1#![allow(dead_code)]
2
3use aes::cipher::crypto_common;
4use anyhow::{Context, Result};
5
6use hmac::Mac;
7use sha1::Sha1;
8use sha2::{Digest, Sha256};
9
10pub fn hkdf_sha256(salt: &[u8], secret: &[u8], info: &[u8], size: usize) -> Result<Vec<u8>> {
11 let hk = hkdf::Hkdf::<Sha256>::new(Some(salt), secret);
12 let mut okm = vec![0u8; size];
13 match hk.expand(info, &mut okm) {
14 Ok(()) => Ok(okm),
15 Err(e) => Err(anyhow::anyhow!(format!("hkdf error {:?}", e))),
16 }
17}
18
19pub fn hmac_sha256(data: &[u8], key: &[u8]) -> Result<Vec<u8>> {
20 if let Ok(mut hm) = hmac::Hmac::<Sha256>::new_from_slice(key) {
21 hm.update(data);
22 Ok(hm.finalize().into_bytes().to_vec())
23 } else {
24 Err(anyhow::anyhow!(format!("can't create hmac {:?}", key)))
25 }
26}
27
28pub fn sha256(data: &[u8]) -> Vec<u8> {
29 let mut hasher = Sha256::new();
30 hasher.update(data);
31 hasher.finalize().to_vec()
32}
33pub fn sha1_enc(data: &[u8]) -> Vec<u8> {
34 let mut hasher = Sha1::new();
35 hasher.update(data);
36 hasher.finalize().to_vec()
37}
38
39type Aes128Ccm = ccm::Ccm<aes::Aes128, ccm::consts::U16, ccm::consts::U13>;
40pub fn aes128_ccm_encrypt(
41 key: &crypto_common::Key<Aes128Ccm>,
42 nonce: &[u8],
43 aad: &[u8],
44 msg: &[u8],
45) -> Result<Vec<u8>> {
46 let cipher = <Aes128Ccm as ccm::KeyInit>::new(key);
47 match ccm::aead::Aead::encrypt(
48 &cipher,
49 crypto_common::generic_array::GenericArray::from_slice(nonce),
50 ccm::aead::Payload { msg, aad },
51 ) {
52 Ok(o) => Ok(o),
53 Err(e) => Err(anyhow::anyhow!("encrypt error {:?}", e)),
54 }
55}
56
57pub fn aes128_ccm_decrypt(
58 key: &crypto_common::Key<Aes128Ccm>,
59 nonce: &[u8],
60 aad: &[u8],
61 msg: &[u8],
62) -> Result<Vec<u8>> {
63 let cipher = <Aes128Ccm as ccm::KeyInit>::new(key);
64 match ccm::aead::Aead::decrypt(
65 &cipher,
66 crypto_common::generic_array::GenericArray::from_slice(nonce),
67 ccm::aead::Payload { msg, aad },
68 ) {
69 Ok(o) => Ok(o),
70 Err(e) => Err(anyhow::anyhow!(format!("decrypt error {:?}", e))),
71 }
72}
73
74pub fn read_private_key_from_pem(fname: &str) -> Result<p256::SecretKey> {
75 let file_contents = std::fs::read_to_string(fname)
76 .context(format!("can't read file {}", fname))?;
77 Ok(p256::SecretKey::from_sec1_pem(&file_contents)?)
78}
79pub fn read_private_key_bytes_from_pem(fname: &str) -> Result<Vec<u8>> {
80 let file_contents = std::fs::read_to_string(fname)
81 .context(format!("can't read file {}", fname))?;
82 Ok(pem::parse(file_contents)?.contents().to_vec())
83}
84
85pub fn read_signing_key_from_pem(fname: &str) -> Result<ecdsa::SigningKey<p256::NistP256>> {
86 let file_contents = std::fs::read_to_string(fname)
87 .context(format!("can't read file {}", fname))?;
88 Ok(ecdsa::SigningKey::from(p256::SecretKey::from_sec1_pem(
89 &file_contents,
90 )?))
91}
92
93pub fn read_pub_key_from_pem(fname: &str) -> Result<Vec<u8>> {
94 let file_contents = std::fs::read_to_string(fname)
95 .context(format!("can't read file {}", fname))?;
96 let secretkey = p256::SecretKey::from_sec1_pem(&file_contents)?;
97 Ok(secretkey.public_key().to_sec1_bytes().to_vec())
98}
99
100pub fn read_data_from_pem(fname: &str) -> Result<Vec<u8>> {
101 let file_contents = std::fs::read_to_string(fname)
102 .context(format!("can't read file {}", fname))?;
103 Ok(pem::parse(file_contents)?.contents().to_vec())
104}
105
106pub fn write_pem(tag: &str, data: &[u8], fname: &str) -> Result<()> {
107 let p = pem::Pem::new(tag, data);
108 let enc = pem::encode(&p);
109 std::fs::write(fname, enc)?;
110 Ok(())
111}
112
113pub fn secret_key_to_rfc5915(key: &p256::SecretKey) -> Result<Vec<u8>> {
114 let mut enc = crate::util::asn1::Encoder::new();
115 enc.start_seq(0x30)?;
116 enc.write_int(1)?;
117 enc.write_octet_string(key.to_bytes().as_slice())?;
118 enc.start_seq(0xa0)?;
119 enc.write_oid("1.2.840.10045.3.1.7")?;
120 enc.end_seq();
121 enc.start_seq(0xa1)?;
122 let mut b: Vec<u8> = vec![0];
123 b.extend_from_slice(&key.public_key().to_sec1_bytes());
124 enc.write_octet_string_with_tag(0x3, &b)?;
125 enc.end_seq();
126 enc.end_seq();
127 Ok(enc.encode())
128}