Loading openssl/src/crypto/dsa.rs +0 −2 Original line number Diff line number Diff line Loading @@ -236,11 +236,9 @@ impl fmt::Debug for DSA { #[cfg(test)] mod test { use std::io::Write; use libc::c_char; use super::*; use crypto::hash::*; #[test] pub fn test_generate() { Loading openssl/src/crypto/pkcs12.rs +3 −2 Original line number Diff line number Diff line Loading @@ -6,6 +6,7 @@ use std::cmp; use std::ptr; use std::ffi::CString; use {cvt, cvt_p}; use crypto::pkey::PKey; use error::ErrorStack; use x509::X509; Loading @@ -26,7 +27,7 @@ impl Pkcs12 { ffi::init(); let mut ptr = der.as_ptr() as *const c_uchar; let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long; let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length)); let p12 = try!(cvt_p(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length))); Ok(Pkcs12(p12)) } } Loading @@ -40,7 +41,7 @@ impl Pkcs12 { let mut cert = ptr::null_mut(); let mut chain = ptr::null_mut(); try_ssl!(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain)); try!(cvt(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain))); let pkey = PKey::from_ptr(pkey); let cert = X509::from_ptr(cert); Loading openssl/src/crypto/pkey.rs +29 −26 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ use std::ptr; use std::mem; use ffi; use {cvt, cvt_p}; use bio::{MemBio, MemBioSlice}; use crypto::dsa::DSA; use crypto::rsa::RSA; Loading @@ -19,9 +20,9 @@ impl PKey { /// Create a new `PKey` containing an RSA key. pub fn from_rsa(rsa: RSA) -> Result<PKey, ErrorStack> { unsafe { let evp = try_ssl_null!(ffi::EVP_PKEY_new()); let evp = try!(cvt_p(ffi::EVP_PKEY_new())); let pkey = PKey(evp); try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _)); try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _))); mem::forget(rsa); Ok(pkey) } Loading @@ -30,9 +31,9 @@ impl PKey { /// Create a new `PKey` containing a DSA key. pub fn from_dsa(dsa: DSA) -> Result<PKey, ErrorStack> { unsafe { let evp = try_ssl_null!(ffi::EVP_PKEY_new()); let evp = try!(cvt_p(ffi::EVP_PKEY_new())); let pkey = PKey(evp); try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _)); try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _))); mem::forget(dsa); Ok(pkey) } Loading @@ -42,10 +43,10 @@ impl PKey { pub fn hmac(key: &[u8]) -> Result<PKey, ErrorStack> { unsafe { assert!(key.len() <= c_int::max_value() as usize); let key = try_ssl_null!(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC, let key = try!(cvt_p(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC, ptr::null_mut(), key.as_ptr() as *const _, key.len() as c_int)); key.len() as c_int))); Ok(PKey(key)) } } Loading @@ -59,10 +60,10 @@ impl PKey { ffi::init(); let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(PKey::from_ptr(evp)) } } Loading @@ -79,10 +80,10 @@ impl PKey { let mut cb = CallbackState::new(pass_cb); let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), ptr::null_mut(), Some(invoke_passwd_cb::<F>), &mut cb as *mut _ as *mut c_void)); &mut cb as *mut _ as *mut c_void))); Ok(PKey::from_ptr(evp)) } } Loading @@ -92,10 +93,10 @@ impl PKey { ffi::init(); let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(PKey::from_ptr(evp)) } } Loading @@ -105,15 +106,15 @@ impl PKey { unsafe { // this needs to be a reference as the set1_RSA ups the reference count let rsa_ptr = rsa.as_ptr(); try_ssl!(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr)); try!(cvt(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr))); Ok(()) } } /// Get a reference to the interal RSA key for direct access to the key components pub fn get_rsa(&self) -> Result<RSA, ErrorStack> { pub fn rsa(&self) -> Result<RSA, ErrorStack> { unsafe { let rsa = try_ssl_null!(ffi::EVP_PKEY_get1_RSA(self.0)); let rsa = try!(cvt_p(ffi::EVP_PKEY_get1_RSA(self.0))); // this is safe as the ffi increments a reference counter to the internal key Ok(RSA::from_ptr(rsa)) } Loading @@ -124,13 +125,13 @@ impl PKey { pub fn private_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(), try!