| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.16.20/src/rsa/verification.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>verification.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../ring/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../ring/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| <span id="99">99</span> |
| <span id="100">100</span> |
| <span id="101">101</span> |
| <span id="102">102</span> |
| <span id="103">103</span> |
| <span id="104">104</span> |
| <span id="105">105</span> |
| <span id="106">106</span> |
| <span id="107">107</span> |
| <span id="108">108</span> |
| <span id="109">109</span> |
| <span id="110">110</span> |
| <span id="111">111</span> |
| <span id="112">112</span> |
| <span id="113">113</span> |
| <span id="114">114</span> |
| <span id="115">115</span> |
| <span id="116">116</span> |
| <span id="117">117</span> |
| <span id="118">118</span> |
| <span id="119">119</span> |
| <span id="120">120</span> |
| <span id="121">121</span> |
| <span id="122">122</span> |
| <span id="123">123</span> |
| <span id="124">124</span> |
| <span id="125">125</span> |
| <span id="126">126</span> |
| <span id="127">127</span> |
| <span id="128">128</span> |
| <span id="129">129</span> |
| <span id="130">130</span> |
| <span id="131">131</span> |
| <span id="132">132</span> |
| <span id="133">133</span> |
| <span id="134">134</span> |
| <span id="135">135</span> |
| <span id="136">136</span> |
| <span id="137">137</span> |
| <span id="138">138</span> |
| <span id="139">139</span> |
| <span id="140">140</span> |
| <span id="141">141</span> |
| <span id="142">142</span> |
| <span id="143">143</span> |
| <span id="144">144</span> |
| <span id="145">145</span> |
| <span id="146">146</span> |
| <span id="147">147</span> |
| <span id="148">148</span> |
| <span id="149">149</span> |
| <span id="150">150</span> |
| <span id="151">151</span> |
| <span id="152">152</span> |
| <span id="153">153</span> |
| <span id="154">154</span> |
| <span id="155">155</span> |
| <span id="156">156</span> |
| <span id="157">157</span> |
| <span id="158">158</span> |
| <span id="159">159</span> |
| <span id="160">160</span> |
| <span id="161">161</span> |
| <span id="162">162</span> |
| <span id="163">163</span> |
| <span id="164">164</span> |
| <span id="165">165</span> |
| <span id="166">166</span> |
| <span id="167">167</span> |
| <span id="168">168</span> |
| <span id="169">169</span> |
| <span id="170">170</span> |
| <span id="171">171</span> |
| <span id="172">172</span> |
| <span id="173">173</span> |
| <span id="174">174</span> |
| <span id="175">175</span> |
| <span id="176">176</span> |
| <span id="177">177</span> |
| <span id="178">178</span> |
| <span id="179">179</span> |
| <span id="180">180</span> |
| <span id="181">181</span> |
| <span id="182">182</span> |
| <span id="183">183</span> |
| <span id="184">184</span> |
| <span id="185">185</span> |
| <span id="186">186</span> |
| <span id="187">187</span> |
| <span id="188">188</span> |
| <span id="189">189</span> |
| <span id="190">190</span> |
| <span id="191">191</span> |
| <span id="192">192</span> |
| <span id="193">193</span> |
| <span id="194">194</span> |
| <span id="195">195</span> |
| <span id="196">196</span> |
| <span id="197">197</span> |
| <span id="198">198</span> |
| <span id="199">199</span> |
| <span id="200">200</span> |
| <span id="201">201</span> |
| <span id="202">202</span> |
| <span id="203">203</span> |
| <span id="204">204</span> |
| <span id="205">205</span> |
| <span id="206">206</span> |
| <span id="207">207</span> |
| <span id="208">208</span> |
| <span id="209">209</span> |
| <span id="210">210</span> |
| <span id="211">211</span> |
| <span id="212">212</span> |
| <span id="213">213</span> |
| <span id="214">214</span> |
| <span id="215">215</span> |
| <span id="216">216</span> |
| <span id="217">217</span> |
| <span id="218">218</span> |
