Browse Source

Use features

main
Rodolphe Bréard 1 month ago
parent
commit
2197368961
  1. 2
      acme_common/Cargo.toml
  2. 4
      acme_common/build.rs
  3. 12
      acme_common/src/crypto/jws_signature_algorithm.rs
  4. 24
      acme_common/src/crypto/key_type.rs
  5. 8
      acme_common/src/crypto/openssl_certificate.rs
  6. 28
      acme_common/src/crypto/openssl_keys.rs
  7. 4
      acme_common/src/tests/certificate.rs
  8. 18
      acme_common/src/tests/crypto_keys.rs
  9. 4
      acme_common/src/tests/jws_signature_algorithm.rs

2
acme_common/Cargo.toml

@ -18,6 +18,8 @@ default = []
crypto_openssl = [] crypto_openssl = []
openssl_dyn = ["crypto_openssl", "openssl", "openssl-sys"] openssl_dyn = ["crypto_openssl", "openssl", "openssl-sys"]
openssl_vendored = ["crypto_openssl", "openssl/vendored", "openssl-sys/vendored"] openssl_vendored = ["crypto_openssl", "openssl/vendored", "openssl-sys/vendored"]
ed25519 = []
ed448 = []
[dependencies] [dependencies]
base64 = "0.22.0" base64 = "0.22.0"

4
acme_common/build.rs

@ -12,8 +12,8 @@ fn main() {
let version = u64::from_str_radix(&v, 16).unwrap(); let version = u64::from_str_radix(&v, 16).unwrap();
// OpenSSL 1.1.1 // OpenSSL 1.1.1
if version >= 0x1_01_01_00_0 { if version >= 0x1_01_01_00_0 {
println!("cargo:rustc-cfg=ed25519");
println!("cargo:rustc-cfg=ed448");
println!("cargo:rustc-cfg=feature=\"ed25519\"");
println!("cargo:rustc-cfg=feature=\"ed448\"");
} }
set_rustc_env_var!("ACMED_TLS_LIB_NAME", "OpenSSL"); set_rustc_env_var!("ACMED_TLS_LIB_NAME", "OpenSSL");
} }

12
acme_common/src/crypto/jws_signature_algorithm.rs

@ -11,9 +11,9 @@ pub enum JwsSignatureAlgorithm {
Es256, Es256,
Es384, Es384,
Es512, Es512,
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
Ed25519, Ed25519,
#[cfg(ed448)]
#[cfg(feature = "ed448")]
Ed448, Ed448,
} }
@ -29,9 +29,9 @@ impl FromStr for JwsSignatureAlgorithm {
"es256" => Ok(JwsSignatureAlgorithm::Es256), "es256" => Ok(JwsSignatureAlgorithm::Es256),
"es384" => Ok(JwsSignatureAlgorithm::Es384), "es384" => Ok(JwsSignatureAlgorithm::Es384),
"es512" => Ok(JwsSignatureAlgorithm::Es512), "es512" => Ok(JwsSignatureAlgorithm::Es512),
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
"ed25519" => Ok(JwsSignatureAlgorithm::Ed25519), "ed25519" => Ok(JwsSignatureAlgorithm::Ed25519),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
"ed448" => Ok(JwsSignatureAlgorithm::Ed448), "ed448" => Ok(JwsSignatureAlgorithm::Ed448),
_ => Err(format!("{s}: unknown algorithm.").into()), _ => Err(format!("{s}: unknown algorithm.").into()),
} }
@ -48,9 +48,9 @@ impl fmt::Display for JwsSignatureAlgorithm {
JwsSignatureAlgorithm::Es256 => "ES256", JwsSignatureAlgorithm::Es256 => "ES256",
JwsSignatureAlgorithm::Es384 => "ES384", JwsSignatureAlgorithm::Es384 => "ES384",
JwsSignatureAlgorithm::Es512 => "ES512", JwsSignatureAlgorithm::Es512 => "ES512",
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
JwsSignatureAlgorithm::Ed25519 => "Ed25519", JwsSignatureAlgorithm::Ed25519 => "Ed25519",
#[cfg(ed448)]
#[cfg(feature = "ed448")]
JwsSignatureAlgorithm::Ed448 => "Ed448", JwsSignatureAlgorithm::Ed448 => "Ed448",
}; };
write!(f, "{s}") write!(f, "{s}")

24
acme_common/src/crypto/key_type.rs

@ -10,9 +10,9 @@ pub enum KeyType {
EcdsaP256, EcdsaP256,
EcdsaP384, EcdsaP384,
EcdsaP521, EcdsaP521,
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
Ed25519, Ed25519,
#[cfg(ed448)]
#[cfg(feature = "ed448")]
Ed448, Ed448,
} }
@ -23,9 +23,9 @@ impl KeyType {
KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256, KeyType::EcdsaP256 => JwsSignatureAlgorithm::Es256,
KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384, KeyType::EcdsaP384 => JwsSignatureAlgorithm::Es384,
KeyType::EcdsaP521 => JwsSignatureAlgorithm::Es512, KeyType::EcdsaP521 => JwsSignatureAlgorithm::Es512,
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => JwsSignatureAlgorithm::Ed25519, KeyType::Ed25519 => JwsSignatureAlgorithm::Ed25519,
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => JwsSignatureAlgorithm::Ed448, KeyType::Ed448 => JwsSignatureAlgorithm::Ed448,
} }
} }
@ -36,9 +36,9 @@ impl KeyType {
KeyType::EcdsaP256 | KeyType::EcdsaP384 | KeyType::EcdsaP521 => { KeyType::EcdsaP256 | KeyType::EcdsaP384 | KeyType::EcdsaP521 => {
*alg == self.get_default_signature_alg() *alg == self.get_default_signature_alg()
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => *alg == self.get_default_signature_alg(), KeyType::Ed25519 => *alg == self.get_default_signature_alg(),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => *alg == self.get_default_signature_alg(), KeyType::Ed448 => *alg == self.get_default_signature_alg(),
}; };
if ok { if ok {
@ -58,9 +58,9 @@ impl KeyType {
"ecdsa-p256", "ecdsa-p256",
"ecdsa-p384", "ecdsa-p384",
"ecdsa-p521", "ecdsa-p521",
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
"ed25519", "ed25519",
#[cfg(ed448)]
#[cfg(feature = "ed448")]
"ed448", "ed448",
] ]
} }
@ -76,9 +76,9 @@ impl FromStr for KeyType {
"ecdsa_p256" => Ok(KeyType::EcdsaP256), "ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384), "ecdsa_p384" => Ok(KeyType::EcdsaP384),
"ecdsa_p521" => Ok(KeyType::EcdsaP521), "ecdsa_p521" => Ok(KeyType::EcdsaP521),
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
"ed25519" => Ok(KeyType::Ed25519), "ed25519" => Ok(KeyType::Ed25519),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
"ed448" => Ok(KeyType::Ed448), "ed448" => Ok(KeyType::Ed448),
_ => Err(format!("{s}: unknown algorithm").into()), _ => Err(format!("{s}: unknown algorithm").into()),
} }
@ -93,9 +93,9 @@ impl fmt::Display for KeyType {
KeyType::EcdsaP256 => "ecdsa-p256", KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384", KeyType::EcdsaP384 => "ecdsa-p384",
KeyType::EcdsaP521 => "ecdsa-p521", KeyType::EcdsaP521 => "ecdsa-p521",
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => "ed25519", KeyType::Ed25519 => "ed25519",
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => "ed448", KeyType::Ed448 => "ed448",
}; };
write!(f, "{s}") write!(f, "{s}")

8
acme_common/src/crypto/openssl_certificate.rs

@ -13,14 +13,14 @@ use std::net::IpAddr;
use std::time::Duration; use std::time::Duration;
fn get_digest(digest: HashFunction, key_pair: &KeyPair) -> MessageDigest { fn get_digest(digest: HashFunction, key_pair: &KeyPair) -> MessageDigest {
#[cfg(not(any(ed25519, ed448)))]
#[cfg(not(any(feature = "ed25519", feature = "ed448")))]
let digest = digest.native_digest(); let digest = digest.native_digest();
let _ = key_pair; let _ = key_pair;
#[cfg(any(ed25519, ed448))]
#[cfg(any(feature = "ed25519", feature = "ed448"))]
let digest = match key_pair.key_type { let digest = match key_pair.key_type {
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => MessageDigest::null(), KeyType::Ed25519 => MessageDigest::null(),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => MessageDigest::null(), KeyType::Ed448 => MessageDigest::null(),
_ => digest.native_digest(), _ => digest.native_digest(),
}; };

