diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 85e819512696f7e87f14ddda4e1e9adf56f8817a..b6f558320720474999e54d6b22b075c78fd9d4e0 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -627,6 +627,12 @@ extern "C" { callback: Option, user_data: *mut c_void) -> c_int; pub fn PEM_write_bio_PUBKEY(bp: *mut BIO, x: *mut EVP_PKEY) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey(bp: *mut BIO, rsa: *mut RSA, cipher: *const EVP_CIPHER, + kstr: *mut c_char, klen: c_int, + callback: Option, + user_data: *mut c_void) -> c_int; + pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *mut RSA) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: *mut RSA) -> c_int; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: *mut X509_REQ) -> c_int; diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 6fcb5b07250856c4c545c1f72fcb8e9fa62d80fb..021d450ba68e4c2411b7c3b9bbee16d4d2e9cf0d 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -2,10 +2,11 @@ use ffi; use std::fmt; use ssl::error::{SslError, StreamError}; use std::ptr; -use std::io::{self, Read}; +use std::io::{self, Read, Write}; use bn::BigNum; use bio::MemBio; +use nid::Nid; pub struct RSA(*mut ffi::RSA); @@ -28,6 +29,21 @@ impl RSA { Ok(RSA(rsa)) } } + + pub fn from_private_components(n: BigNum, e: BigNum, d: BigNum, p: BigNum, q: BigNum, dp: BigNum, dq: BigNum, qi: BigNum) -> Result { + unsafe { + let rsa = try_ssl_null!(ffi::RSA_new()); + (*rsa).n = n.into_raw(); + (*rsa).e = e.into_raw(); + (*rsa).d = d.into_raw(); + (*rsa).p = p.into_raw(); + (*rsa).q = q.into_raw(); + (*rsa).dmp1 = dp.into_raw(); + (*rsa).dmq1 = dq.into_raw(); + (*rsa).iqmp = qi.into_raw(); + Ok(RSA(rsa)) + } + } /// the caller should assert that the rsa pointer is valid. pub unsafe fn from_raw(rsa: *mut ffi::RSA) -> RSA { @@ -49,6 +65,25 @@ impl RSA { Ok(RSA(rsa)) } } + + /// Writes an RSA private key as unencrypted PEM formatted data + pub fn private_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> + where W: Write + { + let mut mem_bio = try!(MemBio::new()); + + let result = unsafe { + ffi::PEM_write_bio_RSAPrivateKey(mem_bio.get_handle(), self.0, ptr::null(), ptr::null_mut(), 0, None, ptr::null_mut()) + }; + + if result == 1 { + try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); + + Ok(()) + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } /// Reads an RSA public key from PEM formatted data. pub fn public_key_from_pem(reader: &mut R) -> Result @@ -65,6 +100,60 @@ impl RSA { Ok(RSA(rsa)) } } + + /// Writes an RSA public key as PEM formatted data + pub fn public_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> + where W: Write + { + let mut mem_bio = try!(MemBio::new()); + + let result = unsafe { + ffi::PEM_write_bio_RSA_PUBKEY(mem_bio.get_handle(), self.0) + }; + + if result == 1 { + try!(io::copy(&mut mem_bio, writer).map_err(StreamError)); + + Ok(()) + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + + pub fn size(&self) -> Result { + if self.has_n() { + unsafe { + Ok(ffi::RSA_size(self.0) as u32) + } + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + + pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result, SslError> { + let k_len = try!(self.size()); + let mut sig = vec![0;k_len as usize]; + let mut sig_len = k_len; + + unsafe { + let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0); + assert!(sig_len == k_len); + + if result == 1 { + Ok(sig) + } else { + Err(SslError::OpenSslErrors(vec![])) + } + } + } + + pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result { + unsafe { + let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0); + + Ok(result == 1) + } + } pub fn as_ptr(&self) -> *mut ffi::RSA { self.0 @@ -119,3 +208,72 @@ impl fmt::Debug for RSA { write!