From 21973689614a2f6b0b32f4a86f6344672c6284b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= Date: Wed, 13 Nov 2024 18:34:24 +0100 Subject: [PATCH] Use features --- acme_common/Cargo.toml | 2 ++ acme_common/build.rs | 4 +-- .../src/crypto/jws_signature_algorithm.rs | 12 ++++---- acme_common/src/crypto/key_type.rs | 24 ++++++++-------- acme_common/src/crypto/openssl_certificate.rs | 8 +++--- acme_common/src/crypto/openssl_keys.rs | 28 +++++++++---------- acme_common/src/tests/certificate.rs | 4 +-- acme_common/src/tests/crypto_keys.rs | 18 ++++++------ .../src/tests/jws_signature_algorithm.rs | 4 +-- 9 files changed, 53 insertions(+), 51 deletions(-) diff --git a/acme_common/Cargo.toml b/acme_common/Cargo.toml index 78ba13d..2eb3ac6 100644 --- a/acme_common/Cargo.toml +++ b/acme_common/Cargo.toml @@ -18,6 +18,8 @@ default = [] crypto_openssl = [] openssl_dyn = ["crypto_openssl", "openssl", "openssl-sys"] openssl_vendored = ["crypto_openssl", "openssl/vendored", "openssl-sys/vendored"] +ed25519 = [] +ed448 = [] [dependencies] base64 = "0.22.0" diff --git a/acme_common/build.rs b/acme_common/build.rs index d9d9b5e..42ce14c 100644 --- a/acme_common/build.rs +++ b/acme_common/build.rs @@ -12,8 +12,8 @@ fn main() { let version = u64::from_str_radix(&v, 16).unwrap(); // OpenSSL 1.1.1 if version >= 0x1_01_01_00_0 { - println!("cargo:rustc-cfg=ed25519"); - println!("cargo:rustc-cfg=ed448"); + println!("cargo:rustc-cfg=feature=\"ed25519\""); + println!("cargo:rustc-cfg=feature=\"ed448\""); } set_rustc_env_var!("ACMED_TLS_LIB_NAME", "OpenSSL"); } diff --git a/acme_common/src/crypto/jws_signature_algorithm.rs b/acme_common/src/crypto/jws_signature_algorithm.rs index 8c5eb49..2513e9e 100644 --- a/acme_common/src/crypto/jws_signature_algorithm.rs +++ b/acme_common/src/crypto/jws_signature_algorithm.rs @@ -11,9 +11,9 @@ pub enum JwsSignatureAlgorithm { Es256, Es384, Es512, - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] Ed25519, - #[cfg(ed448)] + #[cfg(feature = "ed448")] Ed448, } @@ -29,9 +29,9 @@ impl FromStr for JwsSignatureAlgorithm { "es256" => Ok(JwsSignatureAlgorithm::Es256), "es384" => Ok(JwsSignatureAlgorithm::Es384), "es512" => Ok(JwsSignatureAlgorithm::Es512), - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] "ed25519" => Ok(JwsSignatureAlgorithm::Ed25519), - #[cfg(ed448)] + #[cfg(feature = "ed448")] "ed448" => Ok(JwsSignatureAlgorithm::Ed448), _ => Err(format!("{s}: unknown algorithm.").into()), } @@ -48,9 +48,9 @@ impl fmt::Display for JwsSignatureAlgorithm { JwsSignatureAlgorithm::Es256 => "ES256", JwsSignatureAlgorithm::Es384 => "ES384", JwsSignatureAlgorithm::Es512 => "ES512", - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] JwsSignatureAlgorithm::Ed25519 => "Ed25519", - #[cfg(ed448)] + #[cfg(feature = "ed448")] JwsSignatureAlgorithm::Ed448 => "Ed448", }; write!(f, "{s}") diff --git a/acme_common/src/crypto/key_type.rs b/acme_common/src/crypto/key_type.rs index 1603225..422abdb 100644 --- a/acme_common/src/crypto/key_type.rs +++ b/acme_common/src/crypto/key_type.rs @@ -10,9 +10,9 @@ pub enum KeyType { EcdsaP256, EcdsaP384, EcdsaP521, - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] Ed25519, - #[cfg(ed448)] + #[cfg(feature = "ed448")] Ed448, } @@ -23,9 +23,9 @@ impl KeyType { KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256, KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384, KeyType::EcdsaP521 => JwsSignatureAlgorithm::Es512, - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => JwsSignatureAlgorithm::Ed25519, - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => JwsSignatureAlgorithm::Ed448, } } @@ -36,9 +36,9 @@ impl KeyType { KeyType::EcdsaP256 | KeyType::EcdsaP384 | KeyType::EcdsaP521 => { *alg == self.get_default_signature_alg() } - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => *alg == self.get_default_signature_alg(), - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => *alg == self.get_default_signature_alg(), }; if ok { @@ -58,9 +58,9 @@ impl KeyType { "ecdsa-p256", "ecdsa-p384", "ecdsa-p521", - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] "ed25519", - #[cfg(ed448)] + #[cfg(feature = "ed448")] "ed448", ] } @@ -76,9 +76,9 @@ impl FromStr for KeyType { "ecdsa_p256" => Ok(KeyType::EcdsaP256), "ecdsa_p384" => Ok(KeyType::EcdsaP384), "ecdsa_p521" => Ok(KeyType::EcdsaP521), - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] "ed25519" => Ok(KeyType::Ed25519), - #[cfg(ed448)] + #[cfg(feature = "ed448")] "ed448" => Ok(KeyType::Ed448), _ => Err(format!