28
acme_common/src/crypto/openssl_keys.rs

@ -33,9 +33,9 @@ macro_rules! get_key_type {
return Err("unsupported EC key".into()); return Err("unsupported EC key".into());
} }
}, },
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
Id::ED25519 => KeyType::Ed25519, Id::ED25519 => KeyType::Ed25519,
#[cfg(ed448)]
#[cfg(feature = "ed448")]
Id::ED448 => KeyType::Ed448, Id::ED448 => KeyType::Ed448,
_ => { _ => {
return Err("unsupported key type".into()); return Err("unsupported key type".into());
@ -112,9 +112,9 @@ impl KeyPair {
JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&HashFunction::Sha256, data), JwsSignatureAlgorithm::Es256 => self.sign_ecdsa(&HashFunction::Sha256, data),
JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&HashFunction::Sha384, data), JwsSignatureAlgorithm::Es384 => self.sign_ecdsa(&HashFunction::Sha384, data),
JwsSignatureAlgorithm::Es512 => self.sign_ecdsa(&HashFunction::Sha512, data), JwsSignatureAlgorithm::Es512 => self.sign_ecdsa(&HashFunction::Sha512, data),
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
JwsSignatureAlgorithm::Ed25519 => self.sign_eddsa(data), JwsSignatureAlgorithm::Ed25519 => self.sign_eddsa(data),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
JwsSignatureAlgorithm::Ed448 => self.sign_eddsa(data), JwsSignatureAlgorithm::Ed448 => self.sign_eddsa(data),
} }
} }
@ -144,7 +144,7 @@ impl KeyPair {
Ok(signature) Ok(signature)
} }
#[cfg(any(ed25519, ed448))]
#[cfg(any(feature = "ed25519", feature = "ed448"))]
fn sign_eddsa(&self, data: &[u8]) -> Result<Vec<u8>, Error> { fn sign_eddsa(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
let mut signer = Signer::new_without_digest(&self.inner_key)?; let mut signer = Signer::new_without_digest(&self.inner_key)?;
let signature = signer.sign_oneshot_to_vec(data)?; let signature = signer.sign_oneshot_to_vec(data)?;
@ -165,9 +165,9 @@ impl KeyPair {
KeyType::EcdsaP256 | KeyType::EcdsaP384 | KeyType::EcdsaP521 => { KeyType::EcdsaP256 | KeyType::EcdsaP384 | KeyType::EcdsaP521 => {
self.get_ecdsa_jwk(thumbprint) self.get_ecdsa_jwk(thumbprint)
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => self.get_eddsa_jwk(thumbprint), KeyType::Ed25519 => self.get_eddsa_jwk(thumbprint),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => self.get_eddsa_jwk(thumbprint), KeyType::Ed448 => self.get_eddsa_jwk(thumbprint),
} }
} }
@ -236,12 +236,12 @@ impl KeyPair {
Ok(jwk) Ok(jwk)
} }
#[cfg(any(ed25519, ed448))]
#[cfg(any(feature = "ed25519", feature = "ed448"))]
fn get_eddsa_jwk(&self, thumbprint: bool) -> Result<Value, Error> { fn get_eddsa_jwk(&self, thumbprint: bool) -> Result<Value, Error> {
let crv = match self.key_type { let crv = match self.key_type {
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => "Ed25519", KeyType::Ed25519 => "Ed25519",
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => "Ed448", KeyType::Ed448 => "Ed448",
_ => { _ => {
return Err("not an EdDSA elliptic curve".into()); return Err("not an EdDSA elliptic curve".into());
@ -310,13 +310,13 @@ fn gen_ec_pair(nid: Nid) -> Result<PKey<Private>, Error> {
Ok(pk) Ok(pk)
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
fn gen_ed25519_pair() -> Result<PKey<Private>, Error> { fn gen_ed25519_pair() -> Result<PKey<Private>, Error> {
let pk = PKey::generate_ed25519().map_err(|_| Error::from(""))?; let pk = PKey::generate_ed25519().map_err(|_| Error::from(""))?;
Ok(pk) Ok(pk)
} }
#[cfg(ed448)]
#[cfg(feature = "ed448")]
fn gen_ed448_pair() -> Result<PKey<Private>, Error> { fn gen_ed448_pair() -> Result<PKey<Private>, Error> {
let pk = PKey::generate_ed448().map_err(|_| Error::from(""))?; let pk = PKey::generate_ed448().map_err(|_| Error::from(""))?;
Ok(pk) Ok(pk)
@ -329,9 +329,9 @@ pub fn gen_keypair(key_type: KeyType) -> Result<KeyPair, Error> {
KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1), KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1),
KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1), KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1),
KeyType::EcdsaP521 => gen_ec_pair(Nid::SECP521R1), KeyType::EcdsaP521 => gen_ec_pair(Nid::SECP521R1),
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
KeyType::Ed25519 => gen_ed25519_pair(), KeyType::Ed25519 => gen_ed25519_pair(),
#[cfg(ed448)]
#[cfg(feature = "ed448")]
KeyType::Ed448 => gen_ed448_pair(), KeyType::Ed448 => gen_ed448_pair(),
} }
.map_err(|_| Error::from(format!("unable to generate a {key_type} key pair")))?; .map_err(|_| Error::from(format!("unable to generate a {key_type} key pair")))?;

