Get rid of rsa::Hash

lumag · lumag · commit ac7fd3b6f516 · 2022-09-12T18:03:04.000+03:00
Fully replace rsa::Hash with AssociatedOid usage.

Signed-off-by: Dmitry Baryshkov &lt;dmitry.baryshkov@linaro.org&gt;
diff --git a/src/hash.rs b/src/hash.rs
diff --git a/src/key.rs b/src/key.rs
@@ -12,7 +12,6 @@ use zeroize::Zeroize;
 use crate::algorithms::{generate_multi_prime_key, generate_multi_prime_key_with_exp};
 use crate::dummy_rng::DummyRng;
 use crate::errors::{Error, Result};
-use crate::hash::Hash;
 
 use crate::padding::PaddingScheme;
 use crate::raw::{DecryptionPrimitive, EncryptionPrimitive};
@@ -217,9 +216,13 @@ impl PublicKey for RsaPublicKey {
 
     fn verify(&self, padding: PaddingScheme, hashed: &[u8], sig: &[u8]) -> Result<()> {
         match padding {
-            PaddingScheme::PKCS1v15Sign { ref hash } => {
-                let prefix = hash_info(*hash, hashed.len())?;
-                pkcs1v15::verify(self, prefix, hashed, sig)
+            PaddingScheme::PKCS1v15Sign { hash_len, prefix } => {
+                if let Some(hash_len) = hash_len {
+                    if hashed.len() != hash_len {
+                        return Err(Error::InputNotHashed);
+                    }
+                }
+                pkcs1v15::verify(self, prefix.as_ref(), hashed, sig)
             }
             PaddingScheme::PSS { mut digest, .. } => pss::verify(self, hashed, sig, &mut *digest),
             _ => Err(Error::InvalidPaddingScheme),
@@ -511,9 +514,13 @@ impl RsaPrivateKey {
     pub fn sign(&self, padding: PaddingScheme, digest_in: &[u8]) -> Result<Vec<u8>> {
         match padding {
             // need to pass any Rng as the type arg, so the type checker is happy, it is not actually used for anything
-            PaddingScheme::PKCS1v15Sign { ref hash } => {
-                let prefix = hash_info(*hash, digest_in.len())?;
-                pkcs1v15::sign::<DummyRng, _>(None, self, prefix, digest_in)
+            PaddingScheme::PKCS1v15Sign { hash_len, prefix } => {
+                if let Some(hash_len) = hash_len {
+                    if digest_in.len() != hash_len {
+                        return Err(Error::InputNotHashed);
+                    }
+                }
+                pkcs1v15::sign::<DummyRng, _>(None, self, prefix.as_ref(), digest_in)
             }
             _ => Err(Error::InvalidPaddingScheme),
         }
@@ -547,9 +554,13 @@ impl RsaPrivateKey {
         digest_in: &[u8],
     ) -> Result<Vec<u8>> {
         match padding {
-            PaddingScheme::PKCS1v15Sign { ref hash } => {
-                let prefix = hash_info(*hash, digest_in.len())?;
-                pkcs1v15::sign(Some(rng), self, prefix, digest_in)
+            PaddingScheme::PKCS1v15Sign { hash_len, prefix } => {
+                if let Some(hash_len) = hash_len {
+                    if digest_in.len() != hash_len {
+                        return Err(Error::InputNotHashed);
+                    }
+                }
+                pkcs1v15::sign(Some(rng), self, prefix.as_ref(), digest_in)
             }
             PaddingScheme::PSS {
                 mut digest,
@@ -560,22 +571,6 @@ impl RsaPrivateKey {
     }
 }
 
-#[inline]
-fn hash_info(hash: Option<Hash>, digest_len: usize) -> Result<&'static [u8]> {
-    match hash {
-        Some(hash) => {
-            let hash_len = hash.size();
-            if digest_len != hash_len {
-                return Err(Error::InputNotHashed);
-            }
-
-            Ok(hash.asn1_prefix())
-        }
-        // this means the data is signed directly
-        None => Ok(&[]),
-    }
-}
-
 /// Check that the public key is well formed and has an exponent within acceptable bounds.
 #[inline]
 pub fn check_public(public_key: &impl PublicKeyParts) -> Result<()> {
diff --git a/src/lib.rs b/src/lib.rs
@@ -200,8 +200,6 @@ pub use rand_core;
 pub mod algorithms;
 /// Error types.
 pub mod errors;
-/// Supported hash functions.
-pub mod hash;
 /// Supported padding schemes.
 pub mod padding;
 /// RSASSA-PKCS1-v1_5 Signature support
@@ -218,7 +216,6 @@ mod raw;
 pub use pkcs1;
 pub use pkcs8;
 
-pub use self::hash::Hash;
 pub use self::key::{PublicKey, PublicKeyParts, RsaPrivateKey, RsaPublicKey};
 pub use self::padding::PaddingScheme;
 
diff --git a/src/padding.rs b/src/padding.rs
@@ -3,15 +3,19 @@ use alloc::string::{String, ToString};
 use core::fmt;
 
 use digest::{Digest, DynDigest};
+use pkcs8::AssociatedOid;
 
-use crate::hash::Hash;
+use crate::pkcs1v15;
 
 /// Available padding schemes.
 pub enum PaddingScheme {
     /// Encryption and Decryption using PKCS1v15 padding.
     PKCS1v15Encrypt,
     /// Sign and Verify using PKCS1v15 padding.
-    PKCS1v15Sign { hash: Option<Hash> },
+    PKCS1v15Sign {
+        hash_len: Option<usize>,
+        prefix: Box<[u8]>,
+    },
     /// Encryption and Decryption using [OAEP padding](https://datatracker.ietf.org/doc/html/rfc3447#section-7.1.1).
     ///
     /// - `digest` is used to hash the label. The maximum possible plaintext length is `m = k - 2 * h_len - 2`,
@@ -38,8 +42,8 @@ impl fmt::Debug for PaddingScheme {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             PaddingScheme::PKCS1v15Encrypt => write!(f, "PaddingScheme::PKCS1v15Encrypt"),
-            PaddingScheme::PKCS1v15Sign { ref hash } => {
-                write!(f, "PaddingScheme::PKCS1v15Sign({:?})", hash)
+            PaddingScheme::PKCS1v15Sign { prefix, .. } => {
+                write!(f, "PaddingScheme::PKCS1v15Sign({:?})", prefix)
             }
             PaddingScheme::OAEP { ref label, .. } => {
                 // TODO: How to print the digest name?
@@ -58,8 +62,21 @@ impl PaddingScheme {
         PaddingScheme::PKCS1v15Encrypt
     }
 
-    pub fn new_pkcs1v15_sign(hash: Option<Hash>) -> Self {
-        PaddingScheme::PKCS1v15Sign { hash }
+    pub fn new_pkcs1v15_sign_raw() -> Self {
+        PaddingScheme::PKCS1v15Sign {
+            hash_len: None,
+            prefix: Box::new([]),
+        }
+    }
+
+    pub fn new_pkcs1v15_sign<D>() -> Self
+    where
+        D: Digest + AssociatedOid,
+    {
+        PaddingScheme::PKCS1v15Sign {
+            hash_len: Some(<D as Digest>::output_size()),
+            prefix: pkcs1v15::generate_prefix::<D>().into_boxed_slice(),
+        }
     }
 
     /// Create a new OAEP `PaddingScheme`, using `T` as the hash function for the default (empty) label, and `U` as the hash function for MGF1.
diff --git a/src/pkcs1v15.rs b/src/pkcs1v15.rs
@@ -209,7 +209,7 @@ pub(crate) fn verify<PK: PublicKey>(
 
 // prefix = 0x30 <oid_len + 8 + digest_len> 0x30 <oid_len + 4> 0x06 <oid_len> oid 0x05 0x00 0x04 <digest_len>
 #[inline]
-fn generate_prefix<D>() -> Vec<u8>
+pub(crate) fn generate_prefix<D>() -> Vec<u8>
 where
     D: Digest + AssociatedOid,
 {
@@ -497,7 +497,7 @@ mod tests {
     use sha1::{Digest, Sha1};
     use signature::{RandomizedSigner, Signature, Signer, Verifier};
 
-    use crate::{Hash, PaddingScheme, PublicKey, PublicKeyParts, RsaPrivateKey, RsaPublicKey};
+    use crate::{PaddingScheme, PublicKey, PublicKeyParts, RsaPrivateKey, RsaPublicKey};
 
     #[test]
     fn test_non_zero_bytes() {
@@ -603,7 +603,7 @@ mod tests {
             let digest = Sha1::digest(text.as_bytes()).to_vec();
 
             let out = priv_key
-                .sign(PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA1)), &digest)
+                .sign(PaddingScheme::new_pkcs1v15_sign::<Sha1>(), &digest)
                 .unwrap();
             assert_ne!(out, digest);
             assert_eq!(out, expected);
@@ -612,7 +612,7 @@ mod tests {
             let out2 = priv_key
                 .sign_blinded(
                     &mut rng,
-                    PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA1)),
+                    PaddingScheme::new_pkcs1v15_sign::<Sha1>(),
                     &digest,
                 )
                 .unwrap();
@@ -703,11 +703,7 @@ mod tests {
         for (text, sig, expected) in &tests {
             let digest = Sha1::digest(text.as_bytes()).to_vec();
 
-            let result = pub_key.verify(
-                PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA1)),
-                &digest,
-                sig,
-            );
+            let result = pub_key.verify(PaddingScheme::new_pkcs1v15_sign::<Sha1>(), &digest, sig);
             match expected {
                 true => result.expect("failed to verify"),
                 false => {
@@ -801,13 +797,13 @@ mod tests {
         let priv_key = get_private_key();
 
         let sig = priv_key
-            .sign(PaddingScheme::new_pkcs1v15_sign(None), msg)
+            .sign(PaddingScheme::new_pkcs1v15_sign_raw(), msg)
             .unwrap();
         assert_eq!(expected_sig, sig);
 
         let pub_key: RsaPublicKey = priv_key.into();
         pub_key
-            .verify(PaddingScheme::new_pkcs1v15_sign(None), msg, &sig)
+            .verify(PaddingScheme::new_pkcs1v15_sign_raw(), msg, &sig)
             .expect("failed to verify");
     }
 
