]> git.proxmox.com Git - cargo.git/blob - vendor/openssl-0.9.19/src/sign.rs
projects / cargo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New upstream version 0.23.0
[cargo.git] / vendor / openssl-0.9.19 / src / sign.rs
1 //! Message signatures.
2 //!
3 //! The `Signer` allows for the computation of cryptographic signatures of
4 //! data given a private key. The `Verifier` can then be used with the
5 //! corresponding public key to verify the integrity and authenticity of that
6 //! data given the signature.
7 //!
8 //! # Examples
9 //!
10 //! Sign and verify data given an RSA keypair:
11 //!
12 //! ```rust
13 //! use openssl::sign::{Signer, Verifier};
14 //! use openssl::rsa::Rsa;
15 //! use openssl::pkey::PKey;
16 //! use openssl::hash::MessageDigest;
17 //!
18 //! // Generate a keypair
19 //! let keypair = Rsa::generate(2048).unwrap();
20 //! let keypair = PKey::from_rsa(keypair).unwrap();
21 //!
22 //! let data = b"hello, world!";
23 //! let data2 = b"hola, mundo!";
24 //!
25 //! // Sign the data
26 //! let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
27 //! signer.update(data).unwrap();
28 //! signer.update(data2).unwrap();
29 //! let signature = signer.finish().unwrap();
30 //!
31 //! // Verify the data
32 //! let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap();
33 //! verifier.update(data).unwrap();
34 //! verifier.update(data2).unwrap();
35 //! assert!(verifier.finish(&signature).unwrap());
36 //! ```
37 //!
38 //! Compute an HMAC:
39 //!
40 //! ```rust
41 //! use openssl::hash::MessageDigest;
42 //! use openssl::memcmp;
43 //! use openssl::pkey::PKey;
44 //! use openssl::sign::Signer;
45 //!
46 //! // Create a PKey
47 //! let key = PKey::hmac(b"my secret").unwrap();
48 //!
49 //! let data = b"hello, world!";
50 //! let data2 = b"hola, mundo!";
51 //!
52 //! // Compute the HMAC
53 //! let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
54 //! signer.update(data).unwrap();
55 //! signer.update(data2).unwrap();
56 //! let hmac = signer.finish().unwrap();
57 //!
58 //! // `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead
59 //! //
60 //! // Do not simply check for equality with `==`!
61 //! # let target = hmac.clone();
62 //! assert!(memcmp::eq(&hmac, &target));
63 //! ```
64 use ffi;
65 use foreign_types::ForeignTypeRef;
66 use std::io::{self, Write};
67 use std::marker::PhantomData;
68 use std::ptr;
69
70 use {cvt, cvt_p};
71 use hash::MessageDigest;
72 use pkey::{PKeyRef, PKeyCtxRef};
73 use error::ErrorStack;
74
75 #[cfg(ossl110)]
76 use ffi::{EVP_MD_CTX_new, EVP_MD_CTX_free};
77 #[cfg(any(ossl101, ossl102))]
78 use ffi::{EVP_MD_CTX_create as EVP_MD_CTX_new, EVP_MD_CTX_destroy as EVP_MD_CTX_free};
79
80 pub struct Signer<'a> {
81 md_ctx: *mut ffi::EVP_MD_CTX,
82 pkey_ctx: *mut ffi::EVP_PKEY_CTX,
83 pkey_pd: PhantomData<&'a PKeyRef>,
84 }
85
86 impl<'a> Drop for Signer<'a> {
87 fn drop(&mut self) {
