Skip to content

Commit

Permalink
feat: iplement hazmat signature traits for PSS keys
Browse files Browse the repository at this point in the history 
Implement PrehashSigner and PrehashVerifier traits for PSS
key structures.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
  • Loading branch information
@lumag
lumag committed Oct 3, 2022
1 parent c880e5f commit 5eb6a8e
Showing 1 changed file with 119 additions and 0 deletions.
119 changes: 119 additions & 0 deletions src/pss.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ use core::marker::PhantomData;
use core::ops::Deref;
use digest::{Digest, DynDigest, FixedOutputReset};
use rand_core::{CryptoRng, RngCore};
#[cfg(feature = "hazmat")]
use signature::hazmat::{PrehashVerifier, RandomizedPrehashSigner};
use signature::{
DigestVerifier, RandomizedDigestSigner, RandomizedSigner, Signature as SignSignature, Verifier,
};
Expand Down Expand Up @@ -607,6 +609,22 @@ where
}
}

#[cfg(feature = "hazmat")]
impl<D> RandomizedPrehashSigner<Signature> for SigningKey<D>
where
D: Digest + FixedOutputReset,
{
fn sign_prehash_with_rng(
&self,
mut rng: impl CryptoRng + RngCore,
prehash: &[u8],
) -> signature::Result<Signature> {
sign_digest::<_, _, D>(&mut rng, false, &self.inner, prehash, self.salt_len)
.map(|v| v.into())
.map_err(|e| e.into())
}
}

impl<D> AsRef<RsaPrivateKey> for SigningKey<D>
where
D: Digest,
Expand Down Expand Up @@ -705,6 +723,22 @@ where
}
}

#[cfg(feature = "hazmat")]
impl<D> RandomizedPrehashSigner<Signature> for BlindedSigningKey<D>
where
D: Digest + FixedOutputReset,
{
fn sign_prehash_with_rng(
&self,
mut rng: impl CryptoRng + RngCore,
prehash: &[u8],
) -> signature::Result<Signature> {
sign_digest::<_, _, D>(&mut rng, true, &self.inner, prehash, self.salt_len)
.map(|v| v.into())
.map_err(|e| e.into())
}
}

impl<D> AsRef<RsaPrivateKey> for BlindedSigningKey<D>
where
D: Digest,
Expand Down Expand Up @@ -821,6 +855,16 @@ where
}
}

#[cfg(feature = "hazmat")]
impl<D> PrehashVerifier<Signature> for VerifyingKey<D>
where
D: Digest + FixedOutputReset,
{
fn verify_prehash(&self, prehash: &[u8], signature: &Signature) -> signature::Result<()> {
verify_digest::<_, D>(&self.inner, prehash, signature.as_ref()).map_err(|e| e.into())
}
}

impl<D> AsRef<RsaPublicKey> for VerifyingKey<D>
where
D: Digest,
Expand All @@ -840,6 +884,8 @@ mod test {
use num_traits::{FromPrimitive, Num};
use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng};
use sha1::{Digest, Sha1};
#[cfg(feature = "hazmat")]
use signature::hazmat::{PrehashVerifier, RandomizedPrehashSigner};
use signature::{
DigestVerifier, RandomizedDigestSigner, RandomizedSigner, Signature, Verifier,
};
Expand Down Expand Up @@ -1093,4 +1139,77 @@ mod test {
.expect("failed to verify");
}
}

#[cfg(feature = "hazmat")]
#[test]
fn test_verify_pss_hazmat() {
let priv_key = get_private_key();

let tests = [
(
Sha1::digest("test\n"),
hex!(
"6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae"
"30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962f"
),
true,
),
(
Sha1::digest("test\n"),
hex!(
"6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae"
"30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962e"
),
false,
),
];
let pub_key: RsaPublicKey = priv_key.into();
let verifying_key = VerifyingKey::<Sha1>::new(pub_key);

for (text, sig, expected) in &tests {
let result = verifying_key.verify_prehash(text.as_ref(), &Signature::from_bytes(sig).unwrap());
match expected {
true => result.expect("failed to verify"),
false => {
result.expect_err("expected verifying error");
}
}
}
}

#[cfg(feature = "hazmat")]
#[test]
fn test_sign_and_verify_pss_hazmat() {
let priv_key = get_private_key();

let tests = [Sha1::digest("test\n")];
let mut rng = ChaCha8Rng::from_seed([42; 32]);
let signing_key = SigningKey::<Sha1>::new(priv_key);
let verifying_key = VerifyingKey::from(&signing_key);

for test in &tests {
let sig = signing_key.sign_prehash_with_rng(&mut rng, &test).expect("failed to sign");
verifying_key
.verify_prehash(&test, &sig)
.expect("failed to verify");
}
}

#[cfg(feature = "hazmat")]
#[test]
fn test_sign_and_verify_pss_blinded_hazmat() {
let priv_key = get_private_key();

let tests = [Sha1::digest("test\n")];
let mut rng = ChaCha8Rng::from_seed([42; 32]);
let signing_key = BlindedSigningKey::<Sha1>::new(priv_key);
let verifying_key = VerifyingKey::from(&signing_key);

for test in &tests {
let sig = signing_key.sign_prehash_with_rng(&mut rng, &test).expect("failed to sign");
verifying_key
.verify_prehash(&test, &sig)
.expect("failed to verify");
}
}
}

0 comments on commit 5eb6a8e

Please sign in to comment.