| <span id="219">219</span> |
| <span id="220">220</span> |
| <span id="221">221</span> |
| <span id="222">222</span> |
| <span id="223">223</span> |
| <span id="224">224</span> |
| <span id="225">225</span> |
| <span id="226">226</span> |
| <span id="227">227</span> |
| <span id="228">228</span> |
| <span id="229">229</span> |
| <span id="230">230</span> |
| <span id="231">231</span> |
| <span id="232">232</span> |
| <span id="233">233</span> |
| <span id="234">234</span> |
| <span id="235">235</span> |
| <span id="236">236</span> |
| <span id="237">237</span> |
| <span id="238">238</span> |
| <span id="239">239</span> |
| <span id="240">240</span> |
| <span id="241">241</span> |
| <span id="242">242</span> |
| <span id="243">243</span> |
| <span id="244">244</span> |
| <span id="245">245</span> |
| <span id="246">246</span> |
| <span id="247">247</span> |
| <span id="248">248</span> |
| <span id="249">249</span> |
| <span id="250">250</span> |
| <span id="251">251</span> |
| <span id="252">252</span> |
| <span id="253">253</span> |
| <span id="254">254</span> |
| <span id="255">255</span> |
| <span id="256">256</span> |
| <span id="257">257</span> |
| <span id="258">258</span> |
| <span id="259">259</span> |
| <span id="260">260</span> |
| <span id="261">261</span> |
| <span id="262">262</span> |
| <span id="263">263</span> |
| <span id="264">264</span> |
| <span id="265">265</span> |
| <span id="266">266</span> |
| <span id="267">267</span> |
| <span id="268">268</span> |
| <span id="269">269</span> |
| <span id="270">270</span> |
| <span id="271">271</span> |
| <span id="272">272</span> |
| <span id="273">273</span> |
| <span id="274">274</span> |
| <span id="275">275</span> |
| <span id="276">276</span> |
| <span id="277">277</span> |
| <span id="278">278</span> |
| <span id="279">279</span> |
| <span id="280">280</span> |
| <span id="281">281</span> |
| <span id="282">282</span> |
| <span id="283">283</span> |
| <span id="284">284</span> |
| <span id="285">285</span> |
| <span id="286">286</span> |
| <span id="287">287</span> |
| <span id="288">288</span> |
| <span id="289">289</span> |
| <span id="290">290</span> |
| <span id="291">291</span> |
| <span id="292">292</span> |
| <span id="293">293</span> |
| <span id="294">294</span> |
| <span id="295">295</span> |
| <span id="296">296</span> |
| <span id="297">297</span> |
| <span id="298">298</span> |
| <span id="299">299</span> |
| <span id="300">300</span> |
| <span id="301">301</span> |
| <span id="302">302</span> |
| <span id="303">303</span> |
| <span id="304">304</span> |
| <span id="305">305</span> |
| <span id="306">306</span> |
| <span id="307">307</span> |
| <span id="308">308</span> |
| <span id="309">309</span> |
| <span id="310">310</span> |
| <span id="311">311</span> |
| <span id="312">312</span> |
| <span id="313">313</span> |
| <span id="314">314</span> |
| <span id="315">315</span> |
| <span id="316">316</span> |
| <span id="317">317</span> |
| <span id="318">318</span> |
| <span id="319">319</span> |
| <span id="320">320</span> |
| <span id="321">321</span> |
| <span id="322">322</span> |
| <span id="323">323</span> |
| <span id="324">324</span> |
| <span id="325">325</span> |
| <span id="326">326</span> |
| <span id="327">327</span> |
| <span id="328">328</span> |
| <span id="329">329</span> |
| <span id="330">330</span> |
| <span id="331">331</span> |
| <span id="332">332</span> |
| <span id="333">333</span> |
| <span id="334">334</span> |
| <span id="335">335</span> |
| <span id="336">336</span> |
| <span id="337">337</span> |
| </pre><pre class="rust"><code><span class="comment">// Copyright 2015-2016 Brian Smith. |
| // |
| // Permission to use, copy, modify, and/or distribute this software for any |
| // purpose with or without fee is hereby granted, provided that the above |
| // copyright notice and this permission notice appear in all copies. |
| // |
