diff options
Diffstat (limited to 'ext/crypto/lib.rs')
| -rw-r--r-- | ext/crypto/lib.rs | 87 |
1 files changed, 47 insertions, 40 deletions
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs index 87b9702ce..4666c54ac 100644 --- a/ext/crypto/lib.rs +++ b/ext/crypto/lib.rs @@ -38,15 +38,18 @@ use ring::signature::EcdsaVerificationAlgorithm; use ring::signature::KeyPair; use rsa::pkcs1::DecodeRsaPrivateKey; use rsa::pkcs1::DecodeRsaPublicKey; +use rsa::signature::SignatureEncoding; +use rsa::signature::Signer; +use rsa::signature::Verifier; +use rsa::traits::SignatureScheme; +use rsa::Pss; use rsa::RsaPrivateKey; use rsa::RsaPublicKey; use sha1::Sha1; +use sha2::Digest; use sha2::Sha256; use sha2::Sha384; use sha2::Sha512; -use signature::RandomizedSigner; -use signature::Signer; -use signature::Verifier; use std::num::NonZeroU32; use std::path::PathBuf; @@ -207,26 +210,25 @@ pub async fn op_crypto_sign_key( .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let signing_key = SigningKey::<Sha1>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha1>::new(private_key); signing_key.sign(data) } CryptoHash::Sha256 => { - let signing_key = SigningKey::<Sha256>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha256>::new(private_key); signing_key.sign(data) } CryptoHash::Sha384 => { - let signing_key = SigningKey::<Sha384>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha384>::new(private_key); signing_key.sign(data) } CryptoHash::Sha512 => { - let signing_key = SigningKey::<Sha512>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha512>::new(private_key); signing_key.sign(data) } } .to_vec() } Algorithm::RsaPss => { - use rsa::pss::SigningKey; let private_key = RsaPrivateKey::from_pkcs1_der(&args.key.data)?; let salt_len = args @@ -234,30 +236,30 @@ pub async fn op_crypto_sign_key( .ok_or_else(|| type_error("Missing argument saltLength".to_string()))? as usize; - let rng = OsRng; + let mut rng = OsRng; match args .hash .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let signing_key = - SigningKey::<Sha1>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha1>(salt_len); + let hashed = Sha1::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } CryptoHash::Sha256 => { - let signing_key = - SigningKey::<Sