sad_rsa/pkcs1v15/
verifying_key.rs1use super::{pkcs1v15_generate_prefix, verify, Signature};
2use crate::RsaPublicKey;
3use alloc::vec::Vec;
4use const_oid::AssociatedOid;
5use core::marker::PhantomData;
6use digest::{Digest, FixedOutput, HashMarker, Update};
7use signature::{hazmat::PrehashVerifier, DigestVerifier, Verifier};
8
9#[cfg(feature = "encoding")]
10use {
11 super::oid,
12 spki::{
13 der::AnyRef, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier, Document,
14 EncodePublicKey, SignatureAlgorithmIdentifier,
15 },
16};
17#[cfg(feature = "serde")]
18use {
19 serdect::serde::{de, ser, Deserialize, Serialize},
20 spki::DecodePublicKey,
21};
22
23#[derive(Debug)]
27pub struct VerifyingKey<D>
28where
29 D: Digest,
30{
31 pub(super) inner: RsaPublicKey,
32 pub(super) prefix: Vec<u8>,
33 pub(super) phantom: PhantomData<D>,
34}
35
36impl<D> VerifyingKey<D>
37where
38 D: Digest + AssociatedOid,
39{
40 pub fn new(key: RsaPublicKey) -> Self {
42 Self {
43 inner: key,
44 prefix: pkcs1v15_generate_prefix::<D>(),
45 phantom: Default::default(),
46 }
47 }
48}
49
50impl<D> VerifyingKey<D>
51where
52 D: Digest,
53{
54 pub fn new_unprefixed(key: RsaPublicKey) -> Self {
60 Self {
61 inner: key,
62 prefix: Vec::new(),
63 phantom: Default::default(),
64 }
65 }
66}
67
68impl<D> DigestVerifier<D, Signature> for VerifyingKey<D>
73where
74 D: Default + FixedOutput + HashMarker + Update,
75{
76 fn verify_digest<F: Fn(&mut D) -> signature::Result<()>>(
77 &self,
78 f: F,
79 signature: &Signature,
80 ) -> signature::Result<()> {
81 let mut digest = D::default();
82 f(&mut digest)?;
83 verify(
84 &self.inner,
85 &self.prefix,
86 &digest.finalize_fixed(),
87 &signature.inner,
88 )
89 .map_err(|e| e.into())
90 }
91}
92
93impl<D> PrehashVerifier<Signature> for VerifyingKey<D>
94where
95 D: Digest,
96{
97 fn verify_prehash(&self, prehash: &[u8], signature: &Signature) -> signature::Result<()> {
98 verify(&self.inner, &self.prefix, prehash, &signature.inner).map_err(|e| e.into())
99 }
100}
101
102impl<D> Verifier<Signature> for VerifyingKey<D>
103where
104 D: Digest,
105{
106 fn verify(&self, msg: &[u8], signature: &Signature) -> signature::Result<()> {
107 verify(
108 &self.inner,
109 &self.prefix.clone(),
110 &D::digest(msg),
111 &signature.inner,
112 )
113 .map_err(|e| e.into())
114 }
115}
116
117impl<D> AsRef<RsaPublicKey> for VerifyingKey<D>
122where
123 D: Digest,
124{
125 fn as_ref(&self) -> &RsaPublicKey {
126 &self.inner
127 }
128}
129
130#[cfg(feature = "encoding")]
131impl<D> AssociatedAlgorithmIdentifier for VerifyingKey<D>
132where
133 D: Digest,
134{
135 type Params = AnyRef<'static>;
136
137 const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID;
138}
139
140impl<D> Clone for VerifyingKey<D>
142where
143 D: Digest,
144{
145 fn clone(&self) -> Self {
146 Self {
147 inner: self.inner.clone(),
148 prefix: self.prefix.clone(),
149 phantom: Default::default(),
150 }
151 }
152}
153
154#[cfg(feature = "encoding")]
155impl<D> EncodePublicKey for VerifyingKey<D>
156where
157 D: Digest,
158{
159 fn to_public_key_der(&self) -> spki::Result<Document> {
160 self.inner.to_public_key_der()
161 }
162}
163
164impl<D> From<RsaPublicKey> for VerifyingKey<D>
165where
166 D: Digest + AssociatedOid,
167{
168 fn from(key: RsaPublicKey) -> Self {
169 Self::new(key)
170 }
171}
172
173impl<D> From<VerifyingKey<D>> for RsaPublicKey
174where
175 D: Digest,
176{
177 fn from(key: VerifyingKey<D>) -> Self {
178 key.inner
179 }
180}
181
182#[cfg(feature = "encoding")]
183impl<D> SignatureAlgorithmIdentifier for VerifyingKey<D>
184where
185 D: Digest + oid::RsaSignatureAssociatedOid,
186{
187 type Params = AnyRef<'static>;
188
189 const SIGNATURE_ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> =
190 AlgorithmIdentifierRef {
191 oid: D::OID,
192 parameters: Some(AnyRef::NULL),
193 };
194}
195
196#[cfg(feature = "encoding")]
197impl<D> TryFrom<pkcs8::SubjectPublicKeyInfoRef<'_>> for VerifyingKey<D>
198where
199 D: Digest + AssociatedOid,
200{
201 type Error = spki::Error;
202
203 fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> spki::Result<Self> {
204 spki.algorithm.assert_algorithm_oid(pkcs1::ALGORITHM_OID)?;
205
206 RsaPublicKey::try_from(spki).map(Self::new)
207 }
208}
209
210impl<D> PartialEq for VerifyingKey<D>
211where
212 D: Digest,
213{
214 fn eq(&self, other: &Self) -> bool {
215 self.inner == other.inner && self.prefix == other.prefix
216 }
217}
218
219#[cfg(feature = "serde")]
220impl<D> Serialize for VerifyingKey<D>
221where
222 D: Digest,
223{
224 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
225 where
226 S: serde::Serializer,
227 {
228 let der = self.to_public_key_der().map_err(ser::Error::custom)?;
229 serdect::slice::serialize_hex_lower_or_bin(&der, serializer)
230 }
231}
232
233#[cfg(feature = "serde")]
234impl<'de, D> Deserialize<'de> for VerifyingKey<D>
235where
236 D: Digest + AssociatedOid,
237{
238 fn deserialize<De>(deserializer: De) -> Result<Self, De::Error>
239 where
240 De: serde::Deserializer<'de>,
241 {
242 let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?;
243 Self::from_public_key_der(&der_bytes).map_err(de::Error::custom)
244 }
245}
246
247#[cfg(test)]
248mod tests {
249 #[test]
250 #[cfg(all(feature = "hazmat", feature = "serde"))]
251 fn test_serde() {
252 use super::*;
253 use crate::RsaPrivateKey;
254 use rand::rngs::ChaCha8Rng;
255 use rand_core::SeedableRng;
256 use serde_test::{assert_tokens, Configure, Token};
257 use sha2::Sha256;
258
259 let mut rng = ChaCha8Rng::from_seed([42; 32]);
260 let priv_key = RsaPrivateKey::new_unchecked(&mut rng, 64).expect("failed to generate key");
261 let pub_key = priv_key.to_public_key();
262 let verifying_key = VerifyingKey::<Sha256>::new(pub_key);
263
264 let tokens = [Token::Str(
265 "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001",
266 )];
267
268 assert_tokens(&verifying_key.readable(), &tokens);
269 }
270}