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
| // SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| |
| </span><span class="doccomment">//! Verification of RSA signatures. |
| |
| </span><span class="kw">use super</span>::{parse_public_key, RsaParameters, N, PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN}; |
| <span class="kw">use crate</span>::{ |
| arithmetic::{bigint, montgomery::Unencoded}, |
| bits, cpu, digest, error, |
| limb::LIMB_BYTES, |
| sealed, signature, |
| }; |
| |
| <span class="attribute">#[derive(Debug)] |
| </span><span class="kw">pub struct </span>Key { |
| <span class="kw">pub </span>n: bigint::Modulus<N>, |
| <span class="kw">pub </span>e: bigint::PublicExponent, |
| <span class="kw">pub </span>n_bits: bits::BitLength, |
| } |
| |
| <span class="kw">impl </span>Key { |
| <span class="kw">pub fn </span>from_modulus_and_exponent( |
| n: untrusted::Input, |
| e: untrusted::Input, |
| n_min_bits: bits::BitLength, |
| n_max_bits: bits::BitLength, |
| e_min_value: u64, |
| ) -> <span class="prelude-ty">Result</span><<span class="self">Self</span>, error::KeyRejected> { |
| <span class="comment">// This is an incomplete implementation of NIST SP800-56Br1 Section |
| // 6.4.2.2, "Partial Public-Key Validation for RSA." That spec defers |
| // to NIST SP800-89 Section 5.3.3, "(Explicit) Partial Public Key |
| // Validation for RSA," "with the caveat that the length of the modulus |
| // shall be a length that is specified in this Recommendation." In |
| // SP800-89, two different sets of steps are given, one set numbered, |
| // and one set lettered. TODO: Document this in the end-user |
| // documentation for RSA keys. |
| |
| // Step 3 / Step c for `n` (out of order). |
| </span><span class="kw">let </span>(n, n_bits) = bigint::Modulus::from_be_bytes_with_bit_length(n)<span class="question-mark">?</span>; |
| |
| <span class="comment">// `pkcs1_encode` depends on this not being small. Otherwise, |
| // `pkcs1_encode` would generate padding that is invalid (too few 0xFF |
| // bytes) for very small keys. |
| </span><span class="kw">const </span>N_MIN_BITS: bits::BitLength = bits::BitLength::from_usize_bits(<span class="number">1024</span>); |
| |
| <span class="comment">// Step 1 / Step a. XXX: SP800-56Br1 and SP800-89 require the length of |
| // the public modulus to be exactly 2048 or 3072 bits, but we are more |
| // flexible to be compatible with other commonly-used crypto libraries. |
| </span><span class="macro">assert!</span>(n_min_bits >= N_MIN_BITS); |
| <span class="kw">let </span>n_bits_rounded_up = |
| bits::BitLength::from_usize_bytes(n_bits.as_usize_bytes_rounded_up()) |
| .map_err(|error::Unspecified| error::KeyRejected::unexpected_error())<span class="question-mark">?</span>; |
| <span class="kw">if </span>n_bits_rounded_up < n_min_bits { |
| <span class="kw">return </span><span class="prelude-val">Err</span>(error::KeyRejected::too_small()); |
| } |
| <span class="kw">if </span>n_bits > n_max_bits { |
| <span class="kw">return </span><span class="prelude-val">Err</span>(error::KeyRejected::too_large()); |
| } |
| |
| <span class="comment">// Step 2 / Step b. |
| // Step 3 / Step c for `e`. |
| </span><span class="kw">let </span>e = bigint::PublicExponent::from_be_bytes(e, e_min_value)<span class="question-mark">?</span>; |
| |
| <span class="comment">// If `n` is less than `e` then somebody has probably accidentally swapped |
| // them. The largest acceptable `e` is smaller than the smallest acceptable |
| // `n`, so no additional checks need to be done. |
| |
| // XXX: Steps 4 & 5 / Steps d, e, & f are not implemented. This is also the |
| // case in most other commonly-used crypto libraries. |
| |
| </span><span class="prelude-val">Ok</span>(<span class="self">Self </span>{ n, e, n_bits }) |
| } |
| } |
| |
| <span class="kw">impl </span>signature::VerificationAlgorithm <span class="kw">for </span>RsaParameters { |
