pkcs1v15: use AssociatedOID for getting the RSA prefix

Drop internal implementation of AssociatedHash and use AssociatedOID
trait to get the OID corresponding to the Digest and to format the ASN.1
prefix.

Signed-off-by: Dmitry Baryshkov <[email protected]>

Author: lumag

Cargo.toml

@@ -20,7 +20,7 @@ num-iter = { version = "0.1.37", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 byteorder = { version = "1.3.1", default-features = false }
 subtle = { version = "2.1.1", default-features = false }
-digest = { version = "0.10.0", default-features = false, features = ["alloc"] }
+digest = { version = "0.10.0", default-features = false, features = ["alloc", "oid"] }
 pkcs1 = { version = "0.4", default-features = false, features = ["pkcs8", "alloc"] }
 pkcs8 = { version = "0.9", default-features = false, features = ["alloc"] }
 #To keep the rand_core versions properly pinnen, specify exact version
@@ -30,11 +30,6 @@ zeroize = { version = "1", features = ["alloc"] }
 # Temporary workaround until https://github.com/dignifiedquire/num-bigint/pull/42 lands
 smallvec = { version = "1.6.1", default-features = false }
 
-# Temporary until the link from Digest to OID is moved to corresponding crates
-sha1 = { version = "0.10.1", default-features = false, optional = true }
-sha2 = { version = "0.10.2", default-features = false, optional = true }
-sha3 = { version = "0.10.1", default-features = false, optional = true }
-
 [dependencies.serde_crate]
 package = "serde"
 optional = true
@@ -50,15 +45,15 @@ rand_xorshift = "0.3"
 rand_chacha = "0.3"
 rand = "0.8"
 rand_core = { version = "0.6", default-features = false }
-sha1 = { version = "0.10.1", default-features = false }
-sha2 = { version = "0.10.2", default-features = false }
+sha1 = { version = "0.10.1", default-features = false, features = ["oid"] }
+sha2 = { version = "0.10.2", default-features = false, features = ["oid"] }
 sha3 = { version = "0.10.1", default-features = false }
 
 [[bench]]
 name = "key"
 
 [features]
-default = ["std", "pem", "sha2"]
+default = ["std", "pem"]
 nightly = ["num-bigint/nightly"]
 serde = ["num-bigint/serde", "serde_crate"]
 expose-internals = []
@@ -68,7 +63,7 @@ pkcs5 = ["pkcs8/encryption"]
 getrandom = ["rand_core/getrandom"]
 
 [package.metadata.docs.rs]
-features = ["std", "pem", "serde", "expose-internals", "sha1", "sha2", "sha3"]
+features = ["std", "pem", "serde", "expose-internals"]
 rustdoc-args = ["--cfg", "docsrs"]
 
 [profile.dev]

src/hash.rs

@@ -83,55 +83,3 @@ impl Hash {
         }
     }
 }
-
-/* FIXME: This trait should be refactored into per-digest implementations returning OID */
-pub trait AssociatedHash {
-    const HASH: Hash;
-}
-
-#[cfg(feature = "sha1")]
-impl AssociatedHash for sha1::Sha1 {
-    const HASH: Hash = Hash::SHA1;
-}
-
-#[cfg(feature = "sha2")]
-impl AssociatedHash for sha2::Sha224 {
-    const HASH: Hash = Hash::SHA2_224;
-}
-
-#[cfg(feature = "sha2")]
-impl AssociatedHash for sha2::Sha256 {
-    const HASH: Hash = Hash::SHA2_256;
-}
-
-#[cfg(feature = "sha2")]
-impl AssociatedHash for sha2::Sha384 {
-    const HASH: Hash = Hash::SHA2_384;
-}
-
-#[cfg(feature = "sha2")]
-impl AssociatedHash for sha2::Sha512 {
-    const HASH: Hash = Hash::SHA2_512;
-}
-
-/*
-#[cfg(feature = "sha3")]
-impl AssociatedHash for sha3::Sha3_224 {
-    const HASH: Hash = Hash::SHA3_224;
-}
-*/
-
-#[cfg(feature = "sha3")]
-impl AssociatedHash for sha3::Sha3_256 {
-    const HASH: Hash = Hash::SHA3_256;
-}
-
-#[cfg(feature = "sha3")]
-impl AssociatedHash for sha3::Sha3_384 {
-    const HASH: Hash = Hash::SHA3_384;
-}
-
-#[cfg(feature = "sha3")]
-impl AssociatedHash for sha3::Sha3_512 {
-    const HASH: Hash = Hash::SHA3_512;
-}

src/key.rs

@@ -12,6 +12,7 @@ use zeroize::Zeroize;
 use crate::algorithms::{generate_multi_prime_key, generate_multi_prime_key_with_exp};
 use crate::dummy_rng::DummyRng;
 use crate::errors::{Error, Result};
+use crate::hash::Hash;
 
 use crate::padding::PaddingScheme;
 use crate::raw::{DecryptionPrimitive, EncryptionPrimitive};
@@ -217,7 +218,8 @@ impl PublicKey for RsaPublicKey {
     fn verify(&self, padding: PaddingScheme, hashed: &[u8], sig: &[u8]) -> Result<()> {
         match padding {
             PaddingScheme::PKCS1v15Sign { ref hash } => {
-                pkcs1v15::verify(self, hash.as_ref(), hashed, sig)
+                let prefix = hash_info(*hash, hashed.len())?;
+                pkcs1v15::verify(self, prefix, hashed, sig)
             }
             PaddingScheme::PSS { mut digest, .. } => pss::verify(self, hashed, sig, &mut *digest),
             _ => Err(Error::InvalidPaddingScheme),
@@ -510,7 +512,8 @@ impl RsaPrivateKey {
         match padding {
             // need to pass any Rng as the type arg, so the type checker is happy, it is not actually used for anything
             PaddingScheme::PKCS1v15Sign { ref hash } => {
-                pkcs1v15::sign::<DummyRng, _>(None, self, hash.as_ref(), digest_in)
+                let prefix = hash_info(*hash, digest_in.len())?;
+                pkcs1v15::sign::<DummyRng, _>(None, self, prefix, digest_in)
             }
             _ => Err(Error::InvalidPaddingScheme),
         }
@@ -545,7 +548,8 @@ impl RsaPrivateKey {
     ) -> Result<Vec<u8>> {
         match padding {
             PaddingScheme::PKCS1v15Sign { ref hash } => {
-                pkcs1v15::sign(Some(rng), self, hash.as_ref(), digest_in)
+                let prefix = hash_info(*hash, digest_in.len())?;
+                pkcs1v15::sign(Some(rng), self, prefix, digest_in)
             }
             PaddingScheme::PSS {
                 mut digest,
@@ -556,6 +560,22 @@ impl RsaPrivateKey {
     }
 }
 
+#[inline]
+fn hash_info(hash: Option<Hash>, digest_len: usize) -> Result<&'static [u8]> {
+    match hash {
+        Some(hash) => {
+            let hash_len = hash.size();
+            if digest_len != hash_len {
+                return Err(Error::InputNotHashed);
+            }
+
+            Ok(hash.asn1_prefix())
+        }
+        // this means the data is signed directly
+        None => Ok(&[]),
+    }
+}
+
 /// Check that the public key is well formed and has an exponent within acceptable bounds.
 #[inline]
 pub fn check_public(public_key: &impl PublicKeyParts) -> Result<()> {

src/lib.rs

@@ -47,32 +47,28 @@
 //! assert_eq!(&data[..], &dec_data[..]);
 //! ```
 //!
-#![cfg_attr(
-    feature = "sha2",
-    doc = r#"
-Using PKCS1v15 signatures
-```
-use rsa::RsaPrivateKey;
-use rsa::pkcs1v15::{SigningKey, VerifyingKey};
-use sha2::{Digest, Sha256};
-use signature::{RandomizedSigner, Signature, Verifier};
-
-let mut rng = rand::thread_rng();
-
-let bits = 2048;
-let private_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key");
-let signing_key = SigningKey::<Sha256>::new_with_prefix(private_key);
-let verifying_key: VerifyingKey<_> = (&signing_key).into();
-
-// Sign
-let data = b"hello world";
-let signature = signing_key.sign_with_rng(&mut rng, data);
-assert_ne!(signature.as_bytes(), data);
-
-// Verify
-verifying_key.verify(data, &signature).expect("failed to verify");
-```"#
-)]
+//! Using PKCS1v15 signatures
+//! ```
+//! use rsa::RsaPrivateKey;
+//! use rsa::pkcs1v15::{SigningKey, VerifyingKey};
+//! use sha2::{Digest, Sha256};
+//! use signature::{RandomizedSigner, Signature, Verifier};
+//!
+//! let mut rng = rand::thread_rng();
+//!
+//! let bits = 2048;
+//! let private_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key");
+//! let signing_key = SigningKey::<Sha256>::new_with_prefix(private_key);
+//! let verifying_key: VerifyingKey<_> = (&signing_key).into();
+//!
+//! // Sign
+//! let data = b"hello world";
+//! let signature = signing_key.sign_with_rng(&mut rng, data);
+//! assert_ne!(signature.as_bytes(), data);
+//!
+//! // Verify
+//! verifying_key.verify(data, &signature).expect("failed to verify");
+//! ```
 //!
 //! Using PSS signatures
 //! ```