1 //! Message signatures.
3 //! The `Signer` allows for the computation of cryptographic signatures of
4 //! data given a private key. The `Verifier` can then be used with the
5 //! corresponding public key to verify the integrity and authenticity of that
6 //! data given the signature.
10 //! Sign and verify data given an RSA keypair:
13 //! use openssl::sign::{Signer, Verifier};
14 //! use openssl::rsa::Rsa;
15 //! use openssl::pkey::PKey;
16 //! use openssl::hash::MessageDigest;
18 //! // Generate a keypair
19 //! let keypair = Rsa::generate(2048).unwrap();
20 //! let keypair = PKey::from_rsa(keypair).unwrap();
22 //! let data = b"hello, world!";
23 //! let data2 = b"hola, mundo!";
26 //! let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
27 //! signer.update(data).unwrap();
28 //! signer.update(data2).unwrap();
29 //! let signature = signer.sign_to_vec().unwrap();
31 //! // Verify the data
32 //! let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap();
33 //! verifier.update(data).unwrap();
34 //! verifier.update(data2).unwrap();
35 //! assert!(verifier.verify(&signature).unwrap());
41 //! use openssl::hash::MessageDigest;
42 //! use openssl::memcmp;
43 //! use openssl::pkey::PKey;
44 //! use openssl::sign::Signer;
47 //! let key = PKey::hmac(b"my secret").unwrap();
49 //! let data = b"hello, world!";
50 //! let data2 = b"hola, mundo!";
52 //! // Compute the HMAC
53 //! let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
54 //! signer.update(data).unwrap();
55 //! signer.update(data2).unwrap();
56 //! let hmac = signer.sign_to_vec().unwrap();
58 //! // `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead
60 //! // Do not simply check for equality with `==`!
61 //! # let target = hmac.clone();
62 //! assert!(memcmp::eq(&hmac, &target));
65 use foreign_types
::ForeignTypeRef
;
67 use std
::io
::{self, Write}
;
68 use std
::marker
::PhantomData
;
71 use crate::error
::ErrorStack
;
72 use crate::hash
::MessageDigest
;
73 use crate::pkey
::{HasPrivate, HasPublic, PKeyRef}
;
74 use crate::rsa
::Padding
;
75 use crate::{cvt, cvt_p}
;
79 use ffi
::{EVP_MD_CTX_free, EVP_MD_CTX_new}
;
81 use ffi
::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free}
;
85 /// Salt lengths that must be used with `set_rsa_pss_saltlen`.
86 pub struct RsaPssSaltlen(c_int
);
89 /// Returns the integer representation of `RsaPssSaltlen`.
90 fn as_raw(&self) -> c_int
{
94 /// Sets the salt length to the given value.
95 pub fn custom(val
: c_int
) -> RsaPssSaltlen
{
99 /// The salt length is set to the digest length.
100 /// Corresponds to the special value `-1`.
101 pub const DIGEST_LENGTH
: RsaPssSaltlen
= RsaPssSaltlen(-1);
102 /// The salt length is set to the maximum permissible value.
103 /// Corresponds to the special value `-2`.
104 pub const MAXIMUM_LENGTH
: RsaPssSaltlen
= RsaPssSaltlen(-2);
107 /// A type which computes cryptographic signatures of data.
108 pub struct Signer
<'a
> {
109 md_ctx
: *mut ffi
::EVP_MD_CTX
,
110 pctx
: *mut ffi
::EVP_PKEY_CTX
,
111 _p
: PhantomData
<&'
a ()>,
114 unsafe impl<'a
> Sync
for Signer
<'a
> {}
115 unsafe impl<'a
> Send
for Signer
<'a
> {}
117 impl<'a
> Drop
for Signer
<'a
> {
119 // pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
121 EVP_MD_CTX_free(self.md_ctx
);
126 #[allow(clippy::len_without_is_empty)]
127 impl<'a
> Signer
<'a
> {
128 /// Creates a new `Signer`.
130 /// This cannot be used with Ed25519 or Ed448 keys. Please refer to
131 /// `new_without_digest`.
