Browse Source

Remove the standalone feature

As discussed in #2, ring is not mature enough to replace OpenSSL. Hence,
the standalone mode which has been made to implement such a replacement
has to be removed until ring becomes usable.
pull/5/head
Rodolphe Breard 5 years ago
parent
commit
4ea49512d6
  1. 7
      acme_common/Cargo.toml
  2. 17
      acme_common/src/crypto.rs
  3. 8
      acme_common/src/crypto/openssl_keys.rs
  4. 5
      acme_common/src/crypto/standalone_hash.rs
  5. 6
      acmed/Cargo.toml
  6. 6
      tacd/Cargo.toml
  7. 8
      tacd/src/main.rs
  8. 10
      tacd/src/standalone_server.rs

7
acme_common/Cargo.toml

@ -11,10 +11,6 @@ include = ["src/**/*", "Cargo.toml", "Licence_*.txt"]
[lib] [lib]
name = "acme_common" name = "acme_common"
[features]
default = ["openssl"]
standalone = ["ring"]
[dependencies] [dependencies]
base64 = "0.10" base64 = "0.10"
daemonize = "0.4" daemonize = "0.4"
@ -22,8 +18,7 @@ env_logger = "0.6"
handlebars = "2.0.0-beta.2" handlebars = "2.0.0-beta.2"
http_req = "0.5" http_req = "0.5"
log = "0.4" log = "0.4"
openssl = { version = "0.10", optional = true }
ring = { version = "0.14", optional = true }
openssl = "0.10"
serde_json = "1.0" serde_json = "1.0"
syslog = "4.0" syslog = "4.0"
time = "0.1" time = "0.1"

17
acme_common/src/crypto.rs

@ -1,24 +1,11 @@
mod key_type;
mod openssl_certificate; mod openssl_certificate;
#[cfg(not(feature = "standalone"))]
mod openssl_hash; mod openssl_hash;
#[cfg(feature = "standalone")]
mod standalone_hash;
mod openssl_keys; mod openssl_keys;
mod key_type;
#[cfg(not(feature = "standalone"))]
pub const DEFAULT_ALGO: &str = "rsa2048"; pub const DEFAULT_ALGO: &str = "rsa2048";
#[cfg(feature = "standalone")]
pub const DEFAULT_ALGO: &str = "ecdsa_p256";
pub use key_type::KeyType;
pub use openssl_certificate::{Csr, X509Certificate}; pub use openssl_certificate::{Csr, X509Certificate};
#[cfg(not(feature = "standalone"))]
pub use openssl_hash::sha256; pub use openssl_hash::sha256;
#[cfg(feature = "standalone")]
pub use standalone_hash::sha256;
pub use openssl_keys::{gen_keypair, KeyPair}; pub use openssl_keys::{gen_keypair, KeyPair};
pub use key_type::KeyType;

8
acme_common/src/crypto/openssl_keys.rs

@ -60,9 +60,7 @@ impl KeyPair {
pub fn sign(&self, data: &[u8]) -> Result<Vec<u8>, Error> { pub fn sign(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
match self.key_type { match self.key_type {
KeyType::Curve25519 => {
Err("Curve25519 signatures are not implemented yet".into())
},
KeyType::Curve25519 => Err("Curve25519 signatures are not implemented yet".into()),
KeyType::EcdsaP256 | KeyType::EcdsaP384 => { KeyType::EcdsaP256 | KeyType::EcdsaP384 => {
let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?; let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?;
let r = signature.r().to_vec(); let r = signature.r().to_vec();
@ -81,9 +79,7 @@ impl KeyPair {
pub fn get_jwk_thumbprint(&self) -> Result<String, Error> { pub fn get_jwk_thumbprint(&self) -> Result<String, Error> {
// TODO: implement Curve25519 and RSA JWK thumbprint // TODO: implement Curve25519 and RSA JWK thumbprint
match self.key_type { match self.key_type {
KeyType::Curve25519 => {
Err("Curve25519 thumbprint are not implemented yet".into())
},
KeyType::Curve25519 => Err("Curve25519 thumbprint are not implemented yet".into()),
KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(), KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(),
KeyType::Rsa2048 | KeyType::Rsa4096 => { KeyType::Rsa2048 | KeyType::Rsa4096 => {
Err("RSA jwk thumbprint are not implemented yet".into()) Err("RSA jwk thumbprint are not implemented yet".into())

5
acme_common/src/crypto/standalone_hash.rs

@ -1,5 +0,0 @@
use ring::digest::{digest, SHA256};
pub fn sha256(data: &[u8]) -> Vec<u8> {
digest(&SHA256, data).as_ref().to_vec()
}

6
acmed/Cargo.toml

@ -11,10 +11,6 @@ license = "MIT OR Apache-2.0"
include = ["src/**/*", "Cargo.toml", "LICENSE-*.txt"] include = ["src/**/*", "Cargo.toml", "LICENSE-*.txt"]
build = "build.rs" build = "build.rs"
[features]
default = ["openssl-sys"]
standalone = []
[dependencies] [dependencies]
acme_common = { path = "../acme_common" } acme_common = { path = "../acme_common" }
clap = "2.32" clap = "2.32"
@ -22,7 +18,7 @@ handlebars = "2.0.0-beta.2"
http_req = "0.5" http_req = "0.5"
log = "0.4" log = "0.4"
nom = "5.0" nom = "5.0"
openssl-sys = { version = "0.9", optional = true }
openssl-sys = "0.9"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
time = "0.1" time = "0.1"

6
tacd/Cargo.toml

@ -10,12 +10,8 @@ readme = "../README.md"
license = "MIT OR Apache-2.0" license = "MIT OR Apache-2.0"
include = ["src/**/*", "Cargo.toml", "LICENSE-*.txt"] include = ["src/**/*", "Cargo.toml", "LICENSE-*.txt"]
[features]
default = ["openssl"]
standalone = []
[dependencies] [dependencies]
acme_common = { path = "../acme_common" } acme_common = { path = "../acme_common" }
clap = "2.32" clap = "2.32"
log = "0.4" log = "0.4"
openssl = { version = "0.10", optional = true }
openssl = "0.10"

8
tacd/src/main.rs

@ -1,12 +1,6 @@
#[cfg(not(feature = "standalone"))]
mod openssl_server; mod openssl_server;
#[cfg(not(feature = "standalone"))]
use openssl_server::start as server_start;
#[cfg(feature = "standalone")]
mod standalone_server;
#[cfg(feature = "standalone")]
use standalone_server::start as server_start;
use crate::openssl_server::start as server_start;
use acme_common::crypto::X509Certificate; use acme_common::crypto::X509Certificate;
use acme_common::error::Error; use acme_common::error::Error;
use clap::{App, Arg, ArgMatches}; use clap::{App, Arg, ArgMatches};

10
tacd/src/standalone_server.rs

@ -1,10 +0,0 @@
use acme_common::crypto::{KeyPair, X509Certificate};
use acme_common::error::Error;
pub fn start(
listen_addr: &str,
certificate: &X509Certificate,
key_pair: &KeyPair,
) -> Result<(), Error> {
Err("The standalone server is not implemented yet.".into())
}
Loading…
Cancel
Save