diff --git a/acme_common/src/crypto.rs b/acme_common/src/crypto.rs index 7ef5338..0cd50d6 100644 --- a/acme_common/src/crypto.rs +++ b/acme_common/src/crypto.rs @@ -6,6 +6,7 @@ mod openssl_hash; mod standalone_hash; mod openssl_keys; +mod key_type; #[cfg(not(feature = "standalone"))] pub const DEFAULT_ALGO: &str = "rsa2048"; @@ -19,4 +20,5 @@ pub use openssl_hash::sha256; #[cfg(feature = "standalone")] pub use standalone_hash::sha256; -pub use openssl_keys::{gen_keypair, KeyPair, KeyType}; +pub use openssl_keys::{gen_keypair, KeyPair}; +pub use key_type::KeyType; diff --git a/acme_common/src/crypto/key_type.rs b/acme_common/src/crypto/key_type.rs new file mode 100644 index 0000000..34a6676 --- /dev/null +++ b/acme_common/src/crypto/key_type.rs @@ -0,0 +1,40 @@ +use crate::error::Error; +use std::fmt; +use std::str::FromStr; + +#[derive(Clone, Copy, Debug)] +pub enum KeyType { + Curve25519, + EcdsaP256, + EcdsaP384, + Rsa2048, + Rsa4096, +} + +impl FromStr for KeyType { + type Err = Error; + + fn from_str(s: &str) -> Result { + match s.to_lowercase().as_str() { + "ed25519" => Ok(KeyType::Curve25519), + "ecdsa_p256" => Ok(KeyType::EcdsaP256), + "ecdsa_p384" => Ok(KeyType::EcdsaP384), + "rsa2048" => Ok(KeyType::Rsa2048), + "rsa4096" => Ok(KeyType::Rsa4096), + _ => Err(format!("{}: unknown algorithm.", s).into()), + } + } +} + +impl fmt::Display for KeyType { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + let s = match self { + KeyType::Curve25519 => "ed25519", + KeyType::EcdsaP256 => "ecdsa-p256", + KeyType::EcdsaP384 => "ecdsa-p384", + KeyType::Rsa2048 => "rsa2048", + KeyType::Rsa4096 => "rsa4096", + }; + write!(f, "{}", s) + } +} diff --git a/acme_common/src/crypto/openssl_keys.rs b/acme_common/src/crypto/openssl_keys.rs index 770628b..f2979da 100644 --- a/acme_common/src/crypto/openssl_keys.rs +++ b/acme_common/src/crypto/openssl_keys.rs @@ -1,4 +1,5 @@ use crate::b64_encode; +use crate::crypto::KeyType; use crate::error::Error; use openssl::bn::{BigNum, BigNumContext}; use openssl::ec::{EcGroup, EcKey}; @@ -7,8 +8,6 @@ use openssl::nid::Nid; use openssl::pkey::{Id, PKey, Private}; use openssl::rsa::Rsa; use serde_json::json; -use std::fmt; -use std::str::FromStr; macro_rules! get_key_type { ($key: expr) => { @@ -34,40 +33,6 @@ macro_rules! get_key_type { }; } -#[derive(Clone, Copy, Debug)] -pub enum KeyType { - EcdsaP256, - EcdsaP384, - Rsa2048, - Rsa4096, -} - -impl FromStr for KeyType { - type Err = Error; - - fn from_str(s: &str) -> Result { - match s.to_lowercase().as_str() { - "ecdsa_p256" => Ok(KeyType::EcdsaP256), - "ecdsa_p384" => Ok(KeyType::EcdsaP384), - "rsa2048" => Ok(KeyType::Rsa2048), - "rsa4096" => Ok(KeyType::Rsa4096), - _ => Err(format!("{}: unknown algorithm.", s).into()), - } - } -} - -impl fmt::Display for KeyType { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - let s = match self { - KeyType::EcdsaP256 => "ecdsa-p256", - KeyType::EcdsaP384 => "ecdsa-p384", - KeyType::Rsa2048 => "rsa2048", - KeyType::Rsa4096 => "rsa4096", - }; - write!(f, "{}", s) - } -} - pub struct KeyPair { pub key_type: KeyType, pub inner_key: PKey, @@ -95,10 +60,9 @@ impl KeyPair { pub fn sign(&self, data: &[u8]) -> Result, Error> { match self.key_type { - KeyType::Rsa2048 | KeyType::Rsa4096 => { - // TODO: implement RSA signatures - Err("RSA signatures are not implemented yet".into()) - } + KeyType::Curve25519 => { + Err("Curve25519 signatures are not implemented yet".into()) + }, KeyType::EcdsaP256 | KeyType::EcdsaP384 => { let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?; let r = signature.r().to_vec(); @@ -107,13 +71,20 @@ impl KeyPair { signature.append(&mut s); Ok(signature) } + KeyType::Rsa2048 | KeyType::Rsa4096 => { + // TODO: implement RSA signatures + Err("RSA signatures are not implemented yet".into()) + } } } pub fn get_jwk_thumbprint(&self) -> Result { + // TODO: implement Curve25519 and RSA JWK thumbprint match self.key_type { + KeyType::Curve25519 => { + Err("Curve25519 thumbprint are not implemented yet".into()) + }, KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(), - // TODO: implement RSA JWK thumbprint KeyType::Rsa2048 | KeyType::Rsa4096 => { Err("RSA jwk thumbprint are not implemented yet".into()) } @@ -178,10 +149,11 @@ fn gen_ec_pair(nid: Nid) -> Result, Error> { pub fn gen_keypair(key_type: KeyType) -> Result { let priv_key = match key_type { - KeyType::Rsa2048 => gen_rsa_pair(2048), - KeyType::Rsa4096 => gen_rsa_pair(4096), + KeyType::Curve25519 => Err(Error::from("")), KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1), KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1), + KeyType::Rsa2048 => gen_rsa_pair(2048), + KeyType::Rsa4096 => gen_rsa_pair(4096), } .map_err(|_| Error::from(format!("Unable to generate a {} key pair.", key_type)))?; let key_pair = KeyPair {