1use crate::*;
2
3use generic_array::GenericArray;
4use libc::memcpy;
5use rand::{thread_rng, Rng};
6use std::{os::raw::c_void, str::FromStr};
7use std::time::Duration;
8use bucky_time::bucky_time_now;
9use rsa::pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey};
10use rsa::traits::PublicKeyParts;
11use libsecp256k1 as secp256k1;
12#[cfg(feature = "x509")]
13use rsa::pkcs1v15::SigningKey;
14#[cfg(feature = "x509")]
15use x509_cert::builder::{Builder, CertificateBuilder, Profile};
16#[cfg(feature = "x509")]
17use x509_cert::Certificate;
18#[cfg(feature = "x509")]
19use x509_cert::der::{Decode, Encode};
20#[cfg(feature = "x509")]
21use x509_cert::name::Name;
22#[cfg(feature = "x509")]
23use x509_cert::serial_number::SerialNumber;
24#[cfg(feature = "x509")]
25use x509_cert::spki::SubjectPublicKeyInfoOwned;
26#[cfg(feature = "x509")]
27use x509_cert::time::Validity;
28#[cfg(feature = "x509")]
29use rsa::pkcs1::EncodeRsaPublicKey;
30#[cfg(feature = "x509")]
31use rsa::sha2::Sha256;
32#[cfg(feature = "x509")]
33use x509_cert::spki::EncodePublicKey;
34
35pub(crate) const KEY_TYPE_RSA: u8 = 0u8;
37pub(crate) const KEY_TYPE_RSA2048: u8 = 1u8;
38pub(crate) const KEY_TYPE_RSA3072: u8 = 2u8;
39pub(crate) const KEY_TYPE_SECP256K1: u8 = 5u8;
40
41pub(crate) const RSA_KEY_BITS: usize = 1024;
43pub(crate) const RSA2048_KEY_BITS: usize = 2048;
44pub(crate) const RSA3072_KEY_BITS: usize = 3072;
45
46pub(crate) const RSA_KEY_BYTES: usize = 128;
48pub(crate) const RSA2048_KEY_BYTES: usize = 256;
49pub(crate) const RSA3072_KEY_BYTES: usize = 384;
50
51#[derive(Debug, Clone, Copy, Eq, PartialEq)]
52pub enum PrivateKeyType {
53 Rsa,
54 Secp256k1,
55}
56
57impl PrivateKeyType {
58 pub fn as_str(&self) -> &str {
59 match *self {
60 Self::Rsa => "rsa",
61 Self::Secp256k1 => "secp256k1",
62 }
63 }
64}
65
66impl Default for PrivateKeyType {
67 fn default() -> Self {
68 Self::Rsa
69 }
70}
71
72impl std::fmt::Display for PrivateKeyType {
73 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
74 write!(f, "{}", self.as_str())
75 }
76}
77
78impl FromStr for PrivateKeyType {
79 type Err = BuckyError;
80 fn from_str(s: &str) -> Result<Self, Self::Err> {
81 Ok(match s {
82 "rsa" => Self::Rsa,
83 "secp256k1" => Self::Secp256k1,
84 _ => {
85 let msg = format!("unknown PrivateKey type: {}", s);
86 warn!("{}", msg);
87 return Err(BuckyError::new(BuckyErrorCode::InvalidData, msg))
88 }
89 })
90 }
91}
92
93#[derive(Clone, Eq, PartialEq)]
94pub enum PrivateKey {
95 Rsa(rsa::RsaPrivateKey),
96 Secp256k1(secp256k1::SecretKey),
97}
98
99impl std::fmt::Debug for PrivateKey {
101 fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
102 write!(f, "[Protected PrivateKey]")
103 }
104}
105impl std::fmt::Display for PrivateKey {
106 fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
107 write!(f, "[Protected PrivateKey]")
108 }
109}
110
111pub const CYFS_PRIVTAE_KEY_DEFAULT_RSA_BITS: usize = 1024;
112
113impl PrivateKey {
114 pub fn key_type(&self) -> PrivateKeyType {
115 match *self {
116 Self::Rsa(_) => PrivateKeyType::Rsa,
117 Self::Secp256k1(_) => PrivateKeyType::Secp256k1,
118 }
119 }
120
121 fn check_bits(bits: usize) -> BuckyResult<()> {
