From 64106c4d3d4ddba8c7bc2af75376e6d3d3d75601 Mon Sep 17 00:00:00 2001 From: Date: Mon, 29 Jun 2015 20:16:15 +0000 Subject: Update documentation --- src/openssl/crypto/hash.rs.html | 773 ++++++++++++++++++++++++++ src/openssl/crypto/hmac.rs.html | 1053 +++++++++++++++++++++++++++++++++++ src/openssl/crypto/memcmp.rs.html | 175 ++++++ src/openssl/crypto/mod.rs.html | 145 +++++ src/openssl/crypto/pkcs5.rs.html | 335 +++++++++++ src/openssl/crypto/pkey.rs.html | 1103 +++++++++++++++++++++++++++++++++++++ src/openssl/crypto/rand.rs.html | 151 +++++ src/openssl/crypto/symm.rs.html | 721 ++++++++++++++++++++++++ 8 files changed, 4456 insertions(+) create mode 100644 src/openssl/crypto/hash.rs.html create mode 100644 src/openssl/crypto/hmac.rs.html create mode 100644 src/openssl/crypto/memcmp.rs.html create mode 100644 src/openssl/crypto/mod.rs.html create mode 100644 src/openssl/crypto/pkcs5.rs.html create mode 100644 src/openssl/crypto/pkey.rs.html create mode 100644 src/openssl/crypto/rand.rs.html create mode 100644 src/openssl/crypto/symm.rs.html (limited to 'src/openssl/crypto') diff --git a/src/openssl/crypto/hash.rs.html b/src/openssl/crypto/hash.rs.html new file mode 100644 index 0000000..3acc27b --- /dev/null +++ b/src/openssl/crypto/hash.rs.html @@ -0,0 +1,773 @@ + + + + + + + + + + hash.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
  1
+  2
+  3
+  4
+  5
+  6
+  7
+  8
+  9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 17
+ 18
+ 19
+ 20
+ 21
+ 22
+ 23
+ 24
+ 25
+ 26
+ 27
+ 28
+ 29
+ 30
+ 31
+ 32
+ 33
+ 34
+ 35
+ 36
+ 37
+ 38
+ 39
+ 40
+ 41
+ 42
+ 43
+ 44
+ 45
+ 46
+ 47
+ 48
+ 49
+ 50
+ 51
+ 52
+ 53
+ 54
+ 55
+ 56
+ 57
+ 58
+ 59
+ 60
+ 61
+ 62
+ 63
+ 64
+ 65
+ 66
+ 67
+ 68
+ 69
+ 70
+ 71
+ 72
+ 73
+ 74
+ 75
+ 76
+ 77
+ 78
+ 79
+ 80
+ 81
+ 82
+ 83
+ 84
+ 85
+ 86
+ 87
+ 88
+ 89
+ 90
+ 91
+ 92
+ 93
+ 94
+ 95
+ 96
+ 97
+ 98
+ 99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+183
+184
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+237
+238
+239
+240
+241
+242
+243
+244
+245
+246
+247
+248
+249
+250
+251
+252
+253
+254
+255
+256
+257
+258
+259
+260
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
+283
+284
+285
+286
+287
+288
+289
+290
+291
+292
+293
+294
+295
+296
+297
+298
+299
+300
+301
+302
+303
+304
+305
+306
+307
+308
+309
+310
+311
+312
+313
+314
+315
+316
+317
+318
+319
+320
+321
+322
+323
+324
+325
+326
+327
+328
+329
+330
+331
+332
+333
+334
+335
+336
+337
+338
+
+use libc::c_uint;
+use std::iter::repeat;
+use std::io::prelude::*;
+use std::io;
+
+use ffi;
+
+/// Message digest (hash) type.
+#[derive(Copy, Clone)]
+pub enum Type {
+    MD5,
+    SHA1,
+    SHA224,
+    SHA256,
+    SHA384,
+    SHA512,
+    RIPEMD160
+}
+
+impl Type {
+    /// Returns the length of the message digest.
+    #[inline]
+    pub fn md_len(&self) -> usize {
+        use self::Type::*;
+        match *self {
+            MD5 => 16,
+            SHA1 => 20,
+            SHA224 => 28,
+            SHA256 => 32,
+            SHA384 => 48,
+            SHA512 => 64,
+            RIPEMD160 => 20,
+        }
+    }
+
+    /// Internal interface subject to removal.
+    #[inline]
+    pub fn evp_md(&self) -> *const ffi::EVP_MD {
+        unsafe {
+            use self::Type::*;
+            match *self {
+                MD5 => ffi::EVP_md5(),
+                SHA1 => ffi::EVP_sha1(),
+                SHA224 => ffi::EVP_sha224(),
+                SHA256 => ffi::EVP_sha256(),
+                SHA384 => ffi::EVP_sha384(),
+                SHA512 => ffi::EVP_sha512(),
+                RIPEMD160 => ffi::EVP_ripemd160(),
+            }
+        }
+    }
+}
+
+#[derive(PartialEq, Copy, Clone)]
+enum State {
+    Reset,
+    Updated,
+    Finalized,
+}
+
+use self::State::*;
+
+/// Provides message digest (hash) computation.
+///
+/// # Examples
+///
+/// Calculate a hash in one go.
+///
+/// ```
+/// use openssl::crypto::hash::{hash, Type};
+/// let data = b"\x42\xF4\x97\xE0";
+/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2";
+/// let res = hash(Type::MD5, data);
+/// assert_eq!(res, spec);
+/// ```
+///
+/// Use the `Write` trait to supply the input in chunks.
+///
+/// ```
+/// use std::io::prelude::*;
+/// use openssl::crypto::hash::{Hasher, Type};
+/// let data = [b"\x42\xF4", b"\x97\xE0"];
+/// let spec = b"\x7c\x43\x0f\x17\x8a\xef\xdf\x14\x87\xfe\xe7\x14\x4e\x96\x41\xe2";
+/// let mut h = Hasher::new(Type::MD5);
+/// h.write_all(data[0]);
+/// h.write_all(data[1]);
+/// let res = h.finish();
+/// assert_eq!(res, spec);
+/// ```
+///
+/// # Warning
+///
+/// Don't actually use MD5 and SHA-1 hashes, they're not secure anymore.
+///
+/// Don't ever hash passwords, use `crypto::pkcs5` or bcrypt/scrypt instead.
+pub struct Hasher {
+    ctx: *mut ffi::EVP_MD_CTX,
+    md: *const ffi::EVP_MD,
+    type_: Type,
+    state: State,
+}
+
+impl Hasher {
+    /// Creates a new `Hasher` with the specified hash type.
+    pub fn new(ty: Type) -> Hasher {
+        ffi::init();
+
+        let ctx = unsafe {
+            let r = ffi::EVP_MD_CTX_create();
+            assert!(!r.is_null());
+            r
+        };
+        let md = ty.evp_md();
+
+        let mut h = Hasher { ctx: ctx, md: md, type_: ty, state: Finalized };
+        h.init();
+        h
+    }
+
+    #[inline]
+    fn init(&mut self) {
+        match self.state {
+            Reset => return,
+            Updated => { self.finalize(); },
+            Finalized => (),
+        }
+        unsafe {
+            let r = ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *const _);
+            assert_eq!(r, 1);
+        }
+        self.state = Reset;
+    }
+
+    #[inline]
+    fn update(&mut self, data: &[u8]) {
+        if self.state == Finalized {
+            self.init();
+        }
+        unsafe {
+            let r = ffi::EVP_DigestUpdate(self.ctx, data.as_ptr(),
+                                          data.len() as c_uint);
+            assert_eq!(r, 1);
+        }
+        self.state = Updated;
+    }
+
+    #[inline]
+    fn finalize(&mut self) -> Vec<u8> {
+        if self.state == Finalized {
+            self.init();
+        }
+        let md_len = self.type_.md_len();
+        let mut res: Vec<u8> = repeat(0).take(md_len).collect();
+        unsafe {
+            let mut len = 0;
+            let r = ffi::EVP_DigestFinal_ex(self.ctx, res.as_mut_ptr(), &mut len);
+            self.state = Finalized;
+            assert_eq!(len as usize, md_len);
+            assert_eq!(r, 1);
+        }
+        res
+    }
+
+    /// Returns the hash of the data written since creation or
+    /// the last `finish` and resets the hasher.
+    #[inline]
+    pub fn finish(&mut self) -> Vec<u8> {
+        self.finalize()
+    }
+}
+
+impl Write for Hasher {
+    #[inline]
+    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
+        self.update(buf);
+        Ok(buf.len())
+    }
+
+    fn flush(&mut self) -> io::Result<()> {
+        Ok(())
+    }
+}
+
+impl Clone for Hasher {
+    fn clone(&self) -> Hasher {
+        let ctx = unsafe {
+            let ctx = ffi::EVP_MD_CTX_create();
+            assert!(!ctx.is_null());
+            let r = ffi::EVP_MD_CTX_copy_ex(ctx, self.ctx);
+            assert_eq!(r, 1);
+            ctx
+        };
+        Hasher { ctx: ctx, md: self.md, type_: self.type_, state: self.state }
+    }
+}
+
+impl Drop for Hasher {
+    fn drop(&mut self) {
+        unsafe {
+            if self.state != Finalized {
+                let mut buf: Vec<u8> = repeat(0).take(self.type_.md_len()).collect();
+                let mut len = 0;
+                ffi::EVP_DigestFinal_ex(self.ctx, buf.as_mut_ptr(), &mut len);
+            }
+            ffi::EVP_MD_CTX_destroy(self.ctx);
+        }
+    }
+}
+
+/// Computes the hash of the `data` with the hash `t`.
+pub fn hash(t: Type, data: &[u8]) -> Vec<u8> {
+    let mut h = Hasher::new(t);
+    let _ = h.write_all(data);
+    h.finish()
+}
+
+#[cfg(test)]
+mod tests {
+    use serialize::hex::{FromHex, ToHex};
+    use super::{hash, Hasher, Type};
+    use std::io::prelude::*;
+
+    fn hash_test(hashtype: Type, hashtest: &(&str, &str)) {
+        let res = hash(hashtype, &*hashtest.0.from_hex().unwrap());
+        assert_eq!(res.to_hex(), hashtest.1);
+    }
+
+    fn hash_recycle_test(h: &mut Hasher, hashtest: &(&str, &str)) {
+        let _ = h.write_all(&*hashtest.0.from_hex().unwrap());
+        let res = h.finish();
+        assert_eq!(res.to_hex(), hashtest.1);
+    }
+
+    // Test vectors from http://www.nsrl.nist.gov/testdata/
+    #[allow(non_upper_case_globals)]
+    const md5_tests: [(&'static str, &'static str); 13] = [
+        ("", "d41d8cd98f00b204e9800998ecf8427e"),
+        ("7F", "83acb6e67e50e31db6ed341dd2de1595"),
+        ("EC9C", "0b07f0d4ca797d8ac58874f887cb0b68"),
+        ("FEE57A", "e0d583171eb06d56198fc0ef22173907"),
+        ("42F497E0", "7c430f178aefdf1487fee7144e9641e2"),
+        ("C53B777F1C", "75ef141d64cb37ec423da2d9d440c925"),
+        ("89D5B576327B", "ebbaf15eb0ed784c6faa9dc32831bf33"),
+        ("5D4CCE781EB190", "ce175c4b08172019f05e6b5279889f2c"),
+        ("81901FE94932D7B9", "cd4d2f62b8cdb3a0cf968a735a239281"),
+        ("C9FFDEE7788EFB4EC9", "e0841a231ab698db30c6c0f3f246c014"),
+        ("66AC4B7EBA95E53DC10B", "a3b3cea71910d9af56742aa0bb2fe329"),
+        ("A510CD18F7A56852EB0319", "577e216843dd11573574d3fb209b97d8"),
+        ("AAED18DBE8938C19ED734A8D", "6f80fb775f27e0a4ce5c2f42fc72c5f1")
+    ];
+
+    #[test]
+    fn test_md5() {
+        for test in md5_tests.iter() {
+            hash_test(Type::MD5, test);
+        }
+    }
+
+    #[test]
+    fn test_md5_recycle() {
+        let mut h = Hasher::new(Type::MD5);
+        for test in md5_tests.iter() {
+            hash_recycle_test(&mut h, test);
+        }
+    }
+
+    #[test]
+    fn test_finish_twice() {
+        let mut h = Hasher::new(Type::MD5);
+        let _ = h.write_all(&*md5_tests[6].0.from_hex().unwrap());
+        let _ = h.finish();
+        let res = h.finish();
+        let null = hash(Type::MD5, &[]);
+        assert_eq!(res, null);
+    }
+
+    #[test]
+    fn test_clone() {
+        let i = 7;
+        let inp = md5_tests[i].0.from_hex().unwrap();
+        assert!(inp.len() > 2);
+        let p = inp.len() / 2;
+        let h0 = Hasher::new(Type::MD5);
+
+        println!("Clone a new hasher");
+        let mut h1 = h0.clone();
+        let _ = h1.write_all(&inp[..p]);
+        {
+            println!("Clone an updated hasher");
+            let mut h2 = h1.clone();
+            let _ = h2.write_all(&inp[p..]);
+            let res = h2.finish();
+            assert_eq!(res.to_hex(), md5_tests[i].1);
+        }
+        let _ = h1.write_all(&inp[p..]);
+        let res = h1.finish();
+        assert_eq!(res.to_hex(), md5_tests[i].1);
+
+        println!("Clone a finished hasher");
+        let mut h3 = h1.clone();
+        let _ = h3.write_all(&*md5_tests[i + 1].0.from_hex().unwrap());
+        let res = h3.finish();
+        assert_eq!(res.to_hex(), md5_tests[i + 1].1);
+    }
+
+    #[test]
+    fn test_sha1() {
+        let tests = [
+            ("616263", "a9993e364706816aba3e25717850c26c9cd0d89d"),
+            ];
+
+        for test in tests.iter() {
+            hash_test(Type::SHA1, test);
+        }
+    }
+
+    #[test]
+    fn test_sha256() {
+        let tests = [
+            ("616263", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad")
+            ];
+
+        for test in tests.iter() {
+            hash_test(Type::SHA256, test);
+        }
+    }
+
+    #[test]
+    fn test_ripemd160() {
+        let tests = [
+            ("616263", "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc")
+            ];
+
+        for test in tests.iter() {
+            hash_test(Type::RIPEMD160, test);
+        }
+    }
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/hmac.rs.html b/src/openssl/crypto/hmac.rs.html new file mode 100644 index 0000000..e63ec32 --- /dev/null +++ b/src/openssl/crypto/hmac.rs.html @@ -0,0 +1,1053 @@ + + + + + + + + + + hmac.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
  1
+  2
+  3
+  4
+  5
+  6
+  7
+  8
+  9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 17
+ 18
+ 19
+ 20
+ 21
+ 22
+ 23
+ 24
+ 25
+ 26
+ 27
+ 28
+ 29
+ 30
+ 31
+ 32
+ 33
+ 34
+ 35
+ 36
+ 37
+ 38
+ 39
+ 40
+ 41
+ 42
+ 43
+ 44
+ 45
+ 46
+ 47
+ 48
+ 49
+ 50
+ 51
+ 52
+ 53
+ 54
+ 55
+ 56
+ 57
+ 58
+ 59
+ 60
+ 61
+ 62
+ 63
+ 64
+ 65
+ 66
+ 67
+ 68
+ 69
+ 70
+ 71
+ 72
+ 73
+ 74
+ 75
+ 76
+ 77
+ 78
+ 79
+ 80
+ 81
+ 82
+ 83
+ 84
+ 85
+ 86
+ 87
+ 88
+ 89
+ 90
+ 91
+ 92
+ 93
+ 94
+ 95
+ 96
+ 97
+ 98
+ 99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+183
+184
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+237
+238
+239
+240
+241
+242
+243
+244
+245
+246
+247
+248
+249
+250
+251
+252
+253
+254
+255
+256
+257
+258
+259
+260
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
+283
+284
+285
+286
+287
+288
+289
+290
+291
+292
+293
+294
+295
+296
+297
+298
+299
+300
+301
+302
+303
+304
+305
+306
+307
+308
+309
+310
+311
+312
+313
+314
+315
+316
+317
+318
+319
+320
+321
+322
+323
+324
+325
+326
+327
+328
+329
+330
+331
+332
+333
+334
+335
+336
+337
+338
+339
+340
+341
+342
+343
+344
+345
+346
+347
+348
+349
+350
+351
+352
+353
+354
+355
+356
+357
+358
+359
+360
+361
+362
+363
+364
+365
+366
+367
+368
+369
+370
+371
+372
+373
+374
+375
+376
+377
+378
+379
+380
+381
+382
+383
+384
+385
+386
+387
+388
+389
+390
+391
+392
+393
+394
+395
+396
+397
+398
+399
+400
+401
+402
+403
+404
+405
+406
+407
+408
+409
+410
+411
+412
+413
+414
+415
+416
+417
+418
+419
+420
+421
+422
+423
+424
+425
+426
+427
+428
+429
+430
+431
+432
+433
+434
+435
+436
+437
+438
+439
+440
+441
+442
+443
+444
+445
+446
+447
+448
+449
+450
+451
+452
+453
+454
+455
+456
+457
+458
+459
+460
+461
+462
+463
+464
+465
+466
+467
+468
+469
+470
+471
+472
+473
+474
+475
+476
+477
+478
+
+/*
+ * Copyright 2013 Jack Lloyd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use libc::{c_int, c_uint};
+use std::iter::repeat;
+use std::io;
+use std::io::prelude::*;
+
+use crypto::hash::Type;
+use ffi;
+
+#[derive(PartialEq, Copy, Clone)]
+enum State {
+    Reset,
+    Updated,
+    Finalized,
+}
+
+use self::State::*;
+
+/// Provides HMAC computation.
+///
+/// # Examples
+///
+/// Calculate a HMAC in one go.
+///
+/// ```
+/// use openssl::crypto::hash::Type;
+/// use openssl::crypto::hmac::hmac;
+/// let key = b"Jefe";
+/// let data = b"what do ya want for nothing?";
+/// let spec = b"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
+/// let res = hmac(Type::MD5, key, data);
+/// assert_eq!(res, spec);
+/// ```
+///
+/// Use the `Write` trait to supply the input in chunks.
+///
+/// ```
+/// use std::io::prelude::*;
+/// use openssl::crypto::hash::Type;
+/// use openssl::crypto::hmac::HMAC;
+/// let key = b"Jefe";
+/// let data: &[&[u8]] = &[b"what do ya ", b"want for nothing?"];
+/// let spec = b"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
+/// let mut h = HMAC::new(Type::MD5, &*key);
+/// h.write_all(data[0]);
+/// h.write_all(data[1]);
+/// let res = h.finish();
+/// assert_eq!(res, spec);
+/// ```
+pub struct HMAC {
+    ctx: ffi::HMAC_CTX,
+    type_: Type,
+    state: State,
+}
+
+impl HMAC {
+    /// Creates a new `HMAC` with the specified hash type using the `key`.
+    pub fn new(ty: Type, key: &[u8]) -> HMAC {
+        ffi::init();
+
+        let ctx = unsafe {
+            let mut ctx = ::std::mem::uninitialized();
+            ffi::HMAC_CTX_init(&mut ctx);
+            ctx
+        };
+        let md = ty.evp_md();
+
+        let mut h = HMAC { ctx: ctx, type_: ty, state: Finalized };
+        h.init_once(md, key);
+        h
+    }
+
+    #[inline]
+    fn init_once(&mut self, md: *const ffi::EVP_MD, key: &[u8]) {
+        unsafe {
+            let r = ffi::HMAC_Init_ex_shim(&mut self.ctx,
+                                           key.as_ptr(), key.len() as c_int,
+                                           md, 0 as *const _);
+            assert_eq!(r, 1);
+        }
+        self.state = Reset;
+    }
+
+    #[inline]
+    fn init(&mut self) {
+        match self.state {
+            Reset => return,
+            Updated => { self.finalize(); },
+            Finalized => (),
+        }
+        // If the key and/or md is not supplied it's reused from the last time
+        // avoiding redundant initializations
+        unsafe {
+            let r = ffi::HMAC_Init_ex_shim(&mut self.ctx,
+                                           0 as *const _, 0,
+                                           0 as *const _, 0 as *const _);
+            assert_eq!(r, 1);
+        }
+        self.state = Reset;
+    }
+
+    #[inline]
+    fn update(&mut self, data: &[u8]) {
+        if self.state == Finalized {
+            self.init();
+        }
+        unsafe {
+            let r = ffi::HMAC_Update_shim(&mut self.ctx, data.as_ptr(), data.len() as c_uint);
+            assert_eq!(r, 1);
+        }
+        self.state = Updated;
+    }
+
+    #[inline]
+    fn finalize(&mut self) -> Vec<u8> {
+        if self.state == Finalized {
+            self.init();
+        }
+        let md_len = self.type_.md_len();
+        let mut res: Vec<u8> = repeat(0).take(md_len).collect();
+        unsafe {
+            let mut len = 0;
+            let r = ffi::HMAC_Final_shim(&mut self.ctx, res.as_mut_ptr(), &mut len);
+            self.state = Finalized;
+            assert_eq!(len as usize, md_len);
+            assert_eq!(r, 1);
+        }
+        res
+    }
+
+    /// Returns the hash of the data written since creation or
+    /// the last `finish` and resets the hasher.
+    #[inline]
+    pub fn finish(&mut self) -> Vec<u8> {
+        self.finalize()
+    }
+}
+
+impl Write for HMAC {
+    #[inline]
+    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
+        self.update(buf);
+        Ok(buf.len())
+    }
+
+    fn flush(&mut self) -> io::Result<()> {
+        Ok(())
+    }
+}
+
+impl Clone for HMAC {
+    fn clone(&self) -> HMAC {
+        let mut ctx: ffi::HMAC_CTX;
+        unsafe {
+            ctx = ::std::mem::uninitialized();
+            let r = ffi::HMAC_CTX_copy(&mut ctx, &self.ctx);
+            assert_eq!(r, 1);
+        }
+        HMAC { ctx: ctx, type_: self.type_, state: self.state }
+    }
+}
+
+impl Drop for HMAC {
+    fn drop(&mut self) {
+        unsafe {
+            if self.state != Finalized {
+                let mut buf: Vec<u8> = repeat(0).take(self.type_.md_len()).collect();
+                let mut len = 0;
+                ffi::HMAC_Final_shim(&mut self.ctx, buf.as_mut_ptr(), &mut len);
+            }
+            ffi::HMAC_CTX_cleanup(&mut self.ctx);
+        }
+    }
+}
+
+/// Computes the HMAC of the `data` with the hash `t` and `key`.
+pub fn hmac(t: Type, key: &[u8], data: &[u8]) -> Vec<u8> {
+    let mut h = HMAC::new(t, key);
+    let _ = h.write_all(data);
+    h.finish()
+}
+
+#[cfg(test)]
+mod tests {
+    use std::iter::repeat;
+    use serialize::hex::FromHex;
+    use crypto::hash::Type;
+    use crypto::hash::Type::*;
+    use super::{hmac, HMAC};
+    use std::io::prelude::*;
+
+    fn test_hmac(ty: Type, tests: &[(Vec<u8>, Vec<u8>, Vec<u8>)]) {
+        for &(ref key, ref data, ref res) in tests.iter() {
+            assert_eq!(hmac(ty, &**key, &**data), *res);
+        }
+    }
+
+    fn test_hmac_recycle(h: &mut HMAC, test: &(Vec<u8>, Vec<u8>, Vec<u8>)) {
+        let &(_, ref data, ref res) = test;
+        let _ = h.write_all(&**data);
+        assert_eq!(h.finish(), *res);
+    }
+
+    #[test]
+    fn test_hmac_md5() {
+        // test vectors from RFC 2202
+        let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [
+            (repeat(0x0b_u8).take(16).collect(), b"Hi There".to_vec(),
+             "9294727a3638bb1c13f48ef8158bfc9d".from_hex().unwrap()),
+            (b"Jefe".to_vec(),
+             b"what do ya want for nothing?".to_vec(),
+             "750c783e6ab0b503eaa86e310a5db738".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(16).collect(), repeat(0xdd_u8).take(50).collect(),
+             "56be34521d144c88dbb8c733f0e8b3f6".from_hex().unwrap()),
+            ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(),
+             repeat(0xcd_u8).take(50).collect(),
+             "697eaf0aca3a3aea3a75164746ffaa79".from_hex().unwrap()),
+            (repeat(0x0c_u8).take(16).collect(),
+             b"Test With Truncation".to_vec(),
+             "56461ef2342edc00f9bab995690efd4c".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+             "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key \
+               and Larger Than One Block-Size Data".to_vec(),
+             "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())
+        ];
+
+        test_hmac(MD5, &tests);
+    }
+
+    #[test]
+    fn test_hmac_md5_recycle() {
+        let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+             "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key \
+               and Larger Than One Block-Size Data".to_vec(),
+             "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap())
+        ];
+
+        let mut h = HMAC::new(MD5, &*tests[0].0);
+        for i in 0..100usize {
+            let test = &tests[i % 2];
+            test_hmac_recycle(&mut h, test);
+        }
+    }
+
+    #[test]
+    fn test_finish_twice() {
+        let test: (Vec<u8>, Vec<u8>, Vec<u8>) =
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+             "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap());
+
+        let mut h = HMAC::new(Type::MD5, &*test.0);
+        let _ = h.write_all(&*test.1);
+        let _ = h.finish();
+        let res = h.finish();
+        let null = hmac(Type::MD5, &*test.0, &[]);
+        assert_eq!(res, null);
+    }
+
+    #[test]
+    fn test_clone() {
+        let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+             "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key \
+               and Larger Than One Block-Size Data".to_vec(),
+             "6f630fad67cda0ee1fb1f562db3aa53e".from_hex().unwrap()),
+        ];
+        let p = tests[0].0.len() / 2;
+        let h0 = HMAC::new(Type::MD5, &*tests[0].0);
+
+        println!("Clone a new hmac");
+        let mut h1 = h0.clone();
+        let _ = h1.write_all(&tests[0].1[..p]);
+        {
+            println!("Clone an updated hmac");
+            let mut h2 = h1.clone();
+            let _ = h2.write_all(&tests[0].1[p..]);
+            let res = h2.finish();
+            assert_eq!(res, tests[0].2);
+        }
+        let _ = h1.write_all(&tests[0].1[p..]);
+        let res = h1.finish();
+        assert_eq!(res, tests[0].2);
+
+        println!("Clone a finished hmac");
+        let mut h3 = h1.clone();
+        let _ = h3.write_all(&*tests[1].1);
+        let res = h3.finish();
+        assert_eq!(res, tests[1].2);
+    }
+
+    #[test]
+    fn test_hmac_sha1() {
+        // test vectors from RFC 2202
+        let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] = [
+            (repeat(0x0b_u8).take(20).collect(), b"Hi There".to_vec(),
+             "b617318655057264e28bc0b6fb378c8ef146be00".from_hex().unwrap()),
+            (b"Jefe".to_vec(),
+             b"what do ya want for nothing?".to_vec(),
+             "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect(),
+             "125d7342b9ac11cd91a39af48aa17b4f63f175d3".from_hex().unwrap()),
+            ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(),
+             repeat(0xcd_u8).take(50).collect(),
+             "4c9007f4026250c6bc8414f9bf50c86c2d7235da".from_hex().unwrap()),
+            (repeat(0x0c_u8).take(20).collect(),
+             b"Test With Truncation".to_vec(),
+             "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+             "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key \
+               and Larger Than One Block-Size Data".to_vec(),
+             "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())
+        ];
+
+        test_hmac(SHA1, &tests);
+    }
+
+    #[test]
+    fn test_hmac_sha1_recycle() {
+        let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 2] = [
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
+             "aa4ae5e15272d00e95705637ce8a3b55ed402112".from_hex().unwrap()),
+            (repeat(0xaa_u8).take(80).collect(),
+             b"Test Using Larger Than Block-Size Key \
+               and Larger Than One Block-Size Data".to_vec(),
+             "e8e99d0f45237d786d6bbaa7965c7808bbff1a91".from_hex().unwrap())
+        ];
+
+        let mut h = HMAC::new(SHA1, &*tests[0].0);
+        for i in 0..100usize {
+            let test = &tests[i % 2];
+            test_hmac_recycle(&mut h, test);
+        }
+    }
+
+
+
+    fn test_sha2(ty: Type, results: &[Vec<u8>]) {
+        // test vectors from RFC 4231
+        let tests: [(Vec<u8>, Vec<u8>); 6] = [
+            (repeat(0xb_u8).take(20).collect(), b"Hi There".to_vec()),
+            (b"Jefe".to_vec(),
+             b"what do ya want for nothing?".to_vec()),
+            (repeat(0xaa_u8).take(20).collect(), repeat(0xdd_u8).take(50).collect()),
+            ("0102030405060708090a0b0c0d0e0f10111213141516171819".from_hex().unwrap(),
+             repeat(0xcd_u8).take(50).collect()),
+            (repeat(0xaa_u8).take(131).collect(),
+             b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec()),
+            (repeat(0xaa_u8).take(131).collect(),
+             b"This is a test using a larger than block-size key and a \
+               larger than block-size data. The key needs to be hashed \
+               before being used by the HMAC algorithm.".to_vec())
+        ];
+
+        for (&(ref key, ref data), res) in tests.iter().zip(results.iter()) {
+            assert_eq!(hmac(ty, &**key, &**data), *res);
+        }
+
+        // recycle test
+        let mut h = HMAC::new(ty, &*tests[5].0);
+        for i in 0..100usize {
+            let test = &tests[4 + i % 2];
+            let tup = (test.0.clone(), test.1.clone(), results[4 + i % 2].clone());
+            test_hmac_recycle(&mut h, &tup);
+        }
+    }
+
+    #[test]
+    fn test_hmac_sha224() {
+        let results = [
+            "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22".from_hex().unwrap(),
+            "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44".from_hex().unwrap(),
+            "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea".from_hex().unwrap(),
+            "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a".from_hex().unwrap(),
+            "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e".from_hex().unwrap(),
+            "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1".from_hex().unwrap()
+        ];
+        test_sha2(SHA224, &results);
+    }
+
+    #[test]
+    fn test_hmac_sha256() {
+        let results = [
+            "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7".from_hex().unwrap(),
+            "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843".from_hex().unwrap(),
+            "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe".from_hex().unwrap(),
+            "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b".from_hex().unwrap(),
+            "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54".from_hex().unwrap(),
+            "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2".from_hex().unwrap()
+        ];
+        test_sha2(SHA256, &results);
+    }
+
+    #[test]
+    fn test_hmac_sha384() {
+        let results = [
+            "afd03944d84895626b0825f4ab46907f\
+             15f9dadbe4101ec682aa034c7cebc59c\
+             faea9ea9076ede7f4af152e8b2fa9cb6".from_hex().unwrap(),
+            "af45d2e376484031617f78d2b58a6b1b\
+             9c7ef464f5a01b47e42ec3736322445e\
+             8e2240ca5e69e2c78b3239ecfab21649".from_hex().unwrap(),
+            "88062608d3e6ad8a0aa2ace014c8a86f\
+             0aa635d947ac9febe83ef4e55966144b\
+             2a5ab39dc13814b94e3ab6e101a34f27".from_hex().unwrap(),
+            "3e8a69b7783c25851933ab6290af6ca7\
+             7a9981480850009cc5577c6e1f573b4e\
+             6801dd23c4a7d679ccf8a386c674cffb".from_hex().unwrap(),
+            "4ece084485813e9088d2c63a041bc5b4\
+             4f9ef1012a2b588f3cd11f05033ac4c6\
+             0c2ef6ab4030fe8296248df163f44952".from_hex().unwrap(),
+            "6617178e941f020d351e2f254e8fd32c\
+             602420feb0b8fb9adccebb82461e99c5\
+             a678cc31e799176d3860e6110c46523e".from_hex().unwrap()
+        ];
+        test_sha2(SHA384, &results);
+    }
+
+    #[test]
+    fn test_hmac_sha512() {
+        let results = [
+            "87aa7cdea5ef619d4ff0b4241a1d6cb0\
+             2379f4e2ce4ec2787ad0b30545e17cde\
+             daa833b7d6b8a702038b274eaea3f4e4\
+             be9d914eeb61f1702e696c203a126854".from_hex().unwrap(),
+            "164b7a7bfcf819e2e395fbe73b56e0a3\
+             87bd64222e831fd610270cd7ea250554\
+             9758bf75c05a994a6d034f65f8f0e6fd\
+             caeab1a34d4a6b4b636e070a38bce737".from_hex().unwrap(),
+            "fa73b0089d56a284efb0f0756c890be9\
+             b1b5dbdd8ee81a3655f83e33b2279d39\
+             bf3e848279a722c806b485a47e67c807\
+             b946a337bee8942674278859e13292fb".from_hex().unwrap(),
+            "b0ba465637458c6990e5a8c5f61d4af7\
+             e576d97ff94b872de76f8050361ee3db\
+             a91ca5c11aa25eb4d679275cc5788063\
+             a5f19741120c4f2de2adebeb10a298dd".from_hex().unwrap(),
+            "80b24263c7c1a3ebb71493c1dd7be8b4\
+             9b46d1f41b4aeec1121b013783f8f352\
+             6b56d037e05f2598bd0fd2215d6a1e52\
+             95e64f73f63f0aec8b915a985d786598".from_hex().unwrap(),
+            "e37b6a775dc87dbaa4dfa9f96e5e3ffd\
+             debd71f8867289865df5a32d20cdc944\
+             b6022cac3c4982b10d5eeb55c3e4de15\
+             134676fb6de0446065c97440fa8c6a58".from_hex().unwrap()
+        ];
+        test_sha2(SHA512, &results);
+    }
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/memcmp.rs.html b/src/openssl/crypto/memcmp.rs.html new file mode 100644 index 0000000..ecc2b6d --- /dev/null +++ b/src/openssl/crypto/memcmp.rs.html @@ -0,0 +1,175 @@ + + + + + + + + + + memcmp.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
 1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+
+use libc::size_t;
+use ffi;
+
+/// Returns `true` iff `a` and `b` contain the same bytes.
+///
+/// This operation takes an amount of time dependent on the length of the two
+/// arrays given, but is independent of the contents of a and b.
+///
+/// # Failure
+///
+/// This function will panic the current task if `a` and `b` do not have the same
+/// length.
+pub fn eq(a: &[u8], b: &[u8]) -> bool {
+    assert!(a.len() == b.len());
+    let ret = unsafe {
+        ffi::CRYPTO_memcmp(a.as_ptr() as *const _,
+                           b.as_ptr() as *const _,
+                           a.len() as size_t)
+    };
+    ret == 0
+}
+
+#[cfg(test)]
+mod tests {
+    use super::eq;
+
+    #[test]
+    fn test_eq() {
+        assert!(eq(&[], &[]));
+        assert!(eq(&[1], &[1]));
+        assert!(!eq(&[1, 2, 3], &[1, 2, 4]));
+    }
+
+    #[test]
+    #[should_panic]
+    fn test_diff_lens() {
+        eq(&[], &[1]);
+    }
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/mod.rs.html b/src/openssl/crypto/mod.rs.html new file mode 100644 index 0000000..47e1c77 --- /dev/null +++ b/src/openssl/crypto/mod.rs.html @@ -0,0 +1,145 @@ + + + + + + + + + + mod.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
 1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+
+/*
+ * Copyright 2011 Google Inc.
+ *           2013 Jack Lloyd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+pub mod hash;
+pub mod hmac;
+pub mod pkcs5;
+pub mod pkey;
+pub mod rand;
+pub mod symm;
+pub mod memcmp;
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/pkcs5.rs.html b/src/openssl/crypto/pkcs5.rs.html new file mode 100644 index 0000000..5ac11c1 --- /dev/null +++ b/src/openssl/crypto/pkcs5.rs.html @@ -0,0 +1,335 @@ + + + + + + + + + + pkcs5.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
  1
+  2
+  3
+  4
+  5
+  6
+  7
+  8
+  9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 17
+ 18
+ 19
+ 20
+ 21
+ 22
+ 23
+ 24
+ 25
+ 26
+ 27
+ 28
+ 29
+ 30
+ 31
+ 32
+ 33
+ 34
+ 35
+ 36
+ 37
+ 38
+ 39
+ 40
+ 41
+ 42
+ 43
+ 44
+ 45
+ 46
+ 47
+ 48
+ 49
+ 50
+ 51
+ 52
+ 53
+ 54
+ 55
+ 56
+ 57
+ 58
+ 59
+ 60
+ 61
+ 62
+ 63
+ 64
+ 65
+ 66
+ 67
+ 68
+ 69
+ 70
+ 71
+ 72
+ 73
+ 74
+ 75
+ 76
+ 77
+ 78
+ 79
+ 80
+ 81
+ 82
+ 83
+ 84
+ 85
+ 86
+ 87
+ 88
+ 89
+ 90
+ 91
+ 92
+ 93
+ 94
+ 95
+ 96
+ 97
+ 98
+ 99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+
+use libc::c_int;
+use ffi;
+
+/// Derives a key from a password and salt using the PBKDF2-HMAC-SHA1 algorithm.
+pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec<u8> {
+    unsafe {
+        assert!(iter >= 1);
+        assert!(keylen >= 1);
+
+        let mut out = Vec::with_capacity(keylen);
+
+        ffi::init();
+
+        let r = ffi::PKCS5_PBKDF2_HMAC_SHA1(
+                pass.as_ptr(), pass.len() as c_int,
+                salt.as_ptr(), salt.len() as c_int,
+                iter as c_int, keylen as c_int,
+                out.as_mut_ptr());
+
+        if r != 1 { panic!(); }
+
+        out.set_len(keylen);
+
+        out
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    // Test vectors from
+    // http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06
+    #[test]
+    fn test_pbkdf2_hmac_sha1() {
+        assert_eq!(
+            super::pbkdf2_hmac_sha1(
+                "password",
+                "salt".as_bytes(),
+                1,
+                20
+            ),
+            vec!(
+                0x0c_u8, 0x60_u8, 0xc8_u8, 0x0f_u8, 0x96_u8, 0x1f_u8, 0x0e_u8,
+                0x71_u8, 0xf3_u8, 0xa9_u8, 0xb5_u8, 0x24_u8, 0xaf_u8, 0x60_u8,
+                0x12_u8, 0x06_u8, 0x2f_u8, 0xe0_u8, 0x37_u8, 0xa6_u8
+            )
+        );
+
+        assert_eq!(
+            super::pbkdf2_hmac_sha1(
+                "password",
+                "salt".as_bytes(),
+                2,
+                20
+            ),
+            vec!(
+                0xea_u8, 0x6c_u8, 0x01_u8, 0x4d_u8, 0xc7_u8, 0x2d_u8, 0x6f_u8,
+                0x8c_u8, 0xcd_u8, 0x1e_u8, 0xd9_u8, 0x2a_u8, 0xce_u8, 0x1d_u8,
+                0x41_u8, 0xf0_u8, 0xd8_u8, 0xde_u8, 0x89_u8, 0x57_u8
+            )
+        );
+
+        assert_eq!(
+            super::pbkdf2_hmac_sha1(
+                "password",
+                "salt".as_bytes(),
+                4096,
+                20
+            ),
+            vec!(
+                0x4b_u8, 0x00_u8, 0x79_u8, 0x01_u8, 0xb7_u8, 0x65_u8, 0x48_u8,
+                0x9a_u8, 0xbe_u8, 0xad_u8, 0x49_u8, 0xd9_u8, 0x26_u8, 0xf7_u8,
+                0x21_u8, 0xd0_u8, 0x65_u8, 0xa4_u8, 0x29_u8, 0xc1_u8
+            )
+        );
+
+        assert_eq!(
+            super::pbkdf2_hmac_sha1(
+                "password",
+                "salt".as_bytes(),
+                16777216,
+                20
+            ),
+            vec!(
+                0xee_u8, 0xfe_u8, 0x3d_u8, 0x61_u8, 0xcd_u8, 0x4d_u8, 0xa4_u8,
+                0xe4_u8, 0xe9_u8, 0x94_u8, 0x5b_u8, 0x3d_u8, 0x6b_u8, 0xa2_u8,
+                0x15_u8, 0x8c_u8, 0x26_u8, 0x34_u8, 0xe9_u8, 0x84_u8
+            )
+        );
+
+        assert_eq!(
+            super::pbkdf2_hmac_sha1(
+                "passwordPASSWORDpassword",
+                "saltSALTsaltSALTsaltSALTsaltSALTsalt".as_bytes(),
+                4096,
+                25
+            ),
+            vec!(
+                0x3d_u8, 0x2e_u8, 0xec_u8, 0x4f_u8, 0xe4_u8, 0x1c_u8, 0x84_u8,
+                0x9b_u8, 0x80_u8, 0xc8_u8, 0xd8_u8, 0x36_u8, 0x62_u8, 0xc0_u8,
+                0xe4_u8, 0x4a_u8, 0x8b_u8, 0x29_u8, 0x1a_u8, 0x96_u8, 0x4c_u8,
+                0xf2_u8, 0xf0_u8, 0x70_u8, 0x38_u8
+            )
+        );
+
+        assert_eq!(
+            super::pbkdf2_hmac_sha1(
+                "pass\x00word",
+                "sa\x00lt".as_bytes(),
+                4096,
+                16
+            ),
+            vec!(
+                0x56_u8, 0xfa_u8, 0x6a_u8, 0xa7_u8, 0x55_u8, 0x48_u8, 0x09_u8,
+                0x9d_u8, 0xcc_u8, 0x37_u8, 0xd7_u8, 0xf0_u8, 0x34_u8, 0x25_u8,
+                0xe0_u8, 0xc3_u8
+            )
+        );
+    }
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/pkey.rs.html b/src/openssl/crypto/pkey.rs.html new file mode 100644 index 0000000..4b93f74 --- /dev/null +++ b/src/openssl/crypto/pkey.rs.html @@ -0,0 +1,1103 @@ + + + + + + + + + + pkey.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
  1
+  2
+  3
+  4
+  5
+  6
+  7
+  8
+  9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 17
+ 18
+ 19
+ 20
+ 21
+ 22
+ 23
+ 24
+ 25
+ 26
+ 27
+ 28
+ 29
+ 30
+ 31
+ 32
+ 33
+ 34
+ 35
+ 36
+ 37
+ 38
+ 39
+ 40
+ 41
+ 42
+ 43
+ 44
+ 45
+ 46
+ 47
+ 48
+ 49
+ 50
+ 51
+ 52
+ 53
+ 54
+ 55
+ 56
+ 57
+ 58
+ 59
+ 60
+ 61
+ 62
+ 63
+ 64
+ 65
+ 66
+ 67
+ 68
+ 69
+ 70
+ 71
+ 72
+ 73
+ 74
+ 75
+ 76
+ 77
+ 78
+ 79
+ 80
+ 81
+ 82
+ 83
+ 84
+ 85
+ 86
+ 87
+ 88
+ 89
+ 90
+ 91
+ 92
+ 93
+ 94
+ 95
+ 96
+ 97
+ 98
+ 99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+183
+184
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+237
+238
+239
+240
+241
+242
+243
+244
+245
+246
+247
+248
+249
+250
+251
+252
+253
+254
+255
+256
+257
+258
+259
+260
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
+283
+284
+285
+286
+287
+288
+289
+290
+291
+292
+293
+294
+295
+296
+297
+298
+299
+300
+301
+302
+303
+304
+305
+306
+307
+308
+309
+310
+311
+312
+313
+314
+315
+316
+317
+318
+319
+320
+321
+322
+323
+324
+325
+326
+327
+328
+329
+330
+331
+332
+333
+334
+335
+336
+337
+338
+339
+340
+341
+342
+343
+344
+345
+346
+347
+348
+349
+350
+351
+352
+353
+354
+355
+356
+357
+358
+359
+360
+361
+362
+363
+364
+365
+366
+367
+368
+369
+370
+371
+372
+373
+374
+375
+376
+377
+378
+379
+380
+381
+382
+383
+384
+385
+386
+387
+388
+389
+390
+391
+392
+393
+394
+395
+396
+397
+398
+399
+400
+401
+402
+403
+404
+405
+406
+407
+408
+409
+410
+411
+412
+413
+414
+415
+416
+417
+418
+419
+420
+421
+422
+423
+424
+425
+426
+427
+428
+429
+430
+431
+432
+433
+434
+435
+436
+437
+438
+439
+440
+441
+442
+443
+444
+445
+446
+447
+448
+449
+450
+451
+452
+453
+454
+455
+456
+457
+458
+459
+460
+461
+462
+463
+464
+465
+466
+467
+468
+469
+470
+471
+472
+473
+474
+475
+476
+477
+478
+479
+480
+481
+482
+483
+484
+485
+486
+487
+488
+489
+490
+491
+492
+493
+494
+495
+496
+497
+498
+499
+500
+501
+502
+503
+
+use libc::{c_int, c_uint, c_ulong};
+use std::io;
+use std::io::prelude::*;
+use std::iter::repeat;
+use std::mem;
+use std::ptr;
+use bio::{MemBio};
+use crypto::hash;
+use crypto::hash::Type as HashType;
+use ffi;
+use ssl::error::{SslError, StreamError};
+
+#[derive(Copy, Clone)]
+pub enum Parts {
+    Neither,
+    Public,
+    Both
+}
+
+/// Represents a role an asymmetric key might be appropriate for.
+#[derive(Copy, Clone)]
+pub enum Role {
+    Encrypt,
+    Decrypt,
+    Sign,
+    Verify
+}
+
+/// Type of encryption padding to use.
+#[derive(Copy, Clone)]
+pub enum EncryptionPadding {
+    OAEP,
+    PKCS1v15
+}
+
+fn openssl_padding_code(padding: EncryptionPadding) -> c_int {
+    match padding {
+        EncryptionPadding::OAEP => 4,
+        EncryptionPadding::PKCS1v15 => 1
+    }
+}
+
+fn openssl_hash_nid(hash: HashType) -> c_int {
+    match hash {
+        HashType::MD5       => 4,   // NID_md5,
+        HashType::SHA1      => 64,  // NID_sha1
+        HashType::SHA224    => 675, // NID_sha224
+        HashType::SHA256    => 672, // NID_sha256
+        HashType::SHA384    => 673, // NID_sha384
+        HashType::SHA512    => 674, // NID_sha512
+        HashType::RIPEMD160 => 117, // NID_ripemd160
+    }
+}
+
+pub struct PKey {
+    evp: *mut ffi::EVP_PKEY,
+    parts: Parts,
+}
+
+/// Represents a public key, optionally with a private key attached.
