rustls_ring/
verify.rs

1use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm, alg_id};
2use ring::signature;
3
4/// An array of all the verification algorithms exported by this crate.
5///
6/// This will be empty if the crate is built without the `ring` and `aws-lc-rs` features.
7pub static ALL_VERIFICATION_ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
8    ECDSA_P256_SHA256,
9    ECDSA_P256_SHA384,
10    ECDSA_P384_SHA256,
11    ECDSA_P384_SHA384,
12    ED25519,
13    RSA_PKCS1_2048_8192_SHA256,
14    RSA_PKCS1_2048_8192_SHA384,
15    RSA_PKCS1_2048_8192_SHA512,
16    RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS,
17    RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS,
18    RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS,
19    RSA_PKCS1_3072_8192_SHA384,
20    RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
21    RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
22    RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
23];
24
25/// A `SignatureVerificationAlgorithm` implemented using *ring*.
26#[derive(Debug)]
27struct RingAlgorithm {
28    public_key_alg_id: AlgorithmIdentifier,
29    signature_alg_id: AlgorithmIdentifier,
30    verification_alg: &'static dyn signature::VerificationAlgorithm,
31}
32
33impl SignatureVerificationAlgorithm for RingAlgorithm {
34    fn public_key_alg_id(&self) -> AlgorithmIdentifier {
35        self.public_key_alg_id
36    }
37
38    fn signature_alg_id(&self) -> AlgorithmIdentifier {
39        self.signature_alg_id
40    }
41
42    fn verify_signature(
43        &self,
44        public_key: &[u8],
45        message: &[u8],
46        signature: &[u8],
47    ) -> Result<(), InvalidSignature> {
48        signature::UnparsedPublicKey::new(self.verification_alg, public_key)
49            .verify(message, signature)
50            .map_err(|_| InvalidSignature)
51    }
52}
53
54/// ECDSA signatures using the P-256 curve and SHA-256.
55pub static ECDSA_P256_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
56    public_key_alg_id: alg_id::ECDSA_P256,
57    signature_alg_id: alg_id::ECDSA_SHA256,
58    verification_alg: &signature::ECDSA_P256_SHA256_ASN1,
59};
60
61/// ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
62pub static ECDSA_P256_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
63    public_key_alg_id: alg_id::ECDSA_P256,
64    signature_alg_id: alg_id::ECDSA_SHA384,
65    verification_alg: &signature::ECDSA_P256_SHA384_ASN1,
66};
67
68/// ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
69pub static ECDSA_P384_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
70    public_key_alg_id: alg_id::ECDSA_P384,
71    signature_alg_id: alg_id::ECDSA_SHA256,
72    verification_alg: &signature::ECDSA_P384_SHA256_ASN1,
73};
74
75/// ECDSA signatures using the P-384 curve and SHA-384.
76pub static ECDSA_P384_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
77    public_key_alg_id: alg_id::ECDSA_P384,
78    signature_alg_id: alg_id::ECDSA_SHA384,
79    verification_alg: &signature::ECDSA_P384_SHA384_ASN1,
80};
81
82/// RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
83pub static RSA_PKCS1_2048_8192_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
84    public_key_alg_id: alg_id::RSA_ENCRYPTION,
85    signature_alg_id: alg_id::RSA_PKCS1_SHA256,
86    verification_alg: &signature::RSA_PKCS1_2048_8192_SHA256,
87};
88
89/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
90pub static RSA_PKCS1_2048_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
91    public_key_alg_id: alg_id::RSA_ENCRYPTION,
92    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
93    verification_alg: &signature::RSA_PKCS1_2048_8192_SHA384,
94};
95
96/// RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
97pub static RSA_PKCS1_2048_8192_SHA512: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
98    public_key_alg_id: alg_id::RSA_ENCRYPTION,
99    signature_alg_id: alg_id::RSA_PKCS1_SHA512,
100    verification_alg: &signature::RSA_PKCS1_2048_8192_SHA512,
101};
102
103/// RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits,
104/// with illegally absent AlgorithmIdentifier parameters.
105///
106/// RFC4055 says on sha256WithRSAEncryption and company:
107///
108/// >   When any of these four object identifiers appears within an
109/// >   AlgorithmIdentifier, the parameters MUST be NULL.  Implementations
110/// >   MUST accept the parameters being absent as well as present.