122 match bits {
123 RSA_KEY_BITS | RSA2048_KEY_BITS | RSA3072_KEY_BITS=> {
124 Ok(())
125 }
126 _ => {
127 let msg = format!("unsupport rsa key bits: {}", bits);
128 error!("{}", msg);
129 Err(BuckyError::new(BuckyErrorCode::UnSupport, msg))
130 }
131 }
132 }
133 pub fn generate_rsa(bits: usize) -> Result<Self, BuckyError> {
135 Self::check_bits(bits)?;
136
137 let mut rng = thread_rng();
138 Self::generate_rsa_by_rng(&mut rng, bits)
139 }
140
141 pub fn generate_rsa_by_rng<R: Rng + rand::CryptoRng>(rng: &mut R, bits: usize) -> Result<Self, BuckyError> {
142 Self::check_bits(bits)?;
143
144 match rsa::RsaPrivateKey::new(rng, bits) {
145 Ok(rsa) => Ok(Self::Rsa(rsa)),
146 Err(e) => Err(BuckyError::from(e)),
147 }
148 }
149
150 pub fn generate_secp256k1() -> Result<Self, BuckyError> {
152 let mut rng = thread_rng();
153 Self::generate_secp256k1_by_rng(&mut rng)
154 }
155
156 pub fn generate_secp256k1_by_rng<R: Rng>(rng: &mut R) -> Result<Self, BuckyError> {
157 let key = secp256k1::SecretKey::random(rng);
158 Ok(Self::Secp256k1(key))
159 }
160
161 pub fn generate_by_rng<R: Rng + rand::CryptoRng>(rng: &mut R, bits: Option<usize>, pt: PrivateKeyType) -> BuckyResult<Self> {
162 match pt {
163 PrivateKeyType::Rsa => Self::generate_rsa_by_rng(rng, bits.unwrap_or(CYFS_PRIVTAE_KEY_DEFAULT_RSA_BITS)),
164 PrivateKeyType::Secp256k1 => Self::generate_secp256k1_by_rng(rng)
165 }
166 }
167
168 pub fn public(&self) -> PublicKey {
169 match self {
170 Self::Rsa(private_key) => PublicKey::Rsa(private_key.to_public_key()),
171 Self::Secp256k1(private_key) => {
172 PublicKey::Secp256k1(secp256k1::PublicKey::from_secret_key(private_key))
173 }
174 }
175 }
176
177 pub fn sign(&self, data: &[u8]) -> BuckyResult<Signature> {
178 let create_time = bucky_time_now();
179
180 let mut data_new = data.to_vec();
182 data_new.resize(data.len() + create_time.raw_measure(&None).unwrap(), 0);
183 create_time
184 .raw_encode(&mut data_new.as_mut_slice()[data.len()..], &None)?;
185
186 let sign = match self {
187 Self::Rsa(private_key) => {
188 let hash = hash_data(&data_new);
189 let sign = private_key
190 .sign(
191 rsa::Pkcs1v15Sign::new::<rsa::sha2::Sha256>(),
192 &hash.as_slice(),
193 )?;
194
195 assert_eq!(sign.len(), private_key.size());
196 let sign_data = match private_key.size() {
197 RSA_KEY_BYTES => {
198 let mut sign_array: [u32; 32] = [0; 32];
199 unsafe {
200 memcpy(
201 sign_array.as_mut_ptr() as *mut c_void,
202 sign.as_ptr() as *const c_void,
203 sign.len(),
204 )
205 };
206 SignData::Rsa1024(GenericArray::from(sign_array))
207 }
208 RSA2048_KEY_BYTES => {
209 let mut sign_array: [u32; 64] = [0; 64];
210 unsafe {
211 memcpy(
212 sign_array.as_mut_ptr() as *mut c_void,
213 sign.as_ptr() as *const c_void,
214 sign.len(),
215 )
216 };
217 SignData::Rsa2048(*GenericArray::from_slice(&sign_array))
218 }
219 RSA3072_KEY_BYTES => {
220 let mut sign_array: [u32; 96] = [0; 96];
221 unsafe {
222 memcpy(
223 sign_array.as_mut_ptr() as *mut c_void,
224 sign.as_ptr() as *const c_void,
225 sign.len(),
226 )
227 };
228 SignData::Rsa3072(*GenericArray::from_slice(&sign_array))
229 }
230
231 len @ _ => {