(f, "RSA") } } + +#[cfg(test)] +mod test { + use nid; + use std::fs::File; + use std::io::Write; + use super::*; + use crypto::hash::*; + + fn signing_input_rs256() -> Vec { + vec![101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, + 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, + 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72, + 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68, + 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, + 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, + 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, + 99, 110, 86, 108, 102, 81] + } + + fn signature_rs256() -> Vec { + vec![112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, + 243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, + 131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81, + 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69, + 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, + 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, + 16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, + 190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244, + 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1, + 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, + 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, + 177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, + 173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157, + 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69, + 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, + 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, + 193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, + 251, 71] + } + + #[test] + pub fn test_sign() { + let mut buffer = File::open("test/rsa.pem").unwrap(); + let private_key = RSA::private_key_from_pem(&mut buffer).unwrap(); + + let mut sha = Hasher::new(Type::SHA256); + sha.write_all(&signing_input_rs256()).unwrap(); + let digest = sha.finish(); + + let result = private_key.sign(nid::Nid::SHA256, &digest).unwrap(); + + assert_eq!(result, signature_rs256()); + } + + #[test] + pub fn test_verify() { + let mut buffer = File::open("test/rsa.pem.pub").unwrap(); + let public_key = RSA::public_key_from_pem(&mut buffer).unwrap(); + + let mut sha = Hasher::new(Type::SHA256); + sha.write_all(&signing_input_rs256()).unwrap(); + let digest = sha.finish(); + + let result = public_key.verify(nid::Nid::SHA256, &digest, &signature_rs256()).unwrap(); + + assert!(result); + } +} \ No newline at end of file diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs index bfcae15aa097a844affbc860c866f89bae8f5b1a..21ef18e0be45df28a98214c8b4eabd182101498c 100644 --- a/openssl/src/nid.rs +++ b/openssl/src/nid.rs @@ -2,7 +2,7 @@ #[derive(Copy, Clone, Hash, PartialEq, Eq)] #[repr(usize)] pub enum Nid { - Undefined, + Undefined, // 0 Rsadsi, Pkcs, MD2, @@ -12,7 +12,7 @@ pub enum Nid { RsaEncryption, RSA_MD2, RSA_MD5, - PBE_MD2_DES, + PBE_MD2_DES, // 10 X500, x509, CN, @@ -22,7 +22,7 @@ pub enum Nid { O, OU, RSA, - Pkcs7, + Pkcs7, // 20 Pkcs7_data, Pkcs7_signedData, Pkcs7_envelopedData, @@ -32,7 +32,7 @@ pub enum Nid { Pkcs3, DhKeyAgreement, DES_ECB, - DES_CFB, + DES_CFB, // 30 DES_CBC, DES_EDE, DES_EDE3, @@ -42,7 +42,7 @@ pub enum Nid { RC2_CBC, RC2_ECB, RC2_CFB, - RC2_OFB, + RC2_OFB, // 40 SHA, RSA_SHA, DES_EDE_CBC, @@ -52,7 +52,7 @@ pub enum Nid { Pkcs9, Email, UnstructuredName, - ContentType, + ContentType, // 50 MessageDigest, SigningTime, CounterSignature, @@ -62,7 +62,7 @@ pub enum Nid { Netscape, NetscapeCertExtention, NetscapeDatatype, - DES_EDE_CFB64, + DES_EDE_CFB64, // 60 DES_EDE3_CFB64, DES_EDE_OFB64, DES_EDE3_OFB64, @@ -72,7 +72,7 @@ pub enum Nid { DSA_OLD, PBE_SHA1_RC2_64, PBKDF2, - DSA_SHA1_OLD, + DSA_SHA1_OLD, // 70 NetscapeCertType, NetscapeBaseUrl, NetscapeRevocationUrl, @@ -82,7 +82,7 @@ pub enum Nid { NetscapeSSLServerName, NetscapeComment, NetscapeCertSequence, - DESX_CBC, + DESX_CBC, // 80 ID_CE, SubjectKeyIdentifier, KeyUsage, @@ -92,7 +92,7 @@ pub enum Nid { BasicConstraints, CrlNumber, CertificatePolicies, - AuthorityKeyIdentifier, + AuthorityKeyIdentifier, // 90 BF_CBC, BF_ECB, BF_CFB, @@ -102,7 +102,7 @@ pub enum Nid { RC4_40, RC2_40_CBC, G, - S, + S, // 100 I, /// uniqueIdentifier UID, @@ -113,7 +113,7 @@ pub enum Nid { D, CAST5_CBC, CAST5_ECB, - CAST5_CFB, + CAST5_CFB, // 110 CAST5_OFB, PbeWithMD5AndCast5CBC, DSA_SHA1, @@ -123,7 +123,7 @@ pub enum Nid { RIPEMD160, // 118 missing RSA_RIPEMD160 = 119, - RC5_CBC, + RC5_CBC, // 120 RC5_ECB, RC5_CFB, RC5_OFB, @@ -133,7 +133,7 @@ pub enum Nid { PKIX, ID_KP, ServerAuth, - ClientAuth, + ClientAuth, // 130 CodeSigning, EmailProtection, TimeStamping, @@ -143,7 +143,7 @@ pub enum Nid { MsSGC, MsEFS, NsSGC, - DeltaCRL, + DeltaCRL, // 140 CRLReason, InvalidityDate, SXNetID, @@ -153,7 +153,7 @@ pub enum Nid { PBE_SHA1_2DES, PBE_SHA1_RC2_128, PBE_SHA1_RC2_40, - KeyBag, + KeyBag, // 150 Pkcs8ShroudedKeyBag, CertBag, CrlBag, @@ -163,7 +163,7 @@ pub enum Nid { LocalKeyID, X509Certificate, SdsiCertificate, - X509Crl, + X509Crl, // 160 PBES2, PBMAC1, HmacWithSha1, @@ -171,6 +171,28 @@ pub enum Nid { ID_QT_UNOTICE, RC2_64_CBC, SMIMECaps, + PBE_MD2_RC2_64, + PBE_MD5_RC2_64, + PBE_SHA1_DES, + MicrosoftExtensionRequest, + ExtensionRequest, + Name, + DnQualifier, + IdPe, + IdAd, + AuthorityInfoAccess, + OCSP, + CaIssuers, + OCSPSigning, // 180 + + // 181 and up are from openssl's obj_mac.h + + /// Shown as UID in cert subject - UserId = 458 + UserId = 458, + + + SHA256 = 672, + SHA384, + SHA512, } diff --git a/openssl/test/rsa.pem b/openssl/test/rsa.pem new file mode 100644 index 0000000000000000000000000000000000000000..d8185fed6691aed6f339267a38dd87eac791cd46 --- /dev/null +++ b/openssl/test/rsa.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd/wWJcyQoTbji9k0 +l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL+yRT+SFd2lZS+pC +gNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb/7OMg0LOL+bSf63kpaSHSX +ndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uD +Zlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxXFvUK+DWNmoudF8NAco9/h9iaGNj8 +q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQIDAQABAoIBABKucaRpzQorw35S +bEUAVx8dYXUdZOlJcHtiWQ+dC6V8ljxAHj/PLyzTveyI5QO/xkObCyjIL303l2cf +UhPu2MFaJdjVzqACXuOrLot/eSFvxjvqVidTtAZExqFRJ9mylUVAoLvhowVWmC1O +n95fZCXxTUtxNEG1Xcc7m0rtzJKs45J+N/V9DP1edYH6USyPSWGp6wuA+KgHRnKK +Vf9GRx80JQY7nVNkL17eHoTWEwga+lwi0FEoW9Y7lDtWXYmKBWhUE+U8PGxlJf8f +40493HDw1WRQ/aSLoS4QTp3rn7gYgeHEvfJdkkf0UMhlknlo53M09EFPdadQ4TlU +bjqKc50CgYEA4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH/5IB3jw3bcxGn6QLvnE +tfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw/Py5PJdTJNPY8cQn7ouZ2KKDcmnPG +BY5t7yLc1QlQ5xHdwW1VhvKn+nXqhJTBgIPgtldC+KDV5z+y2XDwGUcCgYEAuQPE +fgmVtjL0Uyyx88GZFF1fOunH3+7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYs +p1ZSe7zFYHj7C6ul7TjeLQeZD/YwD66t62wDmpe/HlB+TnBA+njbglfIsRLtXlnD +zQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdcCgYAHAp9XcCSrn8wVkMVkKdb7 +DOX4IKjzdahm+ctDAJN4O/y7OW5FKebvUjdAIt2GuoTZ71iTG+7F0F+lP88jtjP4 +U4qe7VHoewl4MKOfXZKTe+YCS1XbNvfgwJ3Ltyl1OH9hWvu2yza7q+d5PCsDzqtm +27kxuvULVeya+TEdAB1ijQKBgQCH/3r6YrVH/uCWGy6bzV1nGNOdjKc9tmkfOJmN +54dxdixdpozCQ6U4OxZrsj3FcOhHBsqAHvX2uuYjagqvo3cOj1TRqNocX40omfCC +Mx3bD1yPPf/6TI2XECva/ggqEY2mYzmIiA5LVVmc5nrybr+lssFKneeyxN2Wq93S +0iJMdQKBgCGHewxzoa1r8ZMD0LETNrToK423K377UCYqXfg5XMclbrjPbEC3YI1Z +NqMtuhdBJqUnBi6tjKMF+34Xf0CUN8ncuXGO2CAYvO8PdyCixHX52ybaDjy1FtCE +6yUXjoKNXKvUm7MWGsAYH6f4IegOetN5NvmUMFStCSkh7ixZLkN1 +-----END RSA PRIVATE KEY----- diff --git a/openssl/test/rsa.pem.pub b/openssl/test/rsa.pem.pub new file mode 100644 index 0000000000000000000000000000000000000000..093f2ba12a50ef91b9770d7524b48e6e6d195b14 --- /dev/null +++ b/openssl/test/rsa.pem.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgWCuLjybRlzo0tZWJj +NiuSfb4p4fAkd/wWJcyQoTbji9k0l8W26mPddxHmfHQp+Vaw+4qPCJrcS2mJPMEz +P1Pt0Bm4d4QlL+yRT+SFd2lZS+pCgNMsD1W/YpRPEwOWvG6b32690r2jZ47soMZo +9wGzjb/7OMg0LOL+bSf63kpaSHSXndS5z5rexMdbBYUsLA9e+KXBdQOS+UTo7WTB +EMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6/I5IhlJH7aGhyxX +FvUK+DWNmoudF8NAco9/h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXp +oQIDAQAB +-----END PUBLIC KEY-----