Skip to content

Commit

Permalink
remove openssl dependency
Browse files Browse the repository at this point in the history
  • Loading branch information
jjanku committed Mar 22, 2024
1 parent aa8dde8 commit 910e48b
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 35 deletions.
8 changes: 6 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ crate-type = ["cdylib", "lib"]

[dependencies]
mpecdsa = { git = "https://github.com/jirigav/mpecdsa.git", optional = true }
openssl = "0.10.55"
prost = "0.11"
serde = "1.0"
serde_json = "1.0"
Expand All @@ -21,6 +20,11 @@ curve25519-dalek = { version = "4", default-features = false, features = ["alloc
frost-secp256k1 = { git = "https://github.com/dufkan/frost.git", branch = "serialize-state", features = ["serde"], optional = true }
aes-gcm = "0.10.2"
k256 = { version = "0.13.1", features = ["arithmetic"] }
p12 = "0.6.3"
x509-cert = { version = "0.2.5", features = ["builder"] }
p256 = { version = "0.13.2", features = ["ecdsa"] }
# https://github.com/RustCrypto/elliptic-curves/discussions/1005
sha2 = { version = "0.10.7", features = ["oid"] }

[build-dependencies]
cbindgen = "0.20.0"
Expand All @@ -37,4 +41,4 @@ protocol = []
bindings = []
gg18 = ["protocol", "dep:mpecdsa"]
frost = ["protocol", "dep:frost-secp256k1"]
elgamal = ["protocol", "dep:elastic-elgamal"]
elgamal = ["protocol", "dep:elastic-elgamal"]
50 changes: 19 additions & 31 deletions src/auth.rs
Original file line number Diff line number Diff line change
@@ -1,39 +1,27 @@
use openssl::{
ec::{EcGroup, EcKey},
error::ErrorStack,
hash::MessageDigest,
nid::Nid,
pkcs12::Pkcs12,
pkey::PKey,
x509::{X509Name, X509Req, X509},
};
use std::{error::Error, str::FromStr};

pub fn gen_key_with_csr(name: &str) -> Result<(Vec<u8>, Vec<u8>), ErrorStack> {
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1)?;
let ec_key = EcKey::generate(&group)?;
let key = PKey::from_ec_key(ec_key)?;
let key_der = key.private_key_to_der()?;
use p256::ecdsa::{DerSignature, SigningKey};
use p256::pkcs8::EncodePrivateKey;
use rand::rngs::OsRng;
use x509_cert::der::Encode;
use x509_cert::{
builder::{Builder, RequestBuilder},
name::Name,
};

let mut name_builder = X509Name::builder()?;
name_builder.append_entry_by_nid(Nid::COMMONNAME, name)?;
let subj_name = name_builder.build();
pub fn gen_key_with_csr(name: &str) -> Result<(Vec<u8>, Vec<u8>), Box<dyn Error>> {
let key = SigningKey::random(&mut OsRng);
let key_der = key.to_pkcs8_der()?.as_bytes().to_vec();

let mut req_builder = X509Req::builder()?;
req_builder.set_subject_name(&subj_name)?;
req_builder.set_pubkey(&key)?;
req_builder.sign(&key, MessageDigest::sha256())?;
let csr_der = req_builder.build().to_der()?;
let subject = Name::from_str(&format!("CN={name}"))?;
let builder = RequestBuilder::new(subject, &key)?;
let cert_req = builder.build::<DerSignature>()?;
let csr_der = cert_req.to_der()?;

Ok((key_der, csr_der))
}

pub fn cert_key_to_pkcs12(key_der: &[u8], cert_der: &[u8]) -> Result<Vec<u8>, ErrorStack> {
let key = PKey::private_key_from_der(key_der)?;
let cert = X509::from_der(cert_der)?;
Pkcs12::builder()
.name("meesign auth key")
.pkey(&key)
.cert(&cert)
.build2("")?
.to_der()
pub fn cert_key_to_pkcs12(key_der: &[u8], cert_der: &[u8]) -> Result<Vec<u8>, Box<dyn Error>> {
let pfx = p12::PFX::new(cert_der, key_der, None, "", "meesign auth key").ok_or("")?;
Ok(pfx.to_der())
}
4 changes: 2 additions & 2 deletions src/c_api.rs
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ pub unsafe extern "C" fn auth_keygen(name: *const c_char, error_out: *mut *mut c
match auth::gen_key_with_csr(name) {
Ok((key, csr)) => AuthKey::new(key, csr),
Err(error) => {
set_error(error_out, &error);
set_error(error_out, &*error);
AuthKey::new(vec![], vec![])
}
}
Expand All @@ -234,7 +234,7 @@ pub unsafe extern "C" fn auth_cert_key_to_pkcs12(
match auth::cert_key_to_pkcs12(key_der, cert_der) {
Ok(pkcs12) => pkcs12.into(),
Err(error) => {
set_error(error_out, &error);
set_error(error_out, &*error);
vec![].into()
}
}
Expand Down

0 comments on commit 910e48b

Please sign in to comment.