133 /// OpenSSL documentation at [`EVP_DigestSignInit`].
135 /// [`EVP_DigestSignInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
136 pub fn new
<T
>(type_
: MessageDigest
, pkey
: &'a PKeyRef
<T
>) -> Result
<Signer
<'a
>, ErrorStack
>
140 Self::new_intern(Some(type_
), pkey
)
143 /// Creates a new `Signer` without a digest.
145 /// This is the only way to create a `Verifier` for Ed25519 or Ed448 keys.
146 /// It can also be used to create a CMAC.
148 /// OpenSSL documentation at [`EVP_DigestSignInit`].
150 /// [`EVP_DigestSignInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
151 pub fn new_without_digest
<T
>(pkey
: &'a PKeyRef
<T
>) -> Result
<Signer
<'a
>, ErrorStack
>
155 Self::new_intern(None
, pkey
)
159 type_
: Option
<MessageDigest
>,
160 pkey
: &'a PKeyRef
<T
>,
161 ) -> Result
<Signer
<'a
>, ErrorStack
>
168 let ctx
= cvt_p(EVP_MD_CTX_new())?
;
169 let mut pctx
: *mut ffi
::EVP_PKEY_CTX
= ptr
::null_mut();
170 let r
= ffi
::EVP_DigestSignInit(
173 type_
.map(|t
| t
.as_ptr()).unwrap_or(ptr
::null()),
178 EVP_MD_CTX_free(ctx
);
179 return Err(ErrorStack
::get());
182 assert
!(!pctx
.is_null());
192 /// Returns the RSA padding mode in use.
194 /// This is only useful for RSA keys.
196 /// This corresponds to `EVP_PKEY_CTX_get_rsa_padding`.
197 pub fn rsa_padding(&self) -> Result
<Padding
, ErrorStack
> {
200 cvt(ffi
::EVP_PKEY_CTX_get_rsa_padding(self.pctx
, &mut pad
))
201 .map(|_
| Padding
::from_raw(pad
))
205 /// Sets the RSA padding mode.
207 /// This is only useful for RSA keys.
209 /// This corresponds to [`EVP_PKEY_CTX_set_rsa_padding`].
211 /// [`EVP_PKEY_CTX_set_rsa_padding`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_rsa_padding.html
212 pub fn set_rsa_padding(&mut self, padding
: Padding
) -> Result
<(), ErrorStack
> {
214 cvt(ffi
::EVP_PKEY_CTX_set_rsa_padding(
222 /// Sets the RSA PSS salt length.
224 /// This is only useful for RSA keys.
226 /// This corresponds to [`EVP_PKEY_CTX_set_rsa_pss_saltlen`].
228 /// [`EVP_PKEY_CTX_set_rsa_pss_saltlen`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_rsa_pss_saltlen.html
229 pub fn set_rsa_pss_saltlen(&mut self, len
: RsaPssSaltlen
) -> Result
<(), ErrorStack
> {
231 cvt(ffi
::EVP_PKEY_CTX_set_rsa_pss_saltlen(
239 /// Sets the RSA MGF1 algorithm.
241 /// This is only useful for RSA keys.
243 /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`].
245 /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html
246 pub fn set_rsa_mgf1_md(&mut self, md
: MessageDigest
) -> Result
<(), ErrorStack
> {
248 cvt(ffi
::EVP_PKEY_CTX_set_rsa_mgf1_md(
250 md
.as_ptr() as *mut _
,
256 /// Feeds more data into the `Signer`.
258 /// Please note that PureEdDSA (Ed25519 and Ed448 keys) do not support streaming.
259 /// Use `sign_oneshot` instead.
261 /// OpenSSL documentation at [`EVP_DigestUpdate`].
263 /// [`EVP_DigestUpdate`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
264 pub fn update(&mut self, buf
: &[u8]) -> Result
<(), ErrorStack
> {
266 cvt(ffi
::EVP_DigestUpdate(
268 buf
.as_ptr() as *const _
,
275 /// Computes an upper bound on the signature length.
277 /// The actual signature may be shorter than this value. Check the return value of
278 /// `sign` to get the exact length.
