ssh/algorithm/public_key/
rsa.rs

1use crate::algorithm::public_key::PublicKey as PubK;
2use crate::model::Data;
3use crate::SshError;
4//use rsa::PublicKey;
5use rsa::pkcs1v15::Pkcs1v15Sign;
6
7pub(super) struct RsaSha256;
8
9impl PubK for RsaSha256 {
10    fn new() -> Self
11    where
12        Self: Sized,
13    {
14        Self
15    }
16
17    fn verify_signature(&self, ks: &[u8], message: &[u8], sig: &[u8]) -> Result<bool, SshError> {
18        let mut data = Data::from(ks[4..].to_vec());
19        data.get_u8s();
20
21        let e = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
22        let n = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
23        let public_key = rsa::RsaPublicKey::new(n, e).unwrap();
24        let scheme = Pkcs1v15Sign::new::<sha2::Sha256>();
25
26        let digest = ring::digest::digest(&ring::digest::SHA256, message);
27        let msg = digest.as_ref();
28
29        Ok(public_key.verify(scheme, msg, sig).is_ok())
30    }
31}
32
33pub(super) struct RsaSha512;
34
35impl PubK for RsaSha512 {
36    fn new() -> Self
37    where
38        Self: Sized,
39    {
40        Self
41    }
42
43    fn verify_signature(&self, ks: &[u8], message: &[u8], sig: &[u8]) -> Result<bool, SshError> {
44        let mut data = Data::from(ks[4..].to_vec());
45        data.get_u8s();
46
47        let e = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
48        let n = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
49        let public_key = rsa::RsaPublicKey::new(n, e).unwrap();
50        let scheme = Pkcs1v15Sign::new::<sha2::Sha512>();
51
52        let digest = ring::digest::digest(&ring::digest::SHA512, message);
53        let msg = digest.as_ref();
54
55        Ok(public_key.verify(scheme, msg, sig).is_ok())
56    }
57}
58
59#[cfg(feature = "deprecated-rsa-sha1")]
60pub(super) struct RsaSha1;
61#[cfg(feature = "deprecated-rsa-sha1")]
62impl PubK for RsaSha1 {
63    fn new() -> Self
64    where
65        Self: Sized,
66    {
67        Self
68    }
69
70    fn verify_signature(&self, ks: &[u8], message: &[u8], sig: &[u8]) -> Result<bool, SshError> {
71        let mut data = Data::from(ks[4..].to_vec());
72        data.get_u8s();
73
74        let e = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
75        let n = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
76        let public_key = rsa::RsaPublicKey::new(n, e).unwrap();
77        let scheme = Pkcs1v15Sign::new::<sha1::Sha1>();
78
79        let digest = ring::digest::digest(&ring::digest::SHA1_FOR_LEGACY_USE_ONLY, message);
80        let msg = digest.as_ref();
81
82        Ok(public_key.verify(scheme, msg, sig).is_ok())
83    }
84}