("{s}: unknown algorithm").into()), } @@ -93,9 +93,9 @@ impl fmt::Display for KeyType { KeyType::EcdsaP256 => "ecdsa-p256", KeyType::EcdsaP384 => "ecdsa-p384", KeyType::EcdsaP521 => "ecdsa-p521", - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => "ed25519", - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => "ed448", }; write!(f, "{s}") diff --git a/acme_common/src/crypto/openssl_certificate.rs b/acme_common/src/crypto/openssl_certificate.rs index c418a55..2e8e16e 100644 --- a/acme_common/src/crypto/openssl_certificate.rs +++ b/acme_common/src/crypto/openssl_certificate.rs @@ -13,14 +13,14 @@ use std::net::IpAddr; use std::time::Duration; fn get_digest(digest: HashFunction, key_pair: &KeyPair) -> MessageDigest { - #[cfg(not(any(ed25519, ed448)))] + #[cfg(not(any(feature = "ed25519", feature = "ed448")))] let digest = digest.native_digest(); let _ = key_pair; - #[cfg(any(ed25519, ed448))] + #[cfg(any(feature = "ed25519", feature = "ed448"))] let digest = match key_pair.key_type { - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => MessageDigest::null(), - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => MessageDigest::null(), _ => digest.native_digest(), }; diff --git a/acme_common/src/crypto/openssl_keys.rs b/acme_common/src/crypto/openssl_keys.rs index 3cafb3d..fc1b03b 100644 --- a/acme_common/src/crypto/openssl_keys.rs +++ b/acme_common/src/crypto/openssl_keys.rs @@ -33,9 +33,9 @@ macro_rules! get_key_type { return Err("unsupported EC key".into()); } }, - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] Id::ED25519 => KeyType::Ed25519, - #[cfg(ed448)] + #[cfg(feature = "ed448")] Id::ED448 => KeyType::Ed448, _ => { return Err("unsupported key type".into()); @@ -112,9 +112,9 @@ impl KeyPair { JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&HashFunction::Sha256, data), JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&HashFunction::Sha384, data), JwsSignatureAlgorithm::Es512 => self.sign_ecdsa(&HashFunction::Sha512, data), - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] JwsSignatureAlgorithm::Ed25519 => self.sign_eddsa(data), - #[cfg(ed448)] + #[cfg(feature = "ed448")] JwsSignatureAlgorithm::Ed448 => self.sign_eddsa(data), } } @@ -144,7 +144,7 @@ impl KeyPair { Ok(signature) } - #[cfg(any(ed25519, ed448))] + #[cfg(any(feature = "ed25519", feature = "ed448"))] fn sign_eddsa(&self, data: &[u8]) -> Result, Error> { let mut signer = Signer::new_without_digest(&self.inner_key)?; let signature = signer.sign_oneshot_to_vec(data)?; @@ -165,9 +165,9 @@ impl KeyPair { KeyType::EcdsaP256 | KeyType::EcdsaP384 | KeyType::EcdsaP521 => { self.get_ecdsa_jwk(thumbprint) } - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => self.get_eddsa_jwk(thumbprint), - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => self.get_eddsa_jwk(thumbprint), } } @@ -236,12 +236,12 @@ impl KeyPair { Ok(jwk) } - #[cfg(any(ed25519, ed448))] + #[cfg(any(feature = "ed25519", feature = "ed448"))] fn get_eddsa_jwk(&self, thumbprint: bool) -> Result { let crv = match self.key_type { - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => "Ed25519", - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => "Ed448", _ => { return Err("not an EdDSA elliptic curve".into()); @@ -310,13 +310,13 @@ fn gen_ec_pair(nid: Nid) -> Result, Error> { Ok(pk) } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] fn gen_ed25519_pair() -> Result, Error> { let pk = PKey::generate_ed25519().map_err(|_| Error::from(""))?; Ok(pk) } -#[cfg(ed448)] +#[cfg(feature = "ed448")] fn gen_ed448_pair() -> Result, Error> { let pk = PKey::generate_ed448().map_err(|_| Error::from(""))?; Ok(pk) @@ -329,9 +329,9 @@ pub fn gen_keypair(key_type: KeyType) -> Result { KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1), KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1), KeyType::EcdsaP521 => gen_ec_pair(Nid::SECP521R1), - #[cfg(ed25519)] + #[cfg(feature = "ed25519")] KeyType::Ed25519 => gen_ed25519_pair(), - #[cfg(ed448)] + #[cfg(feature = "ed448")] KeyType::Ed448 => gen_ed448_pair(), } .map_err(|_| Error::from(format!