| <span class="kw">fn </span>verify( |
| <span class="kw-2">&</span><span class="self">self</span>, |
| public_key: untrusted::Input, |
| msg: untrusted::Input, |
| signature: untrusted::Input, |
| ) -> <span class="prelude-ty">Result</span><(), error::Unspecified> { |
| <span class="kw">let </span>(n, e) = parse_public_key(public_key)<span class="question-mark">?</span>; |
| verify_rsa_( |
| <span class="self">self</span>, |
| ( |
| n.big_endian_without_leading_zero_as_input(), |
| e.big_endian_without_leading_zero_as_input(), |
| ), |
| msg, |
| signature, |
| ) |
| } |
| } |
| |
| <span class="kw">impl </span>sealed::Sealed <span class="kw">for </span>RsaParameters {} |
| |
| <span class="macro">macro_rules! </span>rsa_params { |
| ( <span class="macro-nonterminal">$VERIFY_ALGORITHM</span>:ident, <span class="macro-nonterminal">$min_bits</span>:expr, <span class="macro-nonterminal">$PADDING_ALGORITHM</span>:expr, |
| <span class="macro-nonterminal">$doc_str</span>:expr ) => { |
| <span class="attribute">#[doc=<span class="macro-nonterminal">$doc_str</span>] |
| </span><span class="doccomment">/// |
| /// Only available in `alloc` mode. |
| </span><span class="kw">pub static </span><span class="macro-nonterminal">$VERIFY_ALGORITHM</span>: RsaParameters = RsaParameters { |
| padding_alg: <span class="macro-nonterminal">$PADDING_ALGORITHM</span>, |
| min_bits: bits::BitLength::from_usize_bits(<span class="macro-nonterminal">$min_bits</span>), |
| }; |
| }; |
| } |
| |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY, |
| <span class="number">1024</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::padding::RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY, |
| <span class="string">"Verification of signatures using RSA keys of 1024-8192 bits, |
| PKCS#1.5 padding, and SHA-1.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_2048_8192_SHA1_FOR_LEGACY_USE_ONLY, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::padding::RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PKCS#1.5 padding, and SHA-1.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY, |
| <span class="number">1024</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PKCS1_SHA256, |
| <span class="string">"Verification of signatures using RSA keys of 1024-8192 bits, |
| PKCS#1.5 padding, and SHA-256.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_2048_8192_SHA256, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PKCS1_SHA256, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PKCS#1.5 padding, and SHA-256.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_2048_8192_SHA384, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PKCS1_SHA384, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PKCS#1.5 padding, and SHA-384.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_2048_8192_SHA512, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PKCS1_SHA512, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PKCS#1.5 padding, and SHA-512.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_1024_8192_SHA512_FOR_LEGACY_USE_ONLY, |
| <span class="number">1024</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PKCS1_SHA512, |
| <span class="string">"Verification of signatures using RSA keys of 1024-8192 bits, |
| PKCS#1.5 padding, and SHA-512.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PKCS1_3072_8192_SHA384, |
| <span class="number">3072</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PKCS1_SHA384, |
| <span class="string">"Verification of signatures using RSA keys of 3072-8192 bits, |
| PKCS#1.5 padding, and SHA-384.\n\nSee \"`RSA_PKCS1_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| |
| <span class="macro">rsa_params!</span>( |
