summaryrefslogtreecommitdiff
path: root/openssl/src/sign.rs
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/src/sign.rs')
-rw-r--r--openssl/src/sign.rs589
1 files changed, 501 insertions, 88 deletions
diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs
index 279f294d..96ec8f75 100644
--- a/openssl/src/sign.rs
+++ b/openssl/src/sign.rs
@@ -99,11 +99,13 @@ impl<'a> Signer<'a> {
let ctx = try!(cvt_p(EVP_MD_CTX_new()));
let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut();
- let r = ffi::EVP_DigestSignInit(ctx,
- &mut pctx,
- type_.as_ptr(),
- ptr::null_mut(),
- pkey.as_ptr());
+ let r = ffi::EVP_DigestSignInit(
+ ctx,
+ &mut pctx,
+ type_.as_ptr(),
+ ptr::null_mut(),
+ pkey.as_ptr(),
+ );
if r != 1 {
EVP_MD_CTX_free(ctx);
return Err(ErrorStack::get());
@@ -129,16 +131,28 @@ impl<'a> Signer<'a> {
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe {
- cvt(ffi::EVP_DigestUpdate(self.md_ctx, buf.as_ptr() as *const _, buf.len())).map(|_| ())
+ cvt(ffi::EVP_DigestUpdate(
+ self.md_ctx,
+ buf.as_ptr() as *const _,
+ buf.len(),
+ )).map(|_| ())
}
}
pub fn finish(&self) -> Result<Vec<u8>, ErrorStack> {
unsafe {
let mut len = 0;
- try!(cvt(ffi::EVP_DigestSignFinal(self.md_ctx, ptr::null_mut(), &mut len)));
+ try!(cvt(ffi::EVP_DigestSignFinal(
+ self.md_ctx,
+ ptr::null_mut(),
+ &mut len,
+ )));
let mut buf = vec![0; len];
- try!(cvt(ffi::EVP_DigestSignFinal(self.md_ctx, buf.as_mut_ptr() as *mut _, &mut len)));
+ try!(cvt(ffi::EVP_DigestSignFinal(
+ self.md_ctx,
+ buf.as_mut_ptr() as *mut _,
+ &mut len,
+ )));
// The advertised length is not always equal to the real length for things like DSA
buf.truncate(len);
Ok(buf)
@@ -179,11 +193,13 @@ impl<'a> Verifier<'a> {
let ctx = try!(cvt_p(EVP_MD_CTX_new()));
let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut();
- let r = ffi::EVP_DigestVerifyInit(ctx,
- &mut pctx,
- type_.as_ptr(),
- ptr::null_mut(),
- pkey.as_ptr());
+ let r = ffi::EVP_DigestVerifyInit(
+ ctx,
+ &mut pctx,
+ type_.as_ptr(),
+ ptr::null_mut(),
+ pkey.as_ptr(),
+ );
if r != 1 {
EVP_MD_CTX_free(ctx);
return Err(ErrorStack::get());
@@ -209,13 +225,18 @@ impl<'a> Verifier<'a> {
pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
unsafe {
- cvt(ffi::EVP_DigestUpdate(self.md_ctx, buf.as_ptr() as *const _, buf.len())).map(|_| ())
+ cvt(ffi::EVP_DigestUpdate(
+ self.md_ctx,
+ buf.as_ptr() as *const _,
+ buf.len(),
+ )).map(|_| ())
}
}
pub fn finish(&self, signature: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
- let r = EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *const _, signature.len());
+ let r =
+ EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *const _, signature.len());
match r {
1 => Ok(true),
0 => {
@@ -244,10 +265,11 @@ use ffi::EVP_DigestVerifyFinal;
#[cfg(ossl101)]
#[allow(bad_style)]
-unsafe fn EVP_DigestVerifyFinal(ctx: *mut ffi::EVP_MD_CTX,
- sigret: *const ::libc::c_uchar,
- siglen: ::libc::size_t)
- -> ::libc::c_int {
+unsafe fn EVP_DigestVerifyFinal(
+ ctx: *mut ffi::EVP_MD_CTX,
+ sigret: *const ::libc::c_uchar,
+ siglen: ::libc::size_t,
+) -> ::libc::c_int {
ffi::EVP_DigestVerifyFinal(ctx, sigret as *mut _, siglen)
}
@@ -264,29 +286,382 @@ mod test {
use dsa::Dsa;