280 /// OpenSSL documentation at [`EVP_DigestSignFinal`].
282 /// [`EVP_DigestSignFinal`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestSignFinal.html
283 pub fn len(&self) -> Result
<usize, ErrorStack
> {
288 fn len_intern(&self) -> Result
<usize, ErrorStack
> {
291 cvt(ffi
::EVP_DigestSignFinal(
301 fn len_intern(&self) -> Result
<usize, ErrorStack
> {
304 cvt(ffi
::EVP_DigestSign(
315 /// Writes the signature into the provided buffer, returning the number of bytes written.
317 /// This method will fail if the buffer is not large enough for the signature. Use the `len`
318 /// method to get an upper bound on the required size.
320 /// OpenSSL documentation at [`EVP_DigestSignFinal`].
322 /// [`EVP_DigestSignFinal`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestSignFinal.html
323 pub fn sign(&self, buf
: &mut [u8]) -> Result
<usize, ErrorStack
> {
325 let mut len
= buf
.len();
326 cvt(ffi
::EVP_DigestSignFinal(
328 buf
.as_mut_ptr() as *mut _
,
335 /// Returns the signature.
337 /// This is a simple convenience wrapper over `len` and `sign`.
338 pub fn sign_to_vec(&self) -> Result
<Vec
<u8>, ErrorStack
> {
339 let mut buf
= vec
![0; self.len()?
];
340 let len
= self.sign(&mut buf
)?
;
341 // The advertised length is not always equal to the real length for things like DSA
346 /// Signs the data in data_buf and writes the signature into the buffer sig_buf, returning the
347 /// number of bytes written.
349 /// For PureEdDSA (Ed25519 and Ed448 keys) this is the only way to sign data.
351 /// This method will fail if the buffer is not large enough for the signature. Use the `len`
352 /// method to get an upper bound on the required size.
354 /// OpenSSL documentation at [`EVP_DigestSign`].
356 /// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html
362 ) -> Result
<usize, ErrorStack
> {
364 let mut sig_len
= sig_buf
.len();
365 cvt(ffi
::EVP_DigestSign(
367 sig_buf
.as_mut_ptr() as *mut _
,
369 data_buf
.as_ptr() as *const _
,
376 /// Returns the signature.
378 /// This is a simple convenience wrapper over `len` and `sign_oneshot`.
380 pub fn sign_oneshot_to_vec(&mut self, data_buf
: &[u8]) -> Result
<Vec
<u8>, ErrorStack
> {
381 let mut sig_buf
= vec
![0; self.len()?
];
382 let len
= self.sign_oneshot(&mut sig_buf
, data_buf
)?
;
383 // The advertised length is not always equal to the real length for things like DSA
384 sig_buf
.truncate(len
);
389 impl<'a
> Write
for Signer
<'a
> {
390 fn write(&mut self, buf
: &[u8]) -> io
::Result
<usize> {
395 fn flush(&mut self) -> io
::Result
<()> {
400 pub struct Verifier
<'a
> {
401 md_ctx
: *mut ffi
::EVP_MD_CTX
,
402 pctx
: *mut ffi
::EVP_PKEY_CTX
,
403 pkey_pd
: PhantomData
<&'
a ()>,
406 unsafe impl<'a
> Sync
for Verifier
<'a
> {}
407 unsafe impl<'a
> Send
for Verifier
<'a
> {}
409 impl<'a
> Drop
for Verifier
<'a
> {
411 // pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
413 EVP_MD_CTX_free(self.md_ctx
);
418 /// A type which verifies cryptographic signatures of data.
419 impl<'a
> Verifier
<'a
> {
420 /// Creates a new `Verifier`.
422 /// This cannot be used with Ed25519 or Ed448 keys. Please refer to
423 /// `new_without_digest`.
425 /// OpenSSL documentation at [`EVP_DigestVerifyInit`].
427 /// [`EVP_DigestVerifyInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestVerifyInit.html
428 pub fn new
<T
>(type_
: MessageDigest
, pkey
: &'a PKeyRef
<T
>) -> Result
<Verifier
<'a
>, ErrorStack
>
432 Verifier
::new_intern(Some(type_
), pkey
)
435 /// Creates a new `Verifier` without a digest.
