From 2077449bc87b87f96c8ec6248c5c7060d4bc58bf Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Mon, 16 May 2016 23:02:02 -0700
Subject: [PATCH] Clean up RSA signature API

---
 openssl/src/crypto/hash.rs | 48 ++++++++++++++++++++++++--------------
 openssl/src/crypto/mod.rs  |  6 +++++
 openssl/src/crypto/pkey.rs | 18 ++++----------
 openssl/src/crypto/rsa.rs  | 19 ++++++++-------
 openssl/src/nid.rs         |  1 +
 5 files changed, 52 insertions(+), 40 deletions(-)

diff --git a/openssl/src/crypto/hash.rs b/openssl/src/crypto/hash.rs
index 7846585153..69d3a35087 100644
--- a/openssl/src/crypto/hash.rs
+++ b/openssl/src/crypto/hash.rs
@@ -2,9 +2,11 @@ use libc::c_uint;
 use std::iter::repeat;
 use std::io::prelude::*;
 use std::io;
-
 use ffi;
 
+use crypto::HashTypeInternals;
+use nid::Nid;
+
 /// Message digest (hash) type.
 #[derive(Copy, Clone)]
 pub enum Type {
@@ -17,19 +19,32 @@ pub enum Type {
     RIPEMD160,
 }
 
+impl HashTypeInternals for Type {
+    fn as_nid(&self) -> Nid {
+        match *self {
+            Type::MD5 => Nid::MD5,
+            Type::SHA1 => Nid::SHA1,
+            Type::SHA224 => Nid::SHA224,
+            Type::SHA256 => Nid::SHA256,
+            Type::SHA384 => Nid::SHA384,
+            Type::SHA512 => Nid::SHA512,
+            Type::RIPEMD160 => Nid::RIPEMD160,
+        }
+    }
+}
+
 impl Type {
     /// Returns the length of the message digest.
     #[inline]
     pub fn md_len(&self) -> usize {
-        use self::Type::*;
         match *self {
-            MD5 => 16,
-            SHA1 => 20,
-            SHA224 => 28,
-            SHA256 => 32,
-            SHA384 => 48,
-            SHA512 => 64,
-            RIPEMD160 => 20,
+            Type::MD5 => 16,
+            Type::SHA1 => 20,
+            Type::SHA224 => 28,
+            Type::SHA256 => 32,
+            Type::SHA384 => 48,
+            Type::SHA512 => 64,
+            Type::RIPEMD160 => 20,
         }
     }
 
@@ -37,15 +52,14 @@ impl Type {
     #[inline]
     pub fn evp_md(&self) -> *const ffi::EVP_MD {
         unsafe {
-            use self::Type::*;
             match *self {
-                MD5 => ffi::EVP_md5(),
-                SHA1 => ffi::EVP_sha1(),
-                SHA224 => ffi::EVP_sha224(),
-                SHA256 => ffi::EVP_sha256(),
-                SHA384 => ffi::EVP_sha384(),
-                SHA512 => ffi::EVP_sha512(),
-                RIPEMD160 => ffi::EVP_ripemd160(),
+                Type::MD5 => ffi::EVP_md5(),
+                Type::SHA1 => ffi::EVP_sha1(),
+                Type::SHA224 => ffi::EVP_sha224(),
+                Type::SHA256 => ffi::EVP_sha256(),
+                Type::SHA384 => ffi::EVP_sha384(),
+                Type::SHA512 => ffi::EVP_sha512(),
+                Type::RIPEMD160 => ffi::EVP_ripemd160(),
             }
         }
     }
diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs
index bb77453f62..95b27022c4 100644
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@@ -14,6 +14,8 @@
 // limitations under the License.
 //
 
+use nid::Nid;
+
 pub mod hash;
 pub mod hmac;
 pub mod pkcs5;
@@ -24,3 +26,7 @@ pub mod memcmp;
 pub mod rsa;
 
 mod symm_internal;
+
+trait HashTypeInternals {
+    fn as_nid(&self) -> Nid;
+}
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index ba0a16b6cf..a97da55b4f 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -5,6 +5,8 @@ use std::iter::repeat;
 use std::mem;
 use std::ptr;
 use bio::MemBio;
+
+use crypto::HashTypeInternals;
 use crypto::hash;
 use crypto::hash::Type as HashType;
 use ffi;
@@ -41,18 +43,6 @@ fn openssl_padding_code(padding: EncryptionPadding) -> c_int {
     }
 }
 
-fn openssl_hash_nid(hash: HashType) -> c_int {
-    match hash {
-        HashType::MD5 => 4,   // NID_md5,
-        HashType::SHA1 => 64,  // NID_sha1
-        HashType::SHA224 => 675, // NID_sha224
-        HashType::SHA256 => 672, // NID_sha256
-        HashType::SHA384 => 673, // NID_sha384
-        HashType::SHA512 => 674, // NID_sha512
-        HashType::RIPEMD160 => 117, // NID_ripemd160
-    }
-}
-
 pub struct PKey {
     evp: *mut ffi::EVP_PKEY,
     parts: Parts,
@@ -556,7 +546,7 @@ impl PKey {
             let mut r = repeat(0u8).take(len as usize + 1).collect::<Vec<_>>();
 
             let mut len = 0;
-            let rv = ffi::RSA_sign(openssl_hash_nid(hash),
+            let rv = ffi::RSA_sign(hash.as_nid() as c_int,
                                    s.as_ptr(),
                                    s.len() as c_uint,
                                    r.as_mut_ptr(),
@@ -579,7 +569,7 @@ impl PKey {
                 panic!("Could not get RSA key for verification");
             }
 
-            let rv = ffi::RSA_verify(openssl_hash_nid(hash),
+            let rv = ffi::RSA_verify(hash.as_nid() as c_int,
                                      h.as_ptr(),
                                      h.len() as c_uint,
                                      s.as_ptr(),
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index 021d450ba6..333856878b 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -3,10 +3,12 @@ use std::fmt;
 use ssl::error::{SslError, StreamError};
 use std::ptr;
 use std::io::{self, Read, Write};
+use libc::c_int;
 
 use bn::BigNum;
 use bio::MemBio;
-use nid::Nid;
+use crypto::HashTypeInternals;
+use crypto::hash;
 
 pub struct RSA(*mut ffi::RSA);
 
@@ -130,13 +132,13 @@ impl RSA {
         }
     }
     
-    pub fn sign(&self, hash_id: Nid, message: &[u8]) -> Result<Vec<u8>, SslError> {
+    pub fn sign(&self, hash: hash::Type, message: &[u8]) -> Result<Vec<u8>, SslError> {
         let k_len = try!(self.size());
         let mut sig = vec![0;k_len as usize];
         let mut sig_len = k_len;
         
         unsafe {
-            let result = ffi::RSA_sign(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0);
+            let result = ffi::RSA_sign(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_mut_ptr(), &mut sig_len, self.0);
             assert!(sig_len == k_len);
             
             if result == 1 {
@@ -147,9 +149,9 @@ impl RSA {
         }
     }
     
-    pub fn verify(&self, hash_id: Nid, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
+    pub fn verify(&self, hash: hash::Type, message: &[u8], sig: &[u8]) -> Result<bool, SslError> {
         unsafe {
-            let result = ffi::RSA_verify(hash_id as i32, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0);
+            let result = ffi::RSA_verify(hash.as_nid() as c_int, message.as_ptr(), message.len() as u32, sig.as_ptr(), sig.len() as u32, self.0);
             
             Ok(result == 1)
         }
@@ -211,7 +213,6 @@ impl fmt::Debug for RSA {
 
 #[cfg(test)]
 mod test {
-    use nid;
     use std::fs::File;
     use std::io::Write;
     use super::*;
@@ -258,7 +259,7 @@ mod test {
         sha.write_all(&signing_input_rs256()).unwrap();
         let digest = sha.finish();
         
-        let result = private_key.sign(nid::Nid::SHA256, &digest).unwrap();
+        let result = private_key.sign(Type::SHA256, &digest).unwrap();
         
         assert_eq!(result, signature_rs256());
     }
@@ -272,8 +273,8 @@ mod test {
         sha.write_all(&signing_input_rs256()).unwrap();
         let digest = sha.finish();
         
-        let result = public_key.verify(nid::Nid::SHA256, &digest, &signature_rs256()).unwrap();
+        let result = public_key.verify(Type::SHA256, &digest, &signature_rs256()).unwrap();
         
         assert!(result);
     }
-}
\ No newline at end of file
+}
diff --git a/openssl/src/nid.rs b/openssl/src/nid.rs
index 21ef18e0be..780b8a0063 100644
--- a/openssl/src/nid.rs
+++ b/openssl/src/nid.rs
@@ -195,4 +195,5 @@ pub enum Nid {
     SHA256 = 672,
     SHA384,
     SHA512,
+    SHA224,
 }