| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.16.20/src/signature.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>signature.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../ring/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../ring/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| <span id="99">99</span> |
| <span id="100">100</span> |
| <span id="101">101</span> |
| <span id="102">102</span> |
| <span id="103">103</span> |
| <span id="104">104</span> |
| <span id="105">105</span> |
| <span id="106">106</span> |
| <span id="107">107</span> |
| <span id="108">108</span> |
| <span id="109">109</span> |
| <span id="110">110</span> |
| <span id="111">111</span> |
| <span id="112">112</span> |
| <span id="113">113</span> |
| <span id="114">114</span> |
| <span id="115">115</span> |
| <span id="116">116</span> |
| <span id="117">117</span> |
| <span id="118">118</span> |
| <span id="119">119</span> |
| <span id="120">120</span> |
| <span id="121">121</span> |
| <span id="122">122</span> |
| <span id="123">123</span> |
| <span id="124">124</span> |
| <span id="125">125</span> |
| <span id="126">126</span> |
| <span id="127">127</span> |
| <span id="128">128</span> |
| <span id="129">129</span> |
| <span id="130">130</span> |
| <span id="131">131</span> |
| <span id="132">132</span> |
| <span id="133">133</span> |
| <span id="134">134</span> |
| <span id="135">135</span> |
| <span id="136">136</span> |
| <span id="137">137</span> |
| <span id="138">138</span> |
| <span id="139">139</span> |
| <span id="140">140</span> |
| <span id="141">141</span> |
| <span id="142">142</span> |
| <span id="143">143</span> |
| <span id="144">144</span> |
| <span id="145">145</span> |
| <span id="146">146</span> |
| <span id="147">147</span> |
| <span id="148">148</span> |
| <span id="149">149</span> |
| <span id="150">150</span> |
| <span id="151">151</span> |
| <span id="152">152</span> |
| <span id="153">153</span> |
| <span id="154">154</span> |
| <span id="155">155</span> |
| <span id="156">156</span> |
| <span id="157">157</span> |
| <span id="158">158</span> |
| <span id="159">159</span> |
| <span id="160">160</span> |
| <span id="161">161</span> |
| <span id="162">162</span> |
| <span id="163">163</span> |
| <span id="164">164</span> |
| <span id="165">165</span> |
| <span id="166">166</span> |
| <span id="167">167</span> |
| <span id="168">168</span> |
| <span id="169">169</span> |
| <span id="170">170</span> |
| <span id="171">171</span> |
| <span id="172">172</span> |
| <span id="173">173</span> |
| <span id="174">174</span> |
| <span id="175">175</span> |
| <span id="176">176</span> |
| <span id="177">177</span> |
| <span id="178">178</span> |
| <span id="179">179</span> |
| <span id="180">180</span> |
| <span id="181">181</span> |
| <span id="182">182</span> |
| <span id="183">183</span> |
| <span id="184">184</span> |
| <span id="185">185</span> |
| <span id="186">186</span> |
| <span id="187">187</span> |
| <span id="188">188</span> |
| <span id="189">189</span> |
| <span id="190">190</span> |
| <span id="191">191</span> |
| <span id="192">192</span> |
| <span id="193">193</span> |
| <span id="194">194</span> |
| <span id="195">195</span> |
| <span id="196">196</span> |
| <span id="197">197</span> |
| <span id="198">198</span> |
| <span id="199">199</span> |
| <span id="200">200</span> |
| <span id="201">201</span> |
| <span id="202">202</span> |
| <span id="203">203</span> |
| <span id="204">204</span> |
| <span id="205">205</span> |
| <span id="206">206</span> |
| <span id="207">207</span> |
| <span id="208">208</span> |
| <span id="209">209</span> |
| <span id="210">210</span> |
| <span id="211">211</span> |
| <span id="212">212</span> |
| <span id="213">213</span> |
| <span id="214">214</span> |
| <span id="215">215</span> |
| <span id="216">216</span> |
| <span id="217">217</span> |
| <span id="218">218</span> |
| <span id="219">219</span> |
| <span id="220">220</span> |
| <span id="221">221</span> |
| <span id="222">222</span> |
| <span id="223">223</span> |
| <span id="224">224</span> |
| <span id="225">225</span> |
| <span id="226">226</span> |
| <span id="227">227</span> |
| <span id="228">228</span> |
| <span id="229">229</span> |
| <span id="230">230</span> |
| <span id="231">231</span> |
| <span id="232">232</span> |
| <span id="233">233</span> |
| <span id="234">234</span> |
| <span id="235">235</span> |
| <span id="236">236</span> |
| <span id="237">237</span> |
| <span id="238">238</span> |
| <span id="239">239</span> |
| <span id="240">240</span> |
| <span id="241">241</span> |
| <span id="242">242</span> |
| <span id="243">243</span> |
| <span id="244">244</span> |
| <span id="245">245</span> |
| <span id="246">246</span> |
| <span id="247">247</span> |
| <span id="248">248</span> |
| <span id="249">249</span> |
| <span id="250">250</span> |
| <span id="251">251</span> |
| <span id="252">252</span> |
| <span id="253">253</span> |
| <span id="254">254</span> |
| <span id="255">255</span> |
| <span id="256">256</span> |
| <span id="257">257</span> |
| <span id="258">258</span> |
| <span id="259">259</span> |
| <span id="260">260</span> |
| <span id="261">261</span> |
| <span id="262">262</span> |
| <span id="263">263</span> |
| <span id="264">264</span> |
| <span id="265">265</span> |
| <span id="266">266</span> |
| <span id="267">267</span> |
| <span id="268">268</span> |
| <span id="269">269</span> |
| <span id="270">270</span> |
| <span id="271">271</span> |
| <span id="272">272</span> |
| <span id="273">273</span> |
| <span id="274">274</span> |
| <span id="275">275</span> |
| <span id="276">276</span> |
| <span id="277">277</span> |
| <span id="278">278</span> |
| <span id="279">279</span> |
| <span id="280">280</span> |
| <span id="281">281</span> |
| <span id="282">282</span> |
| <span id="283">283</span> |
| <span id="284">284</span> |
| <span id="285">285</span> |
| <span id="286">286</span> |
| <span id="287">287</span> |
| <span id="288">288</span> |
| <span id="289">289</span> |
| <span id="290">290</span> |
| <span id="291">291</span> |
| <span id="292">292</span> |
| <span id="293">293</span> |
| <span id="294">294</span> |
| <span id="295">295</span> |
| <span id="296">296</span> |
| <span id="297">297</span> |
| <span id="298">298</span> |
| <span id="299">299</span> |
| <span id="300">300</span> |
| <span id="301">301</span> |
| <span id="302">302</span> |
| <span id="303">303</span> |
| <span id="304">304</span> |
| <span id="305">305</span> |
| <span id="306">306</span> |
| <span id="307">307</span> |
| <span id="308">308</span> |
| <span id="309">309</span> |
| <span id="310">310</span> |
| <span id="311">311</span> |
| <span id="312">312</span> |
| <span id="313">313</span> |
| <span id="314">314</span> |
| <span id="315">315</span> |
| <span id="316">316</span> |
| <span id="317">317</span> |
| <span id="318">318</span> |
| <span id="319">319</span> |
| <span id="320">320</span> |
| <span id="321">321</span> |
| <span id="322">322</span> |
| <span id="323">323</span> |