+impl PKey {
+    pub fn new() -> PKey {
+        unsafe {
+            ffi::init();
+
+            PKey {
+                evp: ffi::EVP_PKEY_new(),
+                parts: Parts::Neither,
+            }
+        }
+    }
+
+    pub fn from_handle(handle: *mut ffi::EVP_PKEY, parts: Parts) -> PKey {
+        ffi::init();
+        assert!(!handle.is_null());
+
+        PKey {
+            evp: handle,
+            parts: parts,
+        }
+    }
+
+    /// Reads private key from PEM, takes ownership of handle
+    pub fn private_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError> where R: Read {
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+
+        unsafe {
+            let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(),
+                                                                 ptr::null_mut(),
+                                                                 None, ptr::null_mut()));
+            Ok(PKey {
+                evp:   evp,
+                parts: Parts::Both,
+            })
+        }
+    }
+
+    fn _tostr(&self, f: unsafe extern "C" fn(*mut ffi::RSA, *const *mut u8) -> c_int) -> Vec<u8> {
+        unsafe {
+            let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
+            let len = f(rsa, ptr::null());
+            if len < 0 as c_int { return vec!(); }
+            let mut s = repeat(0u8).take(len as usize).collect::<Vec<_>>();
+
+            let r = f(rsa, &s.as_mut_ptr());
+
+            s.truncate(r as usize);
+            s
+        }
+    }
+
+    fn _fromstr(&mut self, s: &[u8], f: unsafe extern "C" fn(*const *mut ffi::RSA, *const *const u8, c_uint) -> *mut ffi::RSA) {
+        unsafe {
+            let rsa = ptr::null_mut();
+            f(&rsa, &s.as_ptr(), s.len() as c_uint);
+            ffi::EVP_PKEY_set1_RSA(self.evp, rsa);
+        }
+    }
+
+    pub fn gen(&mut self, keysz: usize) {
+        unsafe {
+            let rsa = ffi::RSA_generate_key(
+                keysz as c_int,
+                65537 as c_ulong,
+                ptr::null(),
+                ptr::null()
+            );
+
+            // XXX: 6 == NID_rsaEncryption
+            ffi::EVP_PKEY_assign(
+                self.evp,
+                6 as c_int,
+                mem::transmute(rsa));
+
+            self.parts = Parts::Both;
+        }
+    }
+
+    /**
+     * Returns a serialized form of the public key, suitable for load_pub().
+     */
+    pub fn save_pub(&self) -> Vec<u8> {
+        self._tostr(ffi::i2d_RSA_PUBKEY)
+    }
+
+    /**
+     * Loads a serialized form of the public key, as produced by save_pub().
+     */
+    pub fn load_pub(&mut self, s: &[u8]) {
+        self._fromstr(s, ffi::d2i_RSA_PUBKEY);
+        self.parts = Parts::Public;
+    }
+
+    /**
+     * Returns a serialized form of the public and private keys, suitable for
+     * load_priv().
+     */
+    pub fn save_priv(&self) -> Vec<u8> {
+        self._tostr(ffi::i2d_RSAPrivateKey)
+    }
+    /**
+     * Loads a serialized form of the public and private keys, as produced by
+     * save_priv().
+     */
+    pub fn load_priv(&mut self, s: &[u8]) {
+        self._fromstr(s, ffi::d2i_RSAPrivateKey);
+        self.parts = Parts::Both;
+    }
+
+    /// Stores private key as a PEM
+    // FIXME: also add password and encryption
+    pub fn write_pem<W: Write>(&self, writer: &mut W/*, password: Option<String>*/) -> Result<(), SslError> {
+        let mut mem_bio = try!(MemBio::new());
+        unsafe {
+            try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), self.evp, ptr::null(),
+                                                   ptr::null_mut(), -1, None, ptr::null_mut()));
+
+        }
+        let mut buf = vec![];
+        try!(mem_bio.read_to_end(&mut buf).map_err(StreamError));
+        writer.write_all(&buf).map_err(StreamError)
+    }
+
+    /**
+     * Returns the size of the public key modulus.
+     */
+    pub fn size(&self) -> usize {
+        unsafe {
+            ffi::RSA_size(ffi::EVP_PKEY_get1_RSA(self.evp)) as usize
+        }
+    }
+
+    /**
+     * Returns whether this pkey object can perform the specified role.
+     */
+    pub fn can(&self, r: Role) -> bool {
+        match r {
+            Role::Encrypt =>
+                match self.parts {
+                    Parts::Neither => false,
+                    _ => true,
+                },
+            Role::Verify =>
+                match self.parts {
+                    Parts::Neither => false,
+                    _ => true,
+                },
+            Role::Decrypt =>
+                match self.parts {
+                    Parts::Both => true,
+                    _ => false,
+                },
+            Role::Sign =>
+                match self.parts {
+                    Parts::Both => true,
+                    _ => false,
+                },
+        }
+    }
+
+    /**
+     * Returns the maximum amount of data that can be encrypted by an encrypt()
+     * call.
+     */
+    pub fn max_data(&self) -> usize {
+        unsafe {
+            let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
+            let len = ffi::RSA_size(rsa);
+
+            // 41 comes from RSA_public_encrypt(3) for OAEP
+            len as usize - 41
+        }
+    }
+
+    pub fn encrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> {
+        unsafe {
+            let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
+            let len = ffi::RSA_size(rsa);
+
+            assert!(s.len() < self.max_data());
+
+            let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
+
+            let rv = ffi::RSA_public_encrypt(
+                s.len() as c_int,
+                s.as_ptr(),
+                r.as_mut_ptr(),
+                rsa,
+                openssl_padding_code(padding));
+
+            if rv < 0 as c_int {
+                vec!()
+            } else {
+                r.truncate(rv as usize);
+                r
+            }
+        }
+    }
+
+    pub fn decrypt_with_padding(&self, s: &[u8], padding: EncryptionPadding) -> Vec<u8> {
+        unsafe {
+            let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
+            let len = ffi::RSA_size(rsa);
+
+            assert_eq!(s.len() as c_int, ffi::RSA_size(rsa));
+
+            let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
+
+            let rv = ffi::RSA_private_decrypt(
+                s.len() as c_int,
+                s.as_ptr(),
+                r.as_mut_ptr(),
+                rsa,
+                openssl_padding_code(padding));
+
+            if rv < 0 as c_int {
+                vec!()
+            } else {
+                r.truncate(rv as usize);
+                r
+            }
+        }
+    }
+
+    /**
+     * Encrypts data using OAEP padding, returning the encrypted data. The
+     * supplied data must not be larger than max_data().
+     */
+    pub fn encrypt(&self, s: &[u8]) -> Vec<u8> { self.encrypt_with_padding(s, EncryptionPadding::OAEP) }
+
+    /**
+     * Decrypts data, expecting OAEP padding, returning the decrypted data.
+     */
+    pub fn decrypt(&self, s: &[u8]) -> Vec<u8> { self.decrypt_with_padding(s, EncryptionPadding::OAEP) }
+
+    /**
+     * Signs data, using OpenSSL's default scheme and adding sha256 ASN.1 information to the
+     * signature.
+     * The bytes to sign must be the result of a sha256 hashing;
+     * returns the signature.
+     */
+    pub fn sign(&self, s: &[u8]) -> Vec<u8> { self.sign_with_hash(s, HashType::SHA256) }
+
+    /**
+     * Verifies a signature s (using OpenSSL's default scheme and sha256) on the SHA256 hash of a
+     * message.
+     * Returns true if the signature is valid, and false otherwise.
+     */
+    pub fn verify(&self, h: &[u8], s: &[u8]) -> bool { self.verify_with_hash(h, s, HashType::SHA256) }
+
+    /**
+     * Signs data, using OpenSSL's default scheme and add ASN.1 information for the given hash type to the
+     * signature.
+     * The bytes to sign must be the result of this type of hashing;
+     * returns the signature.
