ts_crypto/

rsa.rs

//! RSA keys

use digest::{Digest, DynDigest, FixedOutput};
use pkcs8::AssociatedOid;
use rsa::{
    BoxedUint, Pkcs1v15Sign, Pss, RsaPrivateKey, RsaPublicKey,
    traits::{PublicKeyParts, SignatureScheme},
};
use sha2::{Sha256, Sha384, Sha512};
use spki::DecodePublicKey;

pub use rsa::{RsaPrivateKey as RsaSigningKey, RsaPublicKey as RsaVerifyingKey};

/// Extension trait to [`SignatureScheme`] to make creating a new instance generic.
pub trait SignatureSchemeExt: SignatureScheme {
    /// Create a new instance of the signature scheme.
    fn new<D: 'static + Digest + DynDigest + FixedOutput + AssociatedOid + Send + Sync>() -> Self;
}

/// A verifying key using RSA.
pub trait VerifyingKey {
    /// Get the key's modulus.
    fn modulus(&self) -> Vec<u8>;
    /// Get the key's exponent.
    fn exponent(&self) -> Vec<u8>;

    /// Create a new key from its parameters.
    fn from_parameters(modulus: &[u8], exponent: &[u8]) -> Option<Self>
    where
        Self: Sized;

    /// Create a new key from a PKCS1 der.
    fn from_pkcs1_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized;

    /// Create a new key from a subject public key info der.
    fn from_spki_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized;

    /// Returns if this key verifies the signature to match the message using the `RS256` parameters.
    fn verifies_rs256(&self, signature: &[u8], message: &[u8]) -> bool;
    /// Returns if this key verifies the signature to match the message using the `PS256` parameters.
    fn verifies_ps256(&self, signature: &[u8], message: &[u8]) -> bool;
    /// Returns if this key verifies the signature to match the message using the `RS384` parameters.
    fn verifies_rs384(&self, signature: &[u8], message: &[u8]) -> bool;
    /// Returns if this key verifies the signature to match the message using the `PS384` parameters.
    fn verifies_ps384(&self, signature: &[u8], message: &[u8]) -> bool;
    /// Returns if this key verifies the signature to match the message using the `RS512` parameters.
    fn verifies_rs512(&self, signature: &[u8], message: &[u8]) -> bool;
    /// Returns if this key verifies the signature to match the message using the `PS512` parameters.
    fn verifies_ps512(&self, signature: &[u8], message: &[u8]) -> bool;
}

/// A signing key using RSA.
pub trait SigningKey {
    /// Sign the message using the `RS256` parameters.
    fn sign_rs256(&self, message: &[u8]) -> Vec<u8>;
    /// Sign the message using the `PS256` parameters.
    fn sign_ps256(&self, message: &[u8]) -> Vec<u8>;
    /// Sign the message using the `RS384` parameters.
    fn sign_rs384(&self, message: &[u8]) -> Vec<u8>;
    /// Sign the message using the `PS384` parameters.
    fn sign_ps384(&self, message: &[u8]) -> Vec<u8>;
    /// Sign the message using the `RS512` parameters.
    fn sign_rs512(&self, message: &[u8]) -> Vec<u8>;
    /// Sign the message using the `PS512` parameters.
    fn sign_ps512(&self, message: &[u8]) -> Vec<u8>;

    /// Create a new key from a PKCS1 DER.
    fn from_pkcs1_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized;

    /// Create a new key from a PKCS8 DER.
    fn from_pkcs8_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized;

    /// Create a verifying key from this key.
    fn verifying_key(&self) -> Box<dyn VerifyingKey>;
}

impl VerifyingKey for RsaPublicKey {
    fn modulus(&self) -> Vec<u8> {
        self.n_bytes().to_vec()
    }

    fn exponent(&self) -> Vec<u8> {
        self.e_bytes().to_vec()
    }

    fn from_parameters(modulus: &[u8], exponent: &[u8]) -> Option<Self>
    where
        Self: Sized,
    {
        let modulus = BoxedUint::from_be_slice_vartime(modulus);
        let exponent = BoxedUint::from_be_slice_vartime(exponent);
        Self::new(modulus, exponent).ok()
    }

    fn verifies_rs256(&self, signature: &[u8], message: &[u8]) -> bool {
        let scheme = Pkcs1v15Sign::new::<Sha256>();
        let hash = Sha256::digest(message);
        self.verify(scheme, &hash, signature).is_ok()
    }