437 /// This is the only way to create a `Verifier` for Ed25519 or Ed448 keys.
439 /// OpenSSL documentation at [`EVP_DigestVerifyInit`].
441 /// [`EVP_DigestVerifyInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestVerifyInit.html
442 pub fn new_without_digest
<T
>(pkey
: &'a PKeyRef
<T
>) -> Result
<Verifier
<'a
>, ErrorStack
>
446 Verifier
::new_intern(None
, pkey
)
450 type_
: Option
<MessageDigest
>,
451 pkey
: &'a PKeyRef
<T
>,
452 ) -> Result
<Verifier
<'a
>, ErrorStack
>
459 let ctx
= cvt_p(EVP_MD_CTX_new())?
;
460 let mut pctx
: *mut ffi
::EVP_PKEY_CTX
= ptr
::null_mut();
461 let r
= ffi
::EVP_DigestVerifyInit(
464 type_
.map(|t
| t
.as_ptr()).unwrap_or(ptr
::null()),
469 EVP_MD_CTX_free(ctx
);
470 return Err(ErrorStack
::get());
473 assert
!(!pctx
.is_null());
478 pkey_pd
: PhantomData
,
483 /// Returns the RSA padding mode in use.
485 /// This is only useful for RSA keys.
487 /// This corresponds to `EVP_PKEY_CTX_get_rsa_padding`.
488 pub fn rsa_padding(&self) -> Result
<Padding
, ErrorStack
> {
491 cvt(ffi
::EVP_PKEY_CTX_get_rsa_padding(self.pctx
, &mut pad
))
492 .map(|_
| Padding
::from_raw(pad
))
496 /// Sets the RSA padding mode.
498 /// This is only useful for RSA keys.
500 /// This corresponds to [`EVP_PKEY_CTX_set_rsa_padding`].
502 /// [`EVP_PKEY_CTX_set_rsa_padding`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_rsa_padding.html
503 pub fn set_rsa_padding(&mut self, padding
: Padding
) -> Result
<(), ErrorStack
> {
505 cvt(ffi
::EVP_PKEY_CTX_set_rsa_padding(
513 /// Sets the RSA PSS salt length.
515 /// This is only useful for RSA keys.
517 /// This corresponds to [`EVP_PKEY_CTX_set_rsa_pss_saltlen`].
519 /// [`EVP_PKEY_CTX_set_rsa_pss_saltlen`]: https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_CTX_set_rsa_pss_saltlen.html
520 pub fn set_rsa_pss_saltlen(&mut self, len
: RsaPssSaltlen
) -> Result
<(), ErrorStack
> {
522 cvt(ffi
::EVP_PKEY_CTX_set_rsa_pss_saltlen(
530 /// Sets the RSA MGF1 algorithm.
532 /// This is only useful for RSA keys.
534 /// This corresponds to [`EVP_PKEY_CTX_set_rsa_mgf1_md`].
536 /// [`EVP_PKEY_CTX_set_rsa_mgf1_md`]: https://www.openssl.org/docs/manmaster/man7/RSA-PSS.html
537 pub fn set_rsa_mgf1_md(&mut self, md
: MessageDigest
) -> Result
<(), ErrorStack
> {
539 cvt(ffi
::EVP_PKEY_CTX_set_rsa_mgf1_md(
541 md
.as_ptr() as *mut _
,
547 /// Feeds more data into the `Verifier`.
549 /// Please note that PureEdDSA (Ed25519 and Ed448 keys) do not support streaming.
550 /// Use `verify_oneshot` instead.
552 /// OpenSSL documentation at [`EVP_DigestUpdate`].
554 /// [`EVP_DigestUpdate`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
555 pub fn update(&mut self, buf
: &[u8]) -> Result
<(), ErrorStack
> {
557 cvt(ffi
::EVP_DigestUpdate(
559 buf
.as_ptr() as *const _
,
566 /// Determines if the data fed into the `Verifier` matches the provided signature.
