diff options
Diffstat (limited to 'openpgp/src/crypto/backend/openssl.rs')
-rw-r--r-- | openpgp/src/crypto/backend/openssl.rs | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/openpgp/src/crypto/backend/openssl.rs b/openpgp/src/crypto/backend/openssl.rs new file mode 100644 index 00000000..4e610bfe --- /dev/null +++ b/openpgp/src/crypto/backend/openssl.rs @@ -0,0 +1,80 @@ +//! Implementation of Sequoia crypto API using the OpenSSL cryptographic library. +use std::convert::TryFrom; + +use crate::types::*; + +pub mod aead; +pub mod asymmetric; +pub mod ecdh; +pub mod hash; +pub mod symmetric; + +/// Returns a short, human-readable description of the backend. +pub fn backend() -> String { + "OpenSSL".to_string() +} + +/// Fills the given buffer with random data. +pub fn random(buf: &mut [u8]) { + // random is expected to always work or panic on wrong data. + // This is similar to what other backends do like CNG or Rust + // see: https://docs.rs/rand/latest/rand/trait.RngCore.html#tymethod.fill_bytes + openssl::rand::rand_bytes(buf).expect("rand_bytes to work"); +} + +impl PublicKeyAlgorithm { + pub(crate) fn is_supported_by_backend(&self) -> bool { + use PublicKeyAlgorithm::*; + #[allow(deprecated)] + match self { + RSAEncryptSign | RSAEncrypt | RSASign => true, + DSA => true, + ECDH | ECDSA | EdDSA => true, + _ => false, + } + } +} + +impl Curve { + pub(crate) fn is_supported_by_backend(&self) -> bool { + if matches!(self, Curve::Ed25519 | Curve::Cv25519) { + // 25519-based algorithms are special-cased and supported + true + } else { + // the rest of EC algorithms are supported via the same + // codepath + openssl::nid::Nid::try_from(self).is_ok() + } + } +} + +impl AEADAlgorithm { + /// Returns the best AEAD mode supported by the backend. + /// + /// This SHOULD return OCB, which is the mandatory-to-implement + /// algorithm and the most performing one, but fall back to any + /// supported algorithm. + pub(crate) const fn const_default() -> AEADAlgorithm { + AEADAlgorithm::OCB + } + + pub(crate) fn is_supported_by_backend(&self) -> bool { + *self == AEADAlgorithm::OCB + } + + #[cfg(test)] + pub(crate) fn supports_symmetric_algo(&self, algo: &SymmetricAlgorithm) -> bool { + match &self { + AEADAlgorithm::OCB => + match algo { + // OpenSSL supports OCB only with AES + // see: https://wiki.openssl.org/index.php/OCB + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 => true, + _ => false, + }, + _ => false + } + } +} |