use pkey::PKey;
- static INPUT: &'static [u8] =
- &[101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57,
- 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48,
- 75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107,
- 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121, 57,
- 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99, 49, 57,
- 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81];
-
- static SIGNATURE: &'static [u8] =
- &[112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174,
- 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60, 150,
- 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16,
- 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, 61,
- 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129, 96,
- 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111, 36,
- 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142,
- 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, 253, 228,
- 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163, 204, 60, 46,
- 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56,
- 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69,
- 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, 234, 86, 222, 64,
- 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160, 112, 223, 200, 163,
- 42, 70, 149, 67, 208, 25, 238, 251, 71];
+ static INPUT: &'static [u8] = &[
+ 101,
+ 121,
+ 74,
+ 104,
+ 98,
+ 71,
+ 99,
+ 105,
+ 79,
+ 105,
+ 74,
+ 83,
+ 85,
+ 122,
+ 73,
+ 49,
+ 78,
+ 105,
+ 74,
+ 57,
+ 46,
+ 101,
+ 121,
+ 74,
+ 112,
+ 99,
+ 51,
+ 77,
+ 105,
+ 79,
+ 105,
+ 74,
+ 113,
+ 98,
+ 50,
+ 85,
+ 105,
+ 76,
+ 65,
+ 48,
+ 75,
+ 73,
+ 67,
+ 74,
+ 108,
+ 101,
+ 72,
+ 65,
+ 105,
+ 79,
+ 106,
+ 69,
+ 122,
+ 77,
+ 68,
+ 65,
+ 52,
+ 77,
+ 84,
+ 107,
+ 122,
+ 79,
+ 68,
+ 65,
+ 115,
+ 68,
+ 81,
+ 111,
+ 103,
+ 73,
+ 109,
+ 104,
+ 48,
+ 100,
+ 72,
+ 65,
+ 54,
+ 76,
+ 121,
+ 57,
+ 108,
+ 101,
+ 71,
+ 70,
+ 116,
+ 99,
+ 71,
+ 120,
+ 108,
+ 76,
+ 109,
+ 78,
+ 118,
+ 98,
+ 83,
+ 57,
+ 112,
+ 99,
+ 49,
+ 57,
+ 121,
+ 98,
+ 50,
+ 57,
+ 48,
+ 73,
+ 106,
+ 112,
+ 48,
+ 99,
+ 110,
+ 86,
+ 108,
+ 102,
+ 81,
+ ];
+
+ static SIGNATURE: &'static [u8] = &[
+ 112,
+ 46,
+ 33,
+ 137,
+ 67,
+ 232,
+ 143,
+ 209,
+ 30,
+ 181,
+ 216,
+ 45,
+ 191,
+ 120,
+ 69,
+ 243,
+ 65,
+ 6,
+ 174,
+ 27,
+ 129,
+ 255,
+ 247,
+ 115,
+ 17,
+ 22,
+ 173,
+ 209,
+ 113,
+ 125,
+ 131,
+ 101,
+ 109,
+ 66,
+ 10,
+ 253,
+ 60,
+ 150,
+ 238,
+ 221,
+ 115,
+ 162,
+ 102,
+ 62,
+ 81,
+ 102,
+ 104,
+ 123,
+ 0,
+ 11,
+ 135,
+ 34,
+ 110,
+ 1,
+ 135,
+ 237,
+ 16,
+ 115,
+ 249,
+ 69,
+ 229,
+ 130,
+ 173,
+ 252,
+ 239,
+ 22,
+ 216,
+ 90,
+ 121,
+ 142,
+ 232,
+ 198,
+ 109,
+ 219,
+ 61,
+ 184,
+ 151,
+ 91,
+ 23,
+ 208,
+ 148,
+ 2,
+ 190,
+ 237,
+ 213,
+ 217,
+ 217,
+ 112,
+ 7,
+ 16,
+ 141,
+ 178,
+ 129,
+ 96,
+ 213,
+ 248,
+ 4,
+ 12,
+ 167,
+ 68,
+ 87,
+ 98,
+ 184,
+ 31,
+ 190,
+ 127,
+ 249,
+ 217,
+ 46,
+ 10,
+ 231,
+ 111,
+ 36,
+ 242,
+ 91,
+ 51,
+ 187,
+ 230,
+ 244,
+ 74,
+ 230,
+ 30,
+ 177,
+ 4,
+ 10,
+ 203,
+ 32,
+ 4,
+ 77,
+ 62,
+ 249,
+ 18,
+ 142,
+ 212,
+ 1,
+ 48,
+ 121,
+ 91,
+ 212,
+ 189,
+ 59,
+ 65,
+ 238,
+ 202,
+ 208,
+ 102,
+ 171,
+ 101,
+ 25,
+ 129,
+ 253,
+ 228,
+ 141,
+ 247,
+ 127,
+ 55,
+ 45,
+ 195,
