/rust/registry/src/index.crates.io-6f17d22bba15001f/rustls-webpki-0.103.1/src/ring_algs.rs

Source (jump to first uncovered line)
// Copyright 2015 Brian Smith.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm, alg_id};
use ring::signature;

/// A `SignatureVerificationAlgorithm` implemented using *ring*.
#[derive(Debug)]
struct RingAlgorithm {
    public_key_alg_id: AlgorithmIdentifier,
    signature_alg_id: AlgorithmIdentifier,
    verification_alg: &'static dyn signature::VerificationAlgorithm,
}

impl SignatureVerificationAlgorithm for RingAlgorithm {
    fn public_key_alg_id(&self) -> AlgorithmIdentifier {
        self.public_key_alg_id
    }

    fn signature_alg_id(&self) -> AlgorithmIdentifier {
        self.signature_alg_id
    }

    fn verify_signature(
        &self,
        public_key: &[u8],
        message: &[u8],
        signature: &[u8],
    ) -> Result<(), InvalidSignature> {
        signature::UnparsedPublicKey::new(self.verification_alg, public_key)
            .verify(message, signature)
            .map_err(|_| InvalidSignature)
    }
}

/// ECDSA signatures using the P-256 curve and SHA-256.
pub static ECDSA_P256_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::ECDSA_P256,
    signature_alg_id: alg_id::ECDSA_SHA256,
    verification_alg: &signature::ECDSA_P256_SHA256_ASN1,
};

/// ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
pub static ECDSA_P256_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::ECDSA_P256,
    signature_alg_id: alg_id::ECDSA_SHA384,
    verification_alg: &signature::ECDSA_P256_SHA384_ASN1,
};

/// ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
pub static ECDSA_P384_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::ECDSA_P384,
    signature_alg_id: alg_id::ECDSA_SHA256,
    verification_alg: &signature::ECDSA_P384_SHA256_ASN1,
};

/// ECDSA signatures using the P-384 curve and SHA-384.
pub static ECDSA_P384_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::ECDSA_P384,
    signature_alg_id: alg_id::ECDSA_SHA384,
    verification_alg: &signature::ECDSA_P384_SHA384_ASN1,
};

/// RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
#[cfg(feature = "alloc")]
pub static RSA_PKCS1_2048_8192_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::RSA_ENCRYPTION,
    signature_alg_id: alg_id::RSA_PKCS1_SHA256,
    verification_alg: &signature::RSA_PKCS1_2048_8192_SHA256,
};

/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
#[cfg(feature = "alloc")]
pub static RSA_PKCS1_2048_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::RSA_ENCRYPTION,
    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
    verification_alg: &signature::RSA_PKCS1_2048_8192_SHA384,
};

/// RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
#[cfg(feature = "alloc")]
pub static RSA_PKCS1_2048_8192_SHA512: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::RSA_ENCRYPTION,
    signature_alg_id: alg_id::RSA_PKCS1_SHA512,
    verification_alg: &signature::RSA_PKCS1_2048_8192_SHA512,
};

/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
#[cfg(feature = "alloc")]
pub static RSA_PKCS1_3072_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::RSA_ENCRYPTION,
    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
    verification_alg: &signature::RSA_PKCS1_3072_8192_SHA384,
};

/// RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of
/// type rsaEncryption; see [RFC 4055 Section 1.2].
///
/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
#[cfg(feature = "alloc")]
pub static RSA_PSS_2048_8192_SHA256_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
    &RingAlgorithm {
        public_key_alg_id: alg_id::RSA_ENCRYPTION,
        signature_alg_id: alg_id::RSA_PSS_SHA256,
        verification_alg: &signature::RSA_PSS_2048_8192_SHA256,
    };

/// RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of
/// type rsaEncryption; see [RFC 4055 Section 1.2].
///
/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
#[cfg(feature = "alloc")]
pub static RSA_PSS_2048_8192_SHA384_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
    &RingAlgorithm {
        public_key_alg_id: alg_id::RSA_ENCRYPTION,
        signature_alg_id: alg_id::RSA_PSS_SHA384,
        verification_alg: &signature::RSA_PSS_2048_8192_SHA384,
    };

/// RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of
/// type rsaEncryption; see [RFC 4055 Section 1.2].
///
/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
#[cfg(feature = "alloc")]
pub static RSA_PSS_2048_8192_SHA512_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
    &RingAlgorithm {
        public_key_alg_id: alg_id::RSA_ENCRYPTION,
        signature_alg_id: alg_id::RSA_PSS_SHA512,
        verification_alg: &signature::RSA_PSS_2048_8192_SHA512,
    };

/// ED25519 signatures according to RFC 8410
pub static ED25519: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
    public_key_alg_id: alg_id::ED25519,
    signature_alg_id: alg_id::ED25519,
    verification_alg: &signature::ED25519,
};

#[cfg(test)]
#[path = "."]
mod tests {
    use crate::Error;

    static SUPPORTED_ALGORITHMS_IN_TESTS: &[&dyn super::SignatureVerificationAlgorithm] = &[
        // Reasonable algorithms.
        super::ECDSA_P256_SHA256,
        super::ECDSA_P384_SHA384,
        super::ED25519,
        #[cfg(feature = "alloc")]
        super::RSA_PKCS1_2048_8192_SHA256,
        #[cfg(feature = "alloc")]
        super::RSA_PKCS1_2048_8192_SHA384,
        #[cfg(feature = "alloc")]
        super::RSA_PKCS1_2048_8192_SHA512,
        #[cfg(feature = "alloc")]
        super::RSA_PKCS1_3072_8192_SHA384,
        #[cfg(feature = "alloc")]
        super::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
        #[cfg(feature = "alloc")]
        super::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
        #[cfg(feature = "alloc")]
        super::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
        // Algorithms deprecated because they are nonsensical combinations.
        super::ECDSA_P256_SHA384, // Truncates digest.
        super::ECDSA_P384_SHA256, // Digest is unnecessarily short.
    ];

    const UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY: Error = if cfg!(feature = "alloc") {
        Error::UnsupportedSignatureAlgorithmForPublicKey
    } else {
        Error::UnsupportedSignatureAlgorithm
    };

    const UNSUPPORTED_ECDSA_SHA512_SIGNATURE: Error = Error::UnsupportedSignatureAlgorithm;

    const INVALID_SIGNATURE_FOR_RSA_KEY: Error = if cfg!(feature = "alloc") {
        Error::InvalidSignatureForPublicKey
    } else {
        Error::UnsupportedSignatureAlgorithm
    };

    const OK_IF_RSA_AVAILABLE: Result<(), Error> = if cfg!(feature = "alloc") {
        Ok(())
    } else {
        Err(Error::UnsupportedSignatureAlgorithm)
    };

    const OK_IF_POINT_COMPRESSION_SUPPORTED: Result<(), Error> =
        Err(Error::InvalidSignatureForPublicKey);

