PaddingScheme: allow creating verify-only PSS padding schemes (#172)

If the software is only going to verify the PSS signatures, there is no need to provide RNG as a part of PaddingScheme. Add new API calls to allow creating such verify-only padding schemes. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
RustCrypto · Jul 31, 2022 · 8425b99 · 8425b99
1 parent 1a8b67b
commit 8425b99
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 0 deletions.
diff --git a/src/padding.rs b/src/padding.rs
@@ -5,6 +5,7 @@ use core::fmt;
 use digest::{Digest, DynDigest};
 use rand_core::RngCore;
 
+use crate::dummy_rng::DummyRng;
 use crate::hash::Hash;
 
 /// Available padding schemes.
@@ -160,4 +161,20 @@ impl PaddingScheme {
             salt_len: Some(len),
         }
     }
+
+    pub fn new_pss_verify<T: 'static + Digest + DynDigest>() -> Self {
+        PaddingScheme::PSS {
+            salt_rng: Box::new(DummyRng),
+            digest: Box::new(T::new()),
+            salt_len: None,
+        }
+    }
+
+    pub fn new_pss_verify_with_salt<T: 'static + Digest + DynDigest>(len: usize) -> Self {
+        PaddingScheme::PSS {
+            salt_rng: Box::new(DummyRng),
+            digest: Box::new(T::new()),
+            salt_len: Some(len),
+        }
+    }
 }
diff --git a/src/pss.rs b/src/pss.rs
@@ -290,6 +290,47 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_verify_pss_verify() {
+        let priv_key = get_private_key();
+
+        let tests = [(
+            "test\n",
+            hex!(
+                "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae"
+                "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962f"
+            ),
+        )];
+        let pub_key: RsaPublicKey = priv_key.into();
+
+        for (text, sig) in &tests {
+            let digest = Sha1::digest(text.as_bytes()).to_vec();
+            pub_key
+                .verify(PaddingScheme::new_pss_verify::<Sha1>(), &digest, sig)
+                .expect("failed to verify");
+        }
+    }
+
+    #[test]
+    #[should_panic(expected = "not implemented")]
+    fn test_sign_and_with_verify_padding() {
+        let priv_key = get_private_key();
+
+        let tests = ["test\n"];
+        let rng = ChaCha8Rng::from_seed([42; 32]);
+
+        for test in &tests {
+            let digest = Sha1::digest(test.as_bytes()).to_vec();
+            let _sig = priv_key
+                .sign_blinded(
+                    &mut rng.clone(),
+                    PaddingScheme::new_pss_verify::<Sha1>(),
+                    &digest,
+                )
+                .expect("failed to sign");
+        }
+    }
+
     #[test]
     fn test_sign_and_verify_roundtrip() {
         let priv_key = get_private_key();