as *const _).to_bytes().to_vec()).unwrap(); + let str = String::from_utf8(CStr::from_ptr(buf as *const _).to_bytes().to_vec()) + .unwrap(); ffi::CRYPTO_free(buf as *mut c_void); str } @@ -444,12 +500,10 @@ impl fmt::Debug for BigNum { } } -impl Eq for BigNum { } +impl Eq for BigNum {} impl PartialEq for BigNum { fn eq(&self, oth: &BigNum) -> bool { - unsafe { - ffi::BN_cmp(self.raw(), oth.raw()) == 0 - } + unsafe { ffi::BN_cmp(self.raw(), oth.raw()) == 0 } } } @@ -463,14 +517,13 @@ impl PartialOrd for BigNum { fn partial_cmp(&self, oth: &BigNum) -> Option { unsafe { let v = ffi::BN_cmp(self.raw(), oth.raw()); - let ret = - if v == 0 { - Ordering::Equal - } else if v < 0 { - Ordering::Less - } else { - Ordering::Greater - }; + let ret = if v == 0 { + Ordering::Equal + } else if v < 0 { + Ordering::Less + } else { + Ordering::Greater + }; Some(ret) } } @@ -489,7 +542,7 @@ impl Drop for BigNum { pub mod unchecked { use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub}; use ffi; - use super::{BigNum}; + use super::BigNum; impl<'a> Add<&'a BigNum> for &'a BigNum { type Output = BigNum; diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs index 801d8ca5d379e9d9e2bc51b1b154a9ffac15fd33..7846585153266fba8a055d7c524edb1fdeff136d 100644 --- a/openssl/src/crypto/hash.rs +++ b/openssl/src/crypto/hash.rs @@ -14,7 +14,7 @@ pub enum Type { SHA256, SHA384, SHA512, - RIPEMD160 + RIPEMD160, } impl Type { @@ -112,7 +112,12 @@ impl Hasher { }; let md = ty.evp_md(); - let mut h = Hasher { ctx: ctx, md: md, type_: ty, state: Finalized }; + let mut h = Hasher { + ctx: ctx, + md: md, + type_: ty, + state: Finalized, + }; h.init(); h } @@ -121,7 +126,9 @@ impl Hasher { fn init(&mut self) { match self.state { Reset => return, - Updated => { self.finalize(); }, + Updated => { + self.finalize(); + } Finalized => (), } unsafe { @@ -137,8 +144,7 @@ impl Hasher { self.init(); } unsafe { - let r = ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(), - data.len() as c_uint); + let r = ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(), data.len() as c_uint); assert_eq!(r, 1); } self.state = Updated; @@ -190,7 +196,12 @@ impl Clone for Hasher { assert_eq!(r, 1); ctx }; - Hasher { ctx: ctx, md: self.md, type_: self.type_, state: self.state } + Hasher { + ctx: ctx, + md: self.md, + type_: self.type_, + state: self.state, + } } } @@ -233,21 +244,32 @@ mod tests { // Test vectors from http://www.nsrl.nist.gov/testdata/ #[allow(non_upper_case_globals)] - const md5_tests: [(&'static str, &'static str); 13] = [ - ("", "d41d8cd98f00b204e9800998ecf8427e"), - ("7F", "83acb6e67e50e31db6ed341dd2de1595"), - ("EC9C", "0b07f0d4ca797d8ac58874f887cb0b68"), - ("FEE57A", "e0d583171eb06d56198fc0ef22173907"), - ("42F497E0", "7c430f178aefdf1487fee7144e9641e2"), - ("C53B777F1C", "75ef141d64cb37ec423da2d9d440c925"), - ("89D5B576327B", "ebbaf15eb0ed784c6faa9dc32831bf33"), - ("5D4CCE781EB190", "ce175c4b08172019f05e6b5279889f2c"), - ("81901FE94932D7B9", "cd4d2f62b8cdb3a0cf968a735a239281"), - ("C9FFDEE7788EFB4EC9", "e0841a231ab698db30c6c0f3f246c014"), - ("66AC4B7EBA95E53DC10B", "a3b3cea71910d9af56742aa0bb2fe329"), - ("A510CD18F7A56852EB0319", "577e216843dd11573574d3fb209b97d8"), - ("AAED18DBE8938C19ED734A8D", "6f80fb775f27e0a4ce5c2f42fc72c5f1") - ]; + const md5_tests: [(&'static str, &'static str); 13] = [("", + "d41d8cd98f00b204e9800998ecf8427e"), + ("7F", + "83acb6e67e50e31db6ed341dd2de1595"), + ("EC9C", + "0b07f0d4ca797d8ac58874f887cb0b68"), + ("FEE57A", + "e0d583171eb06d56198fc0ef22173907"), + ("42F497E0", + "7c430f178aefdf1487fee7144e9641e2"), + ("C53B777F1C", + "75ef141d64cb37ec423da2d9d440c925"), + ("89D5B576327B", + "ebbaf15eb0ed784c6faa9dc32831bf33"), + ("5D4CCE781EB190", + "ce175c4b08172019f05e6b5279889f2c"), + ("81901FE94932D7B9", + "cd4d2f62b8cdb3a0cf968a735a239281"), + ("C9FFDEE7788EFB4EC9", + "e0841a231ab698db30c6c0f3f246c014"), + ("66AC4B7EBA95E53DC10B", + "a3b3cea71910d9af56742aa0bb2fe329"), + ("A510CD18F7A56852EB0319", + "577e216843dd11573574d3fb209b97d8"), + ("AAED18DBE8938C19ED734A8D", + "6f80fb775f27e0a4ce5c2f42fc72c5f1")]; #[test] fn test_md5() { @@ -305,9 +327,7 @@ mod tests { #[test] fn test_sha1() { - let tests = [ - ("616263", "a9993e364706816aba3e25717850c26c9cd0d89d"), - ]; + let tests = [("616263", "a9993e364706816aba3e25717850c26c9cd0d89d")]; for test in tests.iter() { hash_test(Type::SHA1, test); @@ -316,9 +336,8 @@ mod tests { #[test] fn test_sha256() { - let tests = [ - ("616263", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad") - ]; + let tests = [("616263", + "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")]; for test in tests.iter() { hash_test(Type::SHA256, test); @@ -327,9 +346,7 @@ mod tests { #[test] fn test_ripemd160() { - let tests = [ - ("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc") - ]; + let tests = [("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")]; for test in tests.iter() { hash_test(Type::RIPEMD160, test); diff --git a/openssl/src/crypto/hmac.rs b/openssl/src/crypto/hmac.rs index 2c329c1b3229fbf75a0d49d2ccb37fff5064ab57..866087b0ecc5de62d58487341fddab861dc277ac 100644 --- a/openssl/src/crypto/hmac.rs +++ b/openssl/src/crypto/hmac.rs @@ -1,18 +1,17 @@ -/* - * Copyright 2013 Jack Lloyd - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2013 Jack Lloyd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// use libc::{c_int, c_uint}; use std::iter::repeat; @@ -81,7 +80,11 @@ impl HMAC { }; let md = ty.evp_md(); - let mut h = HMAC { ctx: ctx, type_: ty, state: Finalized }; + let mut h = HMAC { + ctx: ctx, + type_: ty, + state: Finalized, + }; h.init_once(md, key); h } @@ -92,7 +95,8 @@ impl HMAC { let r = ffi_extras::HMAC_Init_ex(&mut self.ctx, key.as_ptr(), key.len() as c_int, - md, 0 as *const _); + md, + 0 as *const _); assert_eq!(r, 1); } self.state = Reset; @@ -102,15 +106,19 @@ impl HMAC { fn init(&mut self) { match self.state { Reset => return, - Updated => { self.finalize(); }, + Updated => { + self.finalize(); + } Finalized => (), } // If the key and/or md is not supplied it's reused from the last time // avoiding redundant initializations unsafe { let r = ffi_extras::HMAC_Init_ex(&mut self.ctx, - 0 as *const _, 0, - 0 as *const _, 0 as *const _); + 0 as *const _, + 0, + 0 as *const _, + 0 as *const _); assert_eq!(r, 1); } self.state = Reset; @@ -173,7 +181,11 @@ impl Clone for HMAC { let r = ffi_extras::HMAC_CTX_copy(&mut ctx, &self.ctx); assert_eq!(r, 1); } - HMAC { ctx: ctx, type_: self.type_, state: self.state } + HMAC { + ctx: ctx, + type_: self.type_, + state: self.state, + } } } @@ -221,43 +233,45 @@ mod tests { #[test] fn test_hmac_md5() { // test vectors from RFC 2202 - let tests: [(Vec, Vec, Vec); 7] = [ - (repeat(0x0b_u8).take(16).collect(), b"Hi There".to_vec(), - "9294727a3638bb1c13f48ef8158bfc9d".from_hex().unwrap()), - (b"Jefe".to_vec(), - b"what do ya want for nothing?".to_vec(), - "750c783e6ab0b503eaa86e310a5db738".from_hex().unwrap()), - (repeat(0xaa_u8).take(16).collect(), repeat(0xdd_u8).take(50).collect(), - "56be34521d144c88dbb8c733f0e8b3f6".from_hex().unwrap()), - ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), - repeat(0xcd_u8).take(50).collect(), - "697eaf0aca3a3aea3a75164746ffaa79".from_hex().unwrap()), - (repeat(0x0c_u8).take(16).collect(), - b"Test With Truncation".to_vec(), - "56461ef2342edc00f9bab995690efd4c".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()) - ]; + let tests: [(Vec, Vec, Vec); 7] = + [(repeat(0x0b_u8).take(16).collect(), + b"Hi There".to_vec(), + "9294727a3638bb1c13f48ef8158bfc9d".from_hex().unwrap()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec(), + "750c783e6ab0b503eaa86e310a5db738".from_hex().unwrap()), + (repeat(0xaa_u8).take(16).collect(), + repeat(0xdd_u8).take(50).collect(), + "56be34521d144c88dbb8c733f0e8b3f6".from_hex().unwrap()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect(), + "697eaf0aca3a3aea3a75164746ffaa79".from_hex().unwrap()), + (repeat(0x0c_u8).take(16).collect(), + b"Test With Truncation".to_vec(), + "56461ef2342edc00f9bab995690efd4c".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; test_hmac(MD5, &tests); } #[test] fn test_hmac_md5_recycle() { - let tests: [(Vec, Vec, Vec); 2] = [ - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()) - ]; + let tests: [(Vec, Vec, Vec); 2] = + [(repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; let mut h = HMAC::new(MD5, &*tests[0].0); for i in 0..100usize { @@ -283,15 +297,15 @@ mod tests { #[test] fn test_clone() { - let tests: [(Vec, Vec, Vec); 2] = [ - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()), - ]; + let tests: [(Vec, Vec, Vec); 2] = + [(repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())]; let p = tests[0].0.len() / 2; let h0 = HMAC::new(Type::MD5, &*tests[0].0); @@ -319,43 +333,45 @@ mod tests { #[test] fn test_hmac_sha1() { // test vectors from RFC 2202 - let tests: [(Vec, Vec, Vec); 7] = [ - (repeat(0x0b_u8).take(20).collect(), b"Hi There".to_vec(), - "b617318655057264e28bc0b6fb378c8ef146be00".from_hex().unwrap()), - (b"Jefe".to_vec(), - b"what do ya want for nothing?".to_vec(), - "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79".from_hex().unwrap()), - (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect(), - "125d7342b9ac11cd91a39af48aa17b4f63f175d3".from_hex().unwrap()), - ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), - repeat(0xcd_u8).take(50).collect(), - "4c9007f4026250c6bc8414f9bf50c86c2d7235da".from_hex().unwrap()), - (repeat(0x0c_u8).take(20).collect(), - b"Test With Truncation".to_vec(), - "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap()) - ]; + let tests: [(Vec, Vec, Vec); 7] = + [(repeat(0x0b_u8).take(20).collect(), + b"Hi There".to_vec(), + "b617318655057264e28bc0b6fb378c8ef146be00".from_hex().unwrap()), + (b"Jefe".to_vec(), + b"what do ya want for nothing?".to_vec(), + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79".from_hex().unwrap()), + (repeat(0xaa_u8).take(20).collect(), + repeat(0xdd_u8).take(50).collect(), + "125d7342b9ac11cd91a39af48aa17b4f63f175d3".from_hex().unwrap()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect(), + "4c9007f4026250c6bc8414f9bf50c86c2d7235da".from_hex().unwrap()), + (repeat(0x0c_u8).take(20).collect(), + b"Test With Truncation".to_vec(), + "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())]; test_hmac(SHA1, &tests); } #[test] fn test_hmac_sha1_recycle() { - let tests: [(Vec, Vec, Vec); 2] = [ - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), - "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), - (repeat(0xaa_u8).take(80).collect(), - b"Test Using Larger Than Block-Size Key \ - and Larger Than One Block-Size Data".to_vec(), - "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap()) - ]; + let tests: [(Vec, Vec, Vec); 2] = + [(repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(), + "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()), + (repeat(0xaa_u8).take(80).collect(), + b"Test Using Larger Than Block-Size Key \ + and Larger Than One Block-Size Data" + .to_vec(), + "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())]; let mut h = HMAC::new(SHA1, &*tests[0].0); for i in 0..100usize { @@ -368,20 +384,20 @@ mod tests { fn test_sha2(ty: Type, results: &[Vec]) { // test vectors from RFC 4231 - let tests: [(Vec, Vec); 6] = [ - (repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()), - (b"Jefe".to_vec(), - b"what do ya want for nothing?".to_vec()), - (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()), - ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), - repeat(0xcd_u8).take(50).collect()), - (repeat(0xaa_u8).take(131).collect(), - b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec()), - (repeat(0xaa_u8).take(131).collect(), - b"This is a test using a larger than block-size key and a \ + let tests: [(Vec, Vec); 6] = + [(repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()), + (b"Jefe".to_vec(), b"what do ya want for nothing?".to_vec()), + (repeat(0xaa_u8).take(20).collect(), + repeat(0xdd_u8).take(50).collect()), + ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(), + repeat(0xcd_u8).take(50).collect()), + (repeat(0xaa_u8).take(131).collect(), + b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec()), + (repeat(0xaa_u8).take(131).collect(), + b"This is a test using a larger than block-size key and a \ larger than block-size data. The key needs to be hashed \ - before being used by the HMAC algorithm.".to_vec()) - ]; + before being used by the HMAC algorithm." + .to_vec())]; for (&(ref key, ref data), res) in tests.iter().zip(results.iter()) { assert_eq!