+     */
+    pub fn sign_with_hash(&self, s: &[u8], hash: hash::Type) -> Vec<u8> {
+        unsafe {
+            let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
+            let len = ffi::RSA_size(rsa);
+            let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
+
+            let mut len = 0;
+            let rv = ffi::RSA_sign(
+                openssl_hash_nid(hash),
+                s.as_ptr(),
+                s.len() as c_uint,
+                r.as_mut_ptr(),
+                &mut len,
+                rsa);
+
+            if rv < 0 as c_int {
+                vec!()
+            } else {
+                r.truncate(len as usize);
+                r
+            }
+        }
+    }
+
+    pub fn verify_with_hash(&self, h: &[u8], s: &[u8], hash: hash::Type) -> bool {
+        unsafe {
+            let rsa = ffi::EVP_PKEY_get1_RSA(self.evp);
+
+            let rv = ffi::RSA_verify(
+                openssl_hash_nid(hash),
+                h.as_ptr(),
+                h.len() as c_uint,
+                s.as_ptr(),
+                s.len() as c_uint,
+                rsa
+            );
+
+            rv == 1 as c_int
+        }
+    }
+
+    pub unsafe fn get_handle(&self) -> *mut ffi::EVP_PKEY {
+        return self.evp
+    }
+
+    pub fn public_eq(&self, other: &PKey) -> bool {
+        unsafe { ffi::EVP_PKEY_cmp(self.evp, other.evp) == 1 }
+    }
+}
+
+impl Drop for PKey {
+    fn drop(&mut self) {
+        unsafe {
+            ffi::EVP_PKEY_free(self.evp);
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use std::path::Path;
+    use std::fs::File;
+    use crypto::hash::Type::{MD5, SHA1};
+
+    #[test]
+    fn test_gen_pub() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        k0.gen(512);
+        k1.load_pub(&k0.save_pub());
+        assert_eq!(k0.save_pub(), k1.save_pub());
+        assert!(k0.public_eq(&k1));
+        assert_eq!(k0.size(), k1.size());
+        assert!(k0.can(super::Role::Encrypt));
+        assert!(k0.can(super::Role::Decrypt));
+        assert!(k0.can(super::Role::Verify));
+        assert!(k0.can(super::Role::Sign));
+        assert!(k1.can(super::Role::Encrypt));
+        assert!(!k1.can(super::Role::Decrypt));
+        assert!(k1.can(super::Role::Verify));
+        assert!(!k1.can(super::Role::Sign));
+    }
+
+    #[test]
+    fn test_gen_priv() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        k0.gen(512);
+        k1.load_priv(&k0.save_priv());
+        assert_eq!(k0.save_priv(), k1.save_priv());
+        assert!(k0.public_eq(&k1));
+        assert_eq!(k0.size(), k1.size());
+        assert!(k0.can(super::Role::Encrypt));
+        assert!(k0.can(super::Role::Decrypt));
+        assert!(k0.can(super::Role::Verify));
+        assert!(k0.can(super::Role::Sign));
+        assert!(k1.can(super::Role::Encrypt));
+        assert!(k1.can(super::Role::Decrypt));
+        assert!(k1.can(super::Role::Verify));
+        assert!(k1.can(super::Role::Sign));
+    }
+
+    #[test]
+    fn test_private_key_from_pem() {
+        let key_path = Path::new("test/key.pem");
+        let mut file = File::open(&key_path)
+            .ok()
+            .expect("Failed to open `test/key.pem`");
+
+        super::PKey::private_key_from_pem(&mut file).unwrap();
+    }
+
+    #[test]
+    fn test_encrypt() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
+        k0.gen(512);
+        k1.load_pub(&k0.save_pub());
+        let emsg = k1.encrypt(&msg);
+        let dmsg = k0.decrypt(&emsg);
+        assert!(msg == dmsg);
+    }
+
+    #[test]
+    fn test_encrypt_pkcs() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
+        k0.gen(512);
+        k1.load_pub(&k0.save_pub());
+        let emsg = k1.encrypt_with_padding(&msg, super::EncryptionPadding::PKCS1v15);
+        let dmsg = k0.decrypt_with_padding(&emsg, super::EncryptionPadding::PKCS1v15);
+        assert!(msg == dmsg);
+    }
+
+    #[test]
+    fn test_sign() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
+        k0.gen(512);
+        k1.load_pub(&k0.save_pub());
+        let sig = k0.sign(&msg);
+        let rv = k1.verify(&msg, &sig);
+        assert!(rv == true);
+    }
+
+    #[test]
+    fn test_sign_hashes() {
+        let mut k0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        let msg = vec!(0xdeu8, 0xadu8, 0xd0u8, 0x0du8);
+        k0.gen(512);
+        k1.load_pub(&k0.save_pub());
+
+        let sig = k0.sign_with_hash(&msg, MD5);
+
+        assert!(k1.verify_with_hash(&msg, &sig, MD5));
+        assert!(!k1.verify_with_hash(&msg, &sig, SHA1));
+    }
+
+    #[test]
+    fn test_eq() {
+        let mut k0 = super::PKey::new();
+        let mut p0 = super::PKey::new();
+        let mut k1 = super::PKey::new();
+        let mut p1 = super::PKey::new();
+        k0.gen(512);
+        k1.gen(512);
+        p0.load_pub(&k0.save_pub());
+        p1.load_pub(&k1.save_pub());
+
+        assert!(k0.public_eq(&k0));
+        assert!(k1.public_eq(&k1));
+        assert!(p0.public_eq(&p0));
+        assert!(p1.public_eq(&p1));
+        assert!(k0.public_eq(&p0));
+        assert!(k1.public_eq(&p1));
+
+        assert!(!k0.public_eq(&k1));
+        assert!(!p0.public_eq(&p1));
+        assert!(!k0.public_eq(&p1));
+        assert!(!p0.public_eq(&k1));
+    }
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/rand.rs.html b/src/openssl/crypto/rand.rs.html new file mode 100644 index 0000000..fd6f00a --- /dev/null +++ b/src/openssl/crypto/rand.rs.html @@ -0,0 +1,151 @@ + + + + + + + + + + rand.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
 1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+
+use libc::c_int;
+use ffi;
+
+pub fn rand_bytes(len: usize) -> Vec<u8> {
+    unsafe {
+        let mut out = Vec::with_capacity(len);
+
+        ffi::init();
+        let r = ffi::RAND_bytes(out.as_mut_ptr(), len as c_int);
+        if r != 1 as c_int { panic!() }
+
+        out.set_len(len);
+
+        out
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::rand_bytes;
+
+    #[test]
+    fn test_rand_bytes() {
+        let bytes = rand_bytes(32);
+        println!("{:?}", bytes);
+    }
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file diff --git a/src/openssl/crypto/symm.rs.html b/src/openssl/crypto/symm.rs.html new file mode 100644 index 0000000..5cbd394 --- /dev/null +++ b/src/openssl/crypto/symm.rs.html @@ -0,0 +1,721 @@ + + + + + + + + + + symm.rs.html -- source + + + + + + + + + + + +
+ + +
+ + + + 
  1
+  2
+  3
+  4
+  5
+  6
+  7
+  8
+  9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 17
+ 18
+ 19
+ 20
+ 21
+ 22
+ 23
+ 24
+ 25
+ 26
+ 27
+ 28
+ 29
+ 30
+ 31
+ 32
+ 33
+ 34
+ 35
+ 36
+ 37
+ 38
+ 39
+ 40
+ 41
+ 42
+ 43
+ 44
+ 45
+ 46
+ 47
+ 48
+ 49
+ 50
+ 51
+ 52
+ 53
+ 54
+ 55
+ 56
+ 57
+ 58
+ 59
+ 60
+ 61
+ 62
+ 63
+ 64
+ 65
+ 66
+ 67
+ 68
+ 69
+ 70
+ 71
+ 72
+ 73
+ 74
+ 75
+ 76
+ 77
+ 78
+ 79
+ 80
+ 81
+ 82
+ 83
+ 84
+ 85
+ 86
+ 87
+ 88
+ 89
+ 90
+ 91
+ 92
+ 93
+ 94
+ 95
+ 96
+ 97
+ 98
+ 99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+183
+184
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+237
+238
+239
+240
+241
+242
+243
+244
+245
+246
+247
+248
+249
+250
+251
+252
+253
+254
+255
+256
+257
+258
+259
+260
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
+283
+284
+285
+286
+287
+288
+289
+290
+291
+292
+293
+294
+295
+296
+297
+298
+299
+300
+301
+302
+303
+304
+305
+306
+307
+308
+309
+310
+311
+312
+
+use std::iter::repeat;
+use std::convert::AsRef;
+use libc::{c_int};
+
+use ffi;
+
+#[derive(Copy, Clone)]
+pub enum Mode {
+    Encrypt,
+    Decrypt,
+}
+
+#[allow(non_camel_case_types)]
+#[derive(Copy, Clone)]
+pub enum Type {
+    AES_128_ECB,
+    AES_128_CBC,
+    /// Requires the `aes_xts` feature
+    #[cfg(feature = "aes_xts")]
+    AES_128_XTS,
+    // AES_128_CTR,
+    //AES_128_GCM,
+
+    AES_256_ECB,
+    AES_256_CBC,
+    /// Requires the `aes_xts` feature
+    #[cfg(feature = "aes_xts")]
+    AES_256_XTS,
+    // AES_256_CTR,
+    //AES_256_GCM,
+
+    RC4_128,
+}
+
+fn evpc(t: Type) -> (*const ffi::EVP_CIPHER, u32, u32) {
+    unsafe {
+        match t {
+            Type::AES_128_ECB => (ffi::EVP_aes_128_ecb(), 16, 16),
+            Type::AES_128_CBC => (ffi::EVP_aes_128_cbc(), 16, 16),
+            #[cfg(feature = "aes_xts")]
+            Type::AES_128_XTS => (ffi::EVP_aes_128_xts(), 32, 16),
+            // AES_128_CTR => (EVP_aes_128_ctr(), 16, 0),
+            //AES_128_GCM => (EVP_aes_128_gcm(), 16, 16),
+
+            Type::AES_256_ECB => (ffi::EVP_aes_256_ecb(), 32, 16),
+            Type::AES_256_CBC => (ffi::EVP_aes_256_cbc(), 32, 16),
+            #[cfg(feature = "aes_xts")]
+            Type::AES_256_XTS => (ffi::EVP_aes_256_xts(), 64, 16),
+            // AES_256_CTR => (EVP_aes_256_ctr(), 32, 0),
+            //AES_256_GCM => (EVP_aes_256_gcm(), 32, 16),
+
+            Type::RC4_128 => (ffi::EVP_rc4(), 16, 0),
+        }
+    }
+}
+
+/// Represents a symmetric cipher context.
+pub struct Crypter {
+    evp: *const ffi::EVP_CIPHER,
+    ctx: *mut ffi::EVP_CIPHER_CTX,
+    keylen: u32,
+    blocksize: u32,
+}
+
+impl Crypter {
+    pub fn new(t: Type) -> Crypter {
+        ffi::init();
+
+        let ctx = unsafe { ffi::EVP_CIPHER_CTX_new() };
+        let (evp, keylen, blocksz) = evpc(t);
+        Crypter { evp: evp, ctx: ctx, keylen: keylen, blocksize: blocksz }
+    }
+
+    /**
+     * Enables or disables padding. If padding is disabled, total amount of
+     * data encrypted must be a multiple of block size.
+     */
+    pub fn pad(&self, padding: bool) {
+        if self.blocksize > 0 {
+            unsafe {
+                let v = if padding { 1 as c_int } else { 0 };
+                ffi::EVP_CIPHER_CTX_set_padding(self.ctx, v);
+            }
+        }
+    }
+
+    /**
+     * Initializes this crypter.