| RSA_PSS_2048_8192_SHA256, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PSS_SHA256, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PSS padding, and SHA-256.\n\nSee \"`RSA_PSS_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PSS_2048_8192_SHA384, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PSS_SHA384, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PSS padding, and SHA-384.\n\nSee \"`RSA_PSS_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| <span class="macro">rsa_params!</span>( |
| RSA_PSS_2048_8192_SHA512, |
| <span class="number">2048</span>, |
| <span class="kw-2">&</span><span class="kw">super</span>::RSA_PSS_SHA512, |
| <span class="string">"Verification of signatures using RSA keys of 2048-8192 bits, |
| PSS padding, and SHA-512.\n\nSee \"`RSA_PSS_*` Details\" in |
| `ring::signature`'s module-level documentation for more details." |
| </span>); |
| |
| <span class="doccomment">/// Low-level API for the verification of RSA signatures. |
| /// |
| /// When the public key is in DER-encoded PKCS#1 ASN.1 format, it is |
| /// recommended to use `ring::signature::verify()` with |
| /// `ring::signature::RSA_PKCS1_*`, because `ring::signature::verify()` |
| /// will handle the parsing in that case. Otherwise, this function can be used |
| /// to pass in the raw bytes for the public key components as |
| /// `untrusted::Input` arguments. |
| </span><span class="comment">// |
| // There are a small number of tests that test this directly, but the |
| // test coverage for this function mostly depends on the test coverage for the |
| // `signature::VerificationAlgorithm` implementation for `RsaParameters`. If we |
| // change that, test coverage for `verify_rsa()` will need to be reconsidered. |
| // (The NIST test vectors were originally in a form that was optimized for |
| // testing `verify_rsa` directly, but the testing work for RSA PKCS#1 |
| // verification was done during the implementation of |
| // `signature::VerificationAlgorithm`, before `verify_rsa` was factored out). |
| </span><span class="attribute">#[derive(Debug)] |
| </span><span class="kw">pub struct </span>RsaPublicKeyComponents<B: AsRef<[u8]> + core::fmt::Debug> { |
| <span class="doccomment">/// The public modulus, encoded in big-endian bytes without leading zeros. |
| </span><span class="kw">pub </span>n: B, |
| |
| <span class="doccomment">/// The public exponent, encoded in big-endian bytes without leading zeros. |
| </span><span class="kw">pub </span>e: B, |
| } |
| |
| <span class="kw">impl</span><B: Copy> Copy <span class="kw">for </span>RsaPublicKeyComponents<B> <span class="kw">where </span>B: AsRef<[u8]> + core::fmt::Debug {} |
| |
| <span class="kw">impl</span><B: Clone> Clone <span class="kw">for </span>RsaPublicKeyComponents<B> |
| <span class="kw">where |
| </span>B: AsRef<[u8]> + core::fmt::Debug, |
| { |
| <span class="kw">fn </span>clone(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="self">Self </span>{ |
| <span class="self">Self </span>{ |
| n: <span class="self">self</span>.n.clone(), |
| e: <span class="self">self</span>.e.clone(), |
| } |
| } |
| } |
| |
| <span class="kw">impl</span><B> RsaPublicKeyComponents<B> |
| <span class="kw">where |
| </span>B: AsRef<[u8]> + core::fmt::Debug, |
| { |
| <span class="doccomment">/// Verifies that `signature` is a valid signature of `message` using `self` |
| /// as the public key. `params` determine what algorithm parameters |
| /// (padding, digest algorithm, key length range, etc.) are used in the |
| /// verification. |
| </span><span class="kw">pub fn </span>verify( |
| <span class="kw-2">&</span><span class="self">self</span>, |
| params: <span class="kw-2">&</span>RsaParameters, |
| message: <span class="kw-2">&</span>[u8], |
| signature: <span class="kw-2">&</span>[u8], |
| ) -> <span class="prelude-ty">Result</span><(), error::Unspecified> { |
| <span class="kw">let _ </span>= cpu::features(); |
| verify_rsa_( |
| params, |
| ( |
| untrusted::Input::from(<span class="self">self</span>.n.as_ref()), |
