Adds more functions to `Verifier`/`Signer` for RSA keys

author: Bastian Köcher <git@kchr.de> 2018-03-07 20:43:28 +0100
committer: Bastian Köcher <git@kchr.de> 2018-03-07 20:43:28 +0100
commit: 724dd6f830d64de6fc1e6f55b8b0a9f630d928f5 (patch)
tree: 83a172194bebc1ebea84fe536000a5d1e8462f64 /openssl/src/sign.rs
parent: 84a5ce76079ab210272be3da49c93ebd5ab75524 (diff)
download: rust-openssl-724dd6f830d64de6fc1e6f55b8b0a9f630d928f5.zip
1 files changed, 87 insertions, 0 deletions
diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs
index a61d883b..9de9bcf7 100644
--- a/openssl/src/sign.rs
+++ b/openssl/src/sign.rs
@@ -66,6 +66,7 @@ use foreign_types::ForeignTypeRef;
 use std::io::{self, Write};
 use std::marker::PhantomData;
 use std::ptr;
+use libc::c_int;
 
 use {cvt, cvt_p};
 use hash::MessageDigest;
@@ -160,6 +161,38 @@ impl<'a> Signer<'a> {
         }
     }
 
+    /// Sets the RSA PSS salt length.
+    ///
+    /// This is only useful for RSA keys.
+    ///
+    /// This corresponds to [`EVP_PKEY_CTX_set_rsa_pss_saltlen`].
+    ///
+    /// [`EVP_PKEY_CTX_set_rsa_pss_saltlen`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_rsa_pss_saltlen.html
+    pub fn set_rsa_pss_saltlen(&mut self, len: c_int) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_CTX_set_rsa_pss_saltlen(
+                self.pctx,
+                len,
+            )).map(|_| ())
+        }
+    }
+
+    /// Sets the RSA MGF1 algorithm.
+    ///
+    /// This is only useful for RSA keys.
+    ///
+    /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`].
+    ///
+    /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html
+    pub fn set_rsa_mgf1_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_CTX_set_rsa_mgf1_md(
+                self.pctx,
+                md.as_ptr() as *mut _,
+            )).map(|_| ())
+        }
+    }
+
     /// Feeds more data into the `Signer`.
     ///
     /// OpenSSL documentation at [`EVP_DigestUpdate`].
@@ -320,6 +353,38 @@ impl<'a> Verifier<'a> {
         }
     }
 
+    /// Sets the RSA PSS salt length.
+    ///
+    /// This is only useful for RSA keys.
+    ///
+    /// This corresponds to [`EVP_PKEY_CTX_set_rsa_pss_saltlen`].
+    ///
+    /// [`EVP_PKEY_CTX_set_rsa_pss_saltlen`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_rsa_pss_saltlen.html
+    pub fn set_rsa_pss_saltlen(&mut self, len: c_int) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_CTX_set_rsa_pss_saltlen(
+                self.pctx,
+                len,
+            )).map(|_| ())
+        }
+    }
+
+    /// Sets the RSA MGF1 algorithm.
+    ///
+    /// This is only useful for RSA keys.
+    ///
+    /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`].
+    ///
+    /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html
+    pub fn set_rsa_mgf1_md(&mut self, md: MessageDigest) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_CTX_set_rsa_mgf1_md(
+                self.pctx,
+                md.as_ptr() as *mut _,
+            )).map(|_| ())
+        }
+    }
+
     /// Feeds more data into the `Verifier`.
     ///
     /// OpenSSL documentation at [`EVP_DigestUpdate`].
@@ -559,4 +624,26 @@ mod test {
         verifier.update(b"hello world").unwrap();
         assert!(verifier.verify(&signature).unwrap());
     }
+
+    #[test]
+    fn rsa_sign_verify() {
+        let key = include_bytes!("../test/rsa.pem");
+        let private_key = Rsa::private_key_from_pem(key).unwrap();
+        let pkey = PKey::from_rsa(private_key).unwrap();
+
+        let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
+        signer.set_rsa_padding(Padding::PKCS1_PSS).unwrap();
+        assert_eq!(signer.rsa_padding().unwrap(), Padding::PKCS1_PSS);
+        signer.set_rsa_pss_saltlen(-1).unwrap();
+        signer.set_rsa_mgf1_md(MessageDigest::sha256()).unwrap();
+        signer.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
+        let signature = signer.sign_to_vec().unwrap();
+
+        let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
+        verifier.set_rsa_padding(Padding::PKCS1_PSS).unwrap();
+        verifier.set_rsa_pss_saltlen(-1).unwrap();
+        verifier.set_rsa_mgf1_md(MessageDigest::sha256()).unwrap();
+        verifier.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
+        assert!(verifier.verify(&signature).unwrap());
+    }
 }
author	Bastian Köcher <git@kchr.de>	2018-03-07 20:43:28 +0100
committer	Bastian Köcher <git@kchr.de>	2018-03-07 20:43:28 +0100
commit	724dd6f830d64de6fc1e6f55b8b0a9f630d928f5 (patch)
tree	83a172194bebc1ebea84fe536000a5d1e8462f64 /openssl/src/sign.rs
parent	84a5ce76079ab210272be3da49c93ebd5ab75524 (diff)
download	rust-openssl-724dd6f830d64de6fc1e6f55b8b0a9f630d928f5.zip