Browse Source

Put Ed25519 support in a feature

pull/39/head
Rodolphe Breard 4 years ago
parent
commit
1350257300
  1. 2
      acme_common/Cargo.toml
  2. 3
      acme_common/src/crypto/jws_signature_algorithm.rs
  3. 32
      acme_common/src/crypto/key_type.rs
  4. 5
      acme_common/src/crypto/openssl_keys.rs

2
acme_common/Cargo.toml

@ -13,7 +13,9 @@ publish = false
name = "acme_common" name = "acme_common"
[features] [features]
default = []
openssl_dyn = ["openssl", "openssl-sys"] openssl_dyn = ["openssl", "openssl-sys"]
ed25519 = []
[dependencies] [dependencies]
attohttpc = { version = "0.15", default-features = false } attohttpc = { version = "0.15", default-features = false }

3
acme_common/src/crypto/jws_signature_algorithm.rs

@ -7,6 +7,7 @@ pub enum JwsSignatureAlgorithm {
Rs256, Rs256,
Es256, Es256,
Es384, Es384,
#[cfg(feature = "ed25519")]
Ed25519, Ed25519,
} }
@ -18,6 +19,7 @@ impl FromStr for JwsSignatureAlgorithm {
"rs256" => Ok(JwsSignatureAlgorithm::Rs256), "rs256" => Ok(JwsSignatureAlgorithm::Rs256),
"es256" => Ok(JwsSignatureAlgorithm::Es256), "es256" => Ok(JwsSignatureAlgorithm::Es256),
"es384" => Ok(JwsSignatureAlgorithm::Es384), "es384" => Ok(JwsSignatureAlgorithm::Es384),
#[cfg(feature = "ed25519")]
"ed25519" => Ok(JwsSignatureAlgorithm::Ed25519), "ed25519" => Ok(JwsSignatureAlgorithm::Ed25519),
_ => Err(format!("{}: unknown algorithm.", s).into()), _ => Err(format!("{}: unknown algorithm.", s).into()),
} }
@ -30,6 +32,7 @@ impl fmt::Display for JwsSignatureAlgorithm {
JwsSignatureAlgorithm::Rs256 => "RS256", JwsSignatureAlgorithm::Rs256 => "RS256",
JwsSignatureAlgorithm::Es256 => "ES256", JwsSignatureAlgorithm::Es256 => "ES256",
JwsSignatureAlgorithm::Es384 => "ES384", JwsSignatureAlgorithm::Es384 => "ES384",
#[cfg(feature = "ed25519")]
JwsSignatureAlgorithm::Ed25519 => "Ed25519", JwsSignatureAlgorithm::Ed25519 => "Ed25519",
}; };
write!(f, "{}", s) write!(f, "{}", s)