(cvt(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(), self.0, ptr::null(), ptr::null_mut(), -1, None, ptr::null_mut())); ptr::null_mut()))); } Ok(mem_bio.get_buf().to_owned()) Loading @@ -139,7 +140,9 @@ impl PKey { /// Stores public key as a PEM pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0)) } unsafe { try!(cvt(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0))); } Ok(mem_bio.get_buf().to_owned()) } Loading openssl/src/crypto/rand.rs +3 −2 Original line number Diff line number Diff line use libc::c_int; use ffi; use cvt; use error::ErrorStack; pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { ffi::init(); assert!(buf.len() <= c_int::max_value() as usize); try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1); Ok(()) cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int)).map(|_| ()) } } Loading openssl/src/crypto/rsa.rs +135 −126 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ use std::ptr; use std::mem; use libc::{c_int, c_void, c_char}; use {cvt, cvt_p, cvt_n}; use bn::{BigNum, BigNumRef}; use bio::{MemBio, MemBioSlice}; use error::ErrorStack; Loading Loading @@ -42,11 +43,11 @@ impl RSA { /// the supplied load and save methods for DER formatted keys. pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, ErrorStack> { unsafe { let rsa = RSA(try_ssl_null!(ffi::RSA_new())); try_ssl!(compat::set_key(rsa.0, let rsa = RSA(try!(cvt_p(ffi::RSA_new()))); try!(cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), ptr::null_mut())); ptr::null_mut()))); mem::forget((n, e)); Ok(rsa) } Loading @@ -62,13 +63,13 @@ impl RSA { qi: BigNum) -> Result<RSA, ErrorStack> { unsafe { let rsa = RSA(try_ssl_null!(ffi::RSA_new())); try_ssl!(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr())); let rsa = RSA(try!(cvt_p(ffi::RSA_new()))); try!(cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))); mem::forget((n, e, d)); try_ssl!(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr())); try!(cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()))); mem::forget((p, q)); try_ssl!(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(), qi.as_ptr())); try!(cvt(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(), qi.as_ptr()))); mem::forget((dp, dq, qi)); Ok(rsa) } Loading @@ -83,12 +84,9 @@ impl RSA { /// The public exponent will be 65537. pub fn generate(bits: u32) -> Result<RSA, ErrorStack> { unsafe { let rsa = try_ssl_null!(ffi::RSA_new()); let rsa = RSA(rsa); let rsa = RSA(try!(cvt_p(ffi::RSA_new()))); let e = try!(BigNum::new_from(ffi::RSA_F4 as u32)); try_ssl!(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut())); try!(cvt(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut()))); Ok(rsa) } } Loading @@ -97,10 +95,10 @@ impl RSA { pub fn private_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> { let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(RSA(rsa)) } } Loading @@ -114,11 +112,10 @@ impl RSA { unsafe { let cb_ptr = &mut cb as *mut _ as *mut c_void; let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), ptr::null_mut(), Some(invoke_passwd_cb::<F>), cb_ptr)); cb_ptr))); Ok(RSA(rsa)) } } Loading @@ -127,10 +124,10 @@ impl RSA { pub fn public_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> { let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(RSA(rsa)) } } Loading @@ -140,13 +137,13 @@ impl RSA { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), try!(cvt(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), self.0, ptr::null(), ptr::null_mut(), 0, None, ptr::null_mut())); ptr::null_mut()))); } Ok(mem_bio.get_buf().to_owned()) } Loading @@ -156,93 +153,113 @@ impl RSA { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0)) }; try!