88 // pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
89 unsafe {
90 EVP_MD_CTX_free(self.md_ctx);
91 }
92 }
93 }
94
95 impl<'a> Signer<'a> {
96 pub fn new(type_: MessageDigest, pkey: &'a PKeyRef) -> Result<Signer<'a>, ErrorStack> {
97 unsafe {
98 ffi::init();
99
100 let ctx = try!(cvt_p(EVP_MD_CTX_new()));
101 let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut();
102 let r = ffi::EVP_DigestSignInit(
103 ctx,
104 &mut pctx,
105 type_.as_ptr(),
106 ptr::null_mut(),
107 pkey.as_ptr(),
108 );
109 if r != 1 {
110 EVP_MD_CTX_free(ctx);
111 return Err(ErrorStack::get());
112 }
113
114 assert!(!pctx.is_null());
115
116 Ok(Signer {
117 md_ctx: ctx,
118 pkey_ctx: pctx,
119 pkey_pd: PhantomData,
120 })
121 }
122 }
123
124 pub fn pkey_ctx(&self) -> &PKeyCtxRef {
125 unsafe { PKeyCtxRef::from_ptr(self.pkey_ctx) }
126 }
127
128 pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef {
129 unsafe { PKeyCtxRef::from_ptr_mut(self.pkey_ctx) }
130 }
131
132 pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
133 unsafe {
134 cvt(ffi::EVP_DigestUpdate(
135 self.md_ctx,
136 buf.as_ptr() as *const _,
137 buf.len(),
138 )).map(|_| ())
139 }
140 }
141
142 pub fn finish(&self) -> Result<Vec<u8>, ErrorStack> {
143 unsafe {
144 let mut len = 0;
145 try!(cvt(ffi::EVP_DigestSignFinal(
146 self.md_ctx,
147 ptr::null_mut(),
148 &mut len,
149 )));
150 let mut buf = vec![0; len];
151 try!(cvt(ffi::EVP_DigestSignFinal(
152 self.md_ctx,
153 buf.as_mut_ptr() as *mut _,
154 &mut len,
155 )));
156 // The advertised length is not always equal to the real length for things like DSA
157 buf.truncate(len);
158 Ok(buf)
159 }
160 }
161 }
162
163 impl<'a> Write for Signer<'a> {
164 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
165 try!(self.update(buf));
166 Ok(buf.len())
167 }
168
169 fn flush(&mut self) -> io::Result<()> {
170 Ok(())
171 }
172 }
173
174 pub struct Verifier<'a> {
175 md_ctx: *mut ffi::EVP_MD_CTX,
176 pkey_ctx: *mut ffi::EVP_PKEY_CTX,
177 pkey_pd: PhantomData<&'a PKeyRef>,
178 }
179
180 impl<'a> Drop for Verifier<'a> {
181 fn drop(&mut self) {
182 // pkey_ctx is owned by the md_ctx, so no need to explicitly free it.
183 unsafe {
184 EVP_MD_CTX_free(self.md_ctx);
185 }
186 }
187 }
188
189 impl<'a> Verifier<'a> {
190 pub fn new(type_: MessageDigest, pkey: &'a PKeyRef) -> Result<Verifier<'a>, ErrorStack> {
191 unsafe {
192 ffi::init();
193
194 let ctx = try!(cvt_p(EVP_MD_CTX_new()));
195 let mut pctx: *mut ffi::EVP_PKEY_CTX = ptr::null_mut();
196 let r = ffi::EVP_DigestVerifyInit(
197 ctx,
198 &mut pctx,
199 type_.as_ptr(),
200 ptr::null_mut(),
201 pkey.as_ptr(),
202 );
203 if r != 1 {
204 EVP_MD_CTX_free(ctx);
205 return Err(ErrorStack::get());
206 }
207
208 assert!(!pctx.is_null());
209
210 Ok(Verifier {
211 md_ctx: ctx,
212 pkey_ctx: pctx,
213 pkey_pd: PhantomData,
214 })
215 }
216 }
217
218 pub fn pkey_ctx(&self) -> &PKeyCtxRef {
219 unsafe { PKeyCtxRef::from_ptr(self.pkey_ctx) }