| untrusted::Input::from(<span class="self">self</span>.e.as_ref()), |
| ), |
| untrusted::Input::from(message), |
| untrusted::Input::from(signature), |
| ) |
| } |
| } |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>verify_rsa_( |
| params: <span class="kw-2">&</span>RsaParameters, |
| (n, e): (untrusted::Input, untrusted::Input), |
| msg: untrusted::Input, |
| signature: untrusted::Input, |
| ) -> <span class="prelude-ty">Result</span><(), error::Unspecified> { |
| <span class="kw">let </span>max_bits = bits::BitLength::from_usize_bytes(PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN)<span class="question-mark">?</span>; |
| |
| <span class="comment">// XXX: FIPS 186-4 seems to indicate that the minimum |
| // exponent value is 2**16 + 1, but it isn't clear if this is just for |
| // signing or also for verification. We support exponents of 3 and larger |
| // for compatibility with other commonly-used crypto libraries. |
| </span><span class="kw">let </span>Key { n, e, n_bits } = Key::from_modulus_and_exponent(n, e, params.min_bits, max_bits, <span class="number">3</span>)<span class="question-mark">?</span>; |
| |
| <span class="comment">// The signature must be the same length as the modulus, in bytes. |
| </span><span class="kw">if </span>signature.len() != n_bits.as_usize_bytes_rounded_up() { |
| <span class="kw">return </span><span class="prelude-val">Err</span>(error::Unspecified); |
| } |
| |
| <span class="comment">// RFC 8017 Section 5.2.2: RSAVP1. |
| |
| // Step 1. |
| </span><span class="kw">let </span>s = bigint::Elem::from_be_bytes_padded(signature, <span class="kw-2">&</span>n)<span class="question-mark">?</span>; |
| <span class="kw">if </span>s.is_zero() { |
| <span class="kw">return </span><span class="prelude-val">Err</span>(error::Unspecified); |
| } |
| |
| <span class="comment">// Step 2. |
| </span><span class="kw">let </span>m = bigint::elem_exp_vartime(s, e, <span class="kw-2">&</span>n); |
| <span class="kw">let </span>m = m.into_unencoded(<span class="kw-2">&</span>n); |
| |
| <span class="comment">// Step 3. |
| </span><span class="kw">let </span><span class="kw-2">mut </span>decoded = [<span class="number">0u8</span>; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN]; |
| <span class="kw">let </span>decoded = fill_be_bytes_n(m, n_bits, <span class="kw-2">&mut </span>decoded); |
| |
| <span class="comment">// Verify the padded message is correct. |
| </span><span class="kw">let </span>m_hash = digest::digest(params.padding_alg.digest_alg(), msg.as_slice_less_safe()); |
| untrusted::Input::from(decoded).read_all(error::Unspecified, |m| { |
| params.padding_alg.verify(<span class="kw-2">&</span>m_hash, m, n_bits) |
| }) |
| } |
| |
| <span class="doccomment">/// Returns the big-endian representation of `elem` that is |
| /// the same length as the minimal-length big-endian representation of |
| /// the modulus `n`. |
| /// |
| /// `n_bits` must be the bit length of the public modulus `n`. |
| </span><span class="kw">fn </span>fill_be_bytes_n( |
| elem: bigint::Elem<N, Unencoded>, |
| n_bits: bits::BitLength, |
| out: <span class="kw-2">&mut </span>[u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN], |
| ) -> <span class="kw-2">&</span>[u8] { |
| <span class="kw">let </span>n_bytes = n_bits.as_usize_bytes_rounded_up(); |
| <span class="kw">let </span>n_bytes_padded = ((n_bytes + (LIMB_BYTES - <span class="number">1</span>)) / LIMB_BYTES) * LIMB_BYTES; |
| <span class="kw">let </span>out = <span class="kw-2">&mut </span>out[..n_bytes_padded]; |
| elem.fill_be_bytes(out); |
| <span class="kw">let </span>(padding, out) = out.split_at(n_bytes_padded - n_bytes); |
| <span class="macro">assert!</span>(padding.iter().all(|<span class="kw-2">&</span>b| b == <span class="number">0</span>)); |
| out |
| } |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="ring" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |