From 50648b7dac92200f5fb3d32422061e78404649c2 Mon Sep 17 00:00:00 2001 From: Andrei Oprisan Date: Fri, 7 Oct 2016 10:01:16 +0300 Subject: [PATCH] Removed max_size; removed all encrypt/decrypt methods except private/public encrypt/decrypt which take the padding --- openssl/src/crypto/rsa.rs | 95 +++++++++++---------------------------- 1 file changed, 26 insertions(+), 69 deletions(-) diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index e0d8e7eae..da2e1c79b 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -20,7 +20,7 @@ pub enum EncryptionPadding { } impl EncryptionPadding { - pub fn openssl_padding_code(&self) -> c_int { + fn openssl_padding_code(&self) -> c_int { match self { &EncryptionPadding::NoPadding => ffi::RSA_NO_PADDING, &EncryptionPadding::OAEP => ffi::RSA_PKCS1_OAEP_PADDING, @@ -180,12 +180,10 @@ impl RSA { } } - pub fn max_data(&self) -> Option { - // 41 comes from RSA_public_encrypt(3) for OAEP - self.size().map(|len| len - 41) - } - - pub fn private_decrypt_with_padding(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { + /** + * Decrypts data with the private key, using provided padding, returning the decrypted data. + */ + pub fn private_decrypt(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut to: Vec = vec![0; k_len as usize]; @@ -201,13 +199,14 @@ impl RSA { } } - pub fn private_encrypt_with_padding(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { + /** + * Encrypts data with the private key, using provided padding, returning the encrypted data. + */ + pub fn private_encrypt(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut to:Vec = vec![0; k_len as usize]; - assert!(from.len() < self.max_data().unwrap_or_else(|| 0) as usize); - unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_private_encrypt(from.len() as c_int, from.as_ptr(), @@ -220,7 +219,10 @@ impl RSA { } } - pub fn public_decrypt_with_padding(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { + /** + * Decrypts data with the public key, using provided padding, returning the decrypted data. + */ + pub fn public_decrypt(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { let k_len = self.size().expect("RSA missing an n"); let mut to: Vec = vec![0; k_len as usize]; @@ -235,12 +237,13 @@ impl RSA { } } - pub fn public_encrypt_with_padding(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { + /** + * Encrypts data with the public key, using provided padding, returning the encrypted data. + */ + pub fn public_encrypt(&self, from: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { let k_len = self.size().expect("RSA missing an n"); let mut to:Vec = vec![0; k_len as usize]; - assert!(from.len() < self.max_data().unwrap_or_else(|| 0) as usize); - unsafe { let enc_len = try_ssl_returns_size!(ffi::RSA_public_encrypt(from.len() as c_int, from.as_ptr(), @@ -253,53 +256,7 @@ impl RSA { } } - /** - * Encrypts data with the public key, using OAEP padding, returning the encrypted data. The - * supplied data must not be larger than max_data(). - */ - pub fn encrypt(&self, s: &[u8]) -> Result, ErrorStack> { self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) } - - /** - * Encrypts data with the public key, using provided padding, returning the encrypted data. The - * supplied data must not be larger than max_data(). - */ - pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { self.public_encrypt_with_padding(s, padding) } - - /** - * Encrypts data with the public key, using OAEP padding, returning the encrypted data. The - * supplied data must not be larger than max_data(). - */ - pub fn public_encrypt(&self, s: &[u8]) -> Result, ErrorStack> { self.public_encrypt_with_padding(s, EncryptionPadding::OAEP) } - - /** - * Decrypts data with the public key, using PKCS1v15 padding, returning the decrypted data. - */ - pub fn public_decrypt(&self, s: &[u8]) -> Result, ErrorStack> { self.public_decrypt_with_padding(s, EncryptionPadding::PKCS1v15) } - - /** - * Decrypts data with the private key, expecting OAEP padding, returning the decrypted data. - */ - pub fn decrypt(&self, s: &[u8]) -> Result, ErrorStack> { self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) } - - /** - * Decrypts data with the private key, using provided padding, returning the encrypted data. The - * supplied data must not be larger than max_data(). - */ - pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Result, ErrorStack> { self.private_decrypt_with_padding(s, padding) } - - /** - * Decrypts data with the private key, expecting OAEP padding, returning the decrypted data. - */ - pub fn private_decrypt(&self, s: &[u8]) -> Result, ErrorStack> { self.private_decrypt_with_padding(s, EncryptionPadding::OAEP) } - - /** - * Encrypts data with the private key, using PKCS1v15 padding, returning the encrypted data. The - * supplied data must not be larger than max_data(). - */ - pub fn private_encrypt(&self, s: &[u8]) -> Result, ErrorStack> { self.private_encrypt_with_padding(s, EncryptionPadding::PKCS1v15) } - - - pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result, ErrorStack> { + pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result, ErrorStack> { assert!(self.d().is_some(), "private components missing"); let k_len = self.size().expect("RSA missing an n"); let mut sig = vec![0; k_len as usize]; @@ -479,13 +436,13 @@ mod test { let public_key = RSA::public_key_from_pem(key).unwrap(); let original_data: Vec = "This is test".to_string().into_bytes(); - let result = public_key.public_encrypt_with_padding(&original_data, EncryptionPadding::PKCS1v15).unwrap(); + let result = public_key.public_encrypt(&original_data, EncryptionPadding::PKCS1v15).unwrap(); assert_eq!(result.len(), 256); let pkey = include_bytes!("../../test/rsa.pem"); let private_key = RSA::private_key_from_pem(pkey).unwrap(); - let dec_result = private_key.private_decrypt_with_padding(&result, EncryptionPadding::PKCS1v15).unwrap(); + let dec_result = private_key.private_decrypt(&result, EncryptionPadding::PKCS1v15).unwrap(); assert_eq!(dec_result, original_data); } @@ -498,8 +455,8 @@ mod test { let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); - let emsg = k0.private_encrypt(&msg).unwrap(); - let dmsg = k1.public_decrypt(&emsg).unwrap(); + let emsg = k0.private_encrypt(&msg, EncryptionPadding::PKCS1v15).unwrap(); + let dmsg = k1.public_decrypt(&emsg, EncryptionPadding::PKCS1v15).unwrap(); assert!(msg == dmsg); } @@ -511,8 +468,8 @@ mod test { let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); - let emsg = k1.public_encrypt(&msg).unwrap(); - let dmsg = k0.private_decrypt(&emsg).unwrap(); + let emsg = k1.public_encrypt(&msg, EncryptionPadding::OAEP).unwrap(); + let dmsg = k0.private_decrypt(&emsg, EncryptionPadding::OAEP).unwrap(); assert!(msg == dmsg); } @@ -524,8 +481,8 @@ mod test { let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8); - let emsg = k1.public_encrypt_with_padding(&msg, super::EncryptionPadding::PKCS1v15).unwrap(); - let dmsg = k0.private_decrypt_with_padding(&emsg, super::EncryptionPadding::PKCS1v15).unwrap(); + let emsg = k1.public_encrypt(&msg, super::EncryptionPadding::PKCS1v15).unwrap(); + let dmsg = k0.private_decrypt(&emsg, super::EncryptionPadding::PKCS1v15).unwrap(); assert!(msg == dmsg); } -- GitLab