220 }
221
222 pub fn pkey_ctx_mut(&mut self) -> &mut PKeyCtxRef {
223 unsafe { PKeyCtxRef::from_ptr_mut(self.pkey_ctx) }
224 }
225
226 pub fn update(&mut self, buf: &[u8]) -> Result<(), ErrorStack> {
227 unsafe {
228 cvt(ffi::EVP_DigestUpdate(
229 self.md_ctx,
230 buf.as_ptr() as *const _,
231 buf.len(),
232 )).map(|_| ())
233 }
234 }
235
236 pub fn finish(&self, signature: &[u8]) -> Result<bool, ErrorStack> {
237 unsafe {
238 let r =
239 EVP_DigestVerifyFinal(self.md_ctx, signature.as_ptr() as *const _, signature.len());
240 match r {
241 1 => Ok(true),
242 0 => {
243 ErrorStack::get(); // discard error stack
244 Ok(false)
245 }
246 _ => Err(ErrorStack::get()),
247 }
248 }
249 }
250 }
251
252 impl<'a> Write for Verifier<'a> {
253 fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
254 try!(self.update(buf));
255 Ok(buf.len())
256 }
257
258 fn flush(&mut self) -> io::Result<()> {
259 Ok(())
260 }
261 }
262
263 #[cfg(not(ossl101))]
264 use ffi::EVP_DigestVerifyFinal;
265
266 #[cfg(ossl101)]
267 #[allow(bad_style)]
268 unsafe fn EVP_DigestVerifyFinal(
269 ctx: *mut ffi::EVP_MD_CTX,
270 sigret: *const ::libc::c_uchar,
271 siglen: ::libc::size_t,
272 ) -> ::libc::c_int {
273 ffi::EVP_DigestVerifyFinal(ctx, sigret as *mut _, siglen)
274 }
275
276 #[cfg(test)]
277 mod test {
278 use hex::FromHex;
279 use std::iter;
280
281 use hash::MessageDigest;
282 use sign::{Signer, Verifier};
283 use ec::{EcGroup, EcKey};
284 use nid;
285 use rsa::{Rsa, PKCS1_PADDING};
286 use dsa::Dsa;
287 use pkey::PKey;
288
289 static INPUT: &'static [u8] = &[
290 101,
291 121,
292 74,
293 104,
294 98,
295 71,
296 99,
297 105,
298 79,
299 105,
300 74,
301 83,
302 85,
303 122,
304 73,
305 49,
306 78,
307 105,
308 74,
309 57,
310 46,
311 101,
312 121,
313 74,
314 112,
315 99,
316 51,
317 77,
318 105,
319 79,
320 105,
321 74,
322 113,
323 98,
324 50,
325 85,
326 105,
327 76,
328 65,
329 48,
330 75,
331 73,
332 67,
333 74,
334 108,
335 101,
336 72,
337 65,
338 105,
339 79,
340 106,
341 69,
342 122,
343 77,
344 68,
345 65,
346 52,
347 77,
348 84,
349 107,
350 122,
351 79,
352 68,
353 65,
354 115,
355 68,
356 81,
357 111,
358 103,
359 73,
360 109,
361 104,
362 48,
363 100,
364 72,
365 65,
366 54,
367 76,
368 121,
369 57,
370 108,
371 101,
372 71,
373 70,
374 116,
375 99,
376 71,
377 120,
378 108,
379 76,
380 109,
381 78,
382 118,
383 98,
384 83,
385 57,
386 112,
387 99,
388 49,
389 57,
390 121,
391 98,
392 50,
393 57,
394 48,
395 73,
396 106,
397 112,
398 48,
399 99,
400 110,
401 86,
402 108,
403 102,
404 81,
405 ];
406
407 static SIGNATURE: &'static [u8] = &[
408 112,
409 46,
410 33,
411 137,
412 67,
413 232,
414 143,
415 209,
416 30,
417 181,
418 216,
419 45,
420 191,
421 120,
422 69,
423 243,
424 65,
425 6,
426 174,
427 27,
428 129,
429 255,
430 247,
431 115,
432 17,
433 22,
434 173,
435 209,
436 113,
437 125,
438 131,
439 101,
440 109,
441 66,
442 10,
443 253,
444 60,
445 150,
446 238,
