diff --git a/native/native_rust_library/src/crypto_tools.rs b/native/native_rust_library/src/crypto_tools.rs index 604c8c10b..d6e5f7a19 100644 --- a/native/native_rust_library/src/crypto_tools.rs +++ b/native/native_rust_library/src/crypto_tools.rs @@ -1,123 +1,82 @@ use crate::ffi::DeviceType; -use openssl::hash::MessageDigest; -use openssl::pkey::PKey; -use openssl::sign::Signer; use rand::distributions::{Alphanumeric, DistString}; - -#[cfg(test)] -use openssl::{rsa::Rsa, sign::Verifier}; #[cfg(test)] use regex::Regex; // DEVICE_ID_CHAR_LENGTH has to be kept in sync with deviceIDCharLength // which is defined in web/utils/device-id.js // and with DEVICE_CHAR_LENGTH // defined in services/tunnelbroker/src/Constants.h const DEVICE_ID_CHAR_LENGTH: usize = 64; // DEVICE_ID_FORMAT_REGEX has to be kept in sync with deviceIDFormatRegex // which is defined in web/utils/device-id.js // and with DEVICEID_FORMAT_REGEX // defined in services/tunnelbroker/src/Constants.h #[cfg(test)] const DEVICE_ID_FORMAT_REGEX: &str = "^(ks|mobile|web):[a-zA-Z0-9]{64}$"; // generate_device_id has to be kept in sync with generateDeviceID // which is defined in web/utils/device-id.js pub fn generate_device_id(device_type: DeviceType) -> Result { let prefix = match device_type { DeviceType::KEYSERVER => "ks", DeviceType::WEB => "web", DeviceType::MOBILE => "mobile", _ => { return Err(String::from("Incorrect device type provieded")); } }; let mut rng = rand::thread_rng(); let suffix: String = Alphanumeric.sample_string(&mut rng, DEVICE_ID_CHAR_LENGTH); Ok(format!("{}:{}", &prefix, &suffix)) } -pub fn sign_string_with_private_key( - private_key: &PKey, - nonce: &str, -) -> anyhow::Result { - let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?; - signer.update(nonce.as_bytes())?; - let signature = signer.sign_to_vec()?; - Ok(base64::encode(signature)) -} - #[cfg(test)] mod tests { use super::*; fn check_regex(s: &String) -> bool { Regex::new(&DEVICE_ID_FORMAT_REGEX).unwrap().is_match(&s) } #[test] fn generate_device_id_ks() { for _x in 1..100 { let result = generate_device_id(DeviceType::KEYSERVER).unwrap(); assert!( check_regex(&result), "result: {} does not match regex {}", &result, &DEVICE_ID_FORMAT_REGEX ); } } #[test] fn generate_device_id_web() { for _x in 1..100 { let result = generate_device_id(DeviceType::WEB).unwrap(); assert!( check_regex(&result), "result: {} does not match regex {}", &result, &DEVICE_ID_FORMAT_REGEX ); } } #[test] fn generate_device_id_mobile() { for _x in 1..100 { let result = generate_device_id(DeviceType::MOBILE).unwrap(); assert!( check_regex(&result), "result: {} does not match regex {}", &result, &DEVICE_ID_FORMAT_REGEX ); } } - - #[test] - fn verify_signed_string_with_private_key() { - const NONCE: &str = "Test1ghTCoNquWbO2ST7G1c9"; - - // Generate a keypair - let keypair = Rsa::generate(1024).expect("Failed to generate RSA keypair"); - let keypair = PKey::from_rsa(keypair).expect("Failed to get key from rsa"); - - // Sign the string to be signed with the private key - let string_signature_base64 = sign_string_with_private_key(&keypair, NONCE) - .expect("Error on calling the string signer function"); - - // Verify signature - let mut verifier = - Verifier::new(MessageDigest::sha256(), &keypair).unwrap(); - verifier.update(NONCE.as_bytes()).unwrap(); - - assert!(verifier - .verify( - &base64::decode(string_signature_base64) - .expect("Failed to decode base64"), - ) - .expect("Error on calling OpenSSL string verifier")); - } }