/rust/registry/src/index.crates.io-1949cf8c6b5b557f/aws-lc-rs-1.12.4/src/rsa/encoding.rs
Line | Count | Source |
1 | | // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. |
2 | | // SPDX-License-Identifier: Apache-2.0 OR ISC |
3 | | |
4 | | /// [RFC 8017](https://www.rfc-editor.org/rfc/rfc8017.html) |
5 | | /// |
6 | | /// PKCS #1: RSA Cryptography Specifications Version 2.2 |
7 | | pub(in crate::rsa) mod rfc8017 { |
8 | | use crate::aws_lc::{ |
9 | | EVP_PKEY_assign_RSA, EVP_PKEY_new, RSA_parse_private_key, RSA_public_key_from_bytes, |
10 | | RSA_public_key_to_bytes, EVP_PKEY, |
11 | | }; |
12 | | use crate::cbs; |
13 | | use crate::error::{KeyRejected, Unspecified}; |
14 | | use crate::ptr::{DetachableLcPtr, LcPtr}; |
15 | | use std::ptr::null_mut; |
16 | | |
17 | | /// DER encode a RSA public key to `RSAPublicKey` structure. |
18 | 0 | pub(in crate::rsa) fn encode_public_key_der( |
19 | 0 | pubkey: &LcPtr<EVP_PKEY>, |
20 | 0 | ) -> Result<Box<[u8]>, Unspecified> { |
21 | 0 | let mut pubkey_bytes = null_mut::<u8>(); |
22 | 0 | let mut outlen: usize = 0; |
23 | | if 1 != unsafe { |
24 | 0 | RSA_public_key_to_bytes(&mut pubkey_bytes, &mut outlen, *pubkey.get_rsa()?) |
25 | | } { |
26 | 0 | return Err(Unspecified); |
27 | 0 | } |
28 | 0 | let pubkey_bytes = LcPtr::new(pubkey_bytes)?; |
29 | 0 | let pubkey_slice = unsafe { pubkey_bytes.as_slice(outlen) }; |
30 | 0 | let pubkey_vec = Vec::from(pubkey_slice); |
31 | 0 | Ok(pubkey_vec.into_boxed_slice()) |
32 | 0 | } |
33 | | |
34 | | /// Decode a DER encoded `RSAPublicKey` structure. |
35 | | #[inline] |
36 | 0 | pub(in crate::rsa) fn decode_public_key_der( |
37 | 0 | public_key: &[u8], |
38 | 0 | ) -> Result<LcPtr<EVP_PKEY>, KeyRejected> { |
39 | 0 | let rsa = DetachableLcPtr::new(unsafe { |
40 | 0 | RSA_public_key_from_bytes(public_key.as_ptr(), public_key.len()) |
41 | 0 | })?; |
42 | | |
43 | 0 | let mut pkey = LcPtr::new(unsafe { EVP_PKEY_new() })?; |
44 | | |
45 | 0 | if 1 != unsafe { EVP_PKEY_assign_RSA(*pkey.as_mut(), *rsa) } { |
46 | 0 | return Err(KeyRejected::unspecified()); |
47 | 0 | } |
48 | | |
49 | 0 | rsa.detach(); |
50 | | |
51 | 0 | Ok(pkey) |
52 | 0 | } |
53 | | |
54 | | /// Decodes a DER encoded `RSAPrivateKey` structure. |
55 | | #[inline] |
56 | 0 | pub(in crate::rsa) fn decode_private_key_der( |
57 | 0 | private_key: &[u8], |
58 | 0 | ) -> Result<LcPtr<EVP_PKEY>, KeyRejected> { |
59 | 0 | let mut cbs = cbs::build_CBS(private_key); |
60 | | |
61 | 0 | let rsa = DetachableLcPtr::new(unsafe { RSA_parse_private_key(&mut cbs) })?; |
62 | | |
63 | 0 | let mut pkey = LcPtr::new(unsafe { EVP_PKEY_new() })?; |
64 | | |
65 | 0 | if 1 != unsafe { EVP_PKEY_assign_RSA(*pkey.as_mut(), *rsa) } { |
66 | 0 | return Err(KeyRejected::unspecified()); |
67 | 0 | } |
68 | | |
69 | 0 | rsa.detach(); |
70 | | |
71 | 0 | Ok(pkey) |
72 | 0 | } |
73 | | } |
74 | | |
75 | | /// [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.html) |
76 | | /// |
77 | | /// Encodings that use the `SubjectPublicKeyInfo` structure. |
78 | | pub(in crate::rsa) mod rfc5280 { |
79 | | use crate::aws_lc::{EVP_PKEY, EVP_PKEY_RSA}; |
80 | | use crate::buffer::Buffer; |
81 | | use crate::encoding::PublicKeyX509Der; |
82 | | use crate::error::{KeyRejected, Unspecified}; |
83 | | use crate::ptr::LcPtr; |
84 | | |
85 | 0 | pub(in crate::rsa) fn encode_public_key_der( |
86 | 0 | key: &LcPtr<EVP_PKEY>, |
87 | 0 | ) -> Result<PublicKeyX509Der<'static>, Unspecified> { |
88 | 0 | let der = key.marshal_rfc5280_public_key()?; |
89 | 0 | Ok(PublicKeyX509Der::from(Buffer::new(der))) |
90 | 0 | } |
91 | | |
92 | 0 | pub(in crate::rsa) fn decode_public_key_der( |
93 | 0 | value: &[u8], |
94 | 0 | ) -> Result<LcPtr<EVP_PKEY>, KeyRejected> { |
95 | 0 | LcPtr::<EVP_PKEY>::parse_rfc5280_public_key(value, EVP_PKEY_RSA) |
96 | 0 | } |
97 | | } |