+     */
+    pub fn init<T: AsRef<[u8]>>(&self, mode: Mode, key: &[u8], iv: T) {
+        unsafe {
+            let mode = match mode {
+                Mode::Encrypt => 1 as c_int,
+                Mode::Decrypt => 0 as c_int,
+            };
+            assert_eq!(key.len(), self.keylen as usize);
+
+            ffi::EVP_CipherInit(
+                self.ctx,
+                self.evp,
+                key.as_ptr(),
+                iv.as_ref().as_ptr(),
+                mode
+            );
+        }
+    }
+
+    /**
+     * Update this crypter with more data to encrypt or decrypt. Returns
+     * encrypted or decrypted bytes.
+     */
+    pub fn update(&self, data: &[u8]) -> Vec<u8> {
+        unsafe {
+            let sum = data.len() + (self.blocksize as usize);
+            let mut res = repeat(0u8).take(sum).collect::<Vec<_>>();
+            let mut reslen = sum as c_int;
+
+            ffi::EVP_CipherUpdate(
+                self.ctx,
+                res.as_mut_ptr(),
+                &mut reslen,
+                data.as_ptr(),
+                data.len() as c_int
+            );
+
+            res.truncate(reslen as usize);
+            res
+        }
+    }
+
+    /**
+     * Finish crypting. Returns the remaining partial block of output, if any.
+     */
+    pub fn finalize(&self) -> Vec<u8> {
+        unsafe {
+            let mut res = repeat(0u8).take(self.blocksize as usize).collect::<Vec<_>>();
+            let mut reslen = self.blocksize as c_int;
+
+            ffi::EVP_CipherFinal(self.ctx,
+                                       res.as_mut_ptr(),
+                                       &mut reslen);
+
+            res.truncate(reslen as usize);
+            res
+        }
+    }
+}
+
+impl Drop for Crypter {
+    fn drop(&mut self) {
+        unsafe {
+            ffi::EVP_CIPHER_CTX_free(self.ctx);
+        }
+    }
+}
+
+/**
+ * Encrypts data, using the specified crypter type in encrypt mode with the
+ * specified key and iv; returns the resulting (encrypted) data.
+ */
+pub fn encrypt<T: AsRef<[u8]>>(t: Type, key: &[u8], iv: T, data: &[u8]) -> Vec<u8> {
+    let c = Crypter::new(t);
+    c.init(Mode::Encrypt, key, iv);
+    let mut r = c.update(data);
+    let rest = c.finalize();
+    r.extend(rest.into_iter());
+    r
+}
+
+/**
+ * Decrypts data, using the specified crypter type in decrypt mode with the
+ * specified key and iv; returns the resulting (decrypted) data.
+ */
+pub fn decrypt<T: AsRef<[u8]>>(t: Type, key: &[u8], iv: T, data: &[u8]) -> Vec<u8> {
+    let c = Crypter::new(t);
+    c.init(Mode::Decrypt, key, iv);
+    let mut r = c.update(data);
+    let rest = c.finalize();
+    r.extend(rest.into_iter());
+    r
+}
+
+#[cfg(test)]
+mod tests {
+    use serialize::hex::FromHex;
+
+    // Test vectors from FIPS-197:
+    // http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+    #[test]
+    fn test_aes_256_ecb() {
+        let k0 =
+           [0x00u8, 0x01u8, 0x02u8, 0x03u8, 0x04u8, 0x05u8, 0x06u8, 0x07u8,
+            0x08u8, 0x09u8, 0x0au8, 0x0bu8, 0x0cu8, 0x0du8, 0x0eu8, 0x0fu8,
+            0x10u8, 0x11u8, 0x12u8, 0x13u8, 0x14u8, 0x15u8, 0x16u8, 0x17u8,
+            0x18u8, 0x19u8, 0x1au8, 0x1bu8, 0x1cu8, 0x1du8, 0x1eu8, 0x1fu8];
+        let p0 =
+           [0x00u8, 0x11u8, 0x22u8, 0x33u8, 0x44u8, 0x55u8, 0x66u8, 0x77u8,
+            0x88u8, 0x99u8, 0xaau8, 0xbbu8, 0xccu8, 0xddu8, 0xeeu8, 0xffu8];
+        let c0 =
+           [0x8eu8, 0xa2u8, 0xb7u8, 0xcau8, 0x51u8, 0x67u8, 0x45u8, 0xbfu8,
+            0xeau8, 0xfcu8, 0x49u8, 0x90u8, 0x4bu8, 0x49u8, 0x60u8, 0x89u8];
+        let c = super::Crypter::new(super::Type::AES_256_ECB);
+        c.init(super::Mode::Encrypt, &k0, &[]);
+        c.pad(false);
+        let mut r0 = c.update(&p0);
+        r0.extend(c.finalize().into_iter());
+        assert!(r0 == c0);
+        c.init(super::Mode::Decrypt, &k0, &[]);
+        c.pad(false);
+        let mut p1 = c.update(&r0);
+        p1.extend(c.finalize().into_iter());
+        assert!(p1 == p0);
+    }
+
+    #[test]
+    fn test_aes_256_cbc_decrypt() {
+        let cr = super::Crypter::new(super::Type::AES_256_CBC);
+        let iv = [
+            4_u8, 223_u8, 153_u8, 219_u8, 28_u8, 142_u8, 234_u8, 68_u8, 227_u8,
+            69_u8, 98_u8, 107_u8, 208_u8, 14_u8, 236_u8, 60_u8, 0_u8, 0_u8,
+            0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8, 0_u8,
+            0_u8, 0_u8, 0_u8
+        ];
+        let data = [
+            143_u8, 210_u8, 75_u8, 63_u8, 214_u8, 179_u8, 155_u8,
+            241_u8, 242_u8, 31_u8, 154_u8, 56_u8, 198_u8, 145_u8, 192_u8, 64_u8,
+            2_u8, 245_u8, 167_u8, 220_u8, 55_u8, 119_u8, 233_u8, 136_u8, 139_u8,
+            27_u8, 71_u8, 242_u8, 119_u8, 175_u8, 65_u8, 207_u8
+        ];
+        let ciphered_data = [
+            0x4a_u8, 0x2e_u8, 0xe5_u8, 0x6_u8, 0xbf_u8, 0xcf_u8, 0xf2_u8, 0xd7_u8,
+            0xea_u8, 0x2d_u8, 0xb1_u8, 0x85_u8, 0x6c_u8, 0x93_u8, 0x65_u8, 0x6f_u8
+            ];
+        cr.init(super::Mode::Decrypt, &data, &iv);
+        cr.pad(false);
+        let unciphered_data_1 = cr.update(&ciphered_data);
+        let unciphered_data_2 = cr.finalize();
+
+        let expected_unciphered_data = b"I love turtles.\x01";
+
+        assert!(unciphered_data_2.len() == 0);
+
+        assert_eq!(&unciphered_data_1, expected_unciphered_data);
+    }
+
+    fn cipher_test(ciphertype: super::Type, pt: &str, ct: &str, key: &str, iv: &str) {
+        use serialize::hex::ToHex;
+
+        let cipher = super::Crypter::new(ciphertype);
+        cipher.init(super::Mode::Encrypt, &key.from_hex().unwrap(), &iv.from_hex().unwrap());
+
+        let expected = ct.from_hex().unwrap();
+        let mut computed = cipher.update(&pt.from_hex().unwrap());
+        computed.extend(cipher.finalize().into_iter());
+
+        if computed != expected {
+            println!("Computed: {}", computed.to_hex());
+            println!("Expected: {}", expected.to_hex());
+            if computed.len() != expected.len() {
+                println!("Lengths differ: {} in computed vs {} expected",
+                         computed.len(), expected.len());
+            }
+            panic!("test failure");
+        }
+    }
+
+    #[test]
+    fn test_rc4() {
+
+        let pt = "0000000000000000000000000000000000000000000000000000000000000000000000000000";
+        let ct = "A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4";
+        let key = "97CD440324DA5FD1F7955C1C13B6B466";
+        let iv = "";
+
+        cipher_test(super::Type::RC4_128, pt, ct, key, iv);
+    }
+
+    #[test]
+    #[cfg(feature = "aes_xts")]
+    fn test_aes256_xts() {
+        // Test case 174 from
+        // http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
+        let pt = "77f4ef63d734ebd028508da66c22cdebdd52ecd6ee2ab0a50bc8ad0cfd692ca5fcd4e6dedc45df7f6503f462611dc542";
+        let ct = "ce7d905a7776ac72f240d22aafed5e4eb7566cdc7211220e970da634ce015f131a5ecb8d400bc9e84f0b81d8725dbbc7";
+        let key = "b6bfef891f83b5ff073f2231267be51eb084b791fa19a154399c0684c8b2dfcb37de77d28bbda3b4180026ad640b74243b3133e7b9fae629403f6733423dae28";
+        let iv = "db200efb7eaaa737dbdf40babb68953f";
+
+        cipher_test(super::Type::AES_256_XTS, pt, ct, key, iv);
+    }
+
+    /*#[test]
+    fn test_aes128_ctr() {
+
+        let pt = ~"6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710";
+        let ct = ~"874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDBD5D35E5B4F09020DB03EAB1E031DDA2FBE03D1792170A0F3009CEE";
+        let key = ~"2B7E151628AED2A6ABF7158809CF4F3C";
+        let iv = ~"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF";
+
+        cipher_test(super::AES_128_CTR, pt, ct, key, iv);
+    }*/
+
+    /*#[test]
+    fn test_aes128_gcm() {
+        // Test case 3 in GCM spec
+        let pt = ~"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255";
+        let ct = ~"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62cf35abd2ba6fab4";
+        let key = ~"feffe9928665731c6d6a8f9467308308";
+        let iv = ~"cafebabefacedbaddecaf888";
+
+        cipher_test(super::AES_128_GCM, pt, ct, key, iv);
+    }*/
+}
+
+
+ + +
+ + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3