diff --git a/Cargo.toml b/Cargo.toml index 0c26a4e..36ef578 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,6 @@ crate-type = ["cdylib", "lib"] [dependencies] mpecdsa = { git = "https://github.com/jirigav/mpecdsa.git", optional = true } -openssl = "0.10.55" prost = "0.11" serde = "1.0" serde_json = "1.0" @@ -21,6 +20,11 @@ curve25519-dalek = { version = "4", default-features = false, features = ["alloc frost-secp256k1 = { git = "https://github.com/dufkan/frost.git", branch = "serialize-state", features = ["serde"], optional = true } aes-gcm = "0.10.2" k256 = { version = "0.13.1", features = ["arithmetic"] } +p12 = "0.6.3" +x509-cert = { version = "0.2.5", features = ["builder"] } +p256 = { version = "0.13.2", features = ["ecdsa"] } +# https://github.com/RustCrypto/elliptic-curves/discussions/1005 +sha2 = { version = "0.10.7", features = ["oid"] } [build-dependencies] cbindgen = "0.20.0" @@ -37,4 +41,4 @@ protocol = [] bindings = [] gg18 = ["protocol", "dep:mpecdsa"] frost = ["protocol", "dep:frost-secp256k1"] -elgamal = ["protocol", "dep:elastic-elgamal"] \ No newline at end of file +elgamal = ["protocol", "dep:elastic-elgamal"] diff --git a/src/auth.rs b/src/auth.rs index d7a17cd..c7a1b91 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,39 +1,30 @@ -use openssl::{ - ec::{EcGroup, EcKey}, - error::ErrorStack, - hash::MessageDigest, - nid::Nid, - pkcs12::Pkcs12, - pkey::PKey, - x509::{X509Name, X509Req, X509}, -}; +use std::{error::Error, str::FromStr}; -pub fn gen_key_with_csr(name: &str) -> Result<(Vec, Vec), ErrorStack> { - let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1)?; - let ec_key = EcKey::generate(&group)?; - let key = PKey::from_ec_key(ec_key)?; - let key_der = key.private_key_to_der()?; +use p256::ecdsa::{DerSignature, SigningKey}; +use p256::pkcs8::EncodePrivateKey; +use rand::rngs::OsRng; +use x509_cert::der::Encode; +use x509_cert::{ + builder::{Builder, RequestBuilder}, + name::Name, +}; - let mut name_builder = X509Name::builder()?; - name_builder.append_entry_by_nid(Nid::COMMONNAME, name)?; - let subj_name = name_builder.build(); +pub fn gen_key_with_csr(name: &str) -> Result<(Vec, Vec), Box> { + let key = SigningKey::random(&mut OsRng); + let key_der = key.to_pkcs8_der()?.as_bytes().to_vec(); - let mut req_builder = X509Req::builder()?; - req_builder.set_subject_name(&subj_name)?; - req_builder.set_pubkey(&key)?; - req_builder.sign(&key, MessageDigest::sha256())?; - let csr_der = req_builder.build().to_der()?; + let subject = Name::from_str(&format!("CN={name}"))?; + let builder = RequestBuilder::new(subject, &key)?; + let csr = builder.build::()?; + let csr_der = csr.to_der()?; Ok((key_der, csr_der)) } -pub fn cert_key_to_pkcs12(key_der: &[u8], cert_der: &[u8]) -> Result, ErrorStack> { - let key = PKey::private_key_from_der(key_der)?; - let cert = X509::from_der(cert_der)?; - Pkcs12::builder() - .name("meesign auth key") - .pkey(&key) - .cert(&cert) - .build2("")? - .to_der() +pub fn cert_key_to_pkcs12(key_der: &[u8], cert_der: &[u8]) -> Result, Box> { + let ca_der = None; + let password = ""; + let pfx = p12::PFX::new(cert_der, key_der, ca_der, password, "meesign auth key") + .ok_or("Error creating PKCS #12")?; + Ok(pfx.to_der()) } diff --git a/src/c_api.rs b/src/c_api.rs index dec0adf..e9450ac 100644 --- a/src/c_api.rs +++ b/src/c_api.rs @@ -214,7 +214,7 @@ pub unsafe extern "C" fn auth_keygen(name: *const c_char, error_out: *mut *mut c match auth::gen_key_with_csr(name) { Ok((key, csr)) => AuthKey::new(key, csr), Err(error) => { - set_error(error_out, &error); + set_error(error_out, &*error); AuthKey::new(vec![], vec![]) } } @@ -234,7 +234,7 @@ pub unsafe extern "C" fn auth_cert_key_to_pkcs12( match auth::cert_key_to_pkcs12(key_der, cert_der) { Ok(pkcs12) => pkcs12.into(), Err(error) => { - set_error(error_out, &error); + set_error(error_out, &*error); vec![].into() } }