232 let msg = format!("unsupport rsa key length! {}", len);
233 error!("{}", msg);
234 return Err(BuckyError::new(BuckyErrorCode::UnSupport, msg));
235 }
236 };
237
238 Signature::new(create_time, sign_data)
239 }
240
241 Self::Secp256k1(private_key) => {
242 let hash = hash_data(&data_new);
243 assert_eq!(HashValue::len(), secp256k1::util::MESSAGE_SIZE);
244 let ctx = secp256k1::Message::parse(hash.as_slice().try_into().unwrap());
245
246 let (signature, _) = secp256k1::sign(&ctx, &private_key);
247 let sign_buf = signature.serialize();
248
249 let mut sign_array: [u32; 16] = [0; 16];
250 unsafe {
251 memcpy(
252 sign_array.as_mut_ptr() as *mut c_void,
253 sign_buf.as_ptr() as *const c_void,
254 sign_buf.len(),
255 )
256 };
257 let sign_data = SignData::Ecc(GenericArray::from(sign_array));
258 Signature::new(create_time, sign_data)
259 }
260 };
261
262 Ok(sign)
263 }
264
265 pub fn decrypt(&self, input: &[u8], output: &mut [u8]) -> BuckyResult<usize> {
266 let buf = self.decrypt_data(input)?;
267 if output.len() < buf.len() {
268 let msg = format!(
269 "rsa decrypt error, except={}, got={}",
270 buf.len(),
271 output.len()
272 );
273 error!("{}", msg);
274
275 Err(BuckyError::new(BuckyErrorCode::InvalidFormat, msg))
276 } else {
277 output[..buf.len()].copy_from_slice(buf.as_slice());
278 Ok(buf.len())
279 }
280 }
281
282 pub fn decrypt_data(&self, input: &[u8]) -> BuckyResult<Vec<u8>> {
283 match self {
284 Self::Rsa(private_key) => {
285 let buf = private_key
286 .decrypt(rsa::Pkcs1v15Encrypt, input)
287 .map_err(|e| BuckyError::from(e))?;
288 Ok(buf)
289 }
290
291 Self::Secp256k1(_) => {
292 let msg = format!("direct decyrpt with private key of secp256 not support!");
294 error!("{}", msg);
295 Err(BuckyError::new(BuckyErrorCode::NotSupport, msg))
296 }
297 }
298 }
299
300 pub fn decrypt_aeskey<'d>(&self, input: &'d [u8], output: &mut [u8]) -> BuckyResult<(&'d [u8], usize)> {
301 let (input, data) = self.decrypt_aeskey_data(input)?;
302 if output.len() < data.len() {
303 let msg = format!(
304 "not enough buffer for decrypt aeskey result, except={}, got={}",
305 data.len(),
306 output.len()
307 );
308 error!("{}", msg);
309
310 return Err(BuckyError::new(BuckyErrorCode::InvalidParam, msg));
311 }
312
313 output[..data.len()].copy_from_slice(&data);
314
315 Ok((input, data.len()))
316 }
317
318 pub fn decrypt_aeskey_data<'d>(&self, input: &'d [u8]) -> BuckyResult<(&'d [u8], Vec<u8>)> {
319 match self {
320 Self::Rsa(_) => {
321 let key_size = self.public().key_size();
322 if input.len() < key_size {
323 let msg = format!(
324 "not enough buffer for RSA private key, except={}, got={}",
325 key_size,
326 input.len()
327 );
328 error!("{}", msg);
329
330 return Err(BuckyError::new(BuckyErrorCode::InvalidFormat, msg));
331 }
332
333 let buf = self.decrypt_data(&input[..key_size])?;
334
335 Ok((&input[key_size..], buf))
336 },
337
338 Self::Secp256k1(private_key) => {
339 if input.len() < secp256k1::util::COMPRESSED_PUBLIC_KEY_SIZE {
340 let msg = format!(
341 "not enough buffer for secp256k1 private key, except={}, got={}",
342 secp256k1::util::COMPRESSED_PUBLIC_KEY_SIZE,
