signer/verifier: implement Signer and Verifier traits for the RSA

Signed-off-by: Dmitry Baryshkov <[email protected]>

Author: lumag

src/key.rs

@@ -187,6 +187,8 @@ pub trait PublicKey: EncryptionPrimitive + PublicKeyParts {
     /// passed in through `hash`.
     /// If the message is valid `Ok(())` is returned, otherwiese an `Err` indicating failure.
     fn verify(&self, padding: PaddingScheme, hashed: &[u8], sig: &[u8]) -> Result<()>;
+
+    fn to_verifier(&self, padding: PaddingScheme) -> RsaVerifier;
 }
 
 impl PublicKeyParts for RsaPublicKey {
@@ -227,6 +229,10 @@ impl PublicKey for RsaPublicKey {
             _ => Err(Error::InvalidPaddingScheme),
         }
     }
+
+    fn to_verifier(&self, padding: PaddingScheme) -> RsaVerifier {
+        RsaVerifier::new(&self, padding)
+    }
 }
 
 impl RsaPublicKey {
@@ -264,6 +270,10 @@ impl<'a> PublicKey for &'a RsaPublicKey {
     fn verify(&self, padding: PaddingScheme, hashed: &[u8], sig: &[u8]) -> Result<()> {
         (*self).verify(padding, hashed, sig)
     }
+
+    fn to_verifier(&self, padding: PaddingScheme) -> RsaVerifier {
+        (*self).to_verifier(padding)
+    }
 }
 
 impl PublicKeyParts for RsaPrivateKey {

src/lib.rs

@@ -173,6 +173,8 @@ mod oaep;
 mod pkcs1v15;
 mod pss;
 mod raw;
+mod signer;
+mod verifier;
 
 pub use pkcs1;
 pub use pkcs8;

src/signer.rs

@@ -0,0 +1,108 @@
+use crate::dummy_rng::DummyRng;
+use crate::errors::Error;
+use crate::rsa_core::*;
+use crate::RsaPrivateKey;
+use crate::{pkcs1v15, pss};
+use rand_core::{CryptoRng, RngCore};
+use signature::RandomizedSigner;
+use signature::Signature;
+use signature::Signer;
+
+#[cfg(feature = "std")]
+fn to_sig_error(e: Error) -> signature::Error {
+    signature::Error::from_source(e)
+}
+
+#[cfg(not(feature = "std"))]
+fn to_sig_error(_e: Error) -> signature::Error {
+    signature::Error::new()
+}
+
+pub struct RsaSigner<'a> {
+    key: &'a RsaPrivateKey,
+    padding: PaddingScheme,
+}
+
+impl<'a> RsaSigner<'a> {
+    pub fn new(key: &'a RsaPrivateKey, padding: PaddingScheme) -> RsaSigner<'a> {
+        RsaSigner { key, padding }
+    }
+}
+
+impl Signer<RsaSignature> for RsaSigner<'_> {
+    fn try_sign(&self, msg: &[u8]) -> signature::Result<RsaSignature> {
+        match self.padding {
+            PaddingScheme::PKCS1v15Sign { ref hash } => {
+                pkcs1v15::sign::<DummyRng, _>(None, self.key, hash.as_ref(), msg)
+            }
+            _ => Err(Error::InvalidPaddingScheme),
+        }
+        .map_err(|e| to_sig_error(e))
+        .and_then(|v| RsaSignature::from_bytes(v.as_slice()))
+    }
+}
+
+impl RandomizedSigner<RsaSignature> for RsaSigner<'_> {
+    fn try_sign_with_rng(
+        &self,
+        mut rng: impl CryptoRng + RngCore,
+        msg: &[u8],
+    ) -> Result<RsaSignature, signature::Error> {
+        match &self.padding {
+            PaddingScheme::PKCS1v15Sign { ref hash } => {
+                pkcs1v15::sign::<DummyRng, _>(None, self.key, hash.as_ref(), msg)
+            }
+            PaddingScheme::PSS {
+                digest, salt_len, ..
+            } => pss::sign::<_, _>(
+                &mut rng,
+                false,
+                self.key,
+                msg,
+                *salt_len,
+                &mut *digest.box_clone(),
+            ),
+            _ => Err(Error::InvalidPaddingScheme),
+        }
+        .map_err(|e| to_sig_error(e))
+        .and_then(|v| RsaSignature::from_bytes(v.as_slice()))
+    }
+}
+
+pub struct RsaBlindedSigner<'a> {
+    key: &'a RsaPrivateKey,
+    padding: PaddingScheme,
+}
+
+impl<'a> RsaBlindedSigner<'a> {
+    pub fn new(key: &'a RsaPrivateKey, padding: PaddingScheme) -> RsaBlindedSigner<'a> {
+        RsaBlindedSigner { key, padding }
+    }
+}
+
+impl RandomizedSigner<RsaSignature> for RsaBlindedSigner<'_> {
+    fn try_sign_with_rng(
+        &self,
+        mut rng: impl CryptoRng + RngCore,
+        msg: &[u8],
+    ) -> Result<RsaSignature, signature::Error> {
+        match &self.padding {
+            PaddingScheme::PKCS1v15Sign { ref hash } => {
+                pkcs1v15::sign::<_, _>(Some(&mut rng), self.key, hash.as_ref(), msg)
+            }
+            PaddingScheme::PSS {
+                digest, salt_len, ..
+            } => pss::sign::<_, _>(
+                &mut rng,
+                true,
+                self.key,
+                msg,
+                *salt_len,
+                &mut *digest.box_clone(),
+            ),
+            _ => Err(Error::InvalidPaddingScheme),
+        }
+        .map_err(|e| to_sig_error(e))
+        .and_then(|v| RsaSignature::from_bytes(v.as_slice()))
+    }
+}

src/verifier.rs

@@ -0,0 +1,45 @@
+use crate::errors::Error;
+use crate::rsa_core::*;
+use crate::RsaPublicKey;
+use crate::{pkcs1v15, pss};
+use signature::Signature;
+use signature::Verifier;
+
+#[cfg(feature = "std")]
+fn to_sig_error(e: Error) -> signature::Error {
+    signature::Error::from_source(e)
+}
+
+#[cfg(not(feature = "std"))]
+fn to_sig_error(_e: Error) -> signature::Error {
+    signature::Error::new()
+}
+
+pub struct RsaVerifier<'a> {
+    key: &'a RsaPublicKey,
+    padding: PaddingScheme,
+}
+
+impl<'a> RsaVerifier<'a> {
+    pub fn new(key: &'a RsaPublicKey, padding: PaddingScheme) -> RsaVerifier<'a> {
+        RsaVerifier { key, padding }
+    }
+}
+
+impl Verifier<RsaSignature> for RsaVerifier<'_> {
+    fn verify(&self, msg: &[u8], signature: &RsaSignature) -> Result<(), signature::Error> {
+        match &self.padding {
+            PaddingScheme::PKCS1v15Sign { ref hash } => {
+                pkcs1v15::verify(self.key, hash.as_ref(), msg, signature.as_bytes())
+            }
+            PaddingScheme::PSS { digest, .. } => pss::verify(
+                self.key,
+                msg,
+                signature.as_bytes(),
+                &mut *digest.box_clone(),
+            ),
+            _ => Err(Error::InvalidPaddingScheme),
+        }
+        .map_err(|e| to_sig_error(e))
+    }
+}