447 221,
448 115,
449 162,
450 102,
451 62,
452 81,
453 102,
454 104,
455 123,
456 0,
457 11,
458 135,
459 34,
460 110,
461 1,
462 135,
463 237,
464 16,
465 115,
466 249,
467 69,
468 229,
469 130,
470 173,
471 252,
472 239,
473 22,
474 216,
475 90,
476 121,
477 142,
478 232,
479 198,
480 109,
481 219,
482 61,
483 184,
484 151,
485 91,
486 23,
487 208,
488 148,
489 2,
490 190,
491 237,
492 213,
493 217,
494 217,
495 112,
496 7,
497 16,
498 141,
499 178,
500 129,
501 96,
502 213,
503 248,
504 4,
505 12,
506 167,
507 68,
508 87,
509 98,
510 184,
511 31,
512 190,
513 127,
514 249,
515 217,
516 46,
517 10,
518 231,
519 111,
520 36,
521 242,
522 91,
523 51,
524 187,
525 230,
526 244,
527 74,
528 230,
529 30,
530 177,
531 4,
532 10,
533 203,
534 32,
535 4,
536 77,
537 62,
538 249,
539 18,
540 142,
541 212,
542 1,
543 48,
544 121,
545 91,
546 212,
547 189,
548 59,
549 65,
550 238,
551 202,
552 208,
553 102,
554 171,
555 101,
556 25,
557 129,
558 253,
559 228,
560 141,
561 247,
562 127,
563 55,
564 45,
565 195,
566 139,
567 159,
568 175,
569 221,
570 59,
571 239,
572 177,
573 139,
574 93,
575 163,
576 204,
577 60,
578 46,
579 176,
580 47,
581 158,
582 58,
583 65,
584 214,
585 18,
586 202,
587 173,
588 21,
589 145,
590 18,
591 115,
592 160,
593 95,
594 35,
595 185,
596 232,
597 56,
598 250,
599 175,
600 132,
601 157,
602 105,
603 132,
604 41,
605 239,
606 90,
607 30,
608 136,
609 121,
610 130,
611 54,
612 195,
613 212,
614 14,
615 96,
616 69,
617 34,
618 165,
619 68,
620 200,
621 242,
622 122,
623 122,
624 45,
625 184,
626 6,
627 99,
628 209,
629 108,
630 247,
631 202,
632 234,
633 86,
634 222,
635 64,
636 92,
637 178,
638 33,
639 90,
640 69,
641 178,
642 194,
643 85,
644 102,
645 181,
646 90,
647 193,
648 167,
649 72,
650 160,
651 112,
652 223,
653 200,
654 163,
655 42,
656 70,
657 149,
658 67,
659 208,
660 25,
661 238,
662 251,
663 71,
664 ];
665
666 #[test]
667 fn rsa_sign() {
668 let key = include_bytes!("../test/rsa.pem");
669 let private_key = Rsa::private_key_from_pem(key).unwrap();
670 let pkey = PKey::from_rsa(private_key).unwrap();
671
672 let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
673 assert_eq!(signer.pkey_ctx_mut().rsa_padding().unwrap(), PKCS1_PADDING);
674 signer
675 .pkey_ctx_mut()
676 .set_rsa_padding(PKCS1_PADDING)
677 .unwrap();
678 signer.update(INPUT).unwrap();
679 let result = signer.finish().unwrap();
680
681 assert_eq!(result, SIGNATURE);
682 }
683
684 #[test]
685 fn rsa_verify_ok() {
686 let key = include_bytes!("../test/rsa.pem");
687 let private_key = Rsa::private_key_from_pem(key).unwrap();
688 let pkey = PKey::from_rsa(private_key).unwrap();
689
690 let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
691 assert_eq!(
692 verifier.pkey_ctx_mut().rsa_padding().unwrap(),
693 PKCS1_PADDING
694 );
695 verifier.update(INPUT).unwrap();
696 assert!(verifier.finish(SIGNATURE).unwrap());
697 }
698
699 #[test]
700 fn rsa_verify_invalid() {