568 /// OpenSSL documentation at [`EVP_DigestVerifyFinal`].
570 /// [`EVP_DigestVerifyFinal`]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestVerifyFinal.html
571 pub fn verify(&self, signature
: &[u8]) -> Result
<bool
, ErrorStack
> {
574 EVP_DigestVerifyFinal(self.md_ctx
, signature
.as_ptr() as *mut _
, signature
.len());
578 ErrorStack
::get(); // discard error stack
581 _
=> Err(ErrorStack
::get()),
586 /// Determines if the data given in buf matches the provided signature.
588 /// OpenSSL documentation at [`EVP_DigestVerify`].
590 /// [`EVP_DigestVerify`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerify.html
592 pub fn verify_oneshot(&mut self, signature
: &[u8], buf
: &[u8]) -> Result
<bool
, ErrorStack
> {
594 let r
= ffi
::EVP_DigestVerify(
596 signature
.as_ptr() as *const _
,
598 buf
.as_ptr() as *const _
,
607 _
=> Err(ErrorStack
::get()),
613 impl<'a
> Write
for Verifier
<'a
> {
614 fn write(&mut self, buf
: &[u8]) -> io
::Result
<usize> {
619 fn flush(&mut self) -> io
::Result
<()> {
625 use ffi
::EVP_DigestVerifyFinal
;
629 unsafe fn EVP_DigestVerifyFinal(
630 ctx
: *mut ffi
::EVP_MD_CTX
,
631 sigret
: *const ::libc
::c_uchar
,
632 siglen
: ::libc
::size_t
,
634 ffi
::EVP_DigestVerifyFinal(ctx
, sigret
as *mut _
, siglen
)
639 use hex
::{self, FromHex}
;
642 use crate::ec
::{EcGroup, EcKey}
;
643 use crate::hash
::MessageDigest
;
645 use crate::pkey
::PKey
;
646 use crate::rsa
::{Padding, Rsa}
;
648 use crate::sign
::RsaPssSaltlen
;
649 use crate::sign
::{Signer, Verifier}
;
652 "65794a68624763694f694a53557a49314e694a392e65794a7063334d694f694a71623255694c41304b49434a6c\
653 654841694f6a457a4d4441344d546b7a4f44417344516f67496d6830644841364c79396c654746746347786c4c\
654 6d4e76625339706331397962323930496a7030636e566c6651";
656 const SIGNATURE
: &str =
657 "702e218943e88fd11eb5d82dbf7845f34106ae1b81fff7731116add1717d83656d420afd3c96eedd73a2663e51\
658 66687b000b87226e0187ed1073f945e582adfcef16d85a798ee8c66ddb3db8975b17d09402beedd5d9d9700710\
659 8db28160d5f8040ca7445762b81fbe7ff9d92e0ae76f24f25b33bbe6f44ae61eb1040acb20044d3ef9128ed401\
660 30795bd4bd3b41eecad066ab651981fde48df77f372dc38b9fafdd3befb18b5da3cc3c2eb02f9e3a41d612caad\
661 15911273a05f23b9e838faaf849d698429ef5a1e88798236c3d40e604522a544c8f27a7a2db80663d16cf7caea\
662 56de405cb2215a45b2c25566b55ac1a748a070dfc8a32a469543d019eefb47";
666 let key
= include_bytes
!("../test/rsa.pem");
667 let private_key
= Rsa
::private_key_from_pem(key
).unwrap();
668 let pkey
= PKey
::from_rsa(private_key
).unwrap();
670 let mut signer
= Signer
::new(MessageDigest
::sha256(), &pkey
).unwrap();
671 assert_eq
!(signer
.rsa_padding().unwrap(), Padding
::PKCS1
);
672 signer
.set_rsa_padding(Padding
::PKCS1
).unwrap();
673 signer
.update(&Vec
::from_hex(INPUT
).unwrap()).unwrap();
674 let result
= signer
.sign_to_vec().unwrap();
676 assert_eq
!(hex
::encode(result
), SIGNATURE
);
681 let key
= include_bytes
!("../test/rsa.pem");
682 let private_key
= Rsa
::private_key_from_pem(key
).unwrap();
683 let pkey
= PKey
::from_rsa(private_key