| <span id="324">324</span> |
| <span id="325">325</span> |
| <span id="326">326</span> |
| <span id="327">327</span> |
| <span id="328">328</span> |
| <span id="329">329</span> |
| <span id="330">330</span> |
| <span id="331">331</span> |
| <span id="332">332</span> |
| <span id="333">333</span> |
| <span id="334">334</span> |
| <span id="335">335</span> |
| <span id="336">336</span> |
| <span id="337">337</span> |
| <span id="338">338</span> |
| <span id="339">339</span> |
| <span id="340">340</span> |
| <span id="341">341</span> |
| <span id="342">342</span> |
| <span id="343">343</span> |
| <span id="344">344</span> |
| <span id="345">345</span> |
| <span id="346">346</span> |
| <span id="347">347</span> |
| <span id="348">348</span> |
| <span id="349">349</span> |
| <span id="350">350</span> |
| <span id="351">351</span> |
| <span id="352">352</span> |
| <span id="353">353</span> |
| <span id="354">354</span> |
| <span id="355">355</span> |
| <span id="356">356</span> |
| <span id="357">357</span> |
| <span id="358">358</span> |
| <span id="359">359</span> |
| <span id="360">360</span> |
| <span id="361">361</span> |
| <span id="362">362</span> |
| <span id="363">363</span> |
| <span id="364">364</span> |
| <span id="365">365</span> |
| <span id="366">366</span> |
| <span id="367">367</span> |
| <span id="368">368</span> |
| <span id="369">369</span> |
| <span id="370">370</span> |
| <span id="371">371</span> |
| <span id="372">372</span> |
| <span id="373">373</span> |
| <span id="374">374</span> |
| <span id="375">375</span> |
| <span id="376">376</span> |
| <span id="377">377</span> |
| <span id="378">378</span> |
| <span id="379">379</span> |
| <span id="380">380</span> |
| <span id="381">381</span> |
| <span id="382">382</span> |
| <span id="383">383</span> |
| <span id="384">384</span> |
| <span id="385">385</span> |
| <span id="386">386</span> |
| <span id="387">387</span> |
| <span id="388">388</span> |
| <span id="389">389</span> |
| <span id="390">390</span> |
| <span id="391">391</span> |
| <span id="392">392</span> |
| <span id="393">393</span> |
| <span id="394">394</span> |
| <span id="395">395</span> |
| <span id="396">396</span> |
| <span id="397">397</span> |
| <span id="398">398</span> |
| <span id="399">399</span> |
| <span id="400">400</span> |
| <span id="401">401</span> |
| <span id="402">402</span> |
| <span id="403">403</span> |
| <span id="404">404</span> |
| <span id="405">405</span> |
| <span id="406">406</span> |
| </pre><pre class="rust"><code><span class="comment">// Copyright 2015-2017 Brian Smith. |
| // |
| // Permission to use, copy, modify, and/or distribute this software for any |
| // purpose with or without fee is hereby granted, provided that the above |
| // copyright notice and this permission notice appear in all copies. |
| // |
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
| // SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| |
| </span><span class="doccomment">//! Public key signatures: signing and verification. |
| //! |
| //! Use the `verify` function to verify signatures, passing a reference to the |
| //! algorithm that identifies the algorithm. See the documentation for `verify` |
| //! for examples. |
| //! |
| //! For signature verification, this API treats each combination of parameters |
| //! as a separate algorithm. For example, instead of having a single "RSA" |
| //! algorithm with a verification function that takes a bunch of parameters, |
| //! there are `RSA_PKCS1_2048_8192_SHA256`, `RSA_PKCS1_2048_8192_SHA384`, etc., |