(hmac(ty, &**key, &**data), *res); @@ -398,83 +414,105 @@ mod tests { #[test] fn test_hmac_sha224() { - let results = [ - "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22".from_hex().unwrap(), - "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44".from_hex().unwrap(), - "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea".from_hex().unwrap(), - "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a".from_hex().unwrap(), - "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e".from_hex().unwrap(), - "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1".from_hex().unwrap() - ]; + let results = ["896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22" + .from_hex() + .unwrap(), + "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44" + .from_hex() + .unwrap(), + "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea" + .from_hex() + .unwrap(), + "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a" + .from_hex() + .unwrap(), + "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e" + .from_hex() + .unwrap(), + "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1" + .from_hex() + .unwrap()]; test_sha2(SHA224, &results); } #[test] fn test_hmac_sha256() { - let results = [ - "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7".from_hex().unwrap(), - "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843".from_hex().unwrap(), - "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe".from_hex().unwrap(), - "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b".from_hex().unwrap(), - "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54".from_hex().unwrap(), - "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2".from_hex().unwrap() - ]; + let results = ["b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7" + .from_hex() + .unwrap(), + "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843" + .from_hex() + .unwrap(), + "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe" + .from_hex() + .unwrap(), + "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b" + .from_hex() + .unwrap(), + "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54" + .from_hex() + .unwrap(), + "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2" + .from_hex() + .unwrap()]; test_sha2(SHA256, &results); } #[test] fn test_hmac_sha384() { - let results = [ - "afd03944d84895626b0825f4ab46907f\ - 15f9dadbe4101ec682aa034c7cebc59c\ - faea9ea9076ede7f4af152e8b2fa9cb6".from_hex().unwrap(), - "af45d2e376484031617f78d2b58a6b1b\ - 9c7ef464f5a01b47e42ec3736322445e\ - 8e2240ca5e69e2c78b3239ecfab21649".from_hex().unwrap(), - "88062608d3e6ad8a0aa2ace014c8a86f\ - 0aa635d947ac9febe83ef4e55966144b\ - 2a5ab39dc13814b94e3ab6e101a34f27".from_hex().unwrap(), - "3e8a69b7783c25851933ab6290af6ca7\ - 7a9981480850009cc5577c6e1f573b4e\ - 6801dd23c4a7d679ccf8a386c674cffb".from_hex().unwrap(), - "4ece084485813e9088d2c63a041bc5b4\ - 4f9ef1012a2b588f3cd11f05033ac4c6\ - 0c2ef6ab4030fe8296248df163f44952".from_hex().unwrap(), - "6617178e941f020d351e2f254e8fd32c\ - 602420feb0b8fb9adccebb82461e99c5\ - a678cc31e799176d3860e6110c46523e".from_hex().unwrap() - ]; + let results = ["afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea90\ + 76ede7f4af152e8b2fa9cb6" + .from_hex() + .unwrap(), + "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5\ + e69e2c78b3239ecfab21649" + .from_hex() + .unwrap(), + "88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc\ + 13814b94e3ab6e101a34f27" + .from_hex() + .unwrap(), + "3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c\ + 4a7d679ccf8a386c674cffb" + .from_hex() + .unwrap(), + "4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4\ + 030fe8296248df163f44952" + .from_hex() + .unwrap(), + "6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e\ + 799176d3860e6110c46523e" + .from_hex() + .unwrap()]; test_sha2(SHA384, &results); } #[test] fn test_hmac_sha512() { - let results = [ - "87aa7cdea5ef619d4ff0b4241a1d6cb0\ - 2379f4e2ce4ec2787ad0b30545e17cde\ - daa833b7d6b8a702038b274eaea3f4e4\ - be9d914eeb61f1702e696c203a126854".from_hex().unwrap(), - "164b7a7bfcf819e2e395fbe73b56e0a3\ - 87bd64222e831fd610270cd7ea250554\ - 9758bf75c05a994a6d034f65f8f0e6fd\ - caeab1a34d4a6b4b636e070a38bce737".from_hex().unwrap(), - "fa73b0089d56a284efb0f0756c890be9\ - b1b5dbdd8ee81a3655f83e33b2279d39\ - bf3e848279a722c806b485a47e67c807\ - b946a337bee8942674278859e13292fb".from_hex().unwrap(), - "b0ba465637458c6990e5a8c5f61d4af7\ - e576d97ff94b872de76f8050361ee3db\ - a91ca5c11aa25eb4d679275cc5788063\ - a5f19741120c4f2de2adebeb10a298dd".from_hex().unwrap(), - "80b24263c7c1a3ebb71493c1dd7be8b4\ - 9b46d1f41b4aeec1121b013783f8f352\ - 6b56d037e05f2598bd0fd2215d6a1e52\ - 95e64f73f63f0aec8b915a985d786598".from_hex().unwrap(), - "e37b6a775dc87dbaa4dfa9f96e5e3ffd\ - debd71f8867289865df5a32d20cdc944\ - b6022cac3c4982b10d5eeb55c3e4de15\ - 134676fb6de0446065c97440fa8c6a58".from_hex().unwrap() - ]; + let results = ["87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d\ + 6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854" + .from_hex() + .unwrap(), + "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c\ + 05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737" + .from_hex() + .unwrap(), + "fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e84827\ + 9a722c806b485a47e67c807b946a337bee8942674278859e13292fb" + .from_hex() + .unwrap(), + "b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11\ + aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd" + .from_hex() + .unwrap(), + "80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e\ + 05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598" + .from_hex() + .unwrap(), + "e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3\ + c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58" + .from_hex() + .unwrap()]; test_sha2(SHA512, &results); } } diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index a33c5eb8e8c4fb33794e349d1064e63c8c348a35..0868ee95ad77423bef9f9cc5e34646548938535a 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -1,19 +1,18 @@ -/* - * Copyright 2011 Google Inc. - * 2013 Jack Lloyd - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Copyright 2011 Google Inc. +// 2013 Jack Lloyd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// pub mod hash; pub mod hmac; @@ -23,4 +22,4 @@ pub mod rand; pub mod symm; pub mod memcmp; -mod symm_internal; \ No newline at end of file +mod symm_internal; diff --git a/openssl/src/crypto/pkcs5.rs b/openssl/src/crypto/pkcs5.rs index 07e86fb130e070ede61c1eeb37aae5c6a02ddce2..0ba005cce02c8df32b30c0369c6d265a33f940fc 100644 --- a/openssl/src/crypto/pkcs5.rs +++ b/openssl/src/crypto/pkcs5.rs @@ -7,10 +7,9 @@ use crypto::symm; use ffi; #[derive(Clone, Eq, PartialEq, Hash, Debug)] -pub struct KeyIvPair -{ +pub struct KeyIvPair { pub key: Vec, - pub iv: Vec + pub iv: Vec, } /// Derives a key and an IV from various parameters. @@ -23,9 +22,12 @@ pub struct KeyIvPair /// /// New applications should not use this and instead use `pbkdf2_hmac_sha1` or /// another more modern key derivation algorithm. -pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, message_digest_type: hash::Type, - data: &[u8], salt: Option<&[u8]>, - count: u32) -> KeyIvPair { +pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, + message_digest_type: hash::Type, + data: &[u8], + salt: Option<&[u8]>, + count: u32) + -> KeyIvPair { unsafe { @@ -33,8 +35,8 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, message_digest_type: Some(salt) => { assert_eq!(salt.len(), ffi::PKCS5_SALT_LEN as usize); salt.as_ptr() - }, - None => null() + } + None => null(), }; ffi::init(); @@ -56,11 +58,8 @@ pub fn evp_bytes_to_key_pbkdf1_compatible(typ: symm::Type, message_digest_type: key.as_mut_ptr(), iv.as_mut_ptr()); assert!(ret == keylen as c_int); - - KeyIvPair { - key: key, - iv: iv - } + + KeyIvPair { key: key, iv: iv } } } @@ -74,13 +73,17 @@ pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> ffi::init(); - let r = ffi::PKCS5_PBKDF2_HMAC_SHA1( - pass.as_ptr(), pass.len() as c_int, - salt.as_ptr(), salt.len() as c_int, - iter as c_int, keylen as c_int, - out.as_mut_ptr()); + let r = ffi::PKCS5_PBKDF2_HMAC_SHA1(pass.as_ptr(), + pass.len() as c_int, + salt.as_ptr(), + salt.len() as c_int, + iter as c_int, + keylen as c_int, + out.as_mut_ptr()); - if r != 1 { panic!(); } + if r != 1 { + panic!(); + } out.set_len(keylen); @@ -102,7 +105,12 @@ pub fn pbkdf2_hmac_sha512(pass: &str, salt: &[u8], iter: usize, keylen: usize) - /// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function. #[cfg(feature = "pkcs5_pbkdf2_hmac")] -fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP_MD, keylen: usize) -> Vec { +fn pbkdf2_hmac_sha(pass: &str, + salt: &[u8], + iter: usize, + digest: *const ffi::EVP_MD, + keylen: usize) + -> Vec { unsafe { assert!(iter >= 1); assert!(keylen >= 1); @@ -111,13 +119,18 @@ fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP ffi::init(); - let r = ffi::PKCS5_PBKDF2_HMAC( - pass.as_ptr(), pass.len() as c_int, - salt.as_ptr(), salt.len() as c_int, - iter as c_int, digest, keylen as c_int, - out.as_mut_ptr()); - - if r != 1 { panic!(); } + let r = ffi::PKCS5_PBKDF2_HMAC(pass.as_ptr(), + pass.len() as c_int, + salt.as_ptr(), + salt.len() as c_int, + iter as c_int, + digest, + keylen as c_int, + out.as_mut_ptr()); + + if r != 1 { + panic!(); + } out.set_len(keylen); @@ -134,90 +147,38 @@ mod tests { // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06 #[test] fn test_pbkdf2_hmac_sha1() { - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 1, - 20 - ), - vec!( - 0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, - 0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, - 0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 2, - 20 - ), - vec!( - 0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, - 0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, - 0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 4096, - 20 - ), - vec!( - 0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, - 0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, - 0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "password", - "salt".as_bytes(), - 16777216, - 20 - ), - vec!( - 0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, - 0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, - 0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "passwordPASSWORDpassword", - "saltSALTsaltSALTsaltSALTsaltSALTsalt".as_bytes(), - 4096, - 25 - ), - vec!( - 0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, - 0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, - 0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, - 0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha1( - "pass\x00word", - "sa\x00lt".as_bytes(), - 4096, - 16 - ), - vec!( - 0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, - 0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, - 0xe0_u8, 0xc3_u8 - ) - ); + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 1, 20), + vec![0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8, 0x71_u8, + 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8, 0x12_u8, 0x06_u8, + 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 2, 20), + vec![0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8, 0x8c_u8, + 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8, 0x41_u8, 0xf0_u8, + 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 4096, 20), + vec![0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8, 0x9a_u8, + 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8, 0x21_u8, 0xd0_u8, + 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("password", "salt".as_bytes(), 16777216, 20), + vec![0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8, 0xe4_u8, + 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8, 0x15_u8, 0x8c_u8, + 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("passwordPASSWORDpassword", + "saltSALTsaltSALTsaltSALTsaltSALTsalt".as_bytes(), + 4096, + 25), + vec![0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8, 0x9b_u8, + 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8, 0xe4_u8, 0x4a_u8, + 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8, 0xf2_u8, 0xf0_u8, 0x70_u8, + 0x38_u8]); + + assert_eq!(super::pbkdf2_hmac_sha1("pass\x00word", "sa\x00lt".as_bytes(), 4096, 16), + vec![0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8, 0x9d_u8, + 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8, 0xe0_u8, 0xc3_u8]); } // Test vectors from @@ -225,33 +186,13 @@ mod tests { #[test] #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha256() { - assert_eq!( - super::pbkdf2_hmac_sha256( - "passwd", - "salt".as_bytes(), - 1, - 16 - ), - vec!( - 0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, - 0x9f_u8, 0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, - 0xb6_u8, 0x05_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha256( - "Password", - "NaCl".as_bytes(), - 80000, - 16 - ), - vec!( - 0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, - 0x21_u8, 0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, - 0x01_u8, 0xf9_u8 - ) - ); + assert_eq!(super::pbkdf2_hmac_sha256("passwd", "salt".as_bytes(), 1, 16), + vec![0x55_u8, 0xac_u8, 0x04_u8, 0x6e_u8, 0x56_u8, 0xe3_u8, 0x08_u8, 0x9f_u8, + 0xec_u8, 0x16_u8, 0x91_u8, 0xc2_u8, 0x25_u8, 0x44_u8, 0xb6_u8, 0x05_u8]); + + assert_eq!(super::pbkdf2_hmac_sha256("Password", "NaCl".as_bytes(), 80000, 16), + vec![0x4d_u8, 0xdc_u8, 0xd8_u8, 0xf6_u8, 0x0b_u8, 0x98_u8, 0xbe_u8, 0x21_u8, + 0x83_u8, 0x0c_u8, 0xee_u8, 0x5e_u8, 0xf2_u8, 0x27_u8, 0x01_u8, 0xf9_u8]); } // Test vectors from @@ -259,109 +200,67 @@ mod tests { #[test] #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha512() { - assert_eq!( - super::pbkdf2_hmac_sha512( - "password", - "NaCL".as_bytes(), - 1, - 64 - ), - vec!( - 0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, - 0x4f_u8, 0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, - 0xb8_u8, 0x8b_u8, 0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, - 0xcf_u8, 0xb5_u8, 0x0c_u8, 0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, - 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, 0xf8_u8, 0x14_u8, 0x8e_u8, - 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, 0xb2_u8, 0xb8_u8, - 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8, 0x60_u8, - 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8, - 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, - 0x06_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha512( - "pass\0word", - "sa\0lt".as_bytes(), - 1, - 64 - ), - vec!( - 0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, - 0x67_u8, 0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, - 0x83_u8, 0x52_u8, 0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, - 0x56_u8, 0x3c_u8, 0x4d_u8, 0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, - 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, 0xe7_u8, 0x66_u8, 0x04_u8, - 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, 0xc9_u8, 0xf5_u8, - 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8, 0xb2_u8, - 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8, - 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, - 0xa7_u8 - ) - ); - - assert_eq!( - super::pbkdf2_hmac_sha512( - "passwordPASSWORDpassword", - "salt\0\0\0".as_bytes(), - 50, - 64 - ), - vec!( - 0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, - 0x96_u8, 0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, - 0x28_u8, 0x02_u8, 0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, - 0xf5_u8, 0xad_u8, 0xca_u8, 0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, - 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, 0x1b_u8, 0x6f_u8, 0x0b_u8, - 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, 0x54_u8, 0x12_u8, - 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8, 0x2e_u8, - 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8, - 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, - 0x39_u8 - ) - ); + assert_eq!(super::pbkdf2_hmac_sha512("password", "NaCL".as_bytes(), 1, 64), + vec![0x73_u8, 0xde_u8, 0xcf_u8, 0xa5_u8, 0x8a_u8, 0xa2_u8, 0xe8_u8, 0x4f_u8, + 0x94_u8, 0x77_u8, 0x1a_u8, 0x75_u8, 0x73_u8, 0x6b_u8, 0xb8_u8, 0x8b_u8, + 0xd3_u8, 0xc7_u8, 0xb3_u8, 0x82_u8, 0x70_u8, 0xcf_u8, 0xb5_u8, 0x0c_u8, + 0xb3_u8, 0x90_u8, 0xed_u8, 0x78_u8, 0xb3_u8, 0x05_u8, 0x65_u8, 0x6a_u8, + 0xf8_u8, 0x14_u8, 0x8e_u8, 0x52_u8, 0x45_u8, 0x2b_u8, 0x22_u8, 0x16_u8, + 0xb2_u8, 0xb8_u8, 0x09_u8, 0x8b_u8, 0x76_u8, 0x1f_u8, 0xc6_u8, 0x33_u8, + 0x60_u8, 0x60_u8, 0xa0_u8, 0x9f_u8, 0x76_u8, 0x41_u8, 0x5e_u8, 0x9f_u8, + 0x71_u8, 0xea_u8, 0x47_u8, 0xf9_u8, 0xe9_u8, 0x06_u8, 0x43_u8, 0x06_u8]); + + assert_eq!