343 input.len()
344 );
345 error!("{}", msg);
346
347 return Err(BuckyError::new(BuckyErrorCode::InvalidFormat, msg));
348 }
349
350 let ephemeral_pk = secp256k1::PublicKey::parse_slice(
351 &input[..secp256k1::util::COMPRESSED_PUBLIC_KEY_SIZE],
352 Some(secp256k1::PublicKeyFormat::Compressed),
353 )
354 .map_err(|e| {
355 let msg = format!("parse secp256k1 public key error: {}", e);
356 error!("{}", msg);
357
358 BuckyError::new(BuckyErrorCode::InvalidFormat, msg)
359 })?;
360 let aes_key = ecies::utils::decapsulate(&ephemeral_pk, &private_key).map_err(|e| {
361 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
362 })?;
363
364 let mut key = [0u8; 48];
365 key[..aes_key.len()].copy_from_slice(aes_key.as_slice());
366 key[aes_key.len()..].copy_from_slice(&hash_data(aes_key.as_slice()).as_slice()[..16]);
367 Ok((&input[secp256k1::util::COMPRESSED_PUBLIC_KEY_SIZE..], key.into()))
368 }
369 }
370 }
371
372 #[cfg(feature = "x509")]
373 pub fn gen_ca_certificate(&self, subject: &str, days: u32) -> BuckyResult<Certificate> {
374 match self {
375 Self::Rsa(private_key) => {
376 let serial_number = SerialNumber::from(42u32);
377 let validity = Validity::from_now(Duration::from_secs(days as u64 * 24 *3600)).map_err(|e| {
378 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
379 })?;
380 let profile = Profile::Root;
381 let subject = Name::from_str(subject)
382 .map_err(|e| {
383 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
384 })?;
385 let der_pub = private_key.to_public_key().to_public_key_der().map_err(|e| {
386 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
387 })?;
388 let pub_key =
389 SubjectPublicKeyInfoOwned::try_from(der_pub.as_bytes()).map_err(|e| {
390 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
391 })?;
392
393 let signer = SigningKey::<Sha256>::new(private_key.clone());
394 let builder = CertificateBuilder::new(profile, serial_number, validity, subject, pub_key, &signer).map_err(|e| {
395 BuckyError::new(BuckyErrorCode::CryptoError, format!("create certificate err {}", e))
396 })?;
397
398 let certificate = builder.build().map_err(|e| {
399 BuckyError::new(BuckyErrorCode::CryptoError, format!("create certificate err {}", e))
400 })?;
401 Ok(certificate)
402 }
403 Self::Secp256k1(_) => {
404 let msg = format!("gen_ca_certificate not support for secp256k1 private key");
405 error!("{}", msg);
406 Err(BuckyError::new(BuckyErrorCode::NotSupport, msg))
407 }
408 }
409 }
410
411 #[cfg(feature = "x509")]
412 pub fn gen_leaf_certificate(&self, subject: &str, issuer: &str, days: u32, spki_pub: &[u8]) -> BuckyResult<Certificate> {
413 match self {
414 Self::Rsa(private_key) => {
415 let serial_number = SerialNumber::from(42u32);
416 let validity = Validity::from_now(Duration::from_secs(days as u64 * 24 *3600)).map_err(|e| {
417 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
418 })?;
419 let issuer = Name::from_str(issuer).map_err(|e| {
420 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
421 })?;
422 let profile = Profile::Leaf {
423 issuer,
424 enable_key_agreement: false,
425 enable_key_encipherment: false,
426 };
427 let subject = Name::from_str(subject)
