Browse Source

Put Ed25519 support in a feature

pull/39/head
Rodolphe Breard 4 years ago
parent
commit
1350257300
  1. 2
      acme_common/Cargo.toml
  2. 3
      acme_common/src/crypto/jws_signature_algorithm.rs
  3. 32
      acme_common/src/crypto/key_type.rs
  4. 5
      acme_common/src/crypto/openssl_keys.rs

2
acme_common/Cargo.toml

@ -13,7 +13,9 @@ publish = false
name = "acme_common"
[features]
default = []
openssl_dyn = ["openssl", "openssl-sys"]
ed25519 = []
[dependencies]
attohttpc = { version = "0.15", default-features = false }

3
acme_common/src/crypto/jws_signature_algorithm.rs

@ -7,6 +7,7 @@ pub enum JwsSignatureAlgorithm {
Rs256,
Es256,
Es384,
#[cfg(feature = "ed25519")]
Ed25519,
}
@ -18,6 +19,7 @@ impl FromStr for JwsSignatureAlgorithm {
"rs256" => Ok(JwsSignatureAlgorithm::Rs256),
"es256" => Ok(JwsSignatureAlgorithm::Es256),
"es384" => Ok(JwsSignatureAlgorithm::Es384),
#[cfg(feature = "ed25519")]
"ed25519" => Ok(JwsSignatureAlgorithm::Ed25519),
_ => Err(format!("{}: unknown algorithm.", s).into()),
}
@ -30,6 +32,7 @@ impl fmt::Display for JwsSignatureAlgorithm {
JwsSignatureAlgorithm::Rs256 => "RS256",
JwsSignatureAlgorithm::Es256 => "ES256",
JwsSignatureAlgorithm::Es384 => "ES384",
#[cfg(feature = "ed25519")]
JwsSignatureAlgorithm::Ed25519 => "Ed25519",
};
write!(f, "{}", s)

32
acme_common/src/crypto/key_type.rs

@ -5,29 +5,31 @@ use std::str::FromStr;
#[derive(Clone, Copy, Debug)]
pub enum KeyType {
Curve25519,
EcdsaP256,
EcdsaP384,
Rsa2048,
Rsa4096,
EcdsaP256,
EcdsaP384,
#[cfg(feature = "ed25519")]
Ed25519,
}
impl KeyType {
pub fn get_default_signature_alg(&self) -> JwsSignatureAlgorithm {
match self {
KeyType::Curve25519 => JwsSignatureAlgorithm::Ed25519,
KeyType::Rsa2048 | KeyType::Rsa4096 => JwsSignatureAlgorithm::Rs256,
KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256,
KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384,
KeyType::Rsa2048 | KeyType::Rsa4096 => JwsSignatureAlgorithm::Rs256,
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => JwsSignatureAlgorithm::Ed25519,
}
}
pub fn check_alg_compatibility(&self, alg: &JwsSignatureAlgorithm) -> Result<(), Error> {
let ok = match self {
KeyType::Curve25519 | KeyType::EcdsaP256 | KeyType::EcdsaP384 => {
*alg == self.get_default_signature_alg()
}
KeyType::Rsa2048 | KeyType::Rsa4096 => *alg == JwsSignatureAlgorithm::Rs256,
KeyType::EcdsaP256 | KeyType::EcdsaP384 => *alg == self.get_default_signature_alg(),
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => *alg == self.get_default_signature_alg(),
};
if ok {
Ok(())
@ -46,11 +48,12 @@ impl FromStr for KeyType {
fn from_str(s: &str) -> Result<Self, Error> {
match s.to_lowercase().as_str() {
"ed25519" => Ok(KeyType::Curve25519),
"ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384),
"rsa2048" => Ok(KeyType::Rsa2048),
"rsa4096" => Ok(KeyType::Rsa4096),
"ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384),
#[cfg(feature = "ed25519")]
"ed25519" => Ok(KeyType::Ed25519),
_ => Err(format!("{}: unknown algorithm.", s).into()),
}
}
@ -59,11 +62,12 @@ impl FromStr for KeyType {
impl fmt::Display for KeyType {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
let s = match self {
KeyType::Curve25519 => "ed25519",
KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384",
KeyType::Rsa2048 => "rsa2048",
KeyType::Rsa4096 => "rsa4096",
KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384",
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => "ed25519",
};
write!(f, "{}", s)
}

5
acme_common/src/crypto/openssl_keys.rs

@ -70,9 +70,6 @@ impl KeyPair {
JwsSignatureAlgorithm::Rs256 => self.sign_rsa(&MessageDigest::sha256(), data),
JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&crate::crypto::sha256, data),
JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&crate::crypto::sha384, data),
JwsSignatureAlgorithm::Ed25519 => {
Err("Curve25519 signatures are not implemented yet".into())
}
}
}
@ -107,7 +104,6 @@ impl KeyPair {
fn get_jwk_public_key(&self, thumbprint: bool) -> Result<Value, Error> {
match self.key_type {
KeyType::Curve25519 => Err("Curve25519 thumbprint are not implemented yet".into()),
KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(thumbprint),
KeyType::Rsa2048 | KeyType::Rsa4096 => self.get_rsa_jwk(thumbprint),
}
@ -198,7 +194,6 @@ fn gen_ec_pair(nid: Nid) -> Result<PKey<Private>, Error> {
pub fn gen_keypair(key_type: KeyType) -> Result<KeyPair, Error> {
let priv_key = match key_type {
KeyType::Curve25519 => Err(Error::from("")),
KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1),
KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1),
KeyType::Rsa2048 => gen_rsa_pair(2048),

Loading…
Cancel
Save