(super::pbkdf2_hmac_sha512("pass\0word", "sa\0lt".as_bytes(), 1, 64), + vec![0x71_u8, 0xa0_u8, 0xec_u8, 0x84_u8, 0x2a_u8, 0xbd_u8, 0x5c_u8, 0x67_u8, + 0x8b_u8, 0xcf_u8, 0xd1_u8, 0x45_u8, 0xf0_u8, 0x9d_u8, 0x83_u8, 0x52_u8, + 0x2f_u8, 0x93_u8, 0x36_u8, 0x15_u8, 0x60_u8, 0x56_u8, 0x3c_u8, 0x4d_u8, + 0x0d_u8, 0x63_u8, 0xb8_u8, 0x83_u8, 0x29_u8, 0x87_u8, 0x10_u8, 0x90_u8, + 0xe7_u8, 0x66_u8, 0x04_u8, 0xa4_u8, 0x9a_u8, 0xf0_u8, 0x8f_u8, 0xe7_u8, + 0xc9_u8, 0xf5_u8, 0x71_u8, 0x56_u8, 0xc8_u8, 0x79_u8, 0x09_u8, 0x96_u8, + 0xb2_u8, 0x0f_u8, 0x06_u8, 0xbc_u8, 0x53_u8, 0x5e_u8, 0x5a_u8, 0xb5_u8, + 0x44_u8, 0x0d_u8, 0xf7_u8, 0xe8_u8, 0x78_u8, 0x29_u8, 0x6f_u8, 0xa7_u8]); + + assert_eq!(super::pbkdf2_hmac_sha512("passwordPASSWORDpassword", + "salt\0\0\0".as_bytes(), + 50, + 64), + vec![0x01_u8, 0x68_u8, 0x71_u8, 0xa4_u8, 0xc4_u8, 0xb7_u8, 0x5f_u8, 0x96_u8, + 0x85_u8, 0x7f_u8, 0xd2_u8, 0xb9_u8, 0xf8_u8, 0xca_u8, 0x28_u8, 0x02_u8, + 0x3b_u8, 0x30_u8, 0xee_u8, 0x2a_u8, 0x39_u8, 0xf5_u8, 0xad_u8, 0xca_u8, + 0xc8_u8, 0xc9_u8, 0x37_u8, 0x5f_u8, 0x9b_u8, 0xda_u8, 0x1c_u8, 0xcd_u8, + 0x1b_u8, 0x6f_u8, 0x0b_u8, 0x2f_u8, 0xc3_u8, 0xad_u8, 0xda_u8, 0x50_u8, + 0x54_u8, 0x12_u8, 0xe7_u8, 0x9d_u8, 0x89_u8, 0x00_u8, 0x56_u8, 0xc6_u8, + 0x2e_u8, 0x52_u8, 0x4c_u8, 0x7d_u8, 0x51_u8, 0x15_u8, 0x4b_u8, 0x1a_u8, + 0x85_u8, 0x34_u8, 0x57_u8, 0x5b_u8, 0xd0_u8, 0x2d_u8, 0xee_u8, 0x39_u8]); } #[test] fn test_evp_bytes_to_key_pbkdf1_compatible() { - let salt = [ - 16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8 - ]; - - let data = [ - 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, - 241_u8, 242_u8, 31_u8, 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, - 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, - 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8 - ]; - - - - let expected_key = vec![ - 249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, 58_u8, - 87_u8, 234_u8, 3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, 98_u8, - 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8, 224_u8, - 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8 - ]; - let expected_iv = vec![ - 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, - 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8 - ]; - - assert_eq!( - super::evp_bytes_to_key_pbkdf1_compatible( - symm::Type::AES_256_CBC, - hash::Type::SHA1, - &data, - Some(&salt), - 1 - ), - super::KeyIvPair { - key: expected_key, - iv: expected_iv - } - ); + let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8]; + + let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, + 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, + 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, + 65_u8, 207_u8]; + + + + let expected_key = vec![249_u8, 115_u8, 114_u8, 97_u8, 32_u8, 213_u8, 165_u8, 146_u8, + 58_u8, 87_u8, 234_u8, 3_u8, 43_u8, 250_u8, 97_u8, 114_u8, 26_u8, + 98_u8, 245_u8, 246_u8, 238_u8, 177_u8, 229_u8, 161_u8, 183_u8, + 224_u8, 174_u8, 3_u8, 6_u8, 244_u8, 236_u8, 255_u8]; + let expected_iv = vec![4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, + 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8]; + + assert_eq!(super::evp_bytes_to_key_pbkdf1_compatible(symm::Type::AES_256_CBC, + hash::Type::SHA1, + &data, + Some(&salt), + 1), + super::KeyIvPair { + key: expected_key, + iv: expected_iv, + }); } } diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 741c674937f93477f4bfc068b89c92ba151d197b..10891224939060c50a65b27d722c31b41b8710c9 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -4,7 +4,7 @@ use std::io::prelude::*; use std::iter::repeat; use std::mem; use std::ptr; -use bio::{MemBio}; +use bio::MemBio; use crypto::hash; use crypto::hash::Type as HashType; use ffi; @@ -14,7 +14,7 @@ use ssl::error::{SslError, StreamError}; pub enum Parts { Neither, Public, - Both + Both, } /// Represents a role an asymmetric key might be appropriate for. @@ -23,31 +23,31 @@ pub enum Role { Encrypt, Decrypt, Sign, - Verify + Verify, } /// Type of encryption padding to use. #[derive(Copy, Clone)] pub enum EncryptionPadding { OAEP, - PKCS1v15 + PKCS1v15, } fn openssl_padding_code(padding: EncryptionPadding) -> c_int { match padding { EncryptionPadding::OAEP => 4, - EncryptionPadding::PKCS1v15 => 1 + EncryptionPadding::PKCS1v15 => 1, } } fn openssl_hash_nid(hash: HashType) -> c_int { match hash { - HashType::MD5 => 4, // NID_md5, - HashType::SHA1 => 64, // NID_sha1 - HashType::SHA224 => 675, // NID_sha224 - HashType::SHA256 => 672, // NID_sha256 - HashType::SHA384 => 673, // NID_sha384 - HashType::SHA512 => 674, // NID_sha512 + HashType::MD5 => 4, // NID_md5, + HashType::SHA1 => 64, // NID_sha1 + HashType::SHA224 => 675, // NID_sha224 + HashType::SHA256 => 672, // NID_sha256 + HashType::SHA384 => 673, // NID_sha384 + HashType::SHA512 => 674, // NID_sha512 HashType::RIPEMD160 => 117, // NID_ripemd160 } } @@ -81,32 +81,38 @@ impl PKey { } /// Reads private key from PEM, takes ownership of handle - pub fn private_key_from_pem(reader: &mut R) -> Result where R: Read { + pub fn private_key_from_pem(reader: &mut R) -> Result + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(), ptr::null_mut(), - None, ptr::null_mut())); + None, + ptr::null_mut())); Ok(PKey { - evp: evp, + evp: evp, parts: Parts::Both, }) } } /// Reads public key from PEM, takes ownership of handle - pub fn public_key_from_pem(reader: &mut R) -> Result where R: Read { + pub fn public_key_from_pem(reader: &mut R) -> Result + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.get_handle(), - ptr::null_mut(), - None, ptr::null_mut())); + ptr::null_mut(), + None, + ptr::null_mut())); Ok(PKey { - evp: evp, + evp: evp, parts: Parts::Public, }) } @@ -116,7 +122,9 @@ impl PKey { unsafe { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); let len = f(rsa, ptr::null()); - if len < 0 as c_int { return vec!(); } + if len < 0 as c_int { + return vec![]; + } let mut s = repeat(0u8).take(len as usize).collect::>(); let r = f(rsa, &s.as_mut_ptr()); @@ -127,14 +135,17 @@ impl PKey { } } - fn _fromstr(&mut self, s: &[u8], f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) -> *mut ffi::RSA) -> bool { + fn _fromstr(&mut self, + s: &[u8], + f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) + -> *mut ffi::RSA) + -> bool { unsafe { let rsa = ptr::null_mut(); f(&rsa, &s.as_ptr(), s.len() as c_uint); if !rsa.is_null() { ffi::EVP_PKEY_set1_RSA(self.evp, rsa) == 1 - } - else { + } else { false } } @@ -142,18 +153,13 @@ impl PKey { pub fn gen(&mut self, keysz: usize) { unsafe { - let rsa = ffi::RSA_generate_key( - keysz as c_int, - 65537 as c_ulong, - ptr::null(), - ptr::null() - ); + let rsa = ffi::RSA_generate_key(keysz as c_int, + 65537 as c_ulong, + ptr::null(), + ptr::null()); // XXX: 6 == NID_rsaEncryption - ffi::EVP_PKEY_assign( - self.evp, - 6 as c_int, - mem::transmute(rsa)); + ffi::EVP_PKEY_assign(self.evp, 6 as c_int, mem::transmute(rsa)); self.parts = Parts::Both; } @@ -194,11 +200,18 @@ impl PKey { /// Stores private key as a PEM // FIXME: also add password and encryption - pub fn write_pem(&self, writer: &mut W/*, password: Option*/) -> Result<(), SslError> { + pub fn write_pem(&self, + writer: &mut W /* , password: Option */) + -> Result<(), SslError> { let mut mem_bio = try!(MemBio::new()); unsafe { - try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), self.evp, ptr::null(), - ptr::null_mut(), -1, None, ptr::null_mut())); + try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), + self.evp, + ptr::null(), + ptr::null_mut(), + -1, + None, + ptr::null_mut())); } let mut buf = vec![]; @@ -207,11 +220,11 @@ impl PKey { } /// Stores public key as a PEM - pub fn write_pub_pem(&self, writer: &mut W/*, password: Option*/) -> Result<(), SslError> { + pub fn write_pub_pem(&self, + writer: &mut W /* , password: Option */) + -> Result<(), SslError> { let mut mem_bio = try!(MemBio::new()); - unsafe { - try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.get_handle(), self.evp)) - } + unsafe { try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.get_handle(), self.evp)) } let mut buf = vec![]; try!(mem_bio.read_to_end(&mut buf).map_err(StreamError)); writer.write_all(&buf).map_err(StreamError) @@ -225,8 +238,7 @@ impl PKey { let rsa = ffi::EVP_PKEY_get1_RSA(self.evp); if rsa.is_null() { 0 - } - else { + } else { ffi::RSA_size(rsa) as usize } } @@ -237,26 +249,30 @@ impl PKey { */ pub fn can(&self, r: Role) -> bool { match r { - Role::Encrypt => + Role::Encrypt => { match self.parts { Parts::Neither => false, _ => true, - }, - Role::Verify => + } + } + Role::Verify => { match self.parts { Parts::Neither => false, _ => true, - }, - Role::Decrypt => + } + } + Role::Decrypt => { match self.parts { Parts::Both => true, _ => false, - }, - Role::Sign => + } + } + Role::Sign => { match self.parts { Parts::Both => true, _ => false, - }, + } + } } } @@ -289,16 +305,15 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::>(); - let rv = ffi::RSA_private_encrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_private_encrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { // println!("{:?}", SslError::get()); - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -318,15 +333,14 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::>(); - let rv = ffi::RSA_public_encrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_public_encrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -346,15 +360,14 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::>(); - let rv = ffi::RSA_private_decrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_private_decrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -374,15 +387,14 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::>(); - let rv = ffi::RSA_public_decrypt( - s.len() as c_int, - s.as_ptr(), - r.as_mut_ptr(), - rsa, - openssl_padding_code(padding)); + let rv = ffi::RSA_public_decrypt(s.len() as c_int, + s.as_ptr(), + r.as_mut_ptr(), + rsa, + openssl_padding_code(padding)); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(rv as usize); r @@ -394,46 +406,62 @@ impl PKey { * Encrypts data with the public key, using OAEP padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn encrypt(&self, s: &[u8]) -> Vec { self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn encrypt(&self, s: &[u8]) -> Vec { + self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Encrypts data with the public key, using provided padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec { self.public_encrypt_with_padding(s, padding) } + pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec { + self.public_encrypt_with_padding(s, padding) + } /** * Encrypts data with the public key, using OAEP padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn public_encrypt(&self, s: &[u8]) -> Vec { self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn public_encrypt(&self, s: &[u8]) -> Vec { + self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Decrypts data with the public key, using PKCS1v15 padding, returning the decrypted data. */ - pub fn public_decrypt(&self, s: &[u8]) -> Vec { self.public_decrypt_with_padding(s, EncryptionPadding::PKCS1v15) } + pub fn public_decrypt(&self, s: &[u8]) -> Vec { + self.public_decrypt_with_padding(s, EncryptionPadding::PKCS1v15) + } /** * Decrypts data with the private key, expecting OAEP padding, returning the decrypted data. */ - pub fn decrypt(&self, s: &[u8]) -> Vec { self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn decrypt(&self, s: &[u8]) -> Vec { + self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Decrypts data with the private key, using provided padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec { self.private_decrypt_with_padding(s, padding) } + pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec { + self.private_decrypt_with_padding(s, padding) + } /** * Decrypts data with the private key, expecting OAEP padding, returning the decrypted data. */ - pub fn private_decrypt(&self, s: &[u8]) -> Vec { self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) } + pub fn private_decrypt(&self, s: &[u8]) -> Vec { + self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) + } /** * Encrypts data with the private key, using PKCS1v15 padding, returning the encrypted data. The * supplied data must not be larger than max_data(). */ - pub fn private_encrypt(&self, s: &[u8]) -> Vec { self.private_encrypt_with_padding(s, EncryptionPadding::PKCS1v15) } + pub fn private_encrypt(&self, s: &[u8]) -> Vec { + self.private_encrypt_with_padding(s, EncryptionPadding::PKCS1v15) + } /** * Signs data, using OpenSSL's default scheme and adding sha256 ASN.1 information to the @@ -441,14 +469,18 @@ impl PKey { * The bytes to sign must be the result of a sha256 hashing; * returns the signature. */ - pub fn sign(&self, s: &[u8]) -> Vec { self.sign_with_hash(s, HashType::SHA256) } + pub fn sign(&self, s: &[u8]) -> Vec { + self.sign_with_hash(s, HashType::SHA256) + } /** * Verifies a signature s (using OpenSSL's default scheme and sha256) on the SHA256 hash of a * message. * Returns true if the signature is valid, and false otherwise. */ - pub fn verify(&self, h: &[u8], s: &[u8]) -> bool { self.verify_with_hash(h, s, HashType::SHA256) } + pub fn verify(&self, h: &[u8], s: &[u8]) -> bool { + self.verify_with_hash(h, s, HashType::SHA256) + } /** * Signs data, using OpenSSL's default scheme and add ASN.1 information for the given hash type to the @@ -466,16 +498,15 @@ impl PKey { let mut r = repeat(0u8).take(len as usize + 1).collect::>(); let mut len = 0; - let rv = ffi::RSA_sign( - openssl_hash_nid(hash), - s.as_ptr(), - s.len() as c_uint, - r.as_mut_ptr(), - &mut len, - rsa); + let rv = ffi::RSA_sign(openssl_hash_nid(hash), + s.as_ptr(), + s.len() as c_uint, + r.as_mut_ptr(), + &mut len, + rsa); if rv < 0 as c_int { - vec!() + vec![] } else { r.truncate(len as usize); r @@ -490,21 +521,19 @@ impl PKey { panic!