32
acme_common/src/crypto/key_type.rs

@ -5,29 +5,31 @@ use std::str::FromStr;
#[derive(Clone, Copy, Debug)] #[derive(Clone, Copy, Debug)]
pub enum KeyType { pub enum KeyType {
Curve25519,
EcdsaP256,
EcdsaP384,
Rsa2048, Rsa2048,
Rsa4096, Rsa4096,
EcdsaP256,
EcdsaP384,
#[cfg(feature = "ed25519")]
Ed25519,
} }
impl KeyType { impl KeyType {
pub fn get_default_signature_alg(&self) -> JwsSignatureAlgorithm { pub fn get_default_signature_alg(&self) -> JwsSignatureAlgorithm {
match self { match self {
KeyType::Curve25519 => JwsSignatureAlgorithm::Ed25519,
KeyType::Rsa2048 | KeyType::Rsa4096 => JwsSignatureAlgorithm::Rs256,
KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256, KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256,
KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384, KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384,
KeyType::Rsa2048 | KeyType::Rsa4096 => JwsSignatureAlgorithm::Rs256,
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => JwsSignatureAlgorithm::Ed25519,
} }
} }
pub fn check_alg_compatibility(&self, alg: &JwsSignatureAlgorithm) -> Result<(), Error> { pub fn check_alg_compatibility(&self, alg: &JwsSignatureAlgorithm) -> Result<(), Error> {
let ok = match self { let ok = match self {
KeyType::Curve25519 | KeyType::EcdsaP256 | KeyType::EcdsaP384 => {
*alg == self.get_default_signature_alg()
}
KeyType::Rsa2048 | KeyType::Rsa4096 => *alg == JwsSignatureAlgorithm::Rs256, KeyType::Rsa2048 | KeyType::Rsa4096 => *alg == JwsSignatureAlgorithm::Rs256,
KeyType::EcdsaP256 | KeyType::EcdsaP384 => *alg == self.get_default_signature_alg(),
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => *alg == self.get_default_signature_alg(),
}; };
if ok { if ok {
Ok(()) Ok(())
@ -46,11 +48,12 @@ impl FromStr for KeyType {
fn from_str(s: &str) -> Result<Self, Error> { fn from_str(s: &str) -> Result<Self, Error> {
match s.to_lowercase().as_str() { match s.to_lowercase().as_str() {
"ed25519" => Ok(KeyType::Curve25519),
"ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384),
"rsa2048" => Ok(KeyType::Rsa2048), "rsa2048" => Ok(KeyType::Rsa2048),
"rsa4096" => Ok(KeyType::Rsa4096), "rsa4096" => Ok(KeyType::Rsa4096),
"ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384),
#[cfg(feature = "ed25519")]
"ed25519" => Ok(KeyType::Ed25519),
_ => Err(format!("{}: unknown algorithm.", s).into()), _ => Err(format!("{}: unknown algorithm.", s).into()),
} }
} }
@ -59,11 +62,12 @@ impl FromStr for KeyType {
impl fmt::Display for KeyType { impl fmt::Display for KeyType {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
let s = match self { let s = match self {
KeyType::Curve25519 => "ed25519",
KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384",
KeyType::Rsa2048 => "rsa2048", KeyType::Rsa2048 => "rsa2048",
KeyType::Rsa4096 => "rsa4096", KeyType::Rsa4096 => "rsa4096",
KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384",
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => "ed25519",
}; };
write!(f, "{}", s) write!(f, "{}", s)
} }

5
acme_common/src/crypto/openssl_keys.rs

@ -70,9 +70,6 @@ impl KeyPair {
JwsSignatureAlgorithm::Rs256 => self.sign_rsa(&MessageDigest::sha256(), data), JwsSignatureAlgorithm::Rs256 => self.sign_rsa(&MessageDigest::sha256(), data),
JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&crate::crypto::sha256, data), JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&crate::crypto::sha256, data),
JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&crate::crypto::sha384, data), JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&crate::crypto::sha384, data),
JwsSignatureAlgorithm::Ed25519 => {
Err("Curve25519 signatures are not implemented yet".into())
}
} }
} }
@ -107,7 +104,6 @@ impl KeyPair {
fn get_jwk_public_key(&self, thumbprint: bool) -> Result<Value, Error> { fn get_jwk_public_key(&self, thumbprint: bool) -> Result<Value, Error> {
match self.key_type { match self.key_type {
KeyType::Curve25519 => Err("Curve25519 thumbprint are not implemented yet".into()),
KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(thumbprint), KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(thumbprint),
KeyType::Rsa2048 | KeyType::Rsa4096 => self.get_rsa_jwk(thumbprint), KeyType::Rsa2048 | KeyType::Rsa4096 => self.get_rsa_jwk(thumbprint),
} }
@ -198,7 +194,6 @@ fn gen_ec_pair(nid: Nid) -> Result<PKey<Private>, Error> {
pub fn gen_keypair(key_type: KeyType) -> Result<KeyPair, Error> { pub fn gen_keypair(key_type: KeyType) -> Result<KeyPair, Error> {
let priv_key = match key_type { let priv_key = match key_type {
KeyType::Curve25519 => Err(Error::from("")),
KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1), KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1),
KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1), KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1),
KeyType::Rsa2048 => gen_rsa_pair(2048), KeyType::Rsa2048 => gen_rsa_pair(2048),

Loading…
Cancel
Save