Browse Source

Move KeyType to a dedicated module

pull/5/head
Rodolphe Breard 5 years ago
parent
commit
84102922fa
  1. 4
      acme_common/src/crypto.rs
  2. 40
      acme_common/src/crypto/key_type.rs
  3. 58
      acme_common/src/crypto/openssl_keys.rs

4
acme_common/src/crypto.rs

@ -6,6 +6,7 @@ mod openssl_hash;
mod standalone_hash; mod standalone_hash;
mod openssl_keys; mod openssl_keys;
mod key_type;
#[cfg(not(feature = "standalone"))] #[cfg(not(feature = "standalone"))]
pub const DEFAULT_ALGO: &str = "rsa2048"; pub const DEFAULT_ALGO: &str = "rsa2048";
@ -19,4 +20,5 @@ pub use openssl_hash::sha256;
#[cfg(feature = "standalone")] #[cfg(feature = "standalone")]
pub use standalone_hash::sha256; pub use standalone_hash::sha256;
pub use openssl_keys::{gen_keypair, KeyPair, KeyType};
pub use openssl_keys::{gen_keypair, KeyPair};
pub use key_type::KeyType;

40
acme_common/src/crypto/key_type.rs

@ -0,0 +1,40 @@
use crate::error::Error;
use std::fmt;
use std::str::FromStr;
#[derive(Clone, Copy, Debug)]
pub enum KeyType {
Curve25519,
EcdsaP256,
EcdsaP384,
Rsa2048,
Rsa4096,
}
impl FromStr for KeyType {
type Err = Error;
fn from_str(s: &str) -> Result<Self, Error> {
match s.to_lowercase().as_str() {
"ed25519" => Ok(KeyType::Curve25519),
"ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384),
"rsa2048" => Ok(KeyType::Rsa2048),
"rsa4096" => Ok(KeyType::Rsa4096),
_ => Err(format!("{}: unknown algorithm.", s).into()),
}
}
}
impl fmt::Display for KeyType {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
let s = match self {
KeyType::Curve25519 => "ed25519",
KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384",
KeyType::Rsa2048 => "rsa2048",
KeyType::Rsa4096 => "rsa4096",
};
write!(f, "{}", s)
}
}

58
acme_common/src/crypto/openssl_keys.rs

@ -1,4 +1,5 @@
use crate::b64_encode; use crate::b64_encode;
use crate::crypto::KeyType;
use crate::error::Error; use crate::error::Error;
use openssl::bn::{BigNum, BigNumContext}; use openssl::bn::{BigNum, BigNumContext};
use openssl::ec::{EcGroup, EcKey}; use openssl::ec::{EcGroup, EcKey};
@ -7,8 +8,6 @@ use openssl::nid::Nid;
use openssl::pkey::{Id, PKey, Private}; use openssl::pkey::{Id, PKey, Private};
use openssl::rsa::Rsa; use openssl::rsa::Rsa;
use serde_json::json; use serde_json::json;
use std::fmt;
use std::str::FromStr;
macro_rules! get_key_type { macro_rules! get_key_type {
($key: expr) => { ($key: expr) => {
@ -34,40 +33,6 @@ macro_rules! get_key_type {
}; };
} }
#[derive(Clone, Copy, Debug)]
pub enum KeyType {
EcdsaP256,
EcdsaP384,
Rsa2048,
Rsa4096,
}
impl FromStr for KeyType {
type Err = Error;
fn from_str(s: &str) -> Result<Self, Error> {
match s.to_lowercase().as_str() {
"ecdsa_p256" => Ok(KeyType::EcdsaP256),
"ecdsa_p384" => Ok(KeyType::EcdsaP384),
"rsa2048" => Ok(KeyType::Rsa2048),
"rsa4096" => Ok(KeyType::Rsa4096),
_ => Err(format!("{}: unknown algorithm.", s).into()),
}
}
}
impl fmt::Display for KeyType {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
let s = match self {
KeyType::EcdsaP256 => "ecdsa-p256",
KeyType::EcdsaP384 => "ecdsa-p384",
KeyType::Rsa2048 => "rsa2048",
KeyType::Rsa4096 => "rsa4096",
};
write!(f, "{}", s)
}
}
pub struct KeyPair { pub struct KeyPair {
pub key_type: KeyType, pub key_type: KeyType,
pub inner_key: PKey<Private>, pub inner_key: PKey<Private>,
@ -95,10 +60,9 @@ impl KeyPair {
pub fn sign(&self, data: &[u8]) -> Result<Vec<u8>, Error> { pub fn sign(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
match self.key_type { match self.key_type {
KeyType::Rsa2048 | KeyType::Rsa4096 => {
// TODO: implement RSA signatures
Err("RSA signatures are not implemented yet".into())
}
KeyType::Curve25519 => {
Err("Curve25519 signatures are not implemented yet".into())
},
KeyType::EcdsaP256 | KeyType::EcdsaP384 => { KeyType::EcdsaP256 | KeyType::EcdsaP384 => {
let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?; let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?;
let r = signature.r().to_vec(); let r = signature.r().to_vec();
@ -107,13 +71,20 @@ impl KeyPair {
signature.append(&mut s); signature.append(&mut s);
Ok(signature) Ok(signature)
} }
KeyType::Rsa2048 | KeyType::Rsa4096 => {
// TODO: implement RSA signatures
Err("RSA signatures are not implemented yet".into())
}
} }
} }
pub fn get_jwk_thumbprint(&self) -> Result<String, Error> { pub fn get_jwk_thumbprint(&self) -> Result<String, Error> {
// TODO: implement Curve25519 and RSA JWK thumbprint
match self.key_type { match self.key_type {
KeyType::Curve25519 => {
Err("Curve25519 thumbprint are not implemented yet".into())
},
KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(), KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(),
// TODO: implement RSA JWK thumbprint
KeyType::Rsa2048 | KeyType::Rsa4096 => { KeyType::Rsa2048 | KeyType::Rsa4096 => {
Err("RSA jwk thumbprint are not implemented yet".into()) Err("RSA jwk thumbprint are not implemented yet".into())
} }
@ -178,10 +149,11 @@ fn gen_ec_pair(nid: Nid) -> Result<PKey<Private>, Error> {
pub fn gen_keypair(key_type: KeyType) -> Result<KeyPair, Error> { pub fn gen_keypair(key_type: KeyType) -> Result<KeyPair, Error> {
let priv_key = match key_type { let priv_key = match key_type {
KeyType::Rsa2048 => gen_rsa_pair(2048),
KeyType::Rsa4096 => gen_rsa_pair(4096),
KeyType::Curve25519 => Err(Error::from("")),
KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1), KeyType::EcdsaP256 => gen_ec_pair(Nid::X9_62_PRIME256V1),
KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1), KeyType::EcdsaP384 => gen_ec_pair(Nid::SECP384R1),
KeyType::Rsa2048 => gen_rsa_pair(2048),
KeyType::Rsa4096 => gen_rsa_pair(4096),
} }
.map_err(|_| Error::from(format!("Unable to generate a {} key pair.", key_type)))?; .map_err(|_| Error::from(format!("Unable to generate a {} key pair.", key_type)))?;
let key_pair = KeyPair { let key_pair = KeyPair {

Loading…
Cancel
Save