Merge pull request #5 from erickt/master

mod hash;

mod pkey;

mod symm;

mod pkcs5;

mod rand;

use std;

import core::ptr;

import core::str;

import core::vec;

import libc::c_uint;

export hasher;

export hashtype;

export mk_hasher;

export hash;

export _native;

export md5, sha1, sha224, sha256, sha384, sha512;

iface hasher {

    /*

    Method: init

    Initializes this hasher

    */

    #[doc = "Initializes this hasher"]

    fn init();

    /*

    Method: update

    Update this hasher with more input bytes

    */

    #[doc = "Update this hasher with more input bytes"]

    fn update([u8]);

    /*

    Method: final

    #[doc = "

    Return the digest of all bytes added to this hasher since its last

    initialization

    */

    "]

    fn final() -> [u8];

}

    }

}

fn mk_hasher(ht: hashtype) -> hasher {

fn hasher(ht: hashtype) -> hasher {

    type hasherstate = {

        evp: EVP_MD,

        ctx: EVP_MD_CTX,

    ret h;

}

/*

Function: hash

#[doc = "

Hashes the supplied input data using hash t, returning the resulting hash value

*/

"]

fn hash(t: hashtype, data: [u8]) -> [u8] unsafe {

    let h = mk_hasher(t);

    let h = hasher(t);

    h.init();

    h.update(data);

    ret h.final();

import libc::{c_char, c_uchar, c_int};

#[link_name = "crypto"]

#[abi = "cdecl"]

native mod _native {

    fn PKCS5_PBKDF2_HMAC_SHA1(pass: *c_char, passlen: c_int,

                              salt: *c_uchar, saltlen: c_int,

                              iter: c_int, keylen: c_int,

                              out: *c_uchar) -> c_int;

}

#[doc = "

Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm.

"]

fn pbkdf2_hmac_sha1(pass: str, salt: [u8], iter: uint, keylen: uint) -> [u8] {

    assert iter >= 1u;

    assert keylen >= 1u;

    str::as_c_str(pass) { |pass_buf|

        vec::as_buf(salt) { |salt_buf|

            let mut out = [];

            vec::reserve(out, keylen);

            vec::as_buf(out) { |out_buf|

                let r = _native::PKCS5_PBKDF2_HMAC_SHA1(

                    pass_buf, str::len(pass) as c_int,

                    salt_buf, vec::len(salt) as c_int,

                    iter as c_int, keylen as c_int,

                    out_buf);

                if r != 1 as c_int { fail; }

                unsafe { vec::unsafe::set_len(out, keylen); }

                out

            }

        }

    }

}

#[cfg(test)]

mod tests {

    // Test vectors from

    // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06

    #[test]

    fn test_pbkdf2_hmac_sha1() {

        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 1u, 20u) == [

            0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8,

            0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8,

            0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8

        ];

        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 2u, 20u) == [

            0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8,

            0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8,

            0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8

        ];

        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 4096u,

                                20u) == [

            0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8,

            0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8,

            0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8

        ];

        assert pbkdf2_hmac_sha1("password", str::bytes("salt"), 16777216u,

                                20u) == [

            0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8,

            0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8,

            0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8

        ];

        assert pbkdf2_hmac_sha1(

                "passwordPASSWORDpassword",

                str::bytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"),

                4096u, 25u) == [

            0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8,

            0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8,

            0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8,

            0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8

        ];

       assert pbkdf2_hmac_sha1("pass\x00word", str::bytes("sa\x00lt"), 4096u,

                               16u) == [

            0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8,

            0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8,

            0xe0_u8, 0xc3_u8

        ];

    }

}

import core::ptr;

import core::str;

import core::unsafe;

import core::vec;

import libc::{c_int, c_uint};

export pkeyrole, encrypt, decrypt, sign, verify;

export pkey, mk_pkey;

export pkey;

export _native;

type EVP_PKEY = *libc::c_void;

    both

}

/*

Tag: pkeyrole

Represents a role an asymmetric key might be appropriate for.

*/

#[doc = "Represents a role an asymmetric key might be appropriate for."]

enum pkeyrole {

    encrypt,

    decrypt,

    verify

}

/*

Object: pkey

Represents a public key, optionally with a private key attached.

*/

#[doc = "Represents a public key, optionally with a private key attached."]

iface pkey {

    /*

    Method: save_pub

    #[doc = "

    Returns a serialized form of the public key, suitable for load_pub().

    */

    "]

    fn save_pub() -> [u8];

    /*

    Method: load_pub

    #[doc = "

    Loads a serialized form of the public key, as produced by save_pub().

    */

    "]

    fn load_pub(s: [u8]);

    /*

    Method: save_priv

    #[doc = "

    Returns a serialized form of the public and private keys, suitable for

    load_priv().

    */

    "]

    fn save_priv() -> [u8];

    /*

    Method: load_priv

    #[doc = "

    Loads a serialized form of the public and private keys, as produced by

    save_priv().

    */

    "]

    fn load_priv(s: [u8]);

    /*

    Method: size()

    Returns the size of the public key modulus.

    */

    #[doc = "Returns the size of the public key modulus."]

    fn size() -> uint;

    /*

    Method: gen()

    Generates a public/private keypair of the specified size.

    */

    #[doc = "Generates a public/private keypair of the specified size."]

    fn gen(keysz: uint);

    /*

    Method: can()

    #[doc = "

    Returns whether this pkey object can perform the specified role.

    */

    "]

    fn can(role: pkeyrole) -> bool;

    /*

    Method: max_data()

    #[doc = "

    Returns the maximum amount of data that can be encrypted by an encrypt()

    call.

    */

    "]

    fn max_data() -> uint;

    /*

    Method: encrypt()

    #[doc = "

    Encrypts data using OAEP padding, returning the encrypted data. The supplied

    data must not be larger than max_data().

    */

    "]

    fn encrypt(s: [u8]) -> [u8];

    /*

    Method: decrypt()

    #[doc = "

    Decrypts data, expecting OAEP padding, returning the decrypted data.

    */

    "]

    fn decrypt(s: [u8]) -> [u8];

    /*

    Method: sign()

    #[doc = "

    Signs data, using OpenSSL's default scheme and sha256. Unlike encrypt(), can

    process an arbitrary amount of data; returns the signature.

    */

    "]

    fn sign(s: [u8]) -> [u8];

    /*

    Method: verify()

    #[doc = "

    Verifies a signature s (using OpenSSL's default scheme and sha256) on a

    message m. Returns true if the signature is valid, and false otherwise.

    */

    "]

    fn verify(m: [u8], s: [u8]) -> bool;

}

    unsafe::reinterpret_cast::<*ANYKEY, *RSA>(anykey)

}

fn mk_pkey() -> pkey {

fn pkey() -> pkey {

    type pkeystate = {

        mut evp: *EVP_PKEY,

        mut parts: pkeyparts

mod tests {

    #[test]

    fn test_gen_pub() {

        let k0 = mk_pkey();

        let k1 = mk_pkey();

        let k0 = pkey();

        let k1 = pkey();

        k0.gen(512u);

        k1.load_pub(k0.save_pub());

        assert(k0.save_pub() == k1.save_pub());

    #[test]

    fn test_gen_priv() {

        let k0 = mk_pkey();

        let k1 = mk_pkey();

        let k0 = pkey();

        let k1 = pkey();

        k0.gen(512u);

        k1.load_priv(k0.save_priv());

        assert(k0.save_priv() == k1.save_priv());

    #[test]

    fn test_encrypt() {

        let k0 = mk_pkey();

        let k1 = mk_pkey();

        let k0 = pkey();

        let k1 = pkey();

        let msg: [u8] = [0xdeu8, 0xadu8, 0xd0u8, 0x0du8];

        k0.gen(512u);

        k1.load_pub(k0.save_pub());

    #[test]

    fn test_sign() {

        let k0 = mk_pkey();

        let k1 = mk_pkey();

        let k0 = pkey();

        let k1 = pkey();

        let msg: [u8] = [0xdeu8, 0xadu8, 0xd0u8, 0x0du8];

        k0.gen(512u);

        k1.load_pub(k0.save_pub());

import libc::{c_uchar, c_int};

#[link_name = "crypto"]

#[abi = "cdecl"]

native mod _native {

    fn RAND_bytes(buf: *c_uchar, num: c_int) -> c_int;

}

fn rand_bytes(len: uint) -> [u8] {

    let mut out = [];

    vec::reserve(out, len);

    vec::as_buf(out) { |out_buf|

        let r = _native::RAND_bytes(out_buf, len as c_int);

        if r != 1 as c_int { fail }

        unsafe { vec::unsafe::set_len(out, len); }

        out

    }

}

#[cfg(test)]

mod tests {

    #[test]

    fn test_rand_bytes() {

        let _bytes = rand_bytes(5u);

    }

}