pkcs1v15: use AssociatedOID for getting the RSA prefix

[lumag]

Drop internal implementation of AssociatedHash and use AssociatedOID
trait to get the OID corresponding to the Digest and to format the ASN.1
prefix.

[lumag]

This depends on RustCrypto/traits#1098 and RustCrypto/hashes#405 to be merged first.

[lumag]

@tarcieri @newpavlov Note, this pull request contains breaking change, it drops rsa::Hash. If you wish I can pull this commit out and leave only non-breaking changs.

[tarcieri]

@lumag breaking changes are fine as there are already ones merged (master is currently v0.7.0-pre)

[newpavlov]

It would be nice to update the changelog. It's easier to edit "unreleased" section, than to collect all changes introduced since previous release.

[tarcieri]

@newpavlov unfortunately there is no changelog! (#151)

But I'm happy to add one and document all of the changes in this (upcoming) release.

[tarcieri]

I'm going to go ahead and merge this as there are several people asking for an RC.

Can wait for feedback from @dignifiedquire before cutting a final release. And in the meantime, I can get a changelog added.

[newpavlov]

unfortunately there is no changelog

Ah, true. I think the next breaking release is a good opportunity to add one then.

[dignifiedquire]

Uhm, I am not sure I can support this, but from first glance this means I can't change the hash function at runtime, which is functionality I need. Or am I missing something?

[dignifiedquire]

why did these get changed?

[lumag]

It was a revert of previous commit which changed Sha1 to Sha256.

[lumag]

Uhm, I am not sure I can support this, but from first glance this means I can't change the hash function at runtime, which is functionality I need. Or am I missing something?

Unfortunately changing the hash function at runtime doesn't match the SigningKey model. You can have several signing keys at once.

[tarcieri]

@dignifiedquire we could ensure the low-level APIs (defined in terms of RsaPrivateKey/RsaPublicKey) operate in terms of DynDigest and accept an ObjectIdentifier parameter where necessary. Does that work?

Re: SigningKey, using (Randomized)DigestSigner would at least reduce the part that needs to be monomorphized to the signing function itself, which would call into a common implementation once the digest has been computed.

An enum could be used to select the concrete Digest to use when invoking (Randomized)DigestSigner, although that could potentially be defined to represent a specific ciphersuite in a downstream crate, rather than in the rsa crate itself.

[lumag]

@dignifiedquire The SigningKey expects to get clear text, not the pre-hashed data. DigestSigningKey accepts Digest instance. I can implement the hazmat's interfaces to be able to accept prehashed texts. Or the old API is still accessible.

[dignifiedquire]

This is the code that I need to support: https://github.com/rpgp/rpgp/blob/master/src/crypto/rsa.rs#L67-L82
The hash function is supplied dynamically with a list of supported hashes here: https://github.com/rpgp/rpgp/blob/master/src/crypto/hash.rs#L45

[dignifiedquire]

I can implement the hazmat's interfaces to be able to accept prehashed texts

This specifically needs to support prehashed input. The linked api usage is 80% of the reason that I originally wrote this library. 😅

[lumag]

@dignifiedquire ack, I see the issue. I'll send a pull request in one of the forthcoming days.

[dignifiedquire]

thanks @lumag!

[lumag]

@dignifiedquire I've sketched rpgp/rpgp#193. However it might be easier to just restore the rsa::Hash struct and use old API as you have been using it up to now.