("unable to generate a {key_type} key pair")))?; diff --git a/acme_common/src/tests/certificate.rs b/acme_common/src/tests/certificate.rs index ad5d094..aef03c9 100644 --- a/acme_common/src/tests/certificate.rs +++ b/acme_common/src/tests/certificate.rs @@ -143,7 +143,7 @@ fn generate_ecdsa_p384_certificate() { assert_eq!(kp.key_type, KeyType::EcdsaP384); } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] #[test] fn generate_ed25519_certificate() { let (kp, _) = @@ -152,7 +152,7 @@ fn generate_ed25519_certificate() { assert_eq!(kp.key_type, KeyType::Ed25519); } -#[cfg(ed448)] +#[cfg(feature = "ed448")] #[test] fn generate_ed448_certificate() { let (kp, _) = diff --git a/acme_common/src/tests/crypto_keys.rs b/acme_common/src/tests/crypto_keys.rs index 1580eec..6062b16 100644 --- a/acme_common/src/tests/crypto_keys.rs +++ b/acme_common/src/tests/crypto_keys.rs @@ -88,15 +88,15 @@ const KEY_ECDSA_P384_PEM: &str = r#"-----BEGIN PRIVATE KEY----- ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDCMsN9kHPueLABk+0PKi7WO PO2/53dpt/yV5zOPrYPEoKs4t973nbt46IUN19lLF/s= -----END PRIVATE KEY-----"#; -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] const KEY_ECDSA_ED25519_PEM: &str = r#"-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIJhpRNsiUzoWqNkpJKCtKV5++Tttz3locu1gQKkQnrOa -----END PRIVATE KEY-----"#; -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] const KEY_ECDSA_ED25519_PEM_BIS: &str = r#"-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIKa3WD0qeUToPQKSwa9cTsLPgCovqAtXMhlMX2KYBz0o -----END PRIVATE KEY-----"#; -#[cfg(ed448)] +#[cfg(feature = "ed448")] const KEY_ECDSA_ED448_PEM: &str = r#"-----BEGIN PRIVATE KEY----- MEcCAQAwBQYDK2VxBDsEOcFBwsH4zU7u5RgFh48MgJPzXyjN5uXxDapZv4rG6opU uMXco2JR1CSjKWgqgu1CAKadJIYiv2EgIw== @@ -278,7 +278,7 @@ fn test_ecdsa_p384_jwk_thumbprint() { ); } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] #[test] fn test_ed25519_jwk() { let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM.as_bytes()).unwrap(); @@ -301,7 +301,7 @@ fn test_ed25519_jwk() { assert_eq!(jwk.get("alg").unwrap(), "EdDSA"); } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] #[test] fn test_ed25519_jwk_thumbprint() { let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM.as_bytes()).unwrap(); @@ -322,7 +322,7 @@ fn test_ed25519_jwk_thumbprint() { ); } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] #[test] fn test_ed25519_jwk_bis() { let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM_BIS.as_bytes()).unwrap(); @@ -345,7 +345,7 @@ fn test_ed25519_jwk_bis() { assert_eq!(jwk.get("alg").unwrap(), "EdDSA"); } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] #[test] fn test_ed25519_jwk_thumbprint_bis() { let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM_BIS.as_bytes()).unwrap(); @@ -366,7 +366,7 @@ fn test_ed25519_jwk_thumbprint_bis() { ); } -#[cfg(ed448)] +#[cfg(feature = "ed448")] #[test] fn test_ed448_jwk() { let k = KeyPair::from_pem(KEY_ECDSA_ED448_PEM.as_bytes()).unwrap(); @@ -389,7 +389,7 @@ fn test_ed448_jwk() { assert_eq!(jwk.get("alg").unwrap(), "EdDSA"); } -#[cfg(ed448)] +#[cfg(feature = "ed448")] #[test] fn test_ed448_jwk_thumbprint() { let k = KeyPair::from_pem(KEY_ECDSA_ED448_PEM.as_bytes()).unwrap(); diff --git a/acme_common/src/tests/jws_signature_algorithm.rs b/acme_common/src/tests/jws_signature_algorithm.rs index 85d4d24..8860d71 100644 --- a/acme_common/src/tests/jws_signature_algorithm.rs +++ b/acme_common/src/tests/jws_signature_algorithm.rs @@ -47,14 +47,14 @@ fn test_es384_sign_p256() { assert!(res.is_err()); } -#[cfg(ed25519)] +#[cfg(feature = "ed25519")] #[test] fn test_ed25519_sign() { let k = gen_keypair(KeyType::Ed25519).unwrap(); let _ = k.sign(&JwsSignatureAlgorithm::Ed25519, TEST_DATA).unwrap(); } -#[cfg(ed448)] +#[cfg(feature = "ed448")] #[test] fn test_ed448_sign() { let k = gen_keypair(KeyType::Ed448).unwrap();