701 let key = include_bytes!("../test/rsa.pem");
702 let private_key = Rsa::private_key_from_pem(key).unwrap();
703 let pkey = PKey::from_rsa(private_key).unwrap();
704
705 let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
706 verifier.update(INPUT).unwrap();
707 verifier.update(b"foobar").unwrap();
708 assert!(!verifier.finish(SIGNATURE).unwrap());
709 }
710
711 #[test]
712 pub fn dsa_sign_verify() {
713 let input: Vec<u8> = (0..25).cycle().take(1024).collect();
714
715 let private_key = {
716 let key = include_bytes!("../test/dsa.pem");
717 PKey::from_dsa(Dsa::private_key_from_pem(key).unwrap()).unwrap()
718 };
719
720 let public_key = {
721 let key = include_bytes!("../test/dsa.pem.pub");
722 PKey::from_dsa(Dsa::public_key_from_pem(key).unwrap()).unwrap()
723 };
724
725 let mut signer = Signer::new(MessageDigest::sha1(), &private_key).unwrap();
726 signer.update(&input).unwrap();
727 let sig = signer.finish().unwrap();
728
729 let mut verifier = Verifier::new(MessageDigest::sha1(), &public_key).unwrap();
730 verifier.update(&input).unwrap();
731 assert!(verifier.finish(&sig).unwrap());
732 }
733
734 #[test]
735 pub fn dsa_sign_verify_fail() {
736 let input: Vec<u8> = (0..25).cycle().take(1024).collect();
737
738 let private_key = {
739 let key = include_bytes!("../test/dsa.pem");
740 PKey::from_dsa(Dsa::private_key_from_pem(key).unwrap()).unwrap()
741 };
742
743 let public_key = {
744 let key = include_bytes!("../test/dsa.pem.pub");
745 PKey::from_dsa(Dsa::public_key_from_pem(key).unwrap()).unwrap()
746 };
747
748 let mut signer = Signer::new(MessageDigest::sha1(), &private_key).unwrap();
749 signer.update(&input).unwrap();
750 let mut sig = signer.finish().unwrap();
751 sig[0] -= 1;
752
753 let mut verifier = Verifier::new(MessageDigest::sha1(), &public_key).unwrap();
754 verifier.update(&input).unwrap();
755 match verifier.finish(&sig) {
756 Ok(true) => panic!("unexpected success"),
757 Ok(false) | Err(_) => {}
758 }
759 }
760
761 fn test_hmac(ty: MessageDigest, tests: &[(Vec<u8>, Vec<u8>, Vec<u8>)]) {
762 for &(ref key, ref data, ref res) in tests.iter() {
763 let pkey = PKey::hmac(key).unwrap();
764 let mut signer = Signer::new(ty, &pkey).unwrap();
765 signer.update(data).unwrap();
766 assert_eq!(signer.finish().unwrap(), *res);
767 }
768 }
769
770 #[test]
771 fn hmac_md5() {
772 // test vectors from RFC 2202
773 let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] =
774 [
775 (
776 iter::repeat(0x0b_u8).take(16).collect(),
777 b"Hi There".to_vec(),
778 Vec::from_hex("9294727a3638bb1c13f48ef8158bfc9d").unwrap(),
779 ),
780 (
781 b"Jefe".to_vec(),
782 b"what do ya want for nothing?".to_vec(),
783 Vec::from_hex("750c783e6ab0b503eaa86e310a5db738").unwrap(),
784 ),
785 (
786 iter::repeat(0xaa_u8).take(16).collect(),
787 iter::repeat(0xdd_u8).take(50).collect(),
788 Vec::from_hex("56be34521d144c88dbb8c733f0e8b3f6").unwrap(),
789 ),
790 (