("Could not get RSA key for verification"); } - let rv = ffi::RSA_verify( - openssl_hash_nid(hash), - h.as_ptr(), - h.len() as c_uint, - s.as_ptr(), - s.len() as c_uint, - rsa - ); + let rv = ffi::RSA_verify(openssl_hash_nid(hash), + h.as_ptr(), + h.len() as c_uint, + s.as_ptr(), + s.len() as c_uint, + rsa); rv == 1 as c_int } } pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY { - return self.evp + return self.evp; } pub fn public_eq(&self, other: &PKey) -> bool { @@ -568,8 +597,8 @@ mod tests { fn test_private_key_from_pem() { let key_path = Path::new("test/key.pem"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); super::PKey::private_key_from_pem(&mut file).unwrap(); } @@ -578,8 +607,8 @@ mod tests { fn test_public_key_from_pem() { let key_path = Path::new("test/key.pem.pub"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem.pub`"); + .ok() + .expect("Failed to open `test/key.pem.pub`"); super::PKey::public_key_from_pem(&mut file).unwrap(); } @@ -588,7 +617,7 @@ mod tests { fn test_private_encrypt() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let emsg = k0.private_encrypt(&msg); @@ -600,7 +629,7 @@ mod tests { fn test_public_encrypt() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let emsg = k1.public_encrypt(&msg); @@ -612,7 +641,7 @@ mod tests { fn test_public_encrypt_pkcs() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let emsg = k1.public_encrypt_with_padding(&msg, super::EncryptionPadding::PKCS1v15); @@ -624,7 +653,7 @@ mod tests { fn test_sign() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); let sig = k0.sign(&msg); @@ -636,7 +665,7 @@ mod tests { fn test_sign_hashes() { let mut k0 = super::PKey::new(); let mut k1 = super::PKey::new(); - let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); + let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; k0.gen(512); k1.load_pub(&k0.save_pub()); @@ -674,8 +703,8 @@ mod tests { fn test_pem() { let key_path = Path::new("test/key.pem"); let mut file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); let key = super::PKey::private_key_from_pem(&mut file).unwrap(); diff --git a/openssl/src/crypto/rand.rs b/openssl/src/crypto/rand.rs index dc338a3d5ab380441a5431f1eef6627bb2a35c02..ba57a8a1699a9f38e6688c9b8fe0108b31e5173a 100644 --- a/openssl/src/crypto/rand.rs +++ b/openssl/src/crypto/rand.rs @@ -7,7 +7,9 @@ pub fn rand_bytes(len: usize) -> Vec { ffi::init(); let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int); - if r != 1 as c_int { panic!() } + if r != 1 as c_int { + panic!() + } out.set_len(len); diff --git a/openssl/src/crypto/symm.rs b/openssl/src/crypto/symm.rs index bc4b65b59c81b35db21f8e657c659766d9c9a159..c0e845dc23e9f07c4cca7258b0cbb66f3a1eb1d2 100644 --- a/openssl/src/crypto/symm.rs +++ b/openssl/src/crypto/symm.rs @@ -1,5 +1,5 @@ use std::iter::repeat; -use libc::{c_int}; +use libc::c_int; use crypto::symm_internal::evpc; use ffi; @@ -20,7 +20,7 @@ pub enum Type { AES_128_XTS, #[cfg(feature = "aes_ctr")] AES_128_CTR, - //AES_128_GCM, + // AES_128_GCM, AES_128_CFB1, AES_128_CFB128, AES_128_CFB8, @@ -32,7 +32,7 @@ pub enum Type { AES_256_XTS, #[cfg(feature = "aes_ctr")] AES_256_CTR, - //AES_256_GCM, + // AES_256_GCM, AES_256_CFB1, AES_256_CFB128, AES_256_CFB8, @@ -55,7 +55,12 @@ impl Crypter { let ctx = unsafe { ffi::EVP_CIPHER_CTX_new() }; let (evp, keylen, blocksz) = evpc(t); - Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz } + Crypter { + evp: evp, + ctx: ctx, + keylen: keylen, + blocksize: blocksz, + } } /** @@ -65,7 +70,11 @@ impl Crypter { pub fn pad(&self, padding: bool) { if self.blocksize > 0 { unsafe { - let v = if padding { 1 as c_int } else { 0 }; + let v = if padding { + 1 as c_int + } else { + 0 + }; ffi::EVP_CIPHER_CTX_set_padding(self.ctx, v); } } @@ -82,13 +91,7 @@ impl Crypter { }; assert_eq!(key.len(), self.keylen as usize); - ffi::EVP_CipherInit( - self.ctx, - self.evp, - key.as_ptr(), - iv.as_ptr(), - mode - ); + ffi::EVP_CipherInit(self.ctx, self.evp, key.as_ptr(), iv.as_ptr(), mode); } } @@ -102,13 +105,11 @@ impl Crypter { let mut res = repeat(0u8).take(sum).collect::>(); let mut reslen = sum as c_int; - ffi::EVP_CipherUpdate( - self.ctx, - res.as_mut_ptr(), - &mut reslen, - data.as_ptr(), - data.len() as c_int - ); + ffi::EVP_CipherUpdate(self.ctx, + res.as_mut_ptr(), + &mut reslen, + data.as_ptr(), + data.len() as c_int); res.truncate(reslen as usize); res @@ -123,9 +124,7 @@ impl Crypter { let mut res = repeat(0u8).take(self.blocksize as usize).collect::>(); let mut reslen = self.blocksize as c_int; - ffi::EVP_CipherFinal(self.ctx, - res.as_mut_ptr(), - &mut reslen); + ffi::EVP_CipherFinal(self.ctx, res.as_mut_ptr(), &mut reslen); res.truncate(reslen as usize); res @@ -175,17 +174,14 @@ mod tests { // http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf #[test] fn test_aes_256_ecb() { - let k0 = - [0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, - 0x08u8, 0x09u8, 0x0au8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, - 0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8, 0x16u8, 0x17u8, - 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8]; - let p0 = - [0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, - 0x88u8, 0x99u8, 0xaau8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8]; - let c0 = - [0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, - 0xeau8, 0xfcu8, 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8]; + let k0 = [0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8, 0x08u8, 0x09u8, + 0x0au8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8, 0x10u8, 0x11u8, 0x12u8, 0x13u8, + 0x14u8, 0x15u8, 0x16u8, 0x17u8, 0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, + 0x1eu8, 0x1fu8]; + let p0 = [0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8, 0x88u8, 0x99u8, + 0xaau8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8]; + let c0 = [0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8, 0xeau8, 0xfcu8, + 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8]; let c = super::Crypter::new(super::Type::AES_256_ECB); c.init(super::Mode::Encrypt, &k0, &[]); c.pad(false); @@ -202,22 +198,16 @@ mod tests { #[test] fn test_aes_256_cbc_decrypt() { let cr = super::Crypter::new(super::Type::AES_256_CBC); - let iv = [ - 4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, - 69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, - 0_u8, 0_u8, 0_u8 - ]; - let data = [ - 143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, - 241_u8, 242_u8, 31_u8, 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, - 2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, - 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8 - ]; - let ciphered_data = [ - 0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8, - 0xea_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8 - ]; + let iv = [4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8, 69_u8, + 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, + 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8]; + let data = [143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8, 241_u8, 242_u8, 31_u8, + 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8, 2_u8, 245_u8, 167_u8, 220_u8, + 55_u8, 119_u8, 233_u8, 136_u8, 139_u8, 27_u8, 71_u8, 242_u8, 119_u8, 175_u8, + 65_u8, 207_u8]; + let ciphered_data = [0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, + 0xd7_u8, 0xea_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, + 0x65_u8, 0x6f_u8]; cr.init(super::Mode::Decrypt, &data, &iv); cr.pad(false); let unciphered_data_1 = cr.update(&ciphered_data); @@ -234,7 +224,9 @@ mod tests { use serialize::hex::ToHex; let cipher = super::Crypter::new(ciphertype); - cipher.init(super::Mode::Encrypt, &key.from_hex().unwrap(), &iv.from_hex().unwrap()); + cipher.init(super::Mode::Encrypt, + &key.from_hex().unwrap(), + &iv.from_hex().unwrap()); let expected = ct.from_hex().unwrap(); let mut computed = cipher.update(&pt.from_hex().unwrap()); @@ -245,7 +237,8 @@ mod tests { println!("Expected: {}", expected.to_hex()); if computed.len() != expected.len() { println!("Lengths differ: {} in computed vs {} expected", - computed.len(), expected.len()); + computed.len(), + expected.len()); } panic!("test failure"); } @@ -267,9 +260,12 @@ mod tests { fn test_aes256_xts() { // Test case 174 from // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip - let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f6503f462611dc542"; - let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e84f0b81d8725dbbc7"; - let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b4180026ad640b74243b3133e7b9fae629403f6733423dae28"; + let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f\ + 6503f462611dc542"; + let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e8\ + 4f0b81d8725dbbc7"; + let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b\ + 4180026ad640b74243b3133e7b9fae629403f6733423dae28"; let iv = "db200efb7eaaa737dbdf40babb68953f"; cipher_test(super::Type::AES_256_XTS, pt, ct, key, iv); @@ -279,24 +275,26 @@ mod tests { #[cfg(feature = "aes_ctr")] fn test_aes128_ctr() { - let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; - let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E5B4F09020DB03EAB1E031DDA2FBE03D1792170A0F3009CEE"; + let pt = "6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411\ + E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710"; + let ct = "874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E\ + 5B4F09020DB03EAB1E031DDA2FBE03D1792170A0F3009CEE"; let key = "2B7E151628AED2A6ABF7158809CF4F3C"; let iv = "F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF"; cipher_test(super::Type::AES_128_CTR, pt, ct, key, iv); } - /*#[test] - fn test_aes128_gcm() { - // Test case 3 in GCM spec - let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; - let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4"; - let key = ~"feffe9928665731c6d6a8f9467308308"; - let iv = ~"cafebabefacedbaddecaf888"; - - cipher_test(super::AES_128_GCM, pt, ct, key, iv); - }*/ + // #[test] + // fn test_aes128_gcm() { + // Test case 3 in GCM spec + // let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255"; + // let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4"; + // let key = ~"feffe9928665731c6d6a8f9467308308"; + // let iv = ~"cafebabefacedbaddecaf888"; + // + // cipher_test(super::AES_128_GCM, pt, ct, key, iv); + // } #[test] fn test_aes128_cfb1() { diff --git a/openssl/src/crypto/symm_internal.rs b/openssl/src/crypto/symm_internal.rs index fcb3ee71df724ecb05237e48ced1a5d77f61e0a7..5c457f3fa7ac13db31d0f4af060e26212511d101 100644 --- a/openssl/src/crypto/symm_internal.rs +++ b/openssl/src/crypto/symm_internal.rs @@ -10,7 +10,7 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { symm::Type::AES_128_XTS => (ffi::EVP_aes_128_xts(), 32, 16), #[cfg(feature = "aes_ctr")] symm::Type::AES_128_CTR => (ffi::EVP_aes_128_ctr(), 16, 0), - //AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), + // AES_128_GCM => (EVP_aes_128_gcm(), 16, 16), symm::Type::AES_128_CFB1 => (ffi::EVP_aes_128_cfb1(), 16, 16), symm::Type::AES_128_CFB128 => (ffi::EVP_aes_128_cfb128(), 16, 16), symm::Type::AES_128_CFB8 => (ffi::EVP_aes_128_cfb8(), 16, 16), @@ -21,7 +21,7 @@ pub fn evpc(t: symm::Type) -> (*const ffi::EVP_CIPHER, u32, u32) { symm::Type::AES_256_XTS => (ffi::EVP_aes_256_xts(), 64, 16), #[cfg(feature = "aes_ctr")] symm::Type::AES_256_CTR => (ffi::EVP_aes_256_ctr(), 32, 0), - //AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), + // AES_256_GCM => (EVP_aes_256_gcm(), 32, 16), symm::Type::AES_256_CFB1 => (ffi::EVP_aes_256_cfb1(), 32, 16), symm::Type::AES_256_CFB128 => (ffi::EVP_aes_256_cfb128(), 32, 16), symm::Type::AES_256_CFB8 => (ffi::EVP_aes_256_cfb8(), 32, 16), diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs index e774abd1935349f32272c4a4fb4e8ccc806c6d2f..d2f26c3fd04daa1e5ccff5e62a0d0bd6bdad9832 100644 --- a/openssl/src/dh/mod.rs +++ b/openssl/src/dh/mod.rs @@ -18,7 +18,9 @@ impl DH { Ok(DH(dh)) } - pub fn from_pem(reader: &mut R) -> Result where R: Read { + pub fn from_pem(reader: &mut R) -> Result + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); let dh = unsafe { @@ -91,9 +93,29 @@ mod tests { #[test] fn test_dh() { let ctx = SslContext::new(Sslv23).unwrap(); - let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597").unwrap(); - let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659").unwrap(); - let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3").unwrap(); + let p = BigNum::from_hex_str("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435\ + E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF429\ + 6D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C02\ + 2E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF1230\ + 7F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9\ + A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251C\ + CACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE\ + 621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D227\ + 6E11715F693877FAD7EF09CADB094AE91E1A1597") + .unwrap(); + let g = BigNum::from_hex_str("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0\ + BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773\ + BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2D\ + DF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428E\ + BC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BF\ + FE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7\ + D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92\ + B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148\ + D47954515E2327CFEF98C582664B4C0F6CC41659") + .unwrap(); + let q = BigNum::from_hex_str("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F\ + 5FBD3") + .unwrap(); let dh = DH::from_params(p, g, q).unwrap(); ctx.set_tmp_dh(dh).unwrap(); } @@ -103,8 +125,8 @@ mod tests { let ctx = SslContext::new(Sslv23).unwrap(); let pem_path = Path::new("test/dhparams.pem"); let mut file = File::open(&pem_path) - .ok() - .expect("Failed to open `test/dhparams.pem`"); + .ok() + .expect("Failed to open `test/dhparams.pem`"); let dh = DH::from_pem(&mut file).ok().expect("Failed to load PEM"); ctx.set_tmp_dh(dh).unwrap(); } diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index 81cc49759602dbc70b38526e9866891c6b0ebb71..e04b004a160a3e1e84497441d195f98678ef3545 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -120,8 +120,8 @@ pub enum Nid { RSA_SHA1_2, DSA, RIPEMD160, - /* 118 missing */ - RSA_RIPEMD160=119, + // 118 missing + RSA_RIPEMD160 = 119, RC5_CBC, RC5_ECB, RC5_CFB, @@ -169,5 +169,5 @@ pub enum Nid { ID_QT_CPS, ID_QT_UNOTICE, RC2_64_CBC, - SMIMECaps + SMIMECaps, } diff --git a/openssl/src/ssl/error.rs b/openssl/src/ssl/error.rs index 126747d858870af0c78fb2bafe7aabf734a11b7e..2459a4737e3bbce2192a661c50d9731ccc4bbfd0 100644 --- a/openssl/src/ssl/error.rs +++ b/openssl/src/ssl/error.rs @@ -50,7 +50,7 @@ impl fmt::Display for Error { } Ok(()) } - _ => Ok(()) + _ => Ok(()), } } } @@ -72,7 +72,7 @@ impl error::Error for Error { Error::WantRead(ref err) => Some(err), Error::WantWrite(ref err) => Some(err), Error::Stream(ref err) => Some(err), - _ => None + _ => None, } } } @@ -85,11 +85,11 @@ impl OpenSslError { pub fn get_stack() -> Vec { ffi::init(); - let mut errs = vec!