    #[path = "alg_tests.rs"]
    mod alg_tests;
}

Coverage Report

Created: 2025-05-07 06:59

Line	Count	Source (jump to first uncovered line)
1		// Copyright 2015 Brian Smith.
2		//
3		// Permission to use, copy, modify, and/or distribute this software for any
4		// purpose with or without fee is hereby granted, provided that the above
5		// copyright notice and this permission notice appear in all copies.
6		//
7		// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8		// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9		// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10		// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11		// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12		// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13		// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15		use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm, alg_id};
16		use ring::signature;
17
18		/// A `SignatureVerificationAlgorithm` implemented using ring.
19		#[derive(Debug)]
20		struct RingAlgorithm {
21		public_key_alg_id: AlgorithmIdentifier,
22		signature_alg_id: AlgorithmIdentifier,
23		verification_alg: &'static dyn signature::VerificationAlgorithm,
24		}
25
26		impl SignatureVerificationAlgorithm for RingAlgorithm {
27	0	fn public_key_alg_id(&self) -> AlgorithmIdentifier {
28	0	self.public_key_alg_id
29	0	}
30
31	0	fn signature_alg_id(&self) -> AlgorithmIdentifier {
32	0	self.signature_alg_id
33	0	}
34
35	0	fn verify_signature(
36	0	&self,
37	0	public_key: &[u8],
38	0	message: &[u8],
39	0	signature: &[u8],
40	0	) -> Result<(), InvalidSignature> {
41	0	signature::UnparsedPublicKey::new(self.verification_alg, public_key)
42	0	.verify(message, signature)
43	0	.map_err(\|_\| InvalidSignature)
44	0	}
45		}
46
47		/// ECDSA signatures using the P-256 curve and SHA-256.
48		pub static ECDSA_P256_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
49		public_key_alg_id: alg_id::ECDSA_P256,
50		signature_alg_id: alg_id::ECDSA_SHA256,
51		verification_alg: &signature::ECDSA_P256_SHA256_ASN1,
52		};
53
54		/// ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
55		pub static ECDSA_P256_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
56		public_key_alg_id: alg_id::ECDSA_P256,
57		signature_alg_id: alg_id::ECDSA_SHA384,
58		verification_alg: &signature::ECDSA_P256_SHA384_ASN1,
59		};
60
61		/// ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
62		pub static ECDSA_P384_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
63		public_key_alg_id: alg_id::ECDSA_P384,
64		signature_alg_id: alg_id::ECDSA_SHA256,
65		verification_alg: &signature::ECDSA_P384_SHA256_ASN1,
66		};
67
68		/// ECDSA signatures using the P-384 curve and SHA-384.
69		pub static ECDSA_P384_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
70		public_key_alg_id: alg_id::ECDSA_P384,
71		signature_alg_id: alg_id::ECDSA_SHA384,
72		verification_alg: &signature::ECDSA_P384_SHA384_ASN1,
73		};
74
75		/// RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
76		#[cfg(feature = "alloc")]
77		pub static RSA_PKCS1_2048_8192_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
78		public_key_alg_id: alg_id::RSA_ENCRYPTION,
79		signature_alg_id: alg_id::RSA_PKCS1_SHA256,
80		verification_alg: &signature::RSA_PKCS1_2048_8192_SHA256,
81		};
82
83		/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
84		#[cfg(feature = "alloc")]
85		pub static RSA_PKCS1_2048_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
86		public_key_alg_id: alg_id::RSA_ENCRYPTION,
87		signature_alg_id: alg_id::RSA_PKCS1_SHA384,
88		verification_alg: &signature::RSA_PKCS1_2048_8192_SHA384,
89		};
90
91		/// RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
92		#[cfg(feature = "alloc")]
93		pub static RSA_PKCS1_2048_8192_SHA512: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
94		public_key_alg_id: alg_id::RSA_ENCRYPTION,
95		signature_alg_id: alg_id::RSA_PKCS1_SHA512,
96		verification_alg: &signature::RSA_PKCS1_2048_8192_SHA512,
97		};
98
99		/// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
