We seem to be running into a lot of people who are having trouble with
PKCS#1 v1.5 signatures because the failure mode for the `oid` feature of
the `sha2` crate being disabled is fairly unscrutable.
See #234, #253, and the semi-related tracking issue for #238.
If `rsa` has a `sha2` feature, we can always ensure `oid` is enabled,
and this can be used in code examples. It also means users don't need
two crates to create/verify PKCS#1 v1.5 signatures.
RSA is used commonly enough with the SHA2 family that this integration
probably makes sense.
Splits up the `PaddingScheme` enum into four structs, named after the
previous variants of the struct (adopting capitalization from the Rust
API guidelines):
- `oaep::Oaep`
- `pkcs1v15::{Pkcs1v15Encrypt, Pkcs1v15Sign}`
- `pss::Pss`
All of these are re-exported from the toplevel.
Each of these structs impls one or more of the following traits:
- `PaddingScheme`: used for encryption
- `SignatureScheme`: used for signing
The `PaddingScheme` constructors have been remapped as follows:
- `new_oaep` => `Oaep::new`
- `new_oaep_with_label` => `Oaep::new_with_label`
- `new_oaep_with_mgf_hash` => `Oaep::new_with_mgf_hash`
- `new_oaep_with_mgf_hash_with_label` => `Oaep::new_with_mgf_hash_and_label`
- `new_pkcs1v15_encrypt` => `Pkcs1v15Encrypt`
- `new_pkcs1v15_sign` => `Pkcs1v15Sign::new`
- `new_pkcs1v15_sign_raw` => `Pkcs1v15Sign::new_raw`
- `new_pss` => `Pss::{new, new_blinded}`
- `new_pss_with_salt` => `Pss::{new_with_salt new_blinded_with_salt}`
Also uses the new `CryptoRngCore` where possible instead of separate
`CryptoRng + RngCore`, and switches to `signature` v2.0.0-pre.3
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Rework the crate to implement traits from the preview of the signature
crate. Use `Vec<u8>` as `Self::Repr` type.
Drop the hand-crafted `From` traits, replacing them with the
implementation of the `Keypair` trait.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Several types and methods were missing documentation.
This commit adds document and enables warnings for `missing_docs`.
Additionally it updates all references to PKCS#1 RFCs to use RFC8017,
which documents the latest version of PKCS#1.
Drop internal implementation of `AssociatedHash` and use `AssociatedOid`
trait from `const_oid` to get the OID corresponding to the `Digest` and to
format the ASN.1 prefix.
Also removes the previous `Hash` enum as it was used for looking up OIDs.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Implement Deref<Target = [u8]> for the Signature types to allow
automatically dereferencing Signature as byte slices.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
- Change the `SigningKey` and `VerifiyingKey` implementations accept raw
message rather than pre-hashed message.
- Implement the experimental (preview) `DigestSigner` and `DigestVerifier`
traits for the PKCS1v15 structs.
- Implement the experimental (preview) `RandomizedDigestSigner` and
`DigestVerifier` traits for the PSS structs.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Refactor the `rsa` crate to use the API defined by the signature crate.
This adds `pss` and `pkcs1v15` modules, each of them providing
`Signature`, `Verifier` and `Signer`/`RandomizedSigner` implementations.
Add tests for pkcs1v15 and pss signature verification functions to check
that verifying invalid signatures returns an error.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Adds an error case in the event the number of `primes` provides is fewer
than 2, which prevents panics when invoking methods which expect primes
to always be present at indices 0 and 1 (i.e. `p` and `q`)
Fixes#163
* No-std support
* Fix tests
* Cleanly error out when building without the alloc feature
* Run no-std tests on arm-linux-gnu target
* Fix nostd tests
* Attempt 2 at fixing nostd tests
* Fix warnings when running tests in nostd mode
* fixup! No-std support
* Splitting blind and unblind into their own functions
* Adding public functions to private-key for blinding and unblinding
* Re-exporting raw RSA functions into a 'danger' module
* Better documentation
* Typos and grammar
* Updating as per suggestions, moving things into an 'internals' module which is optionally made public
* We blind and unblind using n and e, so public key is sufficient