(); + let mut errs = vec![]; loop { match unsafe { ffi::ERR_get_error() } { 0 => break, - err => errs.push(OpenSslError(err)) + err => errs.push(OpenSslError(err)), } } errs @@ -196,7 +196,7 @@ impl error::Error for SslError { fn cause(&self) -> Option<&error::Error> { match *self { StreamError(ref err) => Some(err as &error::Error), - _ => None + _ => None, } } } @@ -211,15 +211,19 @@ impl error::Error for NonblockingSslError { fn description(&self) -> &str { match *self { NonblockingSslError::SslError(ref e) => e.description(), - NonblockingSslError::WantRead => "The OpenSSL library wants data from the remote socket", - NonblockingSslError::WantWrite => "The OpenSSL library want to send data to the remote socket", + NonblockingSslError::WantRead => { + "The OpenSSL library wants data from the remote socket" + } + NonblockingSslError::WantWrite => { + "The OpenSSL library want to send data to the remote socket" + } } } fn cause(&self) -> Option<&error::Error> { match *self { NonblockingSslError::SslError(ref e) => e.cause(), - _ => None + _ => None, } } } @@ -240,8 +244,8 @@ pub enum OpensslError { /// The function reporting the error function: String, /// The reason for the error - reason: String - } + reason: String, + }, } impl OpensslError { @@ -250,7 +254,7 @@ impl OpensslError { UnknownError { library: get_lib(err).to_owned(), function: get_func(err).to_owned(), - reason: get_reason(err).to_owned() + reason: get_reason(err).to_owned(), } } } @@ -283,11 +287,11 @@ impl SslError { /// Creates a new `OpenSslErrors` with the current contents of the error /// stack. pub fn get() -> SslError { - let mut errs = vec!(); + let mut errs = vec![]; loop { match unsafe { ffi::ERR_get_error() } { 0 => break, - err => errs.push(OpensslError::from_error_code(err)) + err => errs.push(OpensslError::from_error_code(err)), } } OpenSslErrors(errs) @@ -303,7 +307,7 @@ impl SslError { fn test_uknown_error_should_have_correct_messages() { let errs = match SslError::from_error(336032784) { OpenSslErrors(errs) => errs, - _ => panic!("This should always be an `OpenSslErrors` variant.") + _ => panic!("This should always be an `OpenSslErrors` variant."), }; let UnknownError { ref library, ref function, ref reason } = errs[0]; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index fa44eda32c5b3ae16c96a7464a37bd4dd3be28fc..981b3bcd52d1bbffc983d6dedae2f72dba261c4b 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -45,7 +45,7 @@ extern "C" { } static mut VERIFY_IDX: c_int = -1; -static mut SNI_IDX: c_int = -1; +static mut SNI_IDX: c_int = -1; /// Manually initialize SSL. /// It is optional to call this function and safe to do so more than once. @@ -56,13 +56,11 @@ pub fn init() { INIT.call_once(|| { ffi::init(); - let verify_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, - None, None); + let verify_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, None, None); assert!(verify_idx >= 0); VERIFY_IDX = verify_idx; - let sni_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, - None, None); + let sni_idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, None, None); assert!(sni_idx >= 0); SNI_IDX = sni_idx; }); @@ -234,9 +232,7 @@ lazy_static! { // Registers a destructor for the data which will be called // when context is freed fn get_verify_data_idx() -> c_int { - *INDEXES.lock().unwrap().entry(TypeId::of::()).or_insert_with(|| { - get_new_idx::() - }) + *INDEXES.lock().unwrap().entry(TypeId::of::()).or_insert_with(|| get_new_idx::()) } #[cfg(feature = "npn")] @@ -251,9 +247,12 @@ lazy_static! { /// Determine a new index to use for SSL CTX ex data. /// Registers a destruct for the data which will be called by openssl when the context is freed. fn get_new_idx() -> c_int { - extern fn free_data_box(_parent: *mut c_void, ptr: *mut c_void, - _ad: *mut ffi::CRYPTO_EX_DATA, _idx: c_int, - _argl: c_long, _argp: *mut c_void) { + extern "C" fn free_data_box(_parent: *mut c_void, + ptr: *mut c_void, + _ad: *mut ffi::CRYPTO_EX_DATA, + _idx: c_int, + _argl: c_long, + _argp: *mut c_void) { if !ptr.is_null() { let _: Box = unsafe { mem::transmute(ptr) }; } @@ -261,15 +260,13 @@ fn get_new_idx() -> c_int { unsafe { let f: ffi::CRYPTO_EX_free = free_data_box::; - let idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, - None, Some(f)); + let idx = ffi::SSL_CTX_get_ex_new_index(0, ptr::null(), None, None, Some(f)); assert!(idx >= 0); idx } } -extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) - -> c_int { +extern "C" fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int { unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); @@ -281,14 +278,16 @@ extern fn raw_verify(preverify_ok: c_int, x509_ctx: *mut ffi::X509_STORE_CTX) match verify { None => preverify_ok, - Some(verify) => verify(preverify_ok != 0, &ctx) as c_int + Some(verify) => verify(preverify_ok != 0, &ctx) as c_int, } } } -extern fn raw_verify_with_data(preverify_ok: c_int, - x509_ctx: *mut ffi::X509_STORE_CTX) -> c_int - where T: Any + 'static { +extern "C" fn raw_verify_with_data(preverify_ok: c_int, + x509_ctx: *mut ffi::X509_STORE_CTX) + -> c_int + where T: Any + 'static +{ unsafe { let idx = ffi::SSL_get_ex_data_X509_STORE_CTX_idx(); let ssl = ffi::X509_STORE_CTX_get_ex_data(x509_ctx, idx); @@ -304,15 +303,14 @@ extern fn raw_verify_with_data(preverify_ok: c_int, let res = match verify { None => preverify_ok, - Some(verify) => verify(preverify_ok != 0, &ctx, data) as c_int + Some(verify) => verify(preverify_ok != 0, &ctx, data) as c_int, }; res } } -extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) - -> c_int { +extern "C" fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) -> c_int { unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX); @@ -322,15 +320,16 @@ extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void) let res = match callback { None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL, - Some(callback) => callback(&mut s, ad) + Some(callback) => callback(&mut s, ad), }; res } } -extern fn raw_sni_with_data(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_void) -> c_int - where T: Any + 'static { +extern "C" fn raw_sni_with_data(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_void) -> c_int + where T: Any + 'static +{ unsafe { let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); @@ -343,7 +342,7 @@ extern fn raw_sni_with_data(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v let res = match callback { None => ffi::SSL_TLSEXT_ERR_ALERT_FATAL, - Some(callback) => callback(&mut s, ad, &*data) + Some(callback) => callback(&mut s, ad, &*data), }; // Since data might be required on the next verification @@ -357,25 +356,29 @@ extern fn raw_sni_with_data(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v #[cfg(any(feature = "npn", feature = "alpn"))] unsafe fn select_proto_using(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, outlen: *mut c_uchar, - inbuf: *const c_uchar, inlen: c_uint, - ex_data: c_int) -> c_int { - - // First, get the list of protocols (that the client should support) saved in the context - // extra data. - let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); - let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, ex_data); - let protocols: &Vec = mem::transmute(protocols); - // Prepare the client list parameters to be passed to the OpenSSL function... - let client = protocols.as_ptr(); - let client_len = protocols.len() as c_uint; - // Finally, let OpenSSL find a protocol to be used, by matching the given server and - // client lists. - if ffi::SSL_select_next_proto(out, outlen, inbuf, inlen, client, client_len) != ffi::OPENSSL_NPN_NEGOTIATED { - ffi::SSL_TLSEXT_ERR_NOACK - } else { - ffi::SSL_TLSEXT_ERR_OK - } + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + ex_data: c_int) + -> c_int { + + // First, get the list of protocols (that the client should support) saved in the context + // extra data. + let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); + let protocols = ffi::SSL_CTX_get_ex_data(ssl_ctx, ex_data); + let protocols: &Vec = mem::transmute(protocols); + // Prepare the client list parameters to be passed to the OpenSSL function... + let client = protocols.as_ptr(); + let client_len = protocols.len() as c_uint; + // Finally, let OpenSSL find a protocol to be used, by matching the given server and + // client lists. + if ffi::SSL_select_next_proto(out, outlen, inbuf, inlen, client, client_len) != + ffi::OPENSSL_NPN_NEGOTIATED { + ffi::SSL_TLSEXT_ERR_NOACK + } else { + ffi::SSL_TLSEXT_ERR_OK + } } /// The function is given as the callback to `SSL_CTX_set_next_proto_select_cb`. @@ -385,23 +388,25 @@ unsafe fn select_proto_using(ssl: *mut ffi::SSL, /// function. The list of protocols supported by the client is found in the extra data of the /// OpenSSL context. #[cfg(feature = "npn")] -extern fn raw_next_proto_select_cb(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, outlen: *mut c_uchar, - inbuf: *const c_uchar, inlen: c_uint, - _arg: *mut c_void) -> c_int { - unsafe { - select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) - } +extern "C" fn raw_next_proto_select_cb(ssl: *mut ffi::SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + _arg: *mut c_void) + -> c_int { + unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *NPN_PROTOS_IDX) } } #[cfg(feature = "alpn")] -extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL, - out: *mut *mut c_uchar, outlen: *mut c_uchar, - inbuf: *const c_uchar, inlen: c_uint, - _arg: *mut c_void) -> c_int { - unsafe { - select_proto_using(ssl, out, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) - } +extern "C" fn raw_alpn_select_cb(ssl: *mut ffi::SSL, + out: *mut *mut c_uchar, + outlen: *mut c_uchar, + inbuf: *const c_uchar, + inlen: c_uint, + _arg: *mut c_void) + -> c_int { + unsafe { select_proto_using(ssl, out, outlen, inbuf, inlen, *ALPN_PROTOS_IDX) } } /// The function is given as the callback to `SSL_CTX_set_next_protos_advertised_cb`. @@ -412,9 +417,11 @@ extern fn raw_alpn_select_cb(ssl: *mut ffi::SSL, /// The list of supported protocols is found in the extra data of the OpenSSL /// context. #[cfg(feature = "npn")] -extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, - out: *mut *const c_uchar, outlen: *mut c_uint, - _arg: *mut c_void) -> c_int { +extern "C" fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, + out: *mut *const c_uchar, + outlen: *mut c_uint, + _arg: *mut c_void) + -> c_int { unsafe { // First, get the list of (supported) protocols saved in the context extra data. let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl); @@ -437,8 +444,7 @@ extern fn raw_next_protos_advertise_cb(ssl: *mut ffi::SSL, /// Convert a set of byte slices into a series of byte strings encoded for SSL. Encoding is a byte /// containing the length followed by the string. #[cfg(any(feature = "npn", feature = "alpn"))] -fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec -{ +fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec { let mut enc = Vec::new(); for string in strings { let len = string.len() as u8; @@ -453,14 +459,12 @@ fn ssl_encode_byte_strings(strings: &[&[u8]]) -> Vec } /// The signature of functions that can be used to manually verify certificates -pub type VerifyCallback = fn(preverify_ok: bool, - x509_ctx: &X509StoreContext) -> bool; +pub type VerifyCallback = fn(preverify_ok: bool, x509_ctx: &X509StoreContext) -> bool; /// The signature of functions that can be used to manually verify certificates /// when user-data should be carried for all verification process -pub type VerifyCallbackData = fn(preverify_ok: bool, - x509_ctx: &X509StoreContext, - data: &T) -> bool; +pub type VerifyCallbackData = fn(preverify_ok: bool, x509_ctx: &X509StoreContext, data: &T) + -> bool; /// The signature of functions that can be used to choose the context depending on the server name pub type ServerNameCallback = fn(ssl: &mut Ssl, ad: &mut i32) -> i32; @@ -469,7 +473,7 @@ pub type ServerNameCallbackData = fn(ssl: &mut Ssl, ad: &mut i32, data: &T) - // FIXME: macro may be instead of inlining? #[inline] -fn wrap_ssl_result(res: c_int) -> Result<(),SslError> { +fn wrap_ssl_result(res: c_int) -> Result<(), SslError> { if res == 0 { Err(SslError::get()) } else { @@ -479,7 +483,7 @@ fn wrap_ssl_result(res: c_int) -> Result<(),SslError> { /// An SSL context object pub struct SslContext { - ctx: *mut ffi::SSL_CTX + ctx: *mut ffi::SSL_CTX, } unsafe impl Send for SslContext {} @@ -515,13 +519,10 @@ impl SslContext { } /// Configures the certificate verification method for new connections. - pub fn set_verify(&mut self, mode: SslVerifyMode, - verify: Option) { + pub fn set_verify(&mut self, mode: SslVerifyMode, verify: Option) { unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, - mem::transmute(verify)); - let f: extern fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = - raw_verify; + ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, mem::transmute(verify)); + let f: extern "C" fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = raw_verify; ffi::SSL_CTX_set_verify(self.ctx, mode.bits as c_int, Some(f)); } @@ -531,18 +532,18 @@ impl SslContext { /// carrying supplied data. // Note: no option because there is no point to set data without providing // a function handling it - pub fn set_verify_with_data(&mut self, mode: SslVerifyMode, + pub fn set_verify_with_data(&mut self, + mode: SslVerifyMode, verify: VerifyCallbackData, data: T) - where T: Any + 'static { + where T: Any + 'static + { let data = Box::new(data); unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, - mem::transmute(Some(verify))); - ffi::SSL_CTX_set_ex_data(self.ctx, get_verify_data_idx::(), - mem::transmute(data)); - let f: extern fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = - raw_verify_with_data::; + ffi::SSL_CTX_set_ex_data(self.ctx, VERIFY_IDX, mem::transmute(Some(verify))); + ffi::SSL_CTX_set_ex_data(self.ctx, get_verify_data_idx::(), mem::transmute(data)); + let f: extern "C" fn(c_int, *mut ffi::X509_STORE_CTX) -> c_int = + raw_verify_with_data::; ffi::SSL_CTX_set_verify(self.ctx, mode.bits as c_int, Some(f)); } @@ -554,25 +555,25 @@ impl SslContext { /// with `set_ssl_context` pub fn set_servername_callback(&mut self, callback: Option) { unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, - mem::transmute(callback)); - let f: extern fn() = mem::transmute(raw_sni); + ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(callback)); + let f: extern "C" fn() = mem::transmute(raw_sni); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } /// Configures the server name indication (SNI) callback for new connections /// carrying supplied data - pub fn set_servername_callback_with_data(&mut self, callback: ServerNameCallbackData, - data: T) - where T: Any + 'static { + pub fn set_servername_callback_with_data(&mut self, + callback: ServerNameCallbackData, + data: T) + where T: Any + 'static + { let data = Box::new(data); unsafe { - ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, - mem::transmute(Some(callback))); + ffi::SSL_CTX_set_ex_data(self.ctx, SNI_IDX, mem::transmute(Some(callback))); ffi_extras::SSL_CTX_set_tlsext_servername_arg(self.ctx, mem::transmute(data)); - let f: extern fn() = mem::transmute(raw_sni_with_data::); + let f: extern "C" fn() = mem::transmute(raw_sni_with_data::); ffi_extras::SSL_CTX_set_tlsext_servername_callback(self.ctx, Some(f)); } } @@ -590,91 +591,86 @@ impl SslContext { } } - pub fn set_tmp_dh(&self, dh: DH) -> Result<(),SslError> { - wrap_ssl_result(unsafe { - ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 - }) + pub fn set_tmp_dh(&self, dh: DH) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) } #[allow(non_snake_case)] /// Specifies the file that contains trusted CA certificates. - pub fn set_CA_file>(&mut self, file: P) -> Result<(),SslError> { + pub fn set_CA_file>(&mut self, file: P) -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_load_verify_locations(self.ctx, file.as_ptr() as *const _, ptr::null()) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_load_verify_locations(self.ctx, file.as_ptr() as *const _, ptr::null()) + }) } /// Specifies the file that contains certificate - pub fn set_certificate_file>(&mut self, file: P, file_type: X509FileType) - -> Result<(),SslError> { + pub fn set_certificate_file>(&mut self, + file: P, + file_type: X509FileType) + -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_certificate_file(self.ctx, file.as_ptr() as *const _, file_type as c_int) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_use_certificate_file(self.ctx, + file.as_ptr() as *const _, + file_type as c_int) + }) } /// Specifies the file that contains certificate chain - pub fn set_certificate_chain_file>(&mut self, file: P, file_type: X509FileType) - -> Result<(),SslError> { + pub fn set_certificate_chain_file>(&mut self, + file: P, + file_type: X509FileType) + -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_certificate_chain_file(self.ctx, file.as_ptr() as *const _, file_type as c_int) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_use_certificate_chain_file(self.ctx, + file.as_ptr() as *const _, + file_type as c_int) + }) } /// Specifies the certificate - pub fn set_certificate(&mut self, cert: &X509) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_certificate(self.ctx, cert.get_handle()) - }) + pub fn set_certificate(&mut self, cert: &X509) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_use_certificate(self.ctx, cert.get_handle()) }) } /// Adds a certificate to the certificate chain presented together with the /// certificate specified using set_certificate() - pub fn add_extra_chain_cert(&mut self, cert: &X509) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi_extras::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int - }) + pub fn add_extra_chain_cert(&mut self, cert: &X509) -> Result<(), SslError> { + wrap_ssl_result(unsafe { + ffi_extras::SSL_CTX_add_extra_chain_cert(self.ctx, cert.get_handle()) as c_int + }) } /// Specifies the file that contains private key - pub fn set_private_key_file>(&mut self, file: P, - file_type: X509FileType) -> Result<(),SslError> { + pub fn set_private_key_file>(&mut self, + file: P, + file_type: X509FileType) + -> Result<(), SslError> { let file = CString::new(file.as_ref().as_os_str().to_str().expect("invalid utf8")).unwrap(); - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_PrivateKey_file(self.ctx, file.as_ptr() as *const _, file_type as c_int) - }) + wrap_ssl_result(unsafe { + ffi::SSL_CTX_use_PrivateKey_file(self.ctx, + file.as_ptr() as *const _, + file_type as c_int) + }) } /// Specifies the private key - pub fn set_private_key(&mut self, key: &PKey) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) - }) + pub fn set_private_key(&mut self, key: &PKey) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_use_PrivateKey(self.ctx, key.get_handle()) }) } /// Check consistency of private key and certificate - pub fn check_private_key(&mut self) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi::SSL_CTX_check_private_key(self.ctx) - }) + pub fn check_private_key(&mut self) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi::SSL_CTX_check_private_key(self.ctx) }) } - pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - let cipher_list = CString::new(cipher_list).unwrap(); - ffi::SSL_CTX_set_cipher_list(self.ctx, cipher_list.as_ptr() as *const _) - }) + pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), SslError> { + wrap_ssl_result(unsafe { + let cipher_list = CString::new(cipher_list).unwrap(); + ffi::SSL_CTX_set_cipher_list(self.ctx, cipher_list.as_ptr() as *const _) + }) } /// If `onoff` is set to `true`, enable ECDHE for key exchange with compatible @@ -682,33 +678,24 @@ impl SslContext { /// /// This method requires OpenSSL >= 1.0.2 or LibreSSL and the `ecdh_auto` feature. #[cfg(feature = "ecdh_auto")] - pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(),SslError> { - wrap_ssl_result( - unsafe { - ffi_extras::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int) - }) + pub fn set_ecdh_auto(&mut self, onoff: bool) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_ecdh_auto(self.ctx, onoff as c_int) }) } pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions { let raw_bits = option.bits(); - let ret = unsafe { - ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits) - }; + let ret = unsafe { ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits) }; SslContextOptions::from_bits(ret).unwrap() } pub fn get_options(&mut self) -> SslContextOptions { - let ret = unsafe { - ffi_extras::SSL_CTX_get_options(self.ctx) - }; + let ret = unsafe { ffi_extras::SSL_CTX_get_options(self.ctx) }; SslContextOptions::from_bits(ret).unwrap() } pub fn clear_options(&mut self, option: SslContextOptions) -> SslContextOptions { let raw_bits = option.bits(); - let ret = unsafe { - ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits) - }; + let ret = unsafe { ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits) }; SslContextOptions::from_bits(ret).unwrap() } @@ -725,15 +712,18 @@ impl SslContext { unsafe { // Attach the protocol list to the OpenSSL context structure, // so that we can refer to it within the callback. - ffi::SSL_CTX_set_ex_data(self.ctx, *NPN_PROTOS_IDX, - mem::transmute(protocols)); + ffi::SSL_CTX_set_ex_data(self.ctx, *NPN_PROTOS_IDX, mem::transmute(protocols)); // Now register the callback that performs the default protocol // matching based on the client-supported list of protocols that // has been saved. - ffi::SSL_CTX_set_next_proto_select_cb(self.ctx, raw_next_proto_select_cb, ptr::null_mut()); + ffi::SSL_CTX_set_next_proto_select_cb(self.ctx, + raw_next_proto_select_cb, + ptr::null_mut()); // Also register the callback to advertise these protocols, if a server socket is // created with the context. - ffi::SSL_CTX_set_next_protos_advertised_cb(self.ctx, raw_next_protos_advertise_cb, ptr::null_mut()); + ffi::SSL_CTX_set_next_protos_advertised_cb(self.ctx, + raw_next_protos_advertise_cb, + ptr::null_mut()); } } @@ -756,8 +746,7 @@ impl SslContext { // ssl ctx's ex_data so that we can configure a function to free it later. In the // future, it might make sense to pull this into our internal struct Ssl instead of // leaning on openssl and using function pointers. - ffi::SSL_CTX_set_ex_data(self.ctx, *ALPN_PROTOS_IDX, - mem::transmute(protocols)); + ffi::SSL_CTX_set_ex_data(self.ctx, *ALPN_PROTOS_IDX, mem::transmute(protocols)); // Now register the callback that performs the default protocol // matching based on the client-supported list of protocols that @@ -765,11 +754,10 @@ impl SslContext { ffi::SSL_CTX_set_alpn_select_cb(self.ctx, raw_alpn_select_cb, ptr::null_mut()); } } - } pub struct Ssl { - ssl: *mut ffi::SSL + ssl: *mut ffi::SSL, } unsafe impl Send for Ssl {} @@ -778,8 +766,8 @@ unsafe impl Sync for Ssl {} impl fmt::Debug for Ssl { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("Ssl") - .field("state", &self.state_string_long()) - .finish() + .field("state", &self.state_string_long()) + .finish() } } @@ -830,7 +818,7 @@ impl Ssl { let err = unsafe { ffi::SSL_get_error(self.ssl, ret) }; match LibSslError::from_i32(err as i32) { Some(err) => err, - None => unreachable!() + None => unreachable!(), } } @@ -855,7 +843,9 @@ impl Ssl { /// Sets the host name to be used with SNI (Server Name Indication). pub fn set_hostname(&self, hostname: &str) -> Result<(), SslError> { let cstr = CString::new(hostname).unwrap(); - let ret = unsafe { ffi_extras::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr() as *const _) }; + let ret = unsafe { + ffi_extras::SSL_set_tlsext_host_name(self.ssl, cstr.as_ptr() as *const _) + }; // For this case, 0 indicates failure. if ret == 0 { @@ -926,9 +916,7 @@ impl Ssl { /// Returns the number of bytes remaining in the currently processed TLS /// record. pub fn pending(&self) -> usize { - unsafe { - ffi::SSL_pending(self.ssl) as usize - } + unsafe { ffi::SSL_pending(self.ssl) as usize } } /// Returns the compression currently in use. @@ -963,9 +951,7 @@ impl Ssl { return None; } - unsafe { - String::from_utf8(CStr::from_ptr(name).to_bytes().to_vec()).ok() - } + unsafe { String::from_utf8(CStr::from_ptr(name).to_bytes().to_vec()).ok() } } /// change the context corresponding to the current connection @@ -1038,12 +1024,13 @@ impl Drop for SslStream { } } -impl fmt::Debug for SslStream where S: fmt::Debug { +impl fmt::Debug for SslStream where S: fmt::Debug +{ fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { fmt.debug_struct("SslStream") - .field("stream", &self.get_ref()) - .field("ssl", &self.ssl()) - .finish() + .field("stream", &self.get_ref()) + .field("ssl", &self.ssl()) + .finish() } } @@ -1061,7 +1048,7 @@ impl AsRawSocket for SslStream { } } -impl SslStream { +impl SslStream { fn new_base(ssl: Ssl, stream: S) -> Self { unsafe { let (bio, method) = bio::new(stream).unwrap(); @@ -1092,7 +1079,7 @@ impl SslStream { Err(SslError::StreamError(e)) } } - e => Err(e) + e => Err(e), } } } @@ -1114,7 +1101,7 @@ impl SslStream { Err(SslError::StreamError(e)) } } - e => Err(e) + e => Err(e), } } } @@ -1180,8 +1167,10 @@ impl SslStream { LibSslError::ErrorZeroReturn => Error::ZeroReturn, LibSslError::ErrorWantWrite => Error::WantWrite(self.get_bio_error()), LibSslError::ErrorWantRead => Error::WantRead(self.get_bio_error()), - err => Error::Stream(io::Error::new(io::ErrorKind::Other, - format!("unexpected error {:?}", err))), + err => { + Error::Stream(io::Error::new(io::ErrorKind::Other, + format!("unexpected error {:?}", err))) + } } } @@ -1209,8 +1198,10 @@ impl SslStream { LibSslError::ErrorWantWrite | LibSslError::ErrorWantRead => { SslError::StreamError(self.get_bio_error()) } - err => SslError::StreamError(io::Error::new(io::ErrorKind::Other, - format!("unexpected error {:?}", err))), + err => { + SslError::StreamError(io::Error::new(io::ErrorKind::Other, + format!("unexpected error {:?}", err))) + } } } @@ -1218,8 +1209,10 @@ impl SslStream { let error = unsafe { bio::take_error::(self.ssl.get_raw_rbio()) }; match error { Some(error) => error, - None => io::Error::new(io::ErrorKind::Other, - "BUG: got an ErrorSyscall without an error in the BIO?") + None => { + io::Error::new(io::ErrorKind::Other, + "BUG: got an ErrorSyscall without an error in the BIO?") + } } } @@ -1306,14 +1299,17 @@ impl<'a> IntoSsl for &'a SslContext { /// A utility type to help in cases where the use of SSL is decided at runtime. #[derive(Debug)] -pub enum MaybeSslStream where S: Read+Write { +pub enum MaybeSslStream + where S: Read + Write +{ /// A connection using SSL Ssl(SslStream), /// A connection not using SSL Normal(S), } -impl Read for MaybeSslStream where S: Read+Write { +impl Read for MaybeSslStream where S: Read + Write +{ fn read(&mut self, buf: &mut [u8]) -> io::Result { match *self { MaybeSslStream::Ssl(ref mut s) => s.read(buf), @@ -1322,7 +1318,8 @@ impl Read for MaybeSslStream where S: Read+Write { } } -impl Write for MaybeSslStream where S: Read+Write { +impl Write for MaybeSslStream where S: Read + Write +{ fn write(&mut self, buf: &[u8]) -> io::Result { match *self { MaybeSslStream::Ssl(ref mut s) => s.write(buf), @@ -1338,7 +1335,8 @@ impl Write for MaybeSslStream where S: Read+Write { } } -impl MaybeSslStream where S: Read+Write { +impl MaybeSslStream where S: Read + Write +{ /// Returns a reference to the underlying stream. pub fn get_ref(&self) -> &S { match *self { @@ -1423,7 +1421,7 @@ impl NonblockingSslStream { } } -impl NonblockingSslStream { +impl NonblockingSslStream { /// Create a new nonblocking client ssl connection on wrapped `stream`. /// /// Note that this method will most likely not actually complete the SSL @@ -1453,7 +1451,7 @@ impl NonblockingSslStream { SslError::OpenSslErrors(e.iter() .map(|e| OpensslError::from_error_code(e.error_code())) .collect()) - .into() + .into() } } } @@ -1477,7 +1475,7 @@ impl NonblockingSslStream { match self.0.ssl_read(buf) { Ok(n) => Ok(n), Err(Error::ZeroReturn) => Ok(0), - Err(e) => Err(self.convert_err(e)) + Err(e) => Err(self.convert_err(e)), } } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 025a45a8cc617ac4a0aaa03454dd52c0327b6275..7fdbb750b45721075cb0ecd94459cec1151bc732 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -12,7 +12,7 @@ use std::thread; use net2::TcpStreamExt; -use crypto::hash::Type::{SHA256}; +use crypto::hash::Type::SHA256; use ssl; use ssl::SSL_VERIFY_PEER; use ssl::SslMethod::Sslv23; @@ -48,20 +48,24 @@ struct Server { } impl Server { - fn spawn(args: &[&str], input: Option>) - -> (Server, SocketAddr) { + fn spawn(args: &[&str], input: Option>) -> (Server, SocketAddr) { let addr = next_addr(); - let mut child = Command::new("openssl").arg("s_server") - .arg("-accept").arg(addr.port().to_string()) - .args(args) - .arg("-cert").arg("cert.pem") - .arg("-key").arg("key.pem") - .arg("-no_dhe") - .current_dir("test") - .stdout(Stdio::null()) - .stderr(Stdio::null()) - .stdin(Stdio::piped()) - .spawn().unwrap(); + let mut child = Command::new("openssl") + .arg("s_server") + .arg("-accept") + .arg(addr.port().to_string()) + .args(args) + .arg("-cert") + .arg("cert.pem") + .arg("-key") + .arg("key.pem") + .arg("-no_dhe") + .current_dir("test") + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .stdin(Stdio::piped()) + .spawn() + .unwrap(); let stdin = child.stdin.take().unwrap(); if let Some(mut input) = input { thread::spawn(move || input(stdin)); @@ -88,23 +92,27 @@ impl Server { #[cfg(any(feature = "alpn", feature = "npn"))] fn new_alpn() -> (Server, TcpStream) { - Server::new_tcp(&["-www", "-nextprotoneg", "http/1.1,spdy/3.1", - "-alpn", "http/1.1,spdy/3.1"]) + Server::new_tcp(&["-www", + "-nextprotoneg", + "http/1.1,spdy/3.1", + "-alpn", + "http/1.1,spdy/3.1"]) } #[cfg(feature = "dtlsv1")] fn new_dtlsv1(input: I) -> (Server, UdpConnected) - where I: IntoIterator, + where I: IntoIterator, I::IntoIter: Send + 'static { let mut input = input.into_iter(); - let (s, addr) = Server::spawn(&["-dtls1"], Some(Box::new(move |mut io| { - for s in input.by_ref() { - if io.write_all(s.as_bytes()).is_err() { - break - } - } - }))); + let (s, addr) = Server::spawn(&["-dtls1"], + Some(Box::new(move |mut io| { + for s in input.by_ref() { + if io.write_all(s.as_bytes()).is_err() { + break; + } + } + }))); // Need to wait for the UDP socket to get bound in our child process, // but don't currently have a great way to do that so just wait for a // bit. @@ -139,8 +147,10 @@ impl Write for UdpConnected { use std::os::unix::prelude::*; use libc; let n = unsafe { - libc::send(self.0.as_raw_fd(), buf.as_ptr() as *const _, - buf.len() as libc::size_t, 0) + libc::send(self.0.as_raw_fd(), + buf.as_ptr() as *const _, + buf.len() as libc::size_t, + 0) }; if n < 0 { Err(io::Error::last_os_error()) @@ -154,8 +164,10 @@ impl Write for UdpConnected { use std::os::windows::prelude::*; use libc; let n = unsafe { - libc::send(self.0.as_raw_socket(), buf.as_ptr() as *const _, - buf.len() as libc::c_int, 0) + libc::send(self.0.as_raw_socket(), + buf.as_ptr() as *const _, + buf.len() as libc::c_int, + 0) }; if n < 0 { Err(io::Error::last_os_error()) @@ -164,7 +176,9 @@ impl Write for UdpConnected { } } - fn flush(&mut self) -> io::Result<()> { Ok(()) } + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } } macro_rules! run_test( @@ -398,11 +412,11 @@ fn test_set_certificate_and_private_key() { let key_path = Path::new("test/key.pem"); let cert_path = Path::new("test/cert.pem"); let mut key_file = File::open(&key_path) - .ok() - .expect("Failed to open `test/key.pem`"); + .ok() + .expect("Failed to open `test/key.pem`"); let mut cert_file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); + .ok() + .expect("Failed to open `test/cert.pem`"); let key = PKey::private_key_from_pem(&mut key_file).unwrap(); let cert = X509::from_pem(&mut cert_file).unwrap(); @@ -467,8 +481,7 @@ run_test!(get_peer_certificate, |method, stream| { fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); - let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), - stream).unwrap(); + let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap(); stream.write_all(b"hello").unwrap(); stream.flush().unwrap(); stream.write_all(b" there").unwrap(); @@ -501,7 +514,7 @@ fn test_pending() { stream.flush().unwrap(); // wait for the response and read first byte... - let mut buf = [0u8; 16*1024]; + let mut buf = [0u8; 16 * 1024]; stream.read(&mut buf[..1]).unwrap(); let pending = stream.ssl().pending(); @@ -521,7 +534,8 @@ fn test_state() { let (_s, tcp) = Server::new(); let stream = SslStream::connect_generic(&SslContext::new(Sslv23).unwrap(), tcp).unwrap(); assert_eq!(stream.ssl().state_string(), "SSLOK "); - assert_eq!(stream.ssl().state_string_long(), "SSL negotiation finished successfully"); + assert_eq!(stream.ssl().state_string_long(), + "SSL negotiation finished successfully"); } /// Tests that connecting with the client using ALPN, but the server not does not @@ -535,11 +549,11 @@ fn test_connect_with_unilateral_alpn() { ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // Since the socket to which we connected is not configured to use ALPN, // there should be no selected protocol... @@ -557,11 +571,11 @@ fn test_connect_with_unilateral_npn() { ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // Since the socket to which we connected is not configured to use NPN, // there should be no selected protocol... @@ -579,11 +593,11 @@ fn test_connect_with_alpn_successful_multiple_matching() { ctx.set_alpn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The server prefers "http/1.1", so that is chosen, even though the client // would prefer "spdy/3.1" @@ -601,11 +615,11 @@ fn test_connect_with_npn_successful_multiple_matching() { ctx.set_npn_protocols(&[b"spdy/3.1", b"http/1.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The server prefers "http/1.1", so that is chosen, even though the client // would prefer "spdy/3.1" @@ -624,11 +638,11 @@ fn test_connect_with_alpn_successful_single_match() { ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The client now only supports one of the server's protocols, so that one // is used. @@ -648,11 +662,11 @@ fn test_connect_with_npn_successful_single_match() { ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // The client now only supports one of the server's protocols, so that one // is used. @@ -671,10 +685,10 @@ fn test_npn_server_advertise_multiple() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_npn_protocols(&[b"http/1.1", b"spdy/3.1"]); - assert!(ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); - ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -688,13 +702,13 @@ fn test_npn_server_advertise_multiple() { ctx.set_npn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect_generic(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // SPDY is selected since that's the only thing the client supports. assert_eq!(b"spdy/3.1", stream.ssl().selected_npn_protocol().unwrap()); @@ -712,10 +726,10 @@ fn test_alpn_server_advertise_multiple() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); - assert!(ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); - ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -729,13 +743,13 @@ fn test_alpn_server_advertise_multiple() { ctx.set_alpn_protocols(&[b"spdy/3.1"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // SPDY is selected since that's the only thing the client supports. assert_eq!(b"spdy/3.1", stream.ssl().selected_alpn_protocol().unwrap()); @@ -753,10 +767,10 @@ fn test_alpn_server_select_none() { let mut ctx = SslContext::new(Sslv23).unwrap(); ctx.set_verify(SSL_VERIFY_PEER, None); ctx.set_alpn_protocols(&[b"http/1.1", b"spdy/3.1"]); - assert!(ctx.set_certificate_file( - &Path::new("test/cert.pem"), X509FileType::PEM).is_ok()); - ctx.set_private_key_file( - &Path::new("test/key.pem"), X509FileType::PEM).unwrap(); + assert!(ctx.set_certificate_file(&Path::new("test/cert.pem"), X509FileType::PEM) + .is_ok()); + ctx.set_private_key_file(&Path::new("test/key.pem"), X509FileType::PEM) + .unwrap(); ctx }; // Have the listener wait on the connection in a different thread. @@ -770,13 +784,13 @@ fn test_alpn_server_select_none() { ctx.set_alpn_protocols(&[b"http/2"]); match ctx.set_CA_file(&Path::new("test/cert.pem")) { Ok(_) => {} - Err(err) => panic!("Unexpected error {:?}", err) + Err(err) => panic!("Unexpected error {:?}", err), } // Now connect to the socket and make sure the protocol negotiation works... let stream = TcpStream::connect(localhost).unwrap(); let stream = match SslStream::connect(&ctx, stream) { Ok(stream) => stream, - Err(err) => panic!("Expected success, got {:?}", err) + Err(err) => panic!("Expected success, got {:?}", err), }; // Since the protocols from the server and client don't overlap at all, no protocol is selected @@ -791,14 +805,14 @@ mod dtlsv1 { use std::net::TcpStream; use std::thread; - use crypto::hash::Type::{SHA256}; + use crypto::hash::Type::SHA256; use ssl::SslMethod; use ssl::SslMethod::Dtlsv1; use ssl::{SslContext, SslStream, VerifyCallback}; use ssl::SSL_VERIFY_PEER; - use x509::{X509StoreContext}; + use x509::X509StoreContext; - const PROTOCOL:SslMethod = Dtlsv1; + const PROTOCOL: SslMethod = Dtlsv1; #[test] fn test_new_ctx() { @@ -811,9 +825,8 @@ mod dtlsv1 { fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); - let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), - stream).unwrap(); - let mut buf = [0u8;100]; + let mut stream = SslStream::connect_generic(&SslContext::new(Dtlsv1).unwrap(), stream).unwrap(); + let mut buf = [0u8; 100]; assert!(stream.read(&mut buf).is_ok()); } @@ -821,21 +834,27 @@ fn test_read_dtlsv1() { #[cfg(feature = "sslv2")] fn test_sslv2_connect_failure() { let (_s, tcp) = Server::new_tcp(&["-no_ssl2", "-www"]); - SslStream::connect_generic(&SslContext::new(Sslv2).unwrap(), - tcp).err().unwrap(); + SslStream::connect_generic(&SslContext::new(Sslv2).unwrap(), tcp) + .err() + .unwrap(); } -fn wait_io(stream: &NonblockingSslStream, - read: bool, - timeout_ms: u32) -> bool { +fn wait_io(stream: &NonblockingSslStream, read: bool, timeout_ms: u32) -> bool { unsafe { let mut set: select::fd_set = mem::zeroed(); select::fd_set(&mut set, stream.get_ref()); - let write = if read {0 as *mut _} else {&mut set as *mut _}; - let read = if !read {0 as *mut _} else {&mut set as *mut _}; - select::select(stream.get_ref(), read, write, 0 as *mut _, timeout_ms) - .unwrap() + let write = if read { + 0 as *mut _ + } else { + &mut set as *mut _ + }; + let read = if !read { + 0 as *mut _ + } else { + &mut set as *mut _ + }; + select::select(stream.get_ref(), read, write, 0 as *mut _, timeout_ms).unwrap() } } @@ -858,16 +877,16 @@ fn test_write_nonblocking() { match result { Ok(_) => { break; - }, + } Err(NonblockingSslError::WantRead) => { assert!(wait_io(&stream, true, 1000)); - }, + } Err(NonblockingSslError::WantWrite) => { assert!(wait_io(&stream, false, 1000)); - }, + } Err(other) => { panic!("Unexpected SSL Error: {:?}", other); - }, + } } } @@ -896,16 +915,16 @@ fn test_read_nonblocking() { Ok(n) => { assert_eq!(n, 9); break; - }, + } Err(NonblockingSslError::WantRead) => { assert!(wait_io(&stream, true, 1000)); - }, + } Err(NonblockingSslError::WantWrite) => { assert!(wait_io(&stream, false, 1000)); - }, + } Err(other) => { panic!("Unexpected SSL Error: {:?}", other); - }, + } } } let mut input_buffer = [0u8; 1500]; @@ -916,15 +935,15 @@ fn test_read_nonblocking() { // unlucky context switching, the response could actually // be in the receive buffer before we issue the read() syscall... n - }, + } Err(NonblockingSslError::WantRead) => { assert!(wait_io(&stream, true, 3000)); // Second read should return application data. stream.read(&mut input_buffer).unwrap() - }, + } Err(other) => { panic!("Unexpected SSL Error: {:?}", other); - }, + } }; assert!(bytes_read >= 5); assert_eq!(&input_buffer[..5], b"HTTP/"); diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index 3faa099665ca7678fe7303a4505fb18939bf8a32..88cb64a21fc3c8f8b7aa626c5376dac8cd98a8e2 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -26,9 +26,9 @@ pub enum Extension { /// The extended purposes of the key contained in the certificate ExtKeyUsage(Vec), /// Subject Alternative Names - SubjectAltName(Vec<(AltNameOption,String)>), + SubjectAltName(Vec<(AltNameOption, String)>), /// Issuer Alternative Names - IssuerAltName(Vec<(AltNameOption,String)>), + IssuerAltName(Vec<(AltNameOption, String)>), /// Arbitrary extensions by NID. See `man x509v3_config` for value syntax. /// /// You must not use this to add extensions which this enum can express directly. @@ -40,7 +40,7 @@ pub enum Extension { /// # let generator = openssl::x509::X509Generator::new(); /// generator.add_extension(OtherNid(Nid::BasicConstraints,"critical,CA:TRUE".to_owned())); /// ``` - OtherNid(Nid,String), + OtherNid(Nid, String), /// Arbitrary extensions by OID string. See `man ASN1_generate_nconf` for value syntax. /// /// You must not use this to add extensions which this enum can express directly. @@ -51,7 +51,7 @@ pub enum Extension { /// # let generator = openssl::x509::X509Generator::new(); /// generator.add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned())); /// ``` - OtherStr(String,String), + OtherStr(String, String), } impl Extension { @@ -61,8 +61,8 @@ impl Extension { &Extension::ExtKeyUsage(_) => ExtensionType::ExtKeyUsage, &Extension::SubjectAltName(_) => ExtensionType::SubjectAltName, &Extension::IssuerAltName(_) => ExtensionType::IssuerAltName, - &Extension::OtherNid(nid,_) => ExtensionType::OtherNid(nid), - &Extension::OtherStr(ref s,_) => ExtensionType::OtherStr(s.clone()), + &Extension::OtherNid(nid, _) => ExtensionType::OtherNid(nid), + &Extension::OtherStr(ref s, _) => ExtensionType::OtherStr(s.clone()), } } } @@ -89,9 +89,11 @@ impl ExtensionType { // FIXME: This would be nicer as a method on Iterator. This can // eventually be replaced by the successor to std::slice::SliceConcatExt.connect -fn join,T: ToString>(iter: I, sep: &str) -> String { +fn join, T: ToString>(iter: I, sep: &str) -> String { iter.enumerate().fold(String::new(), |mut acc, (idx, v)| { - if idx > 0 { acc.push_str(sep) }; + if idx > 0 { + acc.push_str(sep) + }; acc.push_str(&v.to_string()); acc }) @@ -100,12 +102,18 @@ fn join,T: ToString>(iter: I, sep: &str) -> String { impl ToString for Extension { fn to_string(&self) -> String { match self { - &Extension::KeyUsage(ref purposes) => join(purposes.iter(),","), - &Extension::ExtKeyUsage(ref purposes) => join(purposes.iter(),","), - &Extension::SubjectAltName(ref names) => join(names.iter().map(|&(ref opt,ref val)|opt.to_string()+":"+&val),","), - &Extension::IssuerAltName(ref names) => join(names.iter().map(|&(ref opt,ref val)|opt.to_string()+":"+&val),","), - &Extension::OtherNid(_,ref value) => value.clone(), - &Extension::OtherStr(_,ref value) => value.clone(), + &Extension::KeyUsage(ref purposes) => join(purposes.iter(), ","), + &Extension::ExtKeyUsage(ref purposes) => join(purposes.iter(), ","), + &Extension::SubjectAltName(ref names) => { + join(names.iter().map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), + ",") + } + &Extension::IssuerAltName(ref names) => { + join(names.iter().map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), + ",") + } + &Extension::OtherNid(_, ref value) => value.clone(), + &Extension::OtherStr(_, ref value) => value.clone(), } } } @@ -169,7 +177,7 @@ impl fmt::Display for ExtKeyUsageOption { &ExtKeyUsageOption::MsCtlSign => "msCTLSign", &ExtKeyUsageOption::MsSgc => "msSGC", &ExtKeyUsageOption::MsEfs => "msEFS", - &ExtKeyUsageOption::NsSgc =>"nsSGC", + &ExtKeyUsageOption::NsSgc => "nsSGC", &ExtKeyUsageOption::Other(ref s) => &s[..], }) } @@ -189,9 +197,9 @@ pub enum AltNameOption { Other, Email, DNS, - //X400, // Not supported by OpenSSL + // X400, // Not supported by OpenSSL Directory, - //EDIParty, // Not supported by OpenSSL + // EDIParty, // Not supported by OpenSSL URI, IPAddress, RegisteredID, diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index c7039089d2a4a6a0a542f811dc5113097134d3bd..ffd478ef554e3f105a7d417c82b866390519f112 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -11,11 +11,11 @@ use std::fmt; use std::str; use std::collections::HashMap; -use asn1::{Asn1Time}; -use bio::{MemBio}; +use asn1::Asn1Time; +use bio::MemBio; use crypto::hash; use crypto::hash::Type as HashType; -use crypto::pkey::{PKey,Parts}; +use crypto::pkey::{PKey, Parts}; use crypto::rand::rand_bytes; use ffi; use ffi_extras; @@ -24,18 +24,20 @@ use nid; pub mod extension; -use self::extension::{ExtensionType,Extension}; +use self::extension::{ExtensionType, Extension}; #[cfg(test)] mod tests; pub struct SslString { - s : &'static str + s: &'static str, } impl<'s> Drop for SslString { fn drop(&mut self) { - unsafe { ffi::CRYPTO_free(self.s.as_ptr() as *mut c_void); } + unsafe { + ffi::CRYPTO_free(self.s.as_ptr() as *mut c_void); + } } } @@ -49,9 +51,7 @@ impl Deref for SslString { impl SslString { unsafe fn new(buf: *const c_char) -> SslString { - SslString { - s: str::from_utf8(CStr::from_ptr(buf as *const _).to_bytes()).unwrap() - } + SslString { s: str::from_utf8(CStr::from_ptr(buf as *const _).to_bytes()).unwrap() } } } @@ -72,19 +72,17 @@ impl fmt::Debug for SslString { pub enum X509FileType { PEM = ffi::X509_FILETYPE_PEM, ASN1 = ffi::X509_FILETYPE_ASN1, - Default = ffi::X509_FILETYPE_DEFAULT + Default = ffi::X509_FILETYPE_DEFAULT, } #[allow(missing_copy_implementations)] pub struct X509StoreContext { - ctx: *mut ffi::X509_STORE_CTX + ctx: *mut ffi::X509_STORE_CTX, } impl X509StoreContext { pub fn new(ctx: *mut ffi::X509_STORE_CTX) -> X509StoreContext { - X509StoreContext { - ctx: ctx - } + X509StoreContext { ctx: ctx } } pub fn get_error(&self) -> Option { @@ -98,7 +96,11 @@ impl X509StoreContext { if ptr.is_null() { None } else { - Some(X509 { ctx: Some(self), handle: ptr, owned: false }) + Some(X509 { + ctx: Some(self), + handle: ptr, + owned: false, + }) } } } @@ -143,9 +145,9 @@ impl X509StoreContext { pub struct X509Generator { bits: u32, days: u32, - names: Vec<(String,String)>, + names: Vec<(String, String)>, // RFC 3280 ยง4.2: A certificate MUST NOT include more than one instance of a particular extension. - extensions: HashMap, + extensions: HashMap, hash_type: HashType, } @@ -165,7 +167,7 @@ impl X509Generator { days: 365, names: vec![], extensions: HashMap::new(), - hash_type: HashType::SHA1 + hash_type: HashType::SHA1, } } @@ -188,7 +190,7 @@ impl X509Generator { /// generator.add_name("CN".to_string(),"example.com".to_string()); /// ``` pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { - self.names.push((attr_type,attr_value)); + self.names.push((attr_type, attr_value)); self } @@ -199,7 +201,8 @@ impl X509Generator { /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); /// ``` pub fn add_names(mut self, attrs: I) -> X509Generator - where I: IntoIterator { + where I: IntoIterator + { self.names.extend(attrs); self } @@ -216,7 +219,7 @@ impl X509Generator { /// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])); /// ``` pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator { - self.extensions.insert(ext.get_type(),ext); + self.extensions.insert(ext.get_type(), ext); self } @@ -232,8 +235,9 @@ impl X509Generator { /// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]); /// ``` pub fn add_extensions(mut self, exts: I) -> X509Generator - where I: IntoIterator { - self.extensions.extend(exts.into_iter().map(|ext|(ext.get_type(),ext))); + where I: IntoIterator + { + self.extensions.extend(exts.into_iter().map(|ext| (ext.get_type(), ext))); self } @@ -242,23 +246,27 @@ impl X509Generator { self } - fn add_extension_internal(x509: *mut ffi::X509, exttype: &extension::ExtensionType, value: &str) -> Result<(), SslError> { + fn add_extension_internal(x509: *mut ffi::X509, + exttype: &extension::ExtensionType, + value: &str) + -> Result<(), SslError> { unsafe { let mut ctx: ffi::X509V3_CTX = mem::zeroed(); - ffi::X509V3_set_ctx(&mut ctx, x509, x509, - ptr::null_mut(), ptr::null_mut(), 0); + ffi::X509V3_set_ctx(&mut ctx, x509, x509, ptr::null_mut(), ptr::null_mut(), 0); let value = CString::new(value.as_bytes()).unwrap(); - let ext=match exttype.get_nid() { - Some(nid) => ffi::X509V3_EXT_conf_nid(ptr::null_mut(), - mem::transmute(&ctx), - nid as c_int, - value.as_ptr() as *mut c_char), + let ext = match exttype.get_nid() { + Some(nid) => { + ffi::X509V3_EXT_conf_nid(ptr::null_mut(), + mem::transmute(&ctx), + nid as c_int, + value.as_ptr() as *mut c_char) + } None => { - let name=CString::new(exttype.get_name().unwrap().as_bytes()).unwrap(); + let name = CString::new(exttype.get_name().unwrap().as_bytes()).unwrap(); ffi::X509V3_EXT_conf(ptr::null_mut(), - mem::transmute(&ctx), - name.as_ptr() as *mut c_char, - value.as_ptr() as *mut c_char) + mem::transmute(&ctx), + name.as_ptr() as *mut c_char, + value.as_ptr() as *mut c_char) } }; let mut success = false; @@ -270,13 +278,21 @@ impl X509Generator { } } - fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> { + fn add_name_internal(name: *mut ffi::X509_NAME, + key: &str, + value: &str) + -> Result<(), SslError> { let value_len = value.len() as c_int; lift_ssl!(unsafe { let key = CString::new(key.as_bytes()).unwrap(); let value = CString::new(value.as_bytes()).unwrap(); - ffi::X509_NAME_add_entry_by_txt(name, key.as_ptr() as *const _, ffi::MBSTRING_UTF8, - value.as_ptr() as *const _, value_len, -1, 0) + ffi::X509_NAME_add_entry_by_txt(name, + key.as_ptr() as *const _, + ffi::MBSTRING_UTF8, + value.as_ptr() as *const _, + value_len, + -1, + 0) }) } @@ -315,10 +331,15 @@ impl X509Generator { let x509 = ffi::X509_new(); try_ssl_null!(x509); - let x509 = X509 { handle: x509, ctx: None, owned: true}; + let x509 = X509 { + handle: x509, + ctx: None, + owned: true, + }; try_ssl!(ffi::X509_set_version(x509.handle, 2)); - try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle), X509Generator::random_serial())); + try_ssl!(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.handle), + X509Generator::random_serial())); let not_before = try!(Asn1Time::days_from_now(0)); let not_after = try!(Asn1Time::days_from_now(self.days)); @@ -336,18 +357,21 @@ impl X509Generator { let name = ffi::X509_get_subject_name(x509.handle); try_ssl_null!(name); - let default=[("CN","rust-openssl")]; - let default_iter=&mut default.iter().map(|&(k,v)|(k,v)); - let arg_iter=&mut self.names.iter().map(|&(ref k,ref v)|(&k[..],&v[..])); - let iter: &mut Iterator = - if self.names.len()==0 { default_iter } else { arg_iter }; + let default = [("CN", "rust-openssl")]; + let default_iter = &mut default.iter().map(|&(k, v)| (k, v)); + let arg_iter = &mut self.names.iter().map(|&(ref k, ref v)| (&k[..], &v[..])); + let iter: &mut Iterator = if self.names.len() == 0 { + default_iter + } else { + arg_iter + }; - for (key,val) in iter { + for (key, val) in iter { try!(X509Generator::add_name_internal(name, &key, &val)); } ffi::X509_set_issuer_name(x509.handle, name); - for (exttype,ext) in self.extensions.iter() { + for (exttype, ext) in self.extensions.iter() { try!(X509Generator::add_extension_internal(x509.handle, exttype, &ext.to_string())); } @@ -359,9 +383,9 @@ impl X509Generator { /// Obtain a certificate signing request (CSR) pub fn request(&self, p_key: &PKey) -> Result { - let cert=match self.sign(p_key) { + let cert = match self.sign(p_key) { Ok(c) => c, - Err(x) => return Err(x) + Err(x) => return Err(x), }; unsafe { @@ -370,7 +394,7 @@ impl X509Generator { let exts = ffi_extras::X509_get_extensions(cert.handle); if exts != ptr::null_mut() { - try_ssl!(ffi::X509_REQ_add_extensions(req,exts)); + try_ssl!(ffi::X509_REQ_add_extensions(req, exts)); } let hash_fn = self.hash_type.evp_md(); @@ -387,7 +411,7 @@ impl X509Generator { pub struct X509<'ctx> { ctx: Option<&'ctx X509StoreContext>, handle: *mut ffi::X509, - owned: bool + owned: bool, } impl<'ctx> X509<'ctx> { @@ -406,19 +430,22 @@ impl<'ctx> X509<'ctx> { X509 { ctx: Some(ctx), handle: handle, - owned: false + owned: false, } } /// Reads certificate from PEM, takes ownership of handle - pub fn from_pem(reader: &mut R) -> Result, SslError> where R: Read { + pub fn from_pem(reader: &mut R) -> Result, SslError> + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); unsafe { let handle = try_ssl_null!(ffi::PEM_read_bio_X509(mem_bio.get_handle(), ptr::null_mut(), - None, ptr::null_mut())); + None, + ptr::null_mut())); Ok(X509::new(handle, true)) } } @@ -429,7 +456,10 @@ impl<'ctx> X509<'ctx> { pub fn subject_name<'a>(&'a self) -> X509Name<'a> { let name = unsafe { ffi::X509_get_subject_name(self.handle) }; - X509Name { x509: self, name: name } + X509Name { + x509: self, + name: name, + } } pub fn public_key(&self) -> PKey { @@ -446,7 +476,9 @@ impl<'ctx> X509<'ctx> { let v: Vec = repeat(0).take(len as usize).collect(); let act_len: c_uint = 0; let res = unsafe { - ffi::X509_digest(self.handle, evp, mem::transmute(v.as_ptr()), + ffi::X509_digest(self.handle, + evp, + mem::transmute(v.as_ptr()), mem::transmute(&act_len)) }; @@ -457,18 +489,19 @@ impl<'ctx> X509<'ctx> { match len.cmp(&act_len) { Ordering::Greater => None, Ordering::Equal => Some(v), - Ordering::Less => panic!("Fingerprint buffer was corrupted!") + Ordering::Less => panic!("Fingerprint buffer was corrupted!"), } } } } /// Writes certificate as PEM - pub fn write_pem(&self, writer: &mut W) -> Result<(), SslError> where W: Write { + pub fn write_pem(&self, writer: &mut W) -> Result<(), SslError> + where W: Write + { let mut mem_bio = try!(MemBio::new()); unsafe { - try_ssl!(ffi::PEM_write_bio_X509(mem_bio.get_handle(), - self.handle)); + try_ssl!(ffi::PEM_write_bio_X509(mem_bio.get_handle(), self.handle)); } io::copy(&mut mem_bio, writer).map_err(StreamError).map(|_| ()) } @@ -485,16 +518,16 @@ impl<'ctx> Drop for X509<'ctx> { #[allow(dead_code)] pub struct X509Name<'x> { x509: &'x X509<'x>, - name: *mut ffi::X509_NAME + name: *mut ffi::X509_NAME, } #[allow(dead_code)] pub struct X509NameEntry<'x> { x509_name: &'x X509Name<'x>, - ne: *mut ffi::X509_NAME_ENTRY + ne: *mut ffi::X509_NAME_ENTRY, } -impl <'x> X509Name<'x> { +impl<'x> X509Name<'x> { pub fn text_by_nid(&self, nid: nid::Nid) -> Option { unsafe { let loc = ffi::X509_NAME_get_index_by_NID(self.name, nid as c_int, -1); @@ -512,11 +545,11 @@ impl <'x> X509Name<'x> { return None; } - let mut str_from_asn1 : *mut c_char = ptr::null_mut(); + let mut str_from_asn1: *mut c_char = ptr::null_mut(); let len = ffi::ASN1_STRING_to_UTF8(&mut str_from_asn1, asn1_str); if len < 0 { - return None + return None; } assert!(!str_from_asn1.is_null()); @@ -534,30 +567,32 @@ pub struct X509Req { impl X509Req { /// Creates new from handle pub fn new(handle: *mut ffi::X509_REQ) -> X509Req { - X509Req { - handle: handle, - } + X509Req { handle: handle } } /// Reads CSR from PEM - pub fn from_pem(reader: &mut R) -> Result where R: Read { + pub fn from_pem(reader: &mut R) -> Result + where R: Read + { let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); unsafe { let handle = try_ssl_null!(ffi::PEM_read_bio_X509_REQ(mem_bio.get_handle(), - ptr::null_mut(), - None, ptr::null_mut())); + ptr::null_mut(), + None, + ptr::null_mut())); Ok(X509Req::new(handle)) } } /// Writes CSR as PEM - pub fn write_pem(&self, writer: &mut W) -> Result<(), SslError> where W: Write { + pub fn write_pem(&self, writer: &mut W) -> Result<(), SslError> + where W: Write + { let mut mem_bio = try!(MemBio::new()); unsafe { - try_ssl!(ffi::PEM_write_bio_X509_REQ(mem_bio.get_handle(), - self.handle)); + try_ssl!(ffi::PEM_write_bio_X509_REQ(mem_bio.get_handle(), self.handle)); } io::copy(&mut mem_bio, writer).map_err(StreamError).map(|_| ()) } @@ -651,6 +686,7 @@ make_validation_error!(X509_V_OK, fn test_negative_serial() { // I guess that's enough to get a random negative number for _ in 0..1000 { - assert!(X509Generator::random_serial() > 0, "All serials should be positive"); + assert!(X509Generator::random_serial() > 0, + "All serials should be positive"); } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 692539ba8ae7667d53e42f088f0230c6459e2d0f..43ad0dec0f1c245515560d5314453318605df6d9 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -3,10 +3,10 @@ use std::io; use std::path::Path; use std::fs::File; -use crypto::hash::Type::{SHA256}; +use crypto::hash::Type::SHA256; use crypto::pkey::PKey; use x509::{X509, X509Generator}; -use x509::extension::Extension::{KeyUsage,ExtKeyUsage,SubjectAltName,OtherNid,OtherStr}; +use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr}; use x509::extension::AltNameOption as SAN; use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment}; use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth}; @@ -15,14 +15,16 @@ use nid::Nid; fn get_generator() -> X509Generator { X509Generator::new() .set_bitlength(2048) - .set_valid_period(365*2) - .add_name("CN".to_string(),"test_me".to_string()) + .set_valid_period(365 * 2) + .add_name("CN".to_string(), "test_me".to_string()) .set_sign_hash(SHA256) .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) - .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())])) - .add_extension(SubjectAltName(vec![(SAN::DNS,"example.com".to_owned())])) - .add_extension(OtherNid(Nid::BasicConstraints,"critical,CA:TRUE".to_owned())) - .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned())) + .add_extension(ExtKeyUsage(vec![ClientAuth, + ServerAuth, + ExtKeyUsageOption::Other("2.999.1".to_owned())])) + .add_extension(SubjectAltName(vec![(SAN::DNS, "example.com".to_owned())])) + .add_extension(OtherNid(Nid::BasicConstraints, "critical,CA:TRUE".to_owned())) + .add_extension(OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned())) } #[test] @@ -53,8 +55,8 @@ fn test_req_gen() { fn test_cert_loading() { let cert_path = Path::new("test/cert.pem"); let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); + .ok() + .expect("Failed to open `test/cert.pem`"); let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); let fingerprint = cert.fingerprint(SHA256).unwrap(); @@ -73,14 +75,14 @@ fn test_cert_loading() { fn test_subject_read_cn() { let cert_path = Path::new("test/cert.pem"); let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); + .ok() + .expect("Failed to open `test/cert.pem`"); let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::CN) { Some(x) => x, - None => panic!("Failed to read CN from cert") + None => panic!("Failed to read CN from cert"), }; assert_eq!(&cn as &str, "test_cert") @@ -90,27 +92,27 @@ fn test_subject_read_cn() { fn test_nid_values() { let cert_path = Path::new("test/nid_test_cert.pem"); let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/nid_test_cert.pem`"); + .ok() + .expect("Failed to open `test/nid_test_cert.pem`"); let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::CN) { Some(x) => x, - None => panic!("Failed to read CN from cert") + None => panic!("Failed to read CN from cert"), }; assert_eq!(&cn as &str, "example.com"); let email = match subject.text_by_nid(Nid::Email) { Some(x) => x, - None => panic!("Failed to read subject email address from cert") + None => panic!("Failed to read subject email address from cert"), }; assert_eq!(&email as &str, "test@example.com"); let friendly = match subject.text_by_nid(Nid::FriendlyName) { Some(x) => x, - None => panic!("Failed to read subject friendly name from cert") + None => panic!("Failed to read subject friendly name from cert"), }; assert_eq!(&friendly as &str, "Example"); }