).unwrap();
685 let mut verifier
= Verifier
::new(MessageDigest
::sha256(), &pkey
).unwrap();
686 assert_eq
!(verifier
.rsa_padding().unwrap(), Padding
::PKCS1
);
687 verifier
.update(&Vec
::from_hex(INPUT
).unwrap()).unwrap();
688 assert
!(verifier
.verify(&Vec
::from_hex(SIGNATURE
).unwrap()).unwrap());
692 fn rsa_verify_invalid() {
693 let key
= include_bytes
!("../test/rsa.pem");
694 let private_key
= Rsa
::private_key_from_pem(key
).unwrap();
695 let pkey
= PKey
::from_rsa(private_key
).unwrap();
697 let mut verifier
= Verifier
::new(MessageDigest
::sha256(), &pkey
).unwrap();
698 verifier
.update(&Vec
::from_hex(INPUT
).unwrap()).unwrap();
699 verifier
.update(b
"foobar").unwrap();
700 assert
!(!verifier
.verify(&Vec
::from_hex(SIGNATURE
).unwrap()).unwrap());
703 fn test_hmac(ty
: MessageDigest
, tests
: &[(Vec
<u8>, Vec
<u8>, Vec
<u8>)]) {
704 for &(ref key
, ref data
, ref res
) in tests
.iter() {
705 let pkey
= PKey
::hmac(key
).unwrap();
706 let mut signer
= Signer
::new(ty
, &pkey
).unwrap();
707 signer
.update(data
).unwrap();
708 assert_eq
!(signer
.sign_to_vec().unwrap(), *res
);
714 // test vectors from RFC 2202
715 let tests
: [(Vec
<u8>, Vec
<u8>, Vec
<u8>); 7] = [
717 iter
::repeat(0x0b_u8).take(16).collect(),
718 b
"Hi There".to_vec(),
719 Vec
::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap(),
723 b
"what do ya want for nothing?".to_vec(),
724 Vec
::from_hex("750c783e6ab0b503eaa86e310a5db738").unwrap(),
727 iter
::repeat(0xaa_u8).take(16).collect(),
728 iter
::repeat(0xdd_u8).take(50).collect(),
729 Vec
::from_hex("56be34521d144c88dbb8c733f0e8b3f6").unwrap(),
732 Vec
::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
733 iter
::repeat(0xcd_u8).take(50).collect(),
734 Vec
::from_hex("697eaf0aca3a3aea3a75164746ffaa79").unwrap(),
737 iter
::repeat(0x0c_u8).take(16).collect(),
738 b
"Test With Truncation".to_vec(),
739 Vec
::from_hex("56461ef2342edc00f9bab995690efd4c").unwrap(),
742 iter
::repeat(0xaa_u8).take(80).collect(),
743 b
"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
744 Vec
::from_hex("6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd").unwrap(),
747 iter
::repeat(0xaa_u8).take(80).collect(),
748 b
"Test Using Larger Than Block-Size Key \
749 and Larger Than One Block-Size Data"
751 Vec
::from_hex("6f630fad67cda0ee1fb1f562db3aa53e").unwrap(),
755 test_hmac(MessageDigest
::md5(), &tests
);
760 // test vectors from RFC 2202
761 let tests
: [(Vec
<u8>, Vec
<u8>, Vec
<u8>); 7] = [
763 iter
::repeat(0x0b_u8).take(20).collect(),
764 b
"Hi There".to_vec(),
765 Vec
::from_hex("b617318655057264e28bc0b6fb378c8ef146be00").unwrap(),
769 b
"what do ya want for nothing?".to_vec(),
770 Vec
::from_hex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79").unwrap(),
773 iter
::repeat(0xaa_u8).take(20).collect(),
774 iter
::repeat(0xdd_u8).take(50).collect(),
775 Vec
::from_hex("125d7342b9ac11cd91a39af48aa17b4f63f175d3").unwrap(),
778 Vec
::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
779 iter
::repeat(0xcd_u8).take(50).collect(),
780 Vec