791 Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
792 iter::repeat(0xcd_u8).take(50).collect(),
793 Vec::from_hex("697eaf0aca3a3aea3a75164746ffaa79").unwrap(),
794 ),
795 (
796 iter::repeat(0x0c_u8).take(16).collect(),
797 b"Test With Truncation".to_vec(),
798 Vec::from_hex("56461ef2342edc00f9bab995690efd4c").unwrap(),
799 ),
800 (
801 iter::repeat(0xaa_u8).take(80).collect(),
802 b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
803 Vec::from_hex("6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd").unwrap(),
804 ),
805 (
806 iter::repeat(0xaa_u8).take(80).collect(),
807 b"Test Using Larger Than Block-Size Key \
808 and Larger Than One Block-Size Data"
809 .to_vec(),
810 Vec::from_hex("6f630fad67cda0ee1fb1f562db3aa53e").unwrap(),
811 ),
812 ];
813
814 test_hmac(MessageDigest::md5(), &tests);
815 }
816
817 #[test]
818 fn hmac_sha1() {
819 // test vectors from RFC 2202
820 let tests: [(Vec<u8>, Vec<u8>, Vec<u8>); 7] =
821 [
822 (
823 iter::repeat(0x0b_u8).take(20).collect(),
824 b"Hi There".to_vec(),
825 Vec::from_hex("b617318655057264e28bc0b6fb378c8ef146be00").unwrap(),
826 ),
827 (
828 b"Jefe".to_vec(),
829 b"what do ya want for nothing?".to_vec(),
830 Vec::from_hex("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79").unwrap(),
831 ),
832 (
833 iter::repeat(0xaa_u8).take(20).collect(),
834 iter::repeat(0xdd_u8).take(50).collect(),
835 Vec::from_hex("125d7342b9ac11cd91a39af48aa17b4f63f175d3").unwrap(),
836 ),
837 (
838 Vec::from_hex("0102030405060708090a0b0c0d0e0f10111213141516171819").unwrap(),
839 iter::repeat(0xcd_u8).take(50).collect(),
840 Vec::from_hex("4c9007f4026250c6bc8414f9bf50c86c2d7235da").unwrap(),
841 ),
842 (
843 iter::repeat(0x0c_u8).take(20).collect(),
844 b"Test With Truncation".to_vec(),
845 Vec::from_hex("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04").unwrap(),
846 ),
847 (
848 iter::repeat(0xaa_u8).take(80).collect(),
849 b"Test Using Larger Than Block-Size Key - Hash Key First".to_vec(),
850 Vec::from_hex("aa4ae5e15272d00e95705637ce8a3b55ed402112").unwrap(),
851 ),
852 (
853 iter::repeat(0xaa_u8).take(80).collect(),
854 b"Test Using Larger Than Block-Size Key \
855 and Larger Than One Block-Size Data"
856 .to_vec(),
857 Vec::from_hex("e8e99d0f45237d786d6bbaa7965c7808bbff1a91").unwrap(),
858 ),
859 ];
860
861 test_hmac(MessageDigest::sha1(), &tests);
862 }
863
864 #[test]
865 fn ec() {
866 let group = EcGroup::from_curve_name(nid::X9_62_PRIME256V1).unwrap();
867 let key = EcKey::generate(&group).unwrap();
868 let key = PKey::from_ec_key(key).unwrap();
869
870 let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
871 signer.update(b"hello world").unwrap();
872 let signature = signer.finish().unwrap();
873
874 let mut verifier = Verifier::new(MessageDigest::sha256(), &key).unwrap();
875 verifier.update(b"hello world").unwrap();
876 assert!(verifier.finish(&signature).unwrap());
877 }
878 }
backport for Debian buster