100		#[cfg(feature = "alloc")]
101		pub static RSA_PKCS1_3072_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
102		public_key_alg_id: alg_id::RSA_ENCRYPTION,
103		signature_alg_id: alg_id::RSA_PKCS1_SHA384,
104		verification_alg: &signature::RSA_PKCS1_3072_8192_SHA384,
105		};
106
107		/// RSA PSS signatures using SHA-256 for keys of 2048-8192 bits and of
108		/// type rsaEncryption; see [RFC 4055 Section 1.2].
109		///
110		/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
111		#[cfg(feature = "alloc")]
112		pub static RSA_PSS_2048_8192_SHA256_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
113		&RingAlgorithm {
114		public_key_alg_id: alg_id::RSA_ENCRYPTION,
115		signature_alg_id: alg_id::RSA_PSS_SHA256,
116		verification_alg: &signature::RSA_PSS_2048_8192_SHA256,
117		};
118
119		/// RSA PSS signatures using SHA-384 for keys of 2048-8192 bits and of
120		/// type rsaEncryption; see [RFC 4055 Section 1.2].
121		///
122		/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
123		#[cfg(feature = "alloc")]
124		pub static RSA_PSS_2048_8192_SHA384_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
125		&RingAlgorithm {
126		public_key_alg_id: alg_id::RSA_ENCRYPTION,
127		signature_alg_id: alg_id::RSA_PSS_SHA384,
128		verification_alg: &signature::RSA_PSS_2048_8192_SHA384,
129		};
130
131		/// RSA PSS signatures using SHA-512 for keys of 2048-8192 bits and of
132		/// type rsaEncryption; see [RFC 4055 Section 1.2].
133		///
134		/// [RFC 4055 Section 1.2]: https://tools.ietf.org/html/rfc4055#section-1.2
135		#[cfg(feature = "alloc")]
136		pub static RSA_PSS_2048_8192_SHA512_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
137		&RingAlgorithm {
138		public_key_alg_id: alg_id::RSA_ENCRYPTION,
139		signature_alg_id: alg_id::RSA_PSS_SHA512,
140		verification_alg: &signature::RSA_PSS_2048_8192_SHA512,
141		};
142
143		/// ED25519 signatures according to RFC 8410
144		pub static ED25519: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
145		public_key_alg_id: alg_id::ED25519,
146		signature_alg_id: alg_id::ED25519,
147		verification_alg: &signature::ED25519,
148		};
149
150		#[cfg(test)]
151		#[path = "."]
152		mod tests {
153		use crate::Error;
154
155		static SUPPORTED_ALGORITHMS_IN_TESTS: &[&dyn super::SignatureVerificationAlgorithm] = &[
156		// Reasonable algorithms.
157		super::ECDSA_P256_SHA256,
158		super::ECDSA_P384_SHA384,
159		super::ED25519,
160		#[cfg(feature = "alloc")]
161		super::RSA_PKCS1_2048_8192_SHA256,
162		#[cfg(feature = "alloc")]
163		super::RSA_PKCS1_2048_8192_SHA384,
164		#[cfg(feature = "alloc")]
165		super::RSA_PKCS1_2048_8192_SHA512,
166		#[cfg(feature = "alloc")]
167		super::RSA_PKCS1_3072_8192_SHA384,
168		#[cfg(feature = "alloc")]
169		super::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
170		#[cfg(feature = "alloc")]
171		super::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
172		#[cfg(feature = "alloc")]
173		super::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
174		// Algorithms deprecated because they are nonsensical combinations.
175		super::ECDSA_P256_SHA384, // Truncates digest.
176		super::ECDSA_P384_SHA256, // Digest is unnecessarily short.
177		];
178
179		const UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY: Error = if cfg!(feature = "alloc") {
180		Error::UnsupportedSignatureAlgorithmForPublicKey
181		} else {
182		Error::UnsupportedSignatureAlgorithm
183		};
184
185		const UNSUPPORTED_ECDSA_SHA512_SIGNATURE: Error = Error::UnsupportedSignatureAlgorithm;
186
187		const INVALID_SIGNATURE_FOR_RSA_KEY: Error = if cfg!(feature = "alloc") {
188		Error::InvalidSignatureForPublicKey
189		} else {
190		Error::UnsupportedSignatureAlgorithm
191		};
192
193		const OK_IF_RSA_AVAILABLE: Result<(), Error> = if cfg!(feature = "alloc") {
194		Ok(())
195		} else {
196		Err(Error::UnsupportedSignatureAlgorithm)
197		};
198
199		const OK_IF_POINT_COMPRESSION_SUPPORTED: Result<(), Error> =
200		Err(Error::InvalidSignatureForPublicKey);
201
202		#[path = "alg_tests.rs"]
203		mod alg_tests;
204		}