| //! which encode sets of parameter choices into objects. This is designed to |
| //! reduce the risks of algorithm agility and to provide consistency with ECDSA |
| //! and EdDSA. |
| //! |
| //! Currently this module does not support digesting the message to be signed |
| //! separately from the public key operation, as it is currently being |
| //! optimized for Ed25519 and for the implementation of protocols that do not |
| //! requiring signing large messages. An interface for efficiently supporting |
| //! larger messages may be added later. |
| //! |
| //! |
| //! # Algorithm Details |
| //! |
| //! ## `ECDSA_*_ASN1` Details: ASN.1-encoded ECDSA Signatures |
| //! |
| //! The signature is a ASN.1 DER-encoded `Ecdsa-Sig-Value` as described in |
| //! [RFC 3279 Section 2.2.3]. This is the form of ECDSA signature used in |
| //! X.509-related structures and in TLS's `ServerKeyExchange` messages. |
| //! |
| //! The public key is encoding in uncompressed form using the |
| //! Octet-String-to-Elliptic-Curve-Point algorithm in |
| //! [SEC 1: Elliptic Curve Cryptography, Version 2.0]. |
| //! |
| //! During verification, the public key is validated using the ECC Partial |
| //! Public-Key Validation Routine from Section 5.6.2.3.3 of |
| //! [NIST Special Publication 800-56A, revision 2] and Appendix A.3 of the |
| //! NSA's [Suite B implementer's guide to FIPS 186-3]. Note that, as explained |
| //! in the NSA guide, ECC Partial Public-Key Validation is equivalent to ECC |
| //! Full Public-Key Validation for prime-order curves like this one. |
| //! |
| //! ## `ECDSA_*_FIXED` Details: Fixed-length (PKCS#11-style) ECDSA Signatures |
| //! |
| //! The signature is *r*||*s*, where || denotes concatenation, and where both |
| //! *r* and *s* are both big-endian-encoded values that are left-padded to the |
| //! maximum length. A P-256 signature will be 64 bytes long (two 32-byte |
| //! components) and a P-384 signature will be 96 bytes long (two 48-byte |
| //! components). This is the form of ECDSA signature used PKCS#11 and DNSSEC. |
| //! |
| //! The public key is encoding in uncompressed form using the |
| //! Octet-String-to-Elliptic-Curve-Point algorithm in |
| //! [SEC 1: Elliptic Curve Cryptography, Version 2.0]. |
| //! |
| //! During verification, the public key is validated using the ECC Partial |
| //! Public-Key Validation Routine from Section 5.6.2.3.3 of |
| //! [NIST Special Publication 800-56A, revision 2] and Appendix A.3 of the |
| //! NSA's [Suite B implementer's guide to FIPS 186-3]. Note that, as explained |
| //! in the NSA guide, ECC Partial Public-Key Validation is equivalent to ECC |
| //! Full Public-Key Validation for prime-order curves like this one. |
| //! |
| //! ## `RSA_PKCS1_*` Details: RSA PKCS#1 1.5 Signatures |
| //! |
| //! The signature is an RSASSA-PKCS1-v1_5 signature as described in |
| //! [RFC 3447 Section 8.2]. |
| //! |
| //! The public key is encoded as an ASN.1 `RSAPublicKey` as described in |
| //! [RFC 3447 Appendix-A.1.1]. The public key modulus length, rounded *up* to |
| //! the nearest (larger) multiple of 8 bits, must be in the range given in the |
| //! name of the algorithm. The public exponent must be an odd integer of 2-33 |
| //! bits, inclusive. |
| //! |
| //! |
| //! ## `RSA_PSS_*` Details: RSA PSS Signatures |
| //! |
| //! The signature is an RSASSA-PSS signature as described in |
| //! [RFC 3447 Section 8.1]. |
| //! |
| //! The public key is encoded as an ASN.1 `RSAPublicKey` as described in |