+ 139,
+ 159,
+ 175,
+ 221,
+ 59,
+ 239,
+ 177,
+ 139,
+ 93,
+ 163,
+ 204,
+ 60,
+ 46,
+ 176,
+ 47,
+ 158,
+ 58,
+ 65,
+ 214,
+ 18,
+ 202,
+ 173,
+ 21,
+ 145,
+ 18,
+ 115,
+ 160,
+ 95,
+ 35,
+ 185,
+ 232,
+ 56,
+ 250,
+ 175,
+ 132,
+ 157,
+ 105,
+ 132,
+ 41,
+ 239,
+ 90,
+ 30,
+ 136,
+ 121,
+ 130,
+ 54,
+ 195,
+ 212,
+ 14,
+ 96,
+ 69,
+ 34,
+ 165,
+ 68,
+ 200,
+ 242,
+ 122,
+ 122,
+ 45,
+ 184,
+ 6,
+ 99,
+ 209,
+ 108,
+ 247,
+ 202,
+ 234,
+ 86,
+ 222,
+ 64,
+ 92,
+ 178,
+ 33,
+ 90,
+ 69,
+ 178,
+ 194,
+ 85,
+ 102,
+ 181,
+ 90,
+ 193,
+ 167,
+ 72,
+ 160,
+ 112,
+ 223,
+ 200,
+ 163,
+ 42,
+ 70,
+ 149,
+ 67,
+ 208,
+ 25,
+ 238,
+ 251,
+ 71,
+ ];
#[test]
fn rsa_sign() {
@@ -296,7 +671,10 @@ mod test {
let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING);
- signer.pkey_ctx_mut().set_rsa_padding(PKCS1_PADDING).unwrap();
+ signer
+ .pkey_ctx_mut()
+ .set_rsa_padding(PKCS1_PADDING)
+ .unwrap();
signer.update(INPUT).unwrap();
let result = signer.finish().unwrap();
@@ -310,7 +688,10 @@ mod test {
let pkey = PKey::from_rsa(private_key).unwrap();
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
- assert_eq!(verifier.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING);
+ assert_eq!(
+ verifier.pkey_ctx_mut().rsa_padding().unwrap(),
+ PKCS1_PADDING
+ );
verifier.update(INPUT).unwrap();
assert!(verifier.finish(SIGNATURE).unwrap());
}
@@ -390,29 +771,45 @@ mod test {
fn hmac_md5() {
// test vectors from RFC 2202
let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] =
- [(iter::repeat(0x0b_u8).take(16).collect(),
- b"Hi There".to_vec(),
- Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap()),
- (b"Jefe".to_vec(),
- b"what do ya want for nothing?".to_vec(),
- Vec::from_hex("750c783e6ab0b503eaa86e310a5db738").unwrap()),
- (iter::repeat(0xaa_u8).take(16).collect(),
- iter::repeat(0xdd_u8).take(50).collect(),
- Vec::from_hex("56be34521d144c88dbb8c733f0e8b3f6").unwrap()),
- (Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
- iter::repeat(0xcd_u8).take(50).collect(),
- Vec::from_hex("697eaf0aca3a3aea3a75164746ffaa79").unwrap()),
- (iter::repeat(0x0c_u8).take(16).collect(),
- b"Test With Truncation".to_vec(),
- Vec::from_hex("56461ef2342edc00f9bab995690efd4c").unwrap()),
- (iter::repeat(0xaa_u8).take(80).collect(),
- b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
- Vec::from_hex("6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd").unwrap()),
- (iter::repeat(0xaa_u8).take(80).collect(),
- b"Test Using Larger Than Block-Size Key \
+ [
+ (
+ iter::repeat(0x0b_u8).take(16).collect(),
+ b"Hi There".to_vec(),
+ Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap(),
+ ),
+ (
+ b"Jefe".to_vec(),
+ b"what do ya want for nothing?".to_vec(),
+ Vec::from_hex("750c783e6ab0b503eaa86e310a5db738").unwrap(),
+ ),
+ (
+ iter::repeat(0xaa_u8).take(16).collect(),
+ iter::repeat(0xdd_u8).take(50).collect(),
+ Vec::from_hex("56be34521d144c88dbb8c733f0e8b3f6").unwrap(),
+ ),
+ (
+ Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
+ iter::repeat(0xcd_u8).take(50).collect(),
+ Vec::from_hex("697eaf0aca3a3aea3a75164746ffaa79").unwrap(),
+ ),
+ (
+ iter::repeat(0x0c_u8).take(16).collect(),
+ b"Test With Truncation".to_vec(),