111///
112/// This algorithm covers the absent case, [`RSA_PKCS1_2048_8192_SHA256`] covers
113/// the present case.
114pub static RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS: &dyn SignatureVerificationAlgorithm =
115    &RingAlgorithm {
116        public_key_alg_id: alg_id::RSA_ENCRYPTION,
117        signature_alg_id: AlgorithmIdentifier::from_slice(include_bytes!(
118            "data/alg-rsa-pkcs1-sha256-absent-params.der"
119        )),
120        verification_alg: &signature::RSA_PKCS1_2048_8192_SHA256,
121    };
122
123/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits,
124/// with illegally absent AlgorithmIdentifier parameters.
125///
126/// RFC4055 says on sha256WithRSAEncryption and company:
127///
128/// >   When any of these four object identifiers appears within an
129/// >   AlgorithmIdentifier, the parameters MUST be NULL.  Implementations
130/// >   MUST accept the parameters being absent as well as present.
131///
132/// This algorithm covers the absent case, [`RSA_PKCS1_2048_8192_SHA384`] covers
133/// the present case.
134pub static RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS: &dyn SignatureVerificationAlgorithm =
135    &RingAlgorithm {
136        public_key_alg_id: alg_id::RSA_ENCRYPTION,
137        signature_alg_id: AlgorithmIdentifier::from_slice(include_bytes!(
138            "data/alg-rsa-pkcs1-sha384-absent-params.der"
139        )),
140        verification_alg: &signature::RSA_PKCS1_2048_8192_SHA384,
141    };
142
143/// RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits,
144/// with illegally absent AlgorithmIdentifier parameters.
145///
146/// RFC4055 says on sha256WithRSAEncryption and company:
147///
148/// >   When any of these four object identifiers appears within an
149/// >   AlgorithmIdentifier, the parameters MUST be NULL.  Implementations
150/// >   MUST accept the parameters being absent as well as present.
151///
152/// This algorithm covers the absent case, [`RSA_PKCS1_2048_8192_SHA512`] covers
153/// the present case.
154pub static RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS: &dyn SignatureVerificationAlgorithm =
155    &RingAlgorithm {
156        public_key_alg_id: alg_id::RSA_ENCRYPTION,
157        signature_alg_id: AlgorithmIdentifier::from_slice(include_bytes!(
158            "data/alg-rsa-pkcs1-sha512-absent-params.der"
159        )),
160        verification_alg: &signature::RSA_PKCS1_2048_8192_SHA512,
161    };
162
163/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
164pub static RSA_PKCS1_3072_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
165    public_key_alg_id: alg_id::RSA_ENCRYPTION,
166    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
167    verification_alg: &signature::RSA_PKCS1_3072_8192_SHA384,
168};
169
170/// RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of
171/// type rsaEncryption; see [RFC 4055 Section 1.2].
172///
173/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
174pub static RSA_PSS_2048_8192_SHA256_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
175    &RingAlgorithm {
176        public_key_alg_id: alg_id::RSA_ENCRYPTION,
177        signature_alg_id: alg_id::RSA_PSS_SHA256,
178        verification_alg: &signature::RSA_PSS_2048_8192_SHA256,
179    };
180
181/// RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of
182/// type rsaEncryption; see [RFC 4055 Section 1.2].
183///
184/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
185pub static RSA_PSS_2048_8192_SHA384_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
186    &RingAlgorithm {
187        public_key_alg_id: alg_id::RSA_ENCRYPTION,
188        signature_alg_id: alg_id::RSA_PSS_SHA384,
189        verification_alg: &signature::RSA_PSS_2048_8192_SHA384,
190    };
191
192/// RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of
193/// type rsaEncryption; see [RFC 4055 Section 1.2].
194///
195/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
196pub static RSA_PSS_2048_8192_SHA512_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
197    &RingAlgorithm {
198        public_key_alg_id: alg_id::RSA_ENCRYPTION,
199        signature_alg_id: alg_id::RSA_PSS_SHA512,
200        verification_alg: &signature::RSA_PSS_2048_8192_SHA512,
201    };
202
203/// ED25519 signatures according to RFC 8410
204pub static ED25519: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
205    public_key_alg_id: alg_id::ED25519,
206    signature_alg_id: alg_id::ED25519,
207    verification_alg: &signature::ED25519,
208};
rustls_ring/verify.rs

rustls_ring/
verify.rs