| //! [RFC 3447 Appendix-A.1.1]. The public key modulus length, rounded *up* to |
| //! the nearest (larger) multiple of 8 bits, must be in the range given in the |
| //! name of the algorithm. The public exponent must be an odd integer of 2-33 |
| //! bits, inclusive. |
| //! |
| //! During verification, signatures will only be accepted if the MGF1 digest |
| //! algorithm is the same as the message digest algorithm and if the salt |
| //! length is the same length as the message digest. This matches the |
| //! requirements in TLS 1.3 and other recent specifications. |
| //! |
| //! During signing, the message digest algorithm will be used as the MGF1 |
| //! digest algorithm. The salt will be the same length as the message digest. |
| //! This matches the requirements in TLS 1.3 and other recent specifications. |
| //! Additionally, the entire salt is randomly generated separately for each |
| //! signature using the secure random number generator passed to `sign()`. |
| //! |
| //! |
| //! [SEC 1: Elliptic Curve Cryptography, Version 2.0]: |
| //! http://www.secg.org/sec1-v2.pdf |
| //! [NIST Special Publication 800-56A, revision 2]: |
| //! http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf |
| //! [Suite B implementer's guide to FIPS 186-3]: |
| //! https://github.com/briansmith/ring/blob/main/doc/ecdsa.pdf |
| //! [RFC 3279 Section 2.2.3]: |
| //! https://tools.ietf.org/html/rfc3279#section-2.2.3 |
| //! [RFC 3447 Section 8.2]: |
| //! https://tools.ietf.org/html/rfc3447#section-7.2 |
| //! [RFC 3447 Section 8.1]: |
| //! https://tools.ietf.org/html/rfc3447#section-8.1 |
| //! [RFC 3447 Appendix-A.1.1]: |
| //! https://tools.ietf.org/html/rfc3447#appendix-A.1.1 |
| //! |
| //! |
| //! # Examples |
| //! |
| //! ## Signing and verifying with Ed25519 |
| //! |
| //! ``` |
| //! use ring::{ |
| //! rand, |
| //! signature::{self, KeyPair}, |
| //! }; |
| //! |
| //! # fn main() -> Result<(), ring::error::Unspecified> { |
| //! // Generate a key pair in PKCS#8 (v2) format. |
| //! let rng = rand::SystemRandom::new(); |
| //! let pkcs8_bytes = signature::Ed25519KeyPair::generate_pkcs8(&rng)?; |
| //! |
| //! // Normally the application would store the PKCS#8 file persistently. Later |
| //! // it would read the PKCS#8 file from persistent storage to use it. |
| //! |
| //! let key_pair = signature::Ed25519KeyPair::from_pkcs8(pkcs8_bytes.as_ref())?; |
| //! |
| //! // Sign the message "hello, world". |
| //! const MESSAGE: &[u8] = b"hello, world"; |
| //! let sig = key_pair.sign(MESSAGE); |
| //! |
| //! // Normally an application would extract the bytes of the signature and |
| //! // send them in a protocol message to the peer(s). Here we just get the |
| //! // public key key directly from the key pair. |
| //! let peer_public_key_bytes = key_pair.public_key().as_ref(); |
| //! |
| //! // Verify the signature of the message using the public key. Normally the |
| //! // verifier of the message would parse the inputs to this code out of the |
| //! // protocol message(s) sent by the signer. |
| //! let peer_public_key = |
| //! signature::UnparsedPublicKey::new(&signature::ED25519, peer_public_key_bytes); |
| //! peer_public_key.verify(MESSAGE, sig.as_ref())?; |
| //! |
| //! # Ok(()) |
| //! # } |
| //! ``` |
| //! |
| //! ## Signing and verifying with RSA (PKCS#1 1.5 padding) |
| //! |
| //! By default OpenSSL writes RSA public keys in SubjectPublicKeyInfo format, |
| //! not RSAPublicKey format, and Base64-encodes them (“PEM” format). |
| //! |
| //! To convert the PEM SubjectPublicKeyInfo format (“BEGIN PUBLIC KEY”) to the |
| //! binary RSAPublicKey format needed by `verify()`, use: |
| //! |
| //! ```sh |
| //! openssl rsa -pubin \ |
| //! -in public_key.pem \ |
| //! -inform PEM \ |
| //! -RSAPublicKey_out \ |
| //! -outform DER \ |
| //! -out public_key.der |
| //! ``` |
| //! |
| //! To extract the RSAPublicKey-formatted public key from an ASN.1 (binary) |
| //! DER-encoded RSAPrivateKey format private key file, use: |
| //! |
| //! ```sh |
| //! openssl rsa -in private_key.der \ |
| //! -inform DER \ |
| //! -RSAPublicKey_out \ |
| //! -outform DER \ |
| //! -out public_key.der |
| //! ``` |
| //! |
| //! ``` |
| //! use ring::{rand, signature}; |
| //! |
| //! # #[cfg(feature = "std")] |
| //! fn sign_and_verify_rsa(private_key_path: &std::path::Path, |
| //! public_key_path: &std::path::Path) |
| //! -> Result<(), MyError> { |
| //! // Create an `RsaKeyPair` from the DER-encoded bytes. This example uses |
| //! // a 2048-bit key, but larger keys are also supported. |
| //! let private_key_der = read_file(private_key_path)?; |
| //! let key_pair = signature::RsaKeyPair::from_der(&private_key_der) |
| //! .map_err(|_| MyError::BadPrivateKey)?; |
| //! |
| //! // Sign the message "hello, world", using PKCS#1 v1.5 padding and the |
| //! // SHA256 digest algorithm. |
| //! const MESSAGE: &'static [u8] = b"hello, world"; |
| //! let rng = rand::SystemRandom::new(); |
| //! let mut signature = vec![0; key_pair.public_modulus_len()]; |
| //! key_pair.sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) |
| //! .map_err(|_| MyError::OOM)?; |
| //! |
| //! // Verify the signature. |
| //! let public_key = |
| //! signature::UnparsedPublicKey::new(&signature::RSA_PKCS1_2048_8192_SHA256, |
| //! read_file(public_key_path)?); |
| //! public_key.verify(MESSAGE, &signature) |
| //! .map_err(|_| MyError::BadSignature) |
| //! } |
| //! |
| //! #[derive(Debug)] |
| //! enum MyError { |
| //! # #[cfg(feature = "std")] |
| //! IO(std::io::Error), |
| //! BadPrivateKey, |
| //! OOM, |
| //! BadSignature, |
| //! } |
| //! |
| //! # #[cfg(feature = "std")] |
| //! fn read_file(path: &std::path::Path) -> Result<Vec<u8>, MyError> { |
| //! use std::io::Read; |
| //! |
| //! let mut file = std::fs::File::open(path).map_err(|e| MyError::IO(e))?; |
| //! let mut contents: Vec<u8> = Vec::new(); |
| //! file.read_to_end(&mut contents).map_err(|e| MyError::IO(e))?; |
| //! Ok(contents) |
| //! } |
| //! # |
| //! # #[cfg(not(feature = "std"))] |
| //! # fn sign_and_verify_rsa(_private_key_path: &std::path::Path, |
| //! # _public_key_path: &std::path::Path) |
| //! # -> Result<(), ()> { |
| //! # Ok(()) |
| //! # } |
| //! # |
| //! # fn main() { |
| //! # let private_key_path = |
| //! # std::path::Path::new("src/rsa/signature_rsa_example_private_key.der"); |
| //! # let public_key_path = |
| //! # std::path::Path::new("src/rsa/signature_rsa_example_public_key.der"); |
| //! # sign_and_verify_rsa(&private_key_path, &public_key_path).unwrap() |
| //! # } |
| //! ``` |
| |
| </span><span class="kw">use crate</span>::{cpu, ec, error, sealed}; |
| |
| <span class="kw">pub use </span><span class="kw">crate</span>::ec::{ |
| curve25519::ed25519::{ |
| signing::Ed25519KeyPair, |
| verification::{EdDSAParameters, ED25519}, |
| ED25519_PUBLIC_KEY_LEN, |
| }, |
| suite_b::ecdsa::{ |
| signing::{ |
| EcdsaKeyPair, EcdsaSigningAlgorithm, ECDSA_P256_SHA256_ASN1_SIGNING, |
| ECDSA_P256_SHA256_FIXED_SIGNING, ECDSA_P384_SHA384_ASN1_SIGNING, |
| ECDSA_P384_SHA384_FIXED_SIGNING, |
| }, |
| verification::{ |
| EcdsaVerificationAlgorithm, ECDSA_P256_SHA256_ASN1, ECDSA_P256_SHA256_FIXED, |
| ECDSA_P256_SHA384_ASN1, ECDSA_P384_SHA256_ASN1, ECDSA_P384_SHA384_ASN1, |
| ECDSA_P384_SHA384_FIXED, |
| }, |
| }, |
| }; |
| |
| <span class="attribute">#[cfg(feature = <span class="string">"alloc"</span>)] |
| </span><span class="kw">pub use </span><span class="kw">crate</span>::rsa::{ |
| signing::RsaKeyPair, |
| signing::RsaSubjectPublicKey, |
| |
| verification::{ |
| RsaPublicKeyComponents, RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY, |
| RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY, |
| RSA_PKCS1_1024_8192_SHA512_FOR_LEGACY_USE_ONLY, |
| RSA_PKCS1_2048_8192_SHA1_FOR_LEGACY_USE_ONLY, RSA_PKCS1_2048_8192_SHA256, |
| RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_3072_8192_SHA384, |
| RSA_PSS_2048_8192_SHA256, RSA_PSS_2048_8192_SHA384, RSA_PSS_2048_8192_SHA512, |
| }, |
| |
| RsaEncoding, |
| RsaParameters, |
| |
| <span class="comment">// `RSA_PKCS1_SHA1` is intentionally not exposed. At a minimum, we'd need |
| // to create test vectors for signing with it, which we don't currently |
| // have. But, it's a bad idea to use SHA-1 anyway, so perhaps we just won't |
| // ever expose it. |
| </span>RSA_PKCS1_SHA256, |
| RSA_PKCS1_SHA384, |
| RSA_PKCS1_SHA512, |
| |
| RSA_PSS_SHA256, |
| RSA_PSS_SHA384, |
| RSA_PSS_SHA512, |
| }; |
| |
| <span class="doccomment">/// A public key signature returned from a signing operation. |
| </span><span class="attribute">#[derive(Clone, Copy)] |
| </span><span class="kw">pub struct </span>Signature { |
| value: [u8; MAX_LEN], |
| len: usize, |
| } |
| |
| <span class="kw">impl </span>Signature { |
| <span class="comment">// Panics if `value` is too long. |
| </span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new<F>(fill: F) -> <span class="self">Self |
| </span><span class="kw">where |
| </span>F: FnOnce(<span class="kw-2">&mut </span>[u8; MAX_LEN]) -> usize, |
| { |
| <span class="kw">let </span><span class="kw-2">mut </span>r = <span class="self">Self </span>{ |
| value: [<span class="number">0</span>; MAX_LEN], |
| len: <span class="number">0</span>, |
| }; |
| r.len = fill(<span class="kw-2">&mut </span>r.value); |
| r |
| } |
| } |
| |
| <span class="kw">impl </span>AsRef<[u8]> <span class="kw">for </span>Signature { |
| <span class="kw">fn </span>as_ref(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span>[u8] { |
| <span class="kw-2">&</span><span class="self">self</span>.value[..<span class="self">self</span>.len] |
| } |
| } |
| |
| <span class="doccomment">/// Key pairs for signing messages (private key and public key). |
| </span><span class="kw">pub trait </span>KeyPair: core::fmt::Debug + Send + Sized + Sync { |
| <span class="doccomment">/// The type of the public key. |
| </span><span class="kw">type </span>PublicKey: AsRef<[u8]> + core::fmt::Debug + Clone + Send + Sized + Sync; |
| |
| <span class="doccomment">/// The public key for the key pair. |
| </span><span class="kw">fn </span>public_key(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="kw-2">&</span><span class="self">Self</span>::PublicKey; |
| } |
| |
| <span class="doccomment">/// The longest signature is an ASN.1 P-384 signature where *r* and *s* are of |
| /// maximum length with the leading high bit set on each. Then each component |
| /// will have a tag, a one-byte length, and a one-byte “I'm not negative” |
