Commit
Author: Dirkjan Ochtman [dirkjan@ochtman.nl]
Hash: d8f77f3ecab28dcdd905fb67b65d9576045862bf
Timestamp: Thu, 08 Dec 2022 14:14:48 +0000 (2 years ago)

+99 -79 +/-15 browse
Move crypto items to a single module
1diff --git a/examples/arc_seal.rs b/examples/arc_seal.rs
2index 7364ede..7c519a0 100644
3--- a/examples/arc_seal.rs
4+++ b/examples/arc_seal.rs
5 @@ -9,8 +9,9 @@
6 */
7
8 use mail_auth::{
9- arc::ArcSet, common::headers::HeaderWriter, AuthenticatedMessage, AuthenticationResults,
10- PrivateKey, Resolver,
11+ arc::ArcSet,
12+ common::{crypto::PrivateKey, headers::HeaderWriter},
13+ AuthenticatedMessage, AuthenticationResults, Resolver,
14 };
15
16 const TEST_MESSAGE: &str = include_str!("../resources/arc/001.txt");
17 diff --git a/examples/dkim_sign.rs b/examples/dkim_sign.rs
18index 07f6d04..1ae0e28 100644
19--- a/examples/dkim_sign.rs
20+++ b/examples/dkim_sign.rs
21 @@ -8,7 +8,10 @@
22 * except according to those terms.
23 */
24
25- use mail_auth::{common::headers::HeaderWriter, dkim::Signature, PrivateKey};
26+ use mail_auth::{
27+ common::{crypto::PrivateKey, headers::HeaderWriter},
28+ dkim::Signature,
29+ };
30 use mail_parser::decoders::base64::base64_decode;
31
32 const RSA_PRIVATE_KEY: &str = r#"-----BEGIN RSA PRIVATE KEY-----
33 diff --git a/src/arc/headers.rs b/src/arc/headers.rs
34index 381477b..384c053 100644
35--- a/src/arc/headers.rs
36+++ b/src/arc/headers.rs
37 @@ -11,8 +11,8 @@
38 use std::io;
39
40 use crate::{
41- common::headers::HeaderWriter,
42- dkim::{Algorithm, Canonicalization},
43+ common::{crypto::Algorithm, headers::HeaderWriter},
44+ dkim::Canonicalization,
45 AuthenticationResults,
46 };
47
48 diff --git a/src/arc/mod.rs b/src/arc/mod.rs
49index 01326f0..5ad709a 100644
50--- a/src/arc/mod.rs
51+++ b/src/arc/mod.rs
52 @@ -16,8 +16,8 @@ pub mod verify;
53 use std::borrow::Cow;
54
55 use crate::{
56- common::{headers::Header, verify::VerifySignature},
57- dkim::{Algorithm, Canonicalization},
58+ common::{crypto::Algorithm, headers::Header, verify::VerifySignature},
59+ dkim::Canonicalization,
60 ArcOutput, AuthenticationResults, DkimResult,
61 };
62
63 diff --git a/src/arc/parse.rs b/src/arc/parse.rs
64index 8089ded..21e3ed1 100644
65--- a/src/arc/parse.rs
66+++ b/src/arc/parse.rs
67 @@ -11,8 +11,8 @@
68 use mail_parser::decoders::base64::base64_decode_stream;
69
70 use crate::{
71- common::parse::TagParser,
72- dkim::{parse::SignatureParser, Algorithm, Canonicalization},
73+ common::{crypto::Algorithm, parse::TagParser},
74+ dkim::{parse::SignatureParser, Canonicalization},
75 Error,
76 };
77
78 diff --git a/src/arc/seal.rs b/src/arc/seal.rs
79index ec1c253..7e9af0a 100644
80--- a/src/arc/seal.rs
81+++ b/src/arc/seal.rs
82 @@ -17,8 +17,8 @@ use sha1::Digest;
83 use sha2::Sha256;
84
85 use crate::{
86- dkim::{Algorithm, Canonicalization},
87- ArcOutput, AuthenticatedMessage, AuthenticationResults, DkimResult, Error, PrivateKey,
88+ common::crypto::Algorithm, dkim::Canonicalization, ArcOutput, AuthenticatedMessage,