    fn verifies_ps256(&self, signature: &[u8], message: &[u8]) -> bool {
        let scheme = Pss::new::<Sha256>();
        let hash = Sha256::digest(message);
        self.verify(scheme, &hash, signature).is_ok()
    }

    fn verifies_rs384(&self, signature: &[u8], message: &[u8]) -> bool {
        let scheme = Pkcs1v15Sign::new::<Sha384>();
        let hash = Sha384::digest(message);
        self.verify(scheme, &hash, signature).is_ok()
    }

    fn verifies_ps384(&self, signature: &[u8], message: &[u8]) -> bool {
        let scheme = Pss::new::<Sha384>();
        let hash = Sha384::digest(message);
        self.verify(scheme, &hash, signature).is_ok()
    }

    fn verifies_rs512(&self, signature: &[u8], message: &[u8]) -> bool {
        let scheme = Pkcs1v15Sign::new::<Sha512>();
        let hash = Sha512::digest(message);
        self.verify(scheme, &hash, signature).is_ok()
    }

    fn verifies_ps512(&self, signature: &[u8], message: &[u8]) -> bool {
        let scheme = Pss::new::<Sha512>();
        let hash = Sha512::digest(message);
        self.verify(scheme, &hash, signature).is_ok()
    }

    fn from_pkcs1_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized,
    {
        <Self as rsa::pkcs1::DecodeRsaPublicKey>::from_pkcs1_der(der).ok()
    }

    fn from_spki_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized,
    {
        Self::from_public_key_der(der).ok()
    }
}

impl SigningKey for RsaPrivateKey {
    fn sign_rs256(&self, message: &[u8]) -> Vec<u8> {
        let scheme = Pkcs1v15Sign::new::<Sha256>();
        let hash = Sha256::digest(message);
        self.sign_with_rng(&mut rand::rng(), scheme, &hash)
            .expect("RSA signing should not fail")
    }

    fn sign_ps256(&self, message: &[u8]) -> Vec<u8> {
        let scheme = Pss::new::<Sha256>();
        let hash = Sha256::digest(message);
        self.sign_with_rng(&mut rand::rng(), scheme, &hash)
            .expect("RSA signing should not fail")
    }

    fn sign_rs384(&self, message: &[u8]) -> Vec<u8> {
        let scheme = Pkcs1v15Sign::new::<Sha384>();
        let hash = Sha384::digest(message);
        self.sign_with_rng(&mut rand::rng(), scheme, &hash)
            .expect("RSA signing should not fail")
    }

    fn sign_ps384(&self, message: &[u8]) -> Vec<u8> {
        let scheme = Pss::new::<Sha384>();
        let hash = Sha384::digest(message);
        self.sign_with_rng(&mut rand::rng(), scheme, &hash)
            .expect("RSA signing should not fail")
    }

    fn sign_rs512(&self, message: &[u8]) -> Vec<u8> {
        let scheme = Pkcs1v15Sign::new::<Sha512>();
        let hash = Sha512::digest(message);
        self.sign_with_rng(&mut rand::rng(), scheme, &hash)
            .expect("RSA signing should not fail")
    }

    fn sign_ps512(&self, message: &[u8]) -> Vec<u8> {
        let scheme = Pss::new::<Sha512>();
        let hash = Sha512::digest(message);
        self.sign_with_rng(&mut rand::rng(), scheme, &hash)
            .expect("RSA signing should not fail")
    }

    fn from_pkcs1_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized,
    {
        <Self as rsa::pkcs1::DecodeRsaPrivateKey>::from_pkcs1_der(der).ok()
    }

    fn from_pkcs8_der(der: &[u8]) -> Option<Self>
    where
        Self: Sized,
    {
        <Self as pkcs8::DecodePrivateKey>::from_pkcs8_der(der).ok()
    }

    fn verifying_key(&self) -> Box<dyn VerifyingKey> {
        Box::new(self.to_public_key())
    }
}

impl SignatureSchemeExt for Pkcs1v15Sign {
    fn new<D: 'static + Digest + DynDigest + FixedOutput + AssociatedOid + Send + Sync>() -> Self {
        Self::new::<D>()
    }
}
impl SignatureSchemeExt for Pss {
    fn new<D: 'static + Digest + DynDigest + FixedOutput + AssociatedOid + Send + Sync>() -> Self {
        Self::new::<D>()
    }
}