4
acme_common/src/tests/certificate.rs

@ -143,7 +143,7 @@ fn generate_ecdsa_p384_certificate() {
assert_eq!(kp.key_type, KeyType::EcdsaP384); assert_eq!(kp.key_type, KeyType::EcdsaP384);
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
#[test] #[test]
fn generate_ed25519_certificate() { fn generate_ed25519_certificate() {
let (kp, _) = let (kp, _) =
@ -152,7 +152,7 @@ fn generate_ed25519_certificate() {
assert_eq!(kp.key_type, KeyType::Ed25519); assert_eq!(kp.key_type, KeyType::Ed25519);
} }
#[cfg(ed448)]
#[cfg(feature = "ed448")]
#[test] #[test]
fn generate_ed448_certificate() { fn generate_ed448_certificate() {
let (kp, _) = let (kp, _) =

18
acme_common/src/tests/crypto_keys.rs

@ -88,15 +88,15 @@ const KEY_ECDSA_P384_PEM: &str = r#"-----BEGIN PRIVATE KEY-----
ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDCMsN9kHPueLABk+0PKi7WO ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDCMsN9kHPueLABk+0PKi7WO
PO2/53dpt/yV5zOPrYPEoKs4t973nbt46IUN19lLF/s= PO2/53dpt/yV5zOPrYPEoKs4t973nbt46IUN19lLF/s=
-----END PRIVATE KEY-----"#; -----END PRIVATE KEY-----"#;
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
const KEY_ECDSA_ED25519_PEM: &str = r#"-----BEGIN PRIVATE KEY----- const KEY_ECDSA_ED25519_PEM: &str = r#"-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIJhpRNsiUzoWqNkpJKCtKV5++Tttz3locu1gQKkQnrOa MC4CAQAwBQYDK2VwBCIEIJhpRNsiUzoWqNkpJKCtKV5++Tttz3locu1gQKkQnrOa
-----END PRIVATE KEY-----"#; -----END PRIVATE KEY-----"#;
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
const KEY_ECDSA_ED25519_PEM_BIS: &str = r#"-----BEGIN PRIVATE KEY----- const KEY_ECDSA_ED25519_PEM_BIS: &str = r#"-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIKa3WD0qeUToPQKSwa9cTsLPgCovqAtXMhlMX2KYBz0o MC4CAQAwBQYDK2VwBCIEIKa3WD0qeUToPQKSwa9cTsLPgCovqAtXMhlMX2KYBz0o
-----END PRIVATE KEY-----"#; -----END PRIVATE KEY-----"#;
#[cfg(ed448)]
#[cfg(feature = "ed448")]
const KEY_ECDSA_ED448_PEM: &str = r#"-----BEGIN PRIVATE KEY----- const KEY_ECDSA_ED448_PEM: &str = r#"-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOcFBwsH4zU7u5RgFh48MgJPzXyjN5uXxDapZv4rG6opU MEcCAQAwBQYDK2VxBDsEOcFBwsH4zU7u5RgFh48MgJPzXyjN5uXxDapZv4rG6opU
uMXco2JR1CSjKWgqgu1CAKadJIYiv2EgIw== uMXco2JR1CSjKWgqgu1CAKadJIYiv2EgIw==
@ -278,7 +278,7 @@ fn test_ecdsa_p384_jwk_thumbprint() {
); );
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
#[test] #[test]
fn test_ed25519_jwk() { fn test_ed25519_jwk() {
let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM.as_bytes()).unwrap(); let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM.as_bytes()).unwrap();
@ -301,7 +301,7 @@ fn test_ed25519_jwk() {