428 .map_err(|e| {
429 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
430 })?;
431 let pub_key =
432 SubjectPublicKeyInfoOwned::try_from(spki_pub).map_err(|e| {
433 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
434 })?;
435
436 let signer = SigningKey::<Sha256>::new(private_key.clone());
437 let builder = CertificateBuilder::new(profile, serial_number, validity, subject, pub_key, &signer).map_err(|e| {
438 BuckyError::new(BuckyErrorCode::CryptoError, format!("create certificate err {}", e))
439 })?;
440
441 let certificate = builder.build().map_err(|e| {
442 BuckyError::new(BuckyErrorCode::CryptoError, format!("create certificate err {}", e))
443 })?;
444 Ok(certificate)
445 }
446 Self::Secp256k1(_) => {
447 let msg = format!("gen_ca_certificate not support for secp256k1 private key");
448 error!("{}", msg);
449 Err(BuckyError::new(BuckyErrorCode::NotSupport, msg))
450 }
451 }
452 }
453}
454
455impl RawEncode for PrivateKey {
456 fn raw_measure(&self, _purpose: &Option<RawEncodePurpose>) -> Result<usize, BuckyError> {
457 match self {
459 Self::Rsa(pk) => {
460 let spki_der = pk.to_pkcs1_der().map_err(|e| {
461 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
462 })?.as_bytes().to_vec();
463 Ok(spki_der.len() + 3)
464 }
465 Self::Secp256k1(_) => Ok(secp256k1::util::SECRET_KEY_SIZE + 1),
466 }
467 }
468
469 fn raw_encode<'a>(
470 &self,
471 buf: &'a mut [u8],
472 purpose: &Option<RawEncodePurpose>,
473 ) -> Result<&'a mut [u8], BuckyError> {
474 let size = self.raw_measure(purpose).unwrap();
475 if buf.len() < size {
476 return Err(BuckyError::new(
477 BuckyErrorCode::OutOfLimit,
478 "[raw_encode] not enough buffer for privake key for private_key",
479 ));
480 }
481
482 match self {
483 Self::Rsa(pk) => {
484 let spki_der = pk.to_pkcs1_der().map_err(|e| {
485 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
486 })?.as_bytes().to_vec();
487 let mut buf = KEY_TYPE_RSA.raw_encode(buf, purpose)?;
488 buf = (spki_der.len() as u16).raw_encode(buf, purpose)?;
489 buf[..spki_der.len()].copy_from_slice(&spki_der.as_slice());
490 Ok(&mut buf[spki_der.len()..])
491 }
492 Self::Secp256k1(pk) => {
493 let buf = KEY_TYPE_SECP256K1.raw_encode(buf, purpose)?;
494
495 let key_buf = pk.serialize();
497 buf[..secp256k1::util::SECRET_KEY_SIZE].copy_from_slice(&key_buf);
498 Ok(&mut buf[secp256k1::util::SECRET_KEY_SIZE..])
499 }
500 }
501 }
502}
503
504impl<'de> RawDecode<'de> for PrivateKey {
505 fn raw_decode(buf: &'de [u8]) -> Result<(Self, &'de [u8]), BuckyError> {
506 if buf.len() < 1 {
507 return Err(BuckyError::new(
508 BuckyErrorCode::OutOfLimit,
509 "not enough buffer for PrivateKey",
510 ));
511 }
512 let (type_code, buf) = u8::raw_decode(buf)?;
513 match type_code {
514 KEY_TYPE_RSA => {
515 let (len, buf) = u16::raw_decode(buf)?;
516 if buf.len() < len as usize {
517 return Err(BuckyError::new(
518 BuckyErrorCode::OutOfLimit,
519 "not enough buffer for rsa privateKey",
520 ));
521 }
522 let der = &buf[..len as usize];
523 let private_key = rsa::RsaPrivateKey::from_pkcs1_der(der).map_err(|e| {
524 BuckyError::new(BuckyErrorCode::CryptoError, format!("{}", e))
525 })?;
