x509_verify/verify/
rsa.rs1use crate::{Error, Signature};
4use const_oid::{db::rfc5912::RSA_ENCRYPTION, AssociatedOid};
5use der::{asn1::ObjectIdentifier, Encode};
6use rsa::RsaPublicKey;
7use spki::{DecodePublicKey, SubjectPublicKeyInfoRef};
8
9#[cfg(any(feature = "md2", feature = "md5", feature = "sha1", feature = "sha2"))]
10use rsa::Pkcs1v15Sign;
11
12#[cfg(any(feature = "sha1", feature = "sha2"))]
13use ::signature::digest::Digest;
14
15#[cfg(feature = "md2")]
16use md2::Md2;
17
18#[cfg(feature = "md2")]
19use const_oid::db::rfc5912::MD_2_WITH_RSA_ENCRYPTION;
20
21#[cfg(feature = "md5")]
22use md5::Md5;
23
24#[cfg(feature = "md5")]
25use const_oid::db::rfc5912::MD_5_WITH_RSA_ENCRYPTION;
26
27#[cfg(feature = "sha1")]
28use sha1::Sha1;
29
30#[cfg(feature = "sha1")]
31use const_oid::db::rfc5912::SHA_1_WITH_RSA_ENCRYPTION;
32
33#[cfg(feature = "sha2")]
34use sha2::{Sha224, Sha256, Sha384, Sha512};
35
36#[cfg(feature = "sha2")]
37use const_oid::db::rfc5912::SHA_224_WITH_RSA_ENCRYPTION;
38
39#[cfg(feature = "sha2")]
40use const_oid::db::rfc5912::SHA_256_WITH_RSA_ENCRYPTION;
41
42#[cfg(feature = "sha2")]
43use const_oid::db::rfc5912::SHA_384_WITH_RSA_ENCRYPTION;
44
45#[cfg(feature = "sha2")]
46use const_oid::db::rfc5912::SHA_512_WITH_RSA_ENCRYPTION;
47
48#[allow(dead_code)]
49#[derive(Clone, Debug)]
50pub struct RsaVerifyingKey {
51 key: RsaPublicKey,
52}
53
54impl AssociatedOid for RsaVerifyingKey {
55 const OID: ObjectIdentifier = RSA_ENCRYPTION;
56}
57
58impl TryFrom<SubjectPublicKeyInfoRef<'_>> for RsaVerifyingKey {
59 type Error = Error;
60
61 fn try_from(other: SubjectPublicKeyInfoRef<'_>) -> Result<Self, Self::Error> {
62 Ok(Self {
63 key: RsaPublicKey::from_public_key_der(&other.to_der().or(Err(Error::Encode))?)
64 .or(Err(Error::InvalidKey))?,
65 })
66 }
67}
68
69impl RsaVerifyingKey {
70 #[allow(unused_variables)]
71 pub fn verify<S>(&self, msg: &[u8], signature: &Signature<'_, S>) -> Result<(), Error>
72 where
73 S: AsRef<[u8]>,
74 {
75 match signature.oid() {
76 #[cfg(feature = "md2")]
77 &MD_2_WITH_RSA_ENCRYPTION => self
78 .key
79 .verify(
80 Pkcs1v15Sign::new::<Md2>(),
81 &Md2::digest(msg),
82 signature.data(),
83 )
84 .or(Err(Error::Verification)),
85
86 #[cfg(feature = "md5")]
87 &MD_5_WITH_RSA_ENCRYPTION => self
88 .key
89 .verify(
90 Pkcs1v15Sign::new::<Md5>(),
91 &Md5::digest(msg),
92 signature.data(),
93 )
94 .or(Err(Error::Verification)),
95
96 #[cfg(feature = "sha1")]
97 &SHA_1_WITH_RSA_ENCRYPTION => self
98 .key
99 .verify(
100 Pkcs1v15Sign::new::<Sha1>(),
101 &Sha1::digest(msg),
102 signature.data(),
103 )
104 .or(Err(Error::Verification)),
105
106 #[cfg(feature = "sha2")]
107 &SHA_224_WITH_RSA_ENCRYPTION => self
108 .key
109 .verify(
110 Pkcs1v15Sign::new::<Sha224>(),
111 &Sha224::digest(msg),
112 signature.data(),
113 )
114 .or(Err(Error::Verification)),
115
116 #[cfg(feature = "sha2")]
117 &SHA_256_WITH_RSA_ENCRYPTION => self
118 .key
119 .verify(
120 Pkcs1v15Sign::new::<Sha256>(),
121 &Sha256::digest(msg),
122 signature.data(),
123 )
124 .or(Err(Error::Verification)),
125
126 #[cfg(feature = "sha2")]
127 &SHA_384_WITH_RSA_ENCRYPTION => self
128 .key
129 .verify(
130 Pkcs1v15Sign::new::<Sha384>(),
131 &Sha384::digest(msg),
132 signature.data(),
133 )
134 .or(Err(Error::Verification)),
135
136 #[cfg(feature = "sha2")]
137 &SHA_512_WITH_RSA_ENCRYPTION => self
138 .key
139 .verify(
140 Pkcs1v15Sign::new::<Sha512>(),
141 &Sha512::digest(msg),
142 signature.data(),
143 )
144 .or(Err(Error::Verification)),
145
146 oid => Err(Error::UnknownOid(*oid)),
147 }
148 }
149}