89+ AuthenticationResults, DkimResult, Error, PrivateKey,
90 };
91
92 use super::{ArcSet, ChainValidation, Seal, Signature};
93 diff --git a/src/arc/verify.rs b/src/arc/verify.rs
94index e78abd1..9cdf373 100644
95--- a/src/arc/verify.rs
96+++ b/src/arc/verify.rs
97 @@ -14,8 +14,12 @@ use sha1::Sha1;
98 use sha2::Sha256;
99
100 use crate::{
101- common::{headers::Header, verify::VerifySignature},
102- dkim::{verify::Verifier, Algorithm, Canonicalization, DomainKey, HashAlgorithm},
103+ common::{
104+ crypto::{Algorithm, HashAlgorithm},
105+ headers::Header,
106+ verify::VerifySignature,
107+ },
108+ dkim::{verify::Verifier, Canonicalization, DomainKey},
109 ArcOutput, AuthenticatedMessage, DkimResult, Error, Resolver,
110 };
111
112 diff --git a/src/common/crypto.rs b/src/common/crypto.rs
113new file mode 100644
114index 0000000..8edf434
115--- /dev/null
116+++ b/src/common/crypto.rs
117 @@ -0,0 +1,54 @@
118+ use rsa::{RsaPrivateKey, pkcs1::DecodeRsaPrivateKey};
119+
120+ use crate::Error;
121+
122+ #[derive(Debug)]
123+ pub enum PrivateKey {
124+ Rsa(RsaPrivateKey),
125+ Ed25519(ed25519_dalek::Keypair),
126+ }
127+
128+ impl PrivateKey {
129+ /// Creates a new RSA private key from a PKCS1 PEM string.
130+ pub fn from_rsa_pkcs1_pem(private_key_pem: &str) -> crate::Result<Self> {
131+ Ok(PrivateKey::Rsa(
132+ RsaPrivateKey::from_pkcs1_pem(private_key_pem)
133+ .map_err(|err| Error::CryptoError(err.to_string()))?,
134+ ))
135+ }
136+
137+ /// Creates a new RSA private key from a PKCS1 binary slice.
138+ pub fn from_rsa_pkcs1_der(private_key_bytes: &[u8]) -> crate::Result<Self> {
139+ Ok(PrivateKey::Rsa(
140+ RsaPrivateKey::from_pkcs1_der(private_key_bytes)
141+ .map_err(|err| Error::CryptoError(err.to_string()))?,
142+ ))
143+ }
144+
145+ /// Creates an Ed25519 private key
146+ pub fn from_ed25519(public_key_bytes: &[u8], private_key_bytes: &[u8]) -> crate::Result<Self> {
147+ Ok(PrivateKey::Ed25519(ed25519_dalek::Keypair {
148+ public: ed25519_dalek::PublicKey::from_bytes(public_key_bytes)
149+ .map_err(|err| Error::CryptoError(err.to_string()))?,
150+ secret: ed25519_dalek::SecretKey::from_bytes(private_key_bytes)
151+ .map_err(|err| Error::CryptoError(err.to_string()))?,
152+ }))
153+ }
154+ }
155+
156+ #[derive(Debug, Clone, Copy, PartialEq, Eq)]
157+ #[repr(u64)]
158+ pub enum HashAlgorithm {
159+ Sha1 = R_HASH_SHA1,
160+ Sha256 = R_HASH_SHA256,
161+ }
162+
163+ #[derive(Debug, Clone, Copy, PartialEq, Eq)]
164+ pub enum Algorithm {
165+ RsaSha1,
166+ RsaSha256,
167+ Ed25519Sha256,
168+ }
169+
170+ pub(crate) const R_HASH_SHA1: u64 = 0x01;
171+ pub(crate) const R_HASH_SHA256: u64 = 0x02;
172 diff --git a/src/common/message.rs b/src/common/message.rs
173index f5793b8..fe144c3 100644
174--- a/src/common/message.rs
175+++ b/src/common/message.rs
176 @@ -12,11 +12,7 @@ use mail_parser::{parsers::MessageStream, HeaderValue};
177 use sha1::Sha1;
178 use sha2::Sha256;
179
180- use crate::{
181- arc,
182- dkim::{self, HashAlgorithm},
183- AuthenticatedMessage,
184- };
185+ use crate::{arc, common::crypto::HashAlgorithm, dkim, AuthenticatedMessage};
186
187 use super::headers::{AuthenticatedHeader, Header, HeaderParser};
188
189 diff --git a/src/common/mod.rs b/src/common/mod.rs
190index 8ba3e43..bdb338d 100644
191--- a/src/common/mod.rs
192+++ b/src/common/mod.rs
193 @@ -10,6 +10,7 @@
194
195 pub mod auth_results;
196 pub mod base32;
197+ pub mod crypto;
198 pub mod headers;
199 pub mod lru;
200 pub mod message;
201 diff --git a/src/common/verify.rs b/src/common/verify.rs
202index e4a075e..b88f716 100644
203--- a/src/common/verify.rs
204+++ b/src/common/verify.rs
205 @@ -13,7 +13,8 @@ use sha1::Sha1;
206 use sha2::Sha256;
207
208 use crate::{
209- dkim::{Algorithm, DomainKey, PublicKey},
210+ common::crypto::Algorithm,
211+ dkim::{DomainKey, PublicKey},
212 Error,
213 };
214
215 diff --git a/src/dkim/mod.rs b/src/dkim/mod.rs
216index 11b5fe4..c1832f1 100644
217--- a/src/dkim/mod.rs
218+++ b/src/dkim/mod.rs
219 @@ -13,7 +13,12 @@ use std::borrow::Cow;
220 use rsa::RsaPublicKey;
221
222 use crate::{
223- arc::Set, common::verify::VerifySignature, ArcOutput, DkimOutput, DkimResult, Error, Version,
224+ arc::Set,
225+ common::{
226+ crypto::{Algorithm, HashAlgorithm},
227+ verify::VerifySignature,
228+ },
229+ ArcOutput, DkimOutput, DkimResult, Error, Version,
230 };
231
232 pub mod canonicalize;
233 @@ -28,20 +33,6 @@ pub enum Canonicalization {
234 Simple,
235 }
236
237- #[derive(Debug, Clone, Copy, PartialEq, Eq)]
238- #[repr(u64)]
239- pub enum HashAlgorithm {
240- Sha1 = R_HASH_SHA1,
241- Sha256 = R_HASH_SHA256,
242- }
243-
244- #[derive(Debug, Clone, Copy, PartialEq, Eq)]
245- pub enum Algorithm {
246- RsaSha1,
247- RsaSha256,
248- Ed25519Sha256,
249- }
250-
251 #[derive(Debug, PartialEq, Eq, Clone, Default)]
252 pub struct Signature<'x> {
253 pub(crate) v: u32,
254 @@ -96,8 +87,6 @@ pub struct Atps {
255 pub(crate) d: Option<String>,
256 }
257
258- pub(crate) const R_HASH_SHA1: u64 = 0x01;
259- pub(crate) const R_HASH_SHA256: u64 = 0x02;
260 pub(crate) const R_SVC_ALL: u64 = 0x04;
261 pub(crate) const R_SVC_EMAIL: u64 = 0x08;
262 pub(crate) const R_FLAG_TESTING: u64 = 0x10;
263 diff --git a/src/dkim/parse.rs b/src/dkim/parse.rs
264index f07345c..ee13d43 100644
265--- a/src/dkim/parse.rs
266+++ b/src/dkim/parse.rs
267 @@ -479,12 +479,14 @@ mod test {
268 use rsa::{pkcs8::DecodePublicKey, RsaPublicKey};
269
270 use crate::{
271- common::parse::TxtRecordParser,
272+ common::{
273+ crypto::{Algorithm, R_HASH_SHA1, R_HASH_SHA256},
274+ parse::TxtRecordParser,
275+ },
276 dkim::{
277- Algorithm, Canonicalization, DomainKey, DomainKeyReport, PublicKey, Signature, Version,
278- RR_DNS, RR_EXPIRATION, RR_OTHER, RR_POLICY, RR_SIGNATURE, RR_UNKNOWN_TAG,
279- RR_VERIFICATION, R_FLAG_MATCH_DOMAIN, R_FLAG_TESTING, R_HASH_SHA1, R_HASH_SHA256,
280- R_SVC_ALL, R_SVC_EMAIL,
281+ Canonicalization, DomainKey, DomainKeyReport, PublicKey, Signature, Version, RR_DNS,
282+ RR_EXPIRATION, RR_OTHER, RR_POLICY, RR_SIGNATURE, RR_UNKNOWN_TAG, RR_VERIFICATION,
283+ R_FLAG_MATCH_DOMAIN, R_FLAG_TESTING, R_SVC_ALL, R_SVC_EMAIL,
284 },
285 };
286
287 diff --git a/src/dkim/sign.rs b/src/dkim/sign.rs
288index a57cd8d..f20b8d6 100644
289--- a/src/dkim/sign.rs
290+++ b/src/dkim/sign.rs
291 @@ -12,7 +12,7 @@ use std::{borrow::Cow, io, time::SystemTime};
292
293 use ed25519_dalek::Signer;
294 use mail_builder::encoders::base64::base64_encode;
295- use rsa::{pkcs1::DecodeRsaPrivateKey, pkcs8::AssociatedOid, PaddingScheme, RsaPrivateKey};
296+ use rsa::{pkcs8::AssociatedOid, PaddingScheme};
297 use sha1::Sha1;
298 use sha2::{Digest, Sha256};
299
300 @@ -20,34 +20,6 @@ use crate::{Error, PrivateKey};
301
302 use super::{Algorithm, Canonicalization, HashAlgorithm, Signature};
303
304- impl PrivateKey {
305- /// Creates a new RSA private key from a PKCS1 PEM string.
306- pub fn from_rsa_pkcs1_pem(private_key_pem: &str) -> crate::Result<Self> {
307- Ok(PrivateKey::Rsa(
308- RsaPrivateKey::from_pkcs1_pem(private_key_pem)
309- .map_err(|err| Error::CryptoError(err.to_string()))?,
310- ))
311- }
312-
313- /// Creates a new RSA private key from a PKCS1 binary slice.
314- pub fn from_rsa_pkcs1_der(private_key_bytes: &[u8]) -> crate::Result<Self> {
315- Ok(PrivateKey::Rsa(
316- RsaPrivateKey::from_pkcs1_der(private_key_bytes)
317- .map_err(|err| Error::CryptoError(err.to_string()))?,
318- ))
319- }
320-
321- /// Creates an Ed25519 private key
322- pub fn from_ed25519(public_key_bytes: &[u8], private_key_bytes: &[u8]) -> crate::Result<Self> {
323- Ok(PrivateKey::Ed25519(ed25519_dalek::Keypair {
324- public: ed25519_dalek::PublicKey::from_bytes(public_key_bytes)
325- .map_err(|err| Error::CryptoError(err.to_string()))?,
326- secret: ed25519_dalek::SecretKey::from_bytes(private_key_bytes)
327- .map_err(|err| Error::CryptoError(err.to_string()))?,
328- }))
329- }
330- }
331-
332 impl<'x> Signature<'x> {
333 /// Creates a new DKIM signature.
334 pub fn new() -> Self {
335 diff --git a/src/lib.rs b/src/lib.rs
336index 01aa372..01b5e16 100644
337--- a/src/lib.rs
338+++ b/src/lib.rs
339 @@ -262,10 +262,13 @@ use std::{
340 };
341
342 use arc::Set;
343- use common::{headers::Header, lru::LruCache};
344- use dkim::{Atps, Canonicalization, DomainKey, DomainKeyReport, HashAlgorithm};
345+ use common::{
346+ crypto::{HashAlgorithm, PrivateKey},
347+ headers::Header,
348+ lru::LruCache,
349+ };
350+ use dkim::{Atps, Canonicalization, DomainKey, DomainKeyReport};
351 use dmarc::Dmarc;
352- use rsa::RsaPrivateKey;
353 use spf::{Macro, Spf};
354 use trust_dns_resolver::{proto::op::ResponseCode, TokioAsyncResolver};
355
356 @@ -277,12 +280,6 @@ pub mod report;
357 pub mod spf;
358
359 #[derive(Debug)]
360- pub enum PrivateKey {
361- Rsa(RsaPrivateKey),
362- Ed25519(ed25519_dalek::Keypair),
363- }
364-
365- #[derive(Debug)]
366 pub struct Resolver {
367 pub(crate) resolver: TokioAsyncResolver,
368 pub(crate) cache_txt: LruCache<String, Txt>,