526 Ok((PrivateKey::Rsa(private_key), &buf[len as usize..]))
527 }
528 KEY_TYPE_SECP256K1 => {
529 if buf.len() < secp256k1::util::SECRET_KEY_SIZE {
530 return Err(BuckyError::new(
531 BuckyErrorCode::OutOfLimit,
532 "not enough buffer for secp256k1 privateKey",
533 ));
534 }
535
536 match secp256k1::SecretKey::parse_slice(
537 &buf[..secp256k1::util::SECRET_KEY_SIZE],
538 ) {
539 Ok(private_key) => Ok((
540 PrivateKey::Secp256k1(private_key),
541 &buf[secp256k1::util::SECRET_KEY_SIZE..],
542 )),
543 Err(e) => {
544 let msg = format!("parse secp256k1 private key error: {}", e);
545 error!("{}", e);
546
547 Err(BuckyError::new(BuckyErrorCode::InvalidFormat, msg))
548 }
549 }
550 }
551 _ => Err(BuckyError::new(
552 BuckyErrorCode::InvalidData,
553 &format!("invalid private key type code {}", buf[0]),
554 )),
555 }
556 }
557}
558
559#[cfg(test)]
560mod test {
561 #[cfg(feature = "x509")]
562 use x509_cert::Certificate;
563 #[cfg(feature = "x509")]
564 use x509_cert::der::{Decode, Encode};
565 use crate::{PrivateKey, RawConvertTo, RawDecode, Signature, RawFrom};
566
567 #[test]
568 fn private_key() {
569 secp_private_key_sign();
570 rsa_private_key_sign(1024);
571 rsa_private_key_sign(2048);
572 rsa_private_key_sign(3072);
573 }
574
575 fn rsa_private_key_sign(bits: usize) {
576 let msg = b"112233445566778899";
577 let pk1 = PrivateKey::generate_rsa(bits).unwrap();
578 let sign = pk1.sign(msg).unwrap();
579 assert!(pk1.public().verify(msg, &sign));
580
581 let pk1_buf = pk1.to_vec().unwrap();
582 let (pk2, buf) = PrivateKey::raw_decode(&pk1_buf).unwrap();
583 assert!(buf.len() == 0);
584
585 assert!(pk2.public().verify(msg, &sign));
586
587 let buf = sign.to_vec().unwrap();
588 let sign2 = Signature::clone_from_slice(&buf).unwrap();
589 assert_eq!(sign, sign2);
590 }
591
592 fn secp_private_key_sign() {
593 let msg = b"112233445566778899";
594 let pk1 = PrivateKey::generate_secp256k1().unwrap();
595 let sign = pk1.sign(msg).unwrap();
596 assert!(pk1.public().verify(msg, &sign));
597
598 let pk1_buf = pk1.to_vec().unwrap();
599 let (pk2, buf) = PrivateKey::raw_decode(&pk1_buf).unwrap();
600 assert!(buf.len() == 0);
601
602 assert!(pk2.public().verify(msg, &sign));
603
604 let buf = sign.to_vec().unwrap();
605 let sign2 = Signature::clone_from_slice(&buf).unwrap();
606 assert_eq!(sign, sign2);
607 }
608
609 #[test]
610 fn crypto() {
611 rsa_private_key_crypto(1024);
612 rsa_private_key_crypto(2048);
613 rsa_private_key_crypto(3072);
614
615 let pk1 = PrivateKey::generate_secp256k1().unwrap();
616 let (aes_key, mut data) = pk1.public().gen_aeskey_and_encrypt().unwrap();
617 println!("secp256k1 aes_key encrypt len={}", data.len());
618 let (buf, data2) = pk1.decrypt_aeskey_data(&data).unwrap();
619 assert_eq!(buf.len(), 0);
620 assert_eq!(aes_key.as_slice(), data2);
621
622 let encrypt_len = data.len();
623 data.resize(1024, 0);
624 let mut output = vec![0; 48];
625 let (buf, size) = pk1.decrypt_aeskey(&data, &mut output).unwrap();
626 assert_eq!(buf.len(), 1024 - encrypt_len);
627 assert_eq!(aes_key.as_slice(), &output[0..size]);
628 }
629
630 fn rsa_private_key_crypto(bits: usize) {
631 let pk1 = PrivateKey::generate_rsa(bits).unwrap();
632 let (aes_key, data) = pk1.public().gen_aeskey_and_encrypt().unwrap();
633 let (buf, data2) = pk1.decrypt_aeskey_data(&data).unwrap();
634 assert_eq!(buf.len(), 0);
635 assert_eq!(aes_key.as_slice(), data2);
636 }
637
638 #[test]
639 fn crypto_unaligned() {
640 let pk1 = PrivateKey::generate_rsa(1024).unwrap();
641
642 let origin_data = "test data".as_bytes();
643 let data = pk1.public().encrypt_data(origin_data).unwrap();
644 println!("len={}", data.len());
645
646 let mut output = vec![0; 48];
647 let (_buf, size) = pk1.decrypt_aeskey(&data, &mut output).unwrap();
648 assert_eq!(size, origin_data.len());
649 assert_eq!(&output[..origin_data.len()], origin_data);
650 }
651
652 #[cfg(feature = "x509")]
653 #[test]
654 fn test_x509() {
655 let pk1 = PrivateKey::generate_rsa(1024).unwrap();
656 let cert = pk1.gen_ca_certificate("CN=World domination corporation,O=World domination Inc,C=US", 365).unwrap();
657 let buf = cert.to_der().unwrap();
658 let cert2 = Certificate::from_der(&buf).unwrap();
659 assert_eq!(cert, cert2);
660 }
661}