::from_hex("4c9007f4026250c6bc8414f9bf50c86c2d7235da").unwrap(),
783 iter
::repeat(0x0c_u8).take(20).collect(),
784 b
"Test With Truncation".to_vec(),
785 Vec
::from_hex("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04").unwrap(),
788 iter
::repeat(0xaa_u8).take(80).collect(),
789 b
"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
790 Vec
::from_hex("aa4ae5e15272d00e95705637ce8a3b55ed402112").unwrap(),
793 iter
::repeat(0xaa_u8).take(80).collect(),
794 b
"Test Using Larger Than Block-Size Key \
795 and Larger Than One Block-Size Data"
797 Vec
::from_hex("e8e99d0f45237d786d6bbaa7965c7808bbff1a91").unwrap(),
801 test_hmac(MessageDigest
::sha1(), &tests
);
807 let cipher
= crate::symm
::Cipher
::aes_128_cbc();
808 let key
= Vec
::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap();
809 let pkey
= PKey
::cmac(&cipher
, &key
).unwrap();
810 let mut signer
= Signer
::new_without_digest(&pkey
).unwrap();
812 let data
= b
"Hi There";
813 signer
.update(data
as &[u8]).unwrap();
816 136, 101, 61, 167, 61, 30, 248, 234, 124, 166, 196, 157, 203, 52, 171, 19,
818 assert_eq
!(signer
.sign_to_vec().unwrap(), expected
);
823 let group
= EcGroup
::from_curve_name(Nid
::X9_62_PRIME256V1
).unwrap();
824 let key
= EcKey
::generate(&group
).unwrap();
825 let key
= PKey
::from_ec_key(key
).unwrap();
827 let mut signer
= Signer
::new(MessageDigest
::sha256(), &key
).unwrap();
828 signer
.update(b
"hello world").unwrap();
829 let signature
= signer
.sign_to_vec().unwrap();
831 let mut verifier
= Verifier
::new(MessageDigest
::sha256(), &key
).unwrap();
832 verifier
.update(b
"hello world").unwrap();
833 assert
!(verifier
.verify(&signature
).unwrap());
839 let key
= PKey
::generate_ed25519().unwrap();
841 let mut signer
= Signer
::new_without_digest(&key
).unwrap();
842 let signature
= signer
.sign_oneshot_to_vec(b
"hello world").unwrap();
844 let mut verifier
= Verifier
::new_without_digest(&key
).unwrap();
845 assert
!(verifier
.verify_oneshot(&signature
, b
"hello world").unwrap());
850 fn rsa_sign_verify() {
851 let key
= include_bytes
!("../test/rsa.pem");
852 let private_key
= Rsa
::private_key_from_pem(key
).unwrap();
853 let pkey
= PKey
::from_rsa(private_key
).unwrap();
855 let mut signer
= Signer
::new(MessageDigest
::sha256(), &pkey
).unwrap();
856 signer
.set_rsa_padding(Padding
::PKCS1_PSS
).unwrap();
857 assert_eq
!(signer
.rsa_padding().unwrap(), Padding
::PKCS1_PSS
);
859 .set_rsa_pss_saltlen(RsaPssSaltlen
::DIGEST_LENGTH
)
861 signer
.set_rsa_mgf1_md(MessageDigest
::sha256()).unwrap();
862 signer
.update(&Vec
::from_hex(INPUT
).unwrap()).unwrap();
863 let signature
= signer
.sign_to_vec().unwrap();
865 let mut verifier
= Verifier
::new(MessageDigest
::sha256(), &pkey
).unwrap();
866 verifier
.set_rsa_padding(Padding
::PKCS1_PSS
).unwrap();
868 .set_rsa_pss_saltlen(RsaPssSaltlen
::DIGEST_LENGTH
)
870 verifier
.set_rsa_mgf1_md(MessageDigest
::sha256()).unwrap();
871 verifier
.update(&Vec
::from_hex(INPUT
).unwrap()).unwrap();
872 assert
!(verifier
.verify(&signature
).unwrap());