assert_eq!(jwk.get("alg").unwrap(), "EdDSA"); assert_eq!(jwk.get("alg").unwrap(), "EdDSA");
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
#[test] #[test]
fn test_ed25519_jwk_thumbprint() { fn test_ed25519_jwk_thumbprint() {
let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM.as_bytes()).unwrap(); let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM.as_bytes()).unwrap();
@ -322,7 +322,7 @@ fn test_ed25519_jwk_thumbprint() {
); );
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
#[test] #[test]
fn test_ed25519_jwk_bis() { fn test_ed25519_jwk_bis() {
let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM_BIS.as_bytes()).unwrap(); let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM_BIS.as_bytes()).unwrap();
@ -345,7 +345,7 @@ fn test_ed25519_jwk_bis() {
assert_eq!(jwk.get("alg").unwrap(), "EdDSA"); assert_eq!(jwk.get("alg").unwrap(), "EdDSA");
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
#[test] #[test]
fn test_ed25519_jwk_thumbprint_bis() { fn test_ed25519_jwk_thumbprint_bis() {
let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM_BIS.as_bytes()).unwrap(); let k = KeyPair::from_pem(KEY_ECDSA_ED25519_PEM_BIS.as_bytes()).unwrap();
@ -366,7 +366,7 @@ fn test_ed25519_jwk_thumbprint_bis() {
); );
} }
#[cfg(ed448)]
#[cfg(feature = "ed448")]
#[test] #[test]
fn test_ed448_jwk() { fn test_ed448_jwk() {
let k = KeyPair::from_pem(KEY_ECDSA_ED448_PEM.as_bytes()).unwrap(); let k = KeyPair::from_pem(KEY_ECDSA_ED448_PEM.as_bytes()).unwrap();
@ -389,7 +389,7 @@ fn test_ed448_jwk() {
assert_eq!(jwk.get("alg").unwrap(), "EdDSA"); assert_eq!(jwk.get("alg").unwrap(), "EdDSA");
} }
#[cfg(ed448)]
#[cfg(feature = "ed448")]
#[test] #[test]
fn test_ed448_jwk_thumbprint() { fn test_ed448_jwk_thumbprint() {
let k = KeyPair::from_pem(KEY_ECDSA_ED448_PEM.as_bytes()).unwrap(); let k = KeyPair::from_pem(KEY_ECDSA_ED448_PEM.as_bytes()).unwrap();

4
acme_common/src/tests/jws_signature_algorithm.rs

@ -47,14 +47,14 @@ fn test_es384_sign_p256() {
assert!(res.is_err()); assert!(res.is_err());
} }
#[cfg(ed25519)]
#[cfg(feature = "ed25519")]
#[test] #[test]
fn test_ed25519_sign() { fn test_ed25519_sign() {
let k = gen_keypair(KeyType::Ed25519).unwrap(); let k = gen_keypair(KeyType::Ed25519).unwrap();
let _ = k.sign(&JwsSignatureAlgorithm::Ed25519, TEST_DATA).unwrap(); let _ = k.sign(&JwsSignatureAlgorithm::Ed25519, TEST_DATA).unwrap();
} }
#[cfg(ed448)]
#[cfg(feature = "ed448")]
#[test] #[test]
fn test_ed448_sign() { fn test_ed448_sign() {
let k = gen_keypair(KeyType::Ed448).unwrap(); let k = gen_keypair(KeyType::Ed448).unwrap();

Loading…
Cancel
Save