diff --git a/acme_common/Cargo.toml b/acme_common/Cargo.toml index 2f15298..27c072c 100644 --- a/acme_common/Cargo.toml +++ b/acme_common/Cargo.toml @@ -13,7 +13,9 @@ publish = false name = "acme_common" [features] +default = [] openssl_dyn = ["openssl", "openssl-sys"] +ed25519 = [] [dependencies] attohttpc = { version = "0.15", default-features = false } diff --git a/acme_common/src/crypto/jws_signature_algorithm.rs b/acme_common/src/crypto/jws_signature_algorithm.rs index 8ccf57e..b2a9bcc 100644 --- a/acme_common/src/crypto/jws_signature_algorithm.rs +++ b/acme_common/src/crypto/jws_signature_algorithm.rs @@ -7,6 +7,7 @@ pub enum JwsSignatureAlgorithm { Rs256, Es256, Es384, + #[cfg(feature = "ed25519")] Ed25519, } @@ -18,6 +19,7 @@ impl FromStr for JwsSignatureAlgorithm { "rs256" => Ok(JwsSignatureAlgorithm::Rs256), "es256" => Ok(JwsSignatureAlgorithm::Es256), "es384" => Ok(JwsSignatureAlgorithm::Es384), + #[cfg(feature = "ed25519")] "ed25519" => Ok(JwsSignatureAlgorithm::Ed25519), _ => Err(format!("{}: unknown algorithm.", s).into()), } @@ -30,6 +32,7 @@ impl fmt::Display for JwsSignatureAlgorithm { JwsSignatureAlgorithm::Rs256 => "RS256", JwsSignatureAlgorithm::Es256 => "ES256", JwsSignatureAlgorithm::Es384 => "ES384", + #[cfg(feature = "ed25519")] JwsSignatureAlgorithm::Ed25519 => "Ed25519", }; write!(f, "{}", s) diff --git a/acme_common/src/crypto/key_type.rs b/acme_common/src/crypto/key_type.rs index 3441cb8..84696ec 100644 --- a/acme_common/src/crypto/key_type.rs +++ b/acme_common/src/crypto/key_type.rs @@ -5,29 +5,31 @@ use std::str::FromStr; #[derive(Clone, Copy, Debug)] pub enum KeyType { - Curve25519, - EcdsaP256, - EcdsaP384, Rsa2048, Rsa4096, + EcdsaP256, + EcdsaP384, + #[cfg(feature = "ed25519")] + Ed25519, } impl KeyType { pub fn get_default_signature_alg(&self) -> JwsSignatureAlgorithm { match self { - KeyType::Curve25519 => JwsSignatureAlgorithm::Ed25519, + KeyType::Rsa2048 | KeyType::Rsa4096 => JwsSignatureAlgorithm::Rs256, KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256, KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384, - KeyType::Rsa2048 | KeyType::Rsa4096 => JwsSignatureAlgorithm::Rs256, + #[cfg(feature = "ed25519")] + KeyType::Ed25519 => JwsSignatureAlgorithm::Ed25519, } } pub fn check_alg_compatibility(&self, alg: &JwsSignatureAlgorithm) -> Result<(), Error> { let ok = match self { - KeyType::Curve25519 | KeyType::EcdsaP256 | KeyType::EcdsaP384 => { - *alg == self.get_default_signature_alg() - } KeyType::Rsa2048 | KeyType::Rsa4096 => *alg == JwsSignatureAlgorithm::Rs256, + KeyType::EcdsaP256 | KeyType::EcdsaP384 => *alg == self.get_default_signature_alg(), + #[cfg(feature = "ed25519")] + KeyType::Ed25519 => *alg == self.get_default_signature_alg(), }; if ok { Ok(()) @@ -46,11 +48,12 @@ impl FromStr for KeyType { fn from_str(s: &str) -> Result { match s.to_lowercase().as_str() { - "ed25519" => Ok(KeyType::Curve25519), - "ecdsa_p256" => Ok(KeyType::EcdsaP256), - "ecdsa_p384" => Ok(KeyType::EcdsaP384), "rsa2048" => Ok(KeyType::Rsa2048), "rsa4096" => Ok(KeyType::Rsa4096), + "ecdsa_p256" => Ok(KeyType::EcdsaP256), + "ecdsa_p384" => Ok(KeyType::EcdsaP384), + #[cfg(feature = "ed25519")] + "ed25519" => Ok(KeyType::Ed25519), _ => Err(format!("{}: unknown algorithm.", s).into()), } } @@ -59,11 +62,12 @@ impl FromStr for KeyType { impl fmt::Display for KeyType { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { let s = match self { - KeyType::Curve25519 => "ed25519", - KeyType::EcdsaP256 => "ecdsa-p256", - KeyType::EcdsaP384 => "ecdsa-p384", KeyType::Rsa2048 => "rsa2048", KeyType::Rsa4096 => "rsa4096", + KeyType::EcdsaP256 => "ecdsa-p256", + KeyType::EcdsaP384 => "ecdsa-p384", + #[cfg(feature = "ed25519")] + KeyType::Ed25519 => "ed25519", }; write!(f, "{}", s) } diff --git a/acme_common/src/crypto/openssl_keys.rs b/acme_common/src/crypto/openssl_keys.rs index 73172c2..ab491a3 100644 --- a/acme_common/src/crypto/openssl_keys.rs +++ b/acme_common/src/crypto/openssl_keys.rs @@ -70,9 +70,6 @@ impl KeyPair { JwsSignatureAlgorithm::Rs256 => self.sign_rsa(&MessageDigest::sha256(), data), JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&crate::crypto::sha256, data), JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&crate::crypto::sha384, data), - JwsSignatureAlgorithm::Ed25519 => { - Err("Curve25519 signatures are not implemented yet".into()) - } } } @@ -107,7 +104,6 @@ impl KeyPair { fn get_jwk_public_key(&self, thumbprint: bool) -> Result { match self.key_type { - KeyType::Curve25519 => Err("Curve25519 thumbprint are not implemented yet".into()), KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(thumbprint), KeyType::Rsa2048 | KeyType::Rsa4096 => self.get_rsa_jwk(thumbprint), } @@ -198,7 +194,6 @@ fn gen_ec_pair(nid: Nid) -> Result, Error> { pub fn gen_keypair(key_type: KeyType) -> Result { let priv_key = match key_type { - KeyType::Curve25519 => Err(Error::from("")), KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1), KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1), KeyType::Rsa2048 => gen_rsa_pair(2048),