(cvt(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0))); } Ok(mem_bio.get_buf().to_owned()) } pub fn size(&self) -> Option<u32> { if self.n().is_some() { unsafe { Some(ffi::RSA_size(self.0) as u32) } } else { None pub fn size(&self) -> usize { unsafe { assert!(self.n().is_some()); ffi::RSA_size(self.0) as usize } } /** * Decrypts data with the private key, using provided padding, returning the decrypted data. */ pub fn private_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { /// Decrypts data using the private key, returning the number of decrypted bytes. /// /// # Panics /// /// Panics if `self` has no private components, or if `to` is smaller /// than `self.size()`. pub fn private_decrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut to: Vec<u8> = vec![0; k_len as usize]; assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_private_decrypt(from.len() as i32, let len = try!(cvt_n(ffi::RSA_private_decrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); to.truncate(enc_len as usize); Ok(to) padding.0))); Ok(len as usize) } } /** * Encrypts data with the private key, using provided padding, returning the encrypted data. */ pub fn private_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { /// Encrypts data using the private key, returning the number of encrypted bytes. /// /// # Panics /// /// Panics if `self` has no private components, or if `to` is smaller /// than `self.size()`. pub fn private_encrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut to:Vec<u8> = vec![0; k_len as usize]; assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_private_encrypt(from.len() as c_int, let len = try!(cvt_n(ffi::RSA_private_encrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); assert!(enc_len as u32 == k_len); Ok(to) padding.0))); Ok(len as usize) } } /** * Decrypts data with the public key, using provided padding, returning the decrypted data. */ pub fn public_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { let k_len = self.size().expect("RSA missing an n"); let mut to: Vec<u8> = vec![0; k_len as usize]; /// Decrypts data using the public key, returning the number of decrypted bytes. /// /// # Panics /// /// Panics if `to` is smaller than `self.size()`. pub fn public_decrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_public_decrypt(from.len() as i32, let len = try!(cvt_n(ffi::RSA_public_decrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); to.truncate(enc_len as usize); Ok(to) padding.0))); Ok(len as usize) } } /** * Encrypts data with the public key, using provided padding, returning the encrypted data. */ pub fn public_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { let k_len = self.size().expect("RSA missing an n"); let mut to:Vec<u8> = vec![0; k_len as usize]; /// Encrypts data using the private key, returning the number of encrypted bytes. /// /// # Panics /// /// Panics if `to` is smaller than `self.size()`. pub fn public_encrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_public_encrypt(from.len() as c_int, let len = try!(cvt_n(ffi::RSA_public_encrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); assert!(enc_len as u32 == k_len); Ok(to) padding.0))); Ok(len as usize) } } Loading Loading @@ -424,16 +441,17 @@ mod test { let key = include_bytes!("../../test/rsa.pem.pub"); let public_key = RSA::public_key_from_pem(key).unwrap(); let original_data: Vec<u8> = "This is test".to_string().into_bytes(); let result = public_key.public_encrypt(&original_data, Padding::pkcs1()).unwrap(); assert_eq!(result.len(), 256); let mut result = vec![0; public_key.size()]; let original_data = b"This is test"; let len = public_key.public_encrypt(original_data, &mut result, Padding::pkcs1()).unwrap(); assert_eq!(len, 256); let pkey = include_bytes!("../../test/rsa.pem"); let private_key = RSA::private_key_from_pem(pkey).unwrap(); let dec_result = private_key.private_decrypt(&result, Padding::pkcs1()).unwrap(); let mut dec_result = vec![0; private_key.size()]; let len = private_key.private_decrypt(&result, &mut dec_result, Padding::pkcs1()).unwrap(); assert_eq!