| /// prefix, and the outer sequence will have a two-byte length. |
| </span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">const </span>MAX_LEN: usize = <span class="number">1</span><span class="comment">/*tag:SEQUENCE*/ </span>+ <span class="number">2</span><span class="comment">/*len*/ </span>+ |
| (<span class="number">2 </span>* (<span class="number">1</span><span class="comment">/*tag:INTEGER*/ </span>+ <span class="number">1</span><span class="comment">/*len*/ </span>+ <span class="number">1</span><span class="comment">/*zero*/ </span>+ ec::SCALAR_MAX_BYTES)); |
| |
| <span class="doccomment">/// A signature verification algorithm. |
| </span><span class="kw">pub trait </span>VerificationAlgorithm: core::fmt::Debug + Sync + sealed::Sealed { |
| <span class="doccomment">/// Verify the signature `signature` of message `msg` with the public key |
| /// `public_key`. |
| </span><span class="kw">fn </span>verify( |
| <span class="kw-2">&</span><span class="self">self</span>, |
| public_key: untrusted::Input, |
| msg: untrusted::Input, |
| signature: untrusted::Input, |
| ) -> <span class="prelude-ty">Result</span><(), error::Unspecified>; |
| } |
| |
| <span class="doccomment">/// An unparsed, possibly malformed, public key for signature verification. |
| </span><span class="kw">pub struct </span>UnparsedPublicKey<B: AsRef<[u8]>> { |
| algorithm: <span class="kw-2">&</span><span class="lifetime">'static </span><span class="kw">dyn </span>VerificationAlgorithm, |
| bytes: B, |
| } |
| |
| <span class="kw">impl</span><B: Copy> Copy <span class="kw">for </span>UnparsedPublicKey<B> <span class="kw">where </span>B: AsRef<[u8]> {} |
| |
| <span class="kw">impl</span><B: Clone> Clone <span class="kw">for </span>UnparsedPublicKey<B> |
| <span class="kw">where |
| </span>B: AsRef<[u8]>, |
| { |
| <span class="kw">fn </span>clone(<span class="kw-2">&</span><span class="self">self</span>) -> <span class="self">Self </span>{ |
| <span class="self">Self </span>{ |
| algorithm: <span class="self">self</span>.algorithm, |
| bytes: <span class="self">self</span>.bytes.clone(), |
| } |
| } |
| } |
| |
| <span class="kw">impl</span><B: AsRef<[u8]>> UnparsedPublicKey<B> { |
| <span class="doccomment">/// Construct a new `UnparsedPublicKey`. |
| /// |
| /// No validation of `bytes` is done until `verify()` is called. |
| </span><span class="attribute">#[inline] |
| </span><span class="kw">pub fn </span>new(algorithm: <span class="kw-2">&</span><span class="lifetime">'static </span><span class="kw">dyn </span>VerificationAlgorithm, bytes: B) -> <span class="self">Self </span>{ |
| <span class="self">Self </span>{ algorithm, bytes } |
| } |
| |
| <span class="doccomment">/// Parses the public key and verifies `signature` is a valid signature of |
| /// `message` using it. |
| /// |
| /// See the [crate::signature] module-level documentation for examples. |
| </span><span class="kw">pub fn </span>verify(<span class="kw-2">&</span><span class="self">self</span>, message: <span class="kw-2">&</span>[u8], signature: <span class="kw-2">&</span>[u8]) -> <span class="prelude-ty">Result</span><(), error::Unspecified> { |
| <span class="kw">let _ </span>= cpu::features(); |
| <span class="self">self</span>.algorithm.verify( |
| untrusted::Input::from(<span class="self">self</span>.bytes.as_ref()), |
| untrusted::Input::from(message), |
| untrusted::Input::from(signature), |
| ) |
| } |
| } |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="ring" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |