Make pss::Signing/VerifyingKey accept raw message

Change the SigningKey and VerifiyingKey implementations accept raw
message rather than pre-hashed message.

Signed-off-by: Dmitry Baryshkov <[email protected]>

Author: lumag

src/lib.rs

@@ -81,17 +81,16 @@
 //!
 //! let bits = 2048;
 //! let private_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key");
-//! let signing_key = BlindedSigningKey::new(private_key, Box::new(Sha256::new()));
-//! let verifying_key: VerifyingKey = (&signing_key).into();
+//! let signing_key = BlindedSigningKey::<Sha256>::new(private_key);
+//! let verifying_key: VerifyingKey<_> = (&signing_key).into();
 //!
 //! // Sign
 //! let data = b"hello world";
-//! let digest = Sha256::digest(data).to_vec();
-//! let signature = signing_key.sign_with_rng(&mut rng, &digest);
+//! let signature = signing_key.sign_with_rng(&mut rng, data);
 //! assert_ne!(signature.as_bytes(), data);
 //!
 //! // Verify
-//! verifying_key.verify(&digest, &signature).expect("failed to verify");
+//! verifying_key.verify(data, &signature).expect("failed to verify");
 //! ```
 //!
 //! ## PKCS#1 RSA Key Encoding

src/pss.rs

@@ -1,9 +1,9 @@
-use alloc::boxed::Box;
 use alloc::vec;
 use alloc::vec::Vec;
 
 use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex};
-use digest::DynDigest;
+use core::marker::PhantomData;
+use digest::{Digest, DynDigest};
 use rand_core::{CryptoRng, RngCore};
 use signature::{RandomizedSigner, Signature as SignSignature, Verifier};
 use subtle::ConstantTimeEq;
@@ -317,149 +317,196 @@ fn emsa_pss_verify(
     }
 }
 
-pub struct SigningKey {
+pub struct SigningKey<D>
+where
+    D: Digest + DynDigest,
+{
     inner: RsaPrivateKey,
     salt_len: Option<usize>,
-    digest: Box<dyn DynDigest>,
+    phantom: PhantomData<D>,
 }
 
-impl SigningKey {
+impl<D> SigningKey<D>
+where
+    D: Digest + DynDigest,
+{
     pub(crate) fn key(&self) -> &RsaPrivateKey {
         &self.inner
     }
 
-    pub(crate) fn digest(&self) -> Box<dyn DynDigest> {
-        self.digest.box_clone()
+    pub fn new(key: RsaPrivateKey) -> Self {
+        Self {
+            inner: key,
+            salt_len: None,
+            phantom: Default::default(),
+        }
     }
 
-    pub fn new(key: RsaPrivateKey, digest: Box<dyn DynDigest>) -> Self {
+    pub fn new_with_salt_len(key: RsaPrivateKey, salt_len: usize) -> Self {
         Self {
             inner: key,
-            salt_len: None,
-            digest: digest,
+            salt_len: Some(salt_len),
+            phantom: Default::default(),
         }
     }
 }
 
-impl RandomizedSigner<Signature> for SigningKey {
+impl<D> RandomizedSigner<Signature> for SigningKey<D>
+where
+    D: Digest + DynDigest,
+{
     fn try_sign_with_rng(
         &self,
         mut rng: impl CryptoRng + RngCore,
-        digest: &[u8],
+        msg: &[u8],
     ) -> signature::Result<Signature> {
         sign(
             &mut rng,
             false,
             &self.inner,
-            digest,
+            &D::digest(msg),
             self.salt_len,
-            self.digest.box_clone().as_mut(),
+            &mut D::new(),
         )
         .map(|v| v.into())
         .map_err(|e| e.into())
     }
 }
 
-pub struct BlindedSigningKey {
+pub struct BlindedSigningKey<D>
+where
+    D: Digest + DynDigest,
+{
     inner: RsaPrivateKey,
     salt_len: Option<usize>,
-    digest: Box<dyn DynDigest>,
+    phantom: PhantomData<D>,
 }
 
-impl BlindedSigningKey {
+impl<D> BlindedSigningKey<D>
+where
+    D: Digest + DynDigest,
+{
     pub(crate) fn key(&self) -> &RsaPrivateKey {
         &self.inner
     }
 
-    pub(crate) fn digest(&self) -> Box<dyn DynDigest> {
-        self.digest.box_clone()
+    pub fn new(key: RsaPrivateKey) -> Self {
+        Self {
+            inner: key,
+            salt_len: None,
+            phantom: Default::default(),
+        }
     }
 
-    pub fn new(key: RsaPrivateKey, digest: Box<dyn DynDigest>) -> Self {
+    pub fn new_with_salt_len(key: RsaPrivateKey, salt_len: usize) -> Self {
         Self {
             inner: key,
-            salt_len: None,
-            digest: digest,
+            salt_len: Some(salt_len),
+            phantom: Default::default(),
         }
     }
 }
 
-impl RandomizedSigner<Signature> for BlindedSigningKey {
+impl<D> RandomizedSigner<Signature> for BlindedSigningKey<D>
+where
+    D: Digest + DynDigest,
+{
     fn try_sign_with_rng(
         &self,
         mut rng: impl CryptoRng + RngCore,
-        digest: &[u8],
+        msg: &[u8],
     ) -> signature::Result<Signature> {
         sign(
             &mut rng,
             true,
             &self.inner,
-            digest,
+            &D::digest(msg),
             self.salt_len,
-            self.digest.box_clone().as_mut(),
+            &mut D::new(),
         )
         .map(|v| v.into())
         .map_err(|e| e.into())
     }
 }
 