(dec_result, original_data); assert_eq!(&dec_result[..len], original_data); } #[test] Loading @@ -442,37 +460,28 @@ mod test { let k0pkey = k0.public_key_to_pem().unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let emsg = k0.private_encrypt(&msg, Padding::pkcs1()).unwrap(); let dmsg = k1.public_decrypt(&emsg, Padding::pkcs1()).unwrap(); assert!(msg == dmsg); let mut emesg = vec![0; k0.size()]; k0.private_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap(); assert_eq!(msg, &dmesg[..len]); } #[test] fn test_public_encrypt() { let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let emsg = k1.public_encrypt(&msg, Padding::pkcs1_oaep()).unwrap(); let dmsg = k0.private_decrypt(&emsg, Padding::pkcs1_oaep()).unwrap(); assert!(msg == dmsg); } #[test] fn test_public_encrypt_pkcs() { let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let k0pkey = k0.private_key_to_pem().unwrap(); let k1 = super::RSA::private_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let emsg = k1.public_encrypt(&msg, super::Padding::pkcs1()).unwrap(); let dmsg = k0.private_decrypt(&emsg, super::Padding::pkcs1()).unwrap(); assert!(msg == dmsg); let mut emesg = vec![0; k0.size()]; k0.public_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap(); assert_eq!(msg, &dmesg[..len]); } } Loading
openssl/src/crypto/dsa.rs +0 −2 Original line number Diff line number Diff line Loading @@ -236,11 +236,9 @@ impl fmt::Debug for DSA { #[cfg(test)] mod test { use std::io::Write; use libc::c_char; use super::*; use crypto::hash::*; #[test] pub fn test_generate() { Loading
openssl/src/crypto/pkcs12.rs +3 −2 Original line number Diff line number Diff line Loading @@ -6,6 +6,7 @@ use std::cmp; use std::ptr; use std::ffi::CString; use {cvt, cvt_p}; use crypto::pkey::PKey; use error::ErrorStack; use x509::X509; Loading @@ -26,7 +27,7 @@ impl Pkcs12 { ffi::init(); let mut ptr = der.as_ptr() as *const c_uchar; let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long; let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length)); let p12 = try!(cvt_p(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length))); Ok(Pkcs12(p12)) } } Loading @@ -40,7 +41,7 @@ impl Pkcs12 { let mut cert = ptr::null_mut(); let mut chain = ptr::null_mut(); try_ssl!(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain)); try!(cvt(ffi::PKCS12_parse(self.0, pass.as_ptr(), &mut pkey, &mut cert, &mut chain))); let pkey = PKey::from_ptr(pkey); let cert = X509::from_ptr(cert); Loading
openssl/src/crypto/pkey.rs +29 −26 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ use std::ptr; use std::mem; use ffi; use {cvt, cvt_p}; use bio::{MemBio, MemBioSlice}; use crypto::dsa::DSA; use crypto::rsa::RSA; Loading @@ -19,9 +20,9 @@ impl PKey { /// Create a new `PKey` containing an RSA key. pub fn from_rsa(rsa: RSA) -> Result<PKey, ErrorStack> { unsafe { let evp = try_ssl_null!(ffi::EVP_PKEY_new()); let evp = try!(cvt_p(ffi::EVP_PKEY_new())); let pkey = PKey(evp); try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _)); try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_RSA, rsa.as_ptr() as *mut _))); mem::forget(rsa); Ok(pkey) } Loading @@ -30,9 +31,9 @@ impl PKey { /// Create a new `PKey` containing a DSA key. pub fn from_dsa(dsa: DSA) -> Result<PKey, ErrorStack> { unsafe { let evp = try_ssl_null!(ffi::EVP_PKEY_new()); let evp = try!(cvt_p(ffi::EVP_PKEY_new())); let pkey = PKey(evp); try_ssl!(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _)); try!(cvt(ffi::EVP_PKEY_assign(pkey.0, ffi::EVP_PKEY_DSA, dsa.as_ptr() as *mut _))); mem::forget(dsa); Ok(pkey) } Loading @@ -42,10 +43,10 @@ impl PKey { pub fn hmac(key: &[u8]) -> Result<PKey, ErrorStack> { unsafe { assert!(key.len() <= c_int::max_value() as usize); let key = try_ssl_null!(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC, let key = try!(cvt_p(ffi::EVP_PKEY_new_mac_key(ffi::EVP_PKEY_HMAC, ptr::null_mut(), key.as_ptr() as *const _, key.len() as c_int)); key.len() as c_int))); Ok(PKey(key)) } } Loading @@ -59,10 +60,10 @@ impl PKey { ffi::init(); let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(PKey::from_ptr(evp)) } } Loading @@ -79,10 +80,10 @@ impl PKey { let mut cb = CallbackState::new(pass_cb); let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PrivateKey(mem_bio.as_ptr(), ptr::null_mut(), Some(invoke_passwd_cb::<F>), &mut cb as *mut _ as *mut c_void)); &mut cb as *mut _ as *mut c_void))); Ok(PKey::from_ptr(evp)) } } Loading @@ -92,10 +93,10 @@ impl PKey { ffi::init(); let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(), let evp = try!(cvt_p(ffi::PEM_read_bio_PUBKEY(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(PKey::from_ptr(evp)) } } Loading @@ -105,15 +106,15 @@ impl PKey { unsafe { // this needs to be a reference as the set1_RSA ups the reference count let rsa_ptr = rsa.as_ptr(); try_ssl!(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr)); try!(cvt(ffi::EVP_PKEY_set1_RSA(self.0, rsa_ptr))); Ok(()) } } /// Get a reference to the interal RSA key for direct access to the key components pub fn get_rsa(&self) -> Result<RSA, ErrorStack> { pub fn rsa(&self) -> Result<RSA, ErrorStack> { unsafe { let rsa = try_ssl_null!(ffi::EVP_PKEY_get1_RSA(self.0)); let rsa = try!(cvt_p(ffi::EVP_PKEY_get1_RSA(self.0))); // this is safe as the ffi increments a reference counter to the internal key Ok(RSA::from_ptr(rsa)) } Loading @@ -124,13 +125,13 @@ impl PKey { pub fn private_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(), try!(cvt(ffi::PEM_write_bio_PrivateKey(mem_bio.as_ptr(), self.0, ptr::null(), ptr::null_mut(), -1, None, ptr::null_mut())); ptr::null_mut()))); } Ok(mem_bio.get_buf().to_owned()) Loading @@ -139,7 +140,9 @@ impl PKey { /// Stores public key as a PEM pub fn public_key_to_pem(&self) -> Result<Vec<u8>, ErrorStack> { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0)) } unsafe { try!(cvt(ffi::PEM_write_bio_PUBKEY(mem_bio.as_ptr(), self.0))); } Ok(mem_bio.get_buf().to_owned()) } Loading
openssl/src/crypto/rand.rs +3 −2 Original line number Diff line number Diff line use libc::c_int; use ffi; use cvt; use error::ErrorStack; pub fn rand_bytes(buf: &mut [u8]) -> Result<(), ErrorStack> { unsafe { ffi::init(); assert!(buf.len() <= c_int::max_value() as usize); try_ssl_if!(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int) != 1); Ok(()) cvt(ffi::RAND_bytes(buf.as_mut_ptr(), buf.len() as c_int)).map(|_| ()) } } Loading
openssl/src/crypto/rsa.rs +135 −126 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ use std::ptr; use std::mem; use libc::{c_int, c_void, c_char}; use {cvt, cvt_p, cvt_n}; use bn::{BigNum, BigNumRef}; use bio::{MemBio, MemBioSlice}; use error::ErrorStack; Loading Loading @@ -42,11 +43,11 @@ impl RSA { /// the supplied load and save methods for DER formatted keys. pub fn from_public_components(n: BigNum, e: BigNum) -> Result<RSA, ErrorStack> { unsafe { let rsa = RSA(try_ssl_null!(ffi::RSA_new())); try_ssl!(compat::set_key(rsa.0, let rsa = RSA(try!(cvt_p(ffi::RSA_new()))); try!(cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), ptr::null_mut())); ptr::null_mut()))); mem::forget((n, e)); Ok(rsa) } Loading @@ -62,13 +63,13 @@ impl RSA { qi: BigNum) -> Result<RSA, ErrorStack> { unsafe { let rsa = RSA(try_ssl_null!(ffi::RSA_new())); try_ssl!(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr())); let rsa = RSA(try!(cvt_p(ffi::RSA_new()))); try!(cvt(compat::set_key(rsa.0, n.as_ptr(), e.as_ptr(), d.as_ptr()))); mem::forget((n, e, d)); try_ssl!(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr())); try!(cvt(compat::set_factors(rsa.0, p.as_ptr(), q.as_ptr()))); mem::forget((p, q)); try_ssl!(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(), qi.as_ptr())); try!(cvt(compat::set_crt_params(rsa.0, dp.as_ptr(), dq.as_ptr(), qi.as_ptr()))); mem::forget((dp, dq, qi)); Ok(rsa) } Loading @@ -83,12 +84,9 @@ impl RSA { /// The public exponent will be 65537. pub fn generate(bits: u32) -> Result<RSA, ErrorStack> { unsafe { let rsa = try_ssl_null!(ffi::RSA_new()); let rsa = RSA(rsa); let rsa = RSA(try!(cvt_p(ffi::RSA_new()))); let e = try!(BigNum::new_from(ffi::RSA_F4 as u32)); try_ssl!(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut())); try!(cvt(ffi::RSA_generate_key_ex(rsa.0, bits as c_int, e.as_ptr(), ptr::null_mut()))); Ok(rsa) } } Loading @@ -97,10 +95,10 @@ impl RSA { pub fn private_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> { let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(RSA(rsa)) } } Loading @@ -114,11 +112,10 @@ impl RSA { unsafe { let cb_ptr = &mut cb as *mut _ as *mut c_void; let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.as_ptr(), ptr::null_mut(), Some(invoke_passwd_cb::<F>), cb_ptr)); cb_ptr))); Ok(RSA(rsa)) } } Loading @@ -127,10 +124,10 @@ impl RSA { pub fn public_key_from_pem(buf: &[u8]) -> Result<RSA, ErrorStack> { let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let rsa = try_ssl_null!(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(), let rsa = try!(cvt_p(ffi::PEM_read_bio_RSA_PUBKEY(mem_bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut())); ptr::null_mut()))); Ok(RSA(rsa)) } } Loading @@ -140,13 +137,13 @@ impl RSA { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), try!(cvt(ffi::PEM_write_bio_RSAPrivateKey(mem_bio.as_ptr(), self.0, ptr::null(), ptr::null_mut(), 0, None, ptr::null_mut())); ptr::null_mut()))); } Ok(mem_bio.get_buf().to_owned()) } Loading @@ -156,93 +153,113 @@ impl RSA { let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0)) }; try!(cvt(ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.as_ptr(), self.0))); } Ok(mem_bio.get_buf().to_owned()) } pub fn size(&self) -> Option<u32> { if self.n().is_some() { unsafe { Some(ffi::RSA_size(self.0) as u32) } } else { None pub fn size(&self) -> usize { unsafe { assert!(self.n().is_some()); ffi::RSA_size(self.0) as usize } } /** * Decrypts data with the private key, using provided padding, returning the decrypted data. */ pub fn private_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { /// Decrypts data using the private key, returning the number of decrypted bytes. /// /// # Panics /// /// Panics if `self` has no private components, or if `to` is smaller /// than `self.size()`. pub fn private_decrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut to: Vec<u8> = vec![0; k_len as usize]; assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_private_decrypt(from.len() as i32, let len = try!(cvt_n(ffi::RSA_private_decrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); to.truncate(enc_len as usize); Ok(to) padding.0))); Ok(len as usize) } } /** * Encrypts data with the private key, using provided padding, returning the encrypted data. */ pub fn private_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { /// Encrypts data using the private key, returning the number of encrypted bytes. /// /// # Panics /// /// Panics if `self` has no private components, or if `to` is smaller /// than `self.size()`. pub fn private_encrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut to:Vec<u8> = vec![0; k_len as usize]; assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_private_encrypt(from.len() as c_int, let len = try!(cvt_n(ffi::RSA_private_encrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); assert!(enc_len as u32 == k_len); Ok(to) padding.0))); Ok(len as usize) } } /** * Decrypts data with the public key, using provided padding, returning the decrypted data. */ pub fn public_decrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { let k_len = self.size().expect("RSA missing an n"); let mut to: Vec<u8> = vec![0; k_len as usize]; /// Decrypts data using the public key, returning the number of decrypted bytes. /// /// # Panics /// /// Panics if `to` is smaller than `self.size()`. pub fn public_decrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_public_decrypt(from.len() as i32, let len = try!(cvt_n(ffi::RSA_public_decrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); to.truncate(enc_len as usize); Ok(to) padding.0))); Ok(len as usize) } } /** * Encrypts data with the public key, using provided padding, returning the encrypted data. */ pub fn public_encrypt(&self, from: &[u8], padding: Padding) -> Result<Vec<u8>, ErrorStack> { let k_len = self.size().expect("RSA missing an n"); let mut to:Vec<u8> = vec![0; k_len as usize]; /// Encrypts data using the private key, returning the number of encrypted bytes. /// /// # Panics /// /// Panics if `to` is smaller than `self.size()`. pub fn public_encrypt(&self, from: &[u8], to: &mut [u8], padding: Padding) -> Result<usize, ErrorStack> { assert!(from.len() <= i32::max_value() as usize); assert!(to.len() >= self.size()); unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_public_encrypt(from.len() as c_int, let len = try!(cvt_n(ffi::RSA_public_encrypt(from.len() as c_int, from.as_ptr(), to.as_mut_ptr(), self.0, padding.0)); assert!(enc_len as u32 == k_len); Ok(to) padding.0))); Ok(len as usize) } } Loading Loading @@ -424,16 +441,17 @@ mod test { let key = include_bytes!("../../test/rsa.pem.pub"); let public_key = RSA::public_key_from_pem(key).unwrap(); let original_data: Vec<u8> = "This is test".to_string().into_bytes(); let result = public_key.public_encrypt(&original_data, Padding::pkcs1()).unwrap(); assert_eq!(result.len(), 256); let mut result = vec![0; public_key.size()]; let original_data = b"This is test"; let len = public_key.public_encrypt(original_data, &mut result, Padding::pkcs1()).unwrap(); assert_eq!(len, 256); let pkey = include_bytes!("../../test/rsa.pem"); let private_key = RSA::private_key_from_pem(pkey).unwrap(); let dec_result = private_key.private_decrypt(&result, Padding::pkcs1()).unwrap(); let mut dec_result = vec![0; private_key.size()]; let len = private_key.private_decrypt(&result, &mut dec_result, Padding::pkcs1()).unwrap(); assert_eq!(dec_result, original_data); assert_eq!(&dec_result[..len], original_data); } #[test] Loading @@ -442,37 +460,28 @@ mod test { let k0pkey = k0.public_key_to_pem().unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let emsg = k0.private_encrypt(&msg, Padding::pkcs1()).unwrap(); let dmsg = k1.public_decrypt(&emsg, Padding::pkcs1()).unwrap(); assert!(msg == dmsg); let mut emesg = vec![0; k0.size()]; k0.private_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap(); assert_eq!(msg, &dmesg[..len]); } #[test] fn test_public_encrypt() { let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let emsg = k1.public_encrypt(&msg, Padding::pkcs1_oaep()).unwrap(); let dmsg = k0.private_decrypt(&emsg, Padding::pkcs1_oaep()).unwrap(); assert!(msg == dmsg); } #[test] fn test_public_encrypt_pkcs() { let k0 = super::RSA::generate(512).unwrap(); let k0pkey = k0.public_key_to_pem().unwrap(); let k1 = super::RSA::public_key_from_pem(&k0pkey).unwrap(); let k0pkey = k0.private_key_to_pem().unwrap(); let k1 = super::RSA::private_key_from_pem(&k0pkey).unwrap(); let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); let msg = vec![0xdeu8, 0xadu8, 0xd0u8, 0x0du8]; let emsg = k1.public_encrypt(&msg, super::Padding::pkcs1()).unwrap(); let dmsg = k0.private_decrypt(&emsg, super::Padding::pkcs1()).unwrap(); assert!(msg == dmsg); let mut emesg = vec![0; k0.size()]; k0.public_encrypt(&msg, &mut emesg, Padding::pkcs1()).unwrap(); let mut dmesg = vec![0; k1.size()]; let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::pkcs1()).unwrap(); assert_eq!(msg, &dmesg[..len]); } }