+ Vec::from_hex("56461ef2342edc00f9bab995690efd4c").unwrap(),
+ ),
+ (
+ iter::repeat(0xaa_u8).take(80).collect(),
+ b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+ Vec::from_hex("6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd").unwrap(),
+ ),
+ (
+ iter::repeat(0xaa_u8).take(80).collect(),
+ b"Test Using Larger Than Block-Size Key \
and Larger Than One Block-Size Data"
- .to_vec(),
- Vec::from_hex("6f630fad67cda0ee1fb1f562db3aa53e").unwrap())];
+ .to_vec(),
+ Vec::from_hex("6f630fad67cda0ee1fb1f562db3aa53e").unwrap(),
+ ),
+ ];
test_hmac(MessageDigest::md5(), &tests);
}
@@ -421,29 +818,45 @@ mod test {
fn hmac_sha1() {
// test vectors from RFC 2202
let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] =
- [(iter::repeat(0x0b_u8).take(20).collect(),
- b"Hi There".to_vec(),
- Vec::from_hex("b617318655057264e28bc0b6fb378c8ef146be00").unwrap()),
- (b"Jefe".to_vec(),
- b"what do ya want for nothing?".to_vec(),
- Vec::from_hex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79").unwrap()),
- (iter::repeat(0xaa_u8).take(20).collect(),
- iter::repeat(0xdd_u8).take(50).collect(),
- Vec::from_hex("125d7342b9ac11cd91a39af48aa17b4f63f175d3").unwrap()),
- (Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
- iter::repeat(0xcd_u8).take(50).collect(),
- Vec::from_hex("4c9007f4026250c6bc8414f9bf50c86c2d7235da").unwrap()),
- (iter::repeat(0x0c_u8).take(20).collect(),
- b"Test With Truncation".to_vec(),
- Vec::from_hex("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04").unwrap()),
- (iter::repeat(0xaa_u8).take(80).collect(),
- b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
- Vec::from_hex("aa4ae5e15272d00e95705637ce8a3b55ed402112").unwrap()),
- (iter::repeat(0xaa_u8).take(80).collect(),
- b"Test Using Larger Than Block-Size Key \
+ [
+ (
+ iter::repeat(0x0b_u8).take(20).collect(),
+ b"Hi There".to_vec(),
+ Vec::from_hex("b617318655057264e28bc0b6fb378c8ef146be00").unwrap(),
+ ),
+ (
+ b"Jefe".to_vec(),
+ b"what do ya want for nothing?".to_vec(),
+ Vec::from_hex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79").unwrap(),
+ ),
+ (
+ iter::repeat(0xaa_u8).take(20).collect(),
+ iter::repeat(0xdd_u8).take(50).collect(),
+ Vec::from_hex("125d7342b9ac11cd91a39af48aa17b4f63f175d3").unwrap(),
+ ),
+ (
+ Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
+ iter::repeat(0xcd_u8).take(50).collect(),
+ Vec::from_hex("4c9007f4026250c6bc8414f9bf50c86c2d7235da").unwrap(),
+ ),
+ (
+ iter::repeat(0x0c_u8).take(20).collect(),
+ b"Test With Truncation".to_vec(),
+ Vec::from_hex("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04").unwrap(),
+ ),
+ (
+ iter::repeat(0xaa_u8).take(80).collect(),
+ b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+ Vec::from_hex("aa4ae5e15272d00e95705637ce8a3b55ed402112").unwrap(),
+ ),
+ (
+ iter::repeat(0xaa_u8).take(80).collect(),
+ b"Test Using Larger Than Block-Size Key \
and Larger Than One Block-Size Data"
- .to_vec(),
- Vec::from_hex("e8e99d0f45237d786d6bbaa7965c7808bbff1a91").unwrap())];
+ .to_vec(),
+ Vec::from_hex("e8e99d0f45237d786d6bbaa7965c7808bbff1a91").unwrap(),
+ ),
+ ];
test_hmac(MessageDigest::sha1(), &tests);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 04:28:32 +0000