-pub struct VerifyingKey {
+pub struct VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
     inner: RsaPublicKey,
-    digest: Box<dyn DynDigest>,
+    phantom: PhantomData<D>,
 }
 
-impl VerifyingKey {
-    pub fn new(key: RsaPublicKey, digest: Box<dyn DynDigest>) -> Self {
+impl<D> VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
+    pub fn new(key: RsaPublicKey) -> Self {
         Self {
             inner: key,
-            digest: digest,
+            phantom: Default::default(),
         }
     }
 }
 
-impl From<SigningKey> for VerifyingKey {
-    fn from(key: SigningKey) -> Self {
+impl<D> From<SigningKey<D>> for VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
+    fn from(key: SigningKey<D>) -> Self {
         Self {
             inner: key.key().into(),
-            digest: key.digest(),
+            phantom: Default::default(),
         }
     }
 }
 
-impl From<&SigningKey> for VerifyingKey {
-    fn from(key: &SigningKey) -> Self {
+impl<D> From<&SigningKey<D>> for VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
+    fn from(key: &SigningKey<D>) -> Self {
         Self {
             inner: key.key().into(),
-            digest: key.digest(),
+            phantom: Default::default(),
         }
     }
 }
 
-impl From<BlindedSigningKey> for VerifyingKey {
-    fn from(key: BlindedSigningKey) -> Self {
+impl<D> From<BlindedSigningKey<D>> for VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
+    fn from(key: BlindedSigningKey<D>) -> Self {
         Self {
             inner: key.key().into(),
-            digest: key.digest(),
+            phantom: Default::default(),
         }
     }
 }
 
-impl From<&BlindedSigningKey> for VerifyingKey {
-    fn from(key: &BlindedSigningKey) -> Self {
+impl<D> From<&BlindedSigningKey<D>> for VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
+    fn from(key: &BlindedSigningKey<D>) -> Self {
         Self {
             inner: key.key().into(),
-            digest: key.digest(),
+            phantom: Default::default(),
         }
     }
 }
 
-impl Verifier<Signature> for VerifyingKey {
+impl<D> Verifier<Signature> for VerifyingKey<D>
+where
+    D: Digest + DynDigest,
+{
     fn verify(&self, msg: &[u8], signature: &Signature) -> signature::Result<()> {
         verify(
             &self.inner,
-            msg,
+            &D::digest(msg),
             signature.as_ref(),
-            self.digest.box_clone().as_mut(),
+            &mut D::new(),
         )
         .map_err(|e| e.into())
     }
@@ -470,7 +517,6 @@ mod test {
     use crate::pss::{BlindedSigningKey, SigningKey, VerifyingKey};
     use crate::{PaddingScheme, PublicKey, RsaPrivateKey, RsaPublicKey};
 
-    use alloc::boxed::Box;
     use hex_literal::hex;
     use num_bigint::BigUint;
     use num_traits::{FromPrimitive, Num};
@@ -561,11 +607,11 @@ mod test {
             ),
         ];
         let pub_key: RsaPublicKey = priv_key.into();
-        let verifying_key: VerifyingKey = VerifyingKey::new(pub_key, Box::new(Sha1::new()));
+        let verifying_key: VerifyingKey<Sha1> = VerifyingKey::new(pub_key);
 
         for (text, sig, expected) in &tests {
-            let digest = Sha1::digest(text.as_bytes()).to_vec();
-            let result = verifying_key.verify(&digest, &Signature::from_bytes(sig).unwrap());
+            let result =
+                verifying_key.verify(text.as_bytes(), &Signature::from_bytes(sig).unwrap());
             match expected {
                 true => result.expect("failed to verify"),
                 false => {
@@ -620,14 +666,13 @@ mod test {
 
         let tests = ["test\n"];
         let mut rng = ChaCha8Rng::from_seed([42; 32]);
-        let signing_key = SigningKey::new(priv_key, Box::new(Sha1::new()));
-        let verifying_key: VerifyingKey = (&signing_key).into();
+        let signing_key = SigningKey::<Sha1>::new(priv_key);
+        let verifying_key = VerifyingKey::from(&signing_key);
 
         for test in &tests {
-            let digest = Sha1::digest(test.as_bytes()).to_vec();
-            let sig = signing_key.sign_with_rng(&mut rng, &digest);
+            let sig = signing_key.sign_with_rng(&mut rng, test.as_bytes());
             verifying_key
-                .verify(&digest, &sig)
+                .verify(test.as_bytes(), &sig)
                 .expect("failed to verify");
         }
     }
@@ -638,14 +683,13 @@ mod test {
 
         let tests = ["test\n"];
         let mut rng = ChaCha8Rng::from_seed([42; 32]);
-        let signing_key = BlindedSigningKey::new(priv_key, Box::new(Sha1::new()));
-        let verifying_key: VerifyingKey = (&signing_key).into();
+        let signing_key = BlindedSigningKey::<Sha1>::new(priv_key);
+        let verifying_key = VerifyingKey::from(&signing_key);
 
         for test in &tests {
-            let digest = Sha1::digest(test.as_bytes()).to_vec();
-            let sig = signing_key.sign_with_rng(&mut rng, &digest);
+            let sig = signing_key.sign_with_rng(&mut rng, test.as_bytes());
             verifying_key
-                .verify(&digest, &sig)
+                .verify(test.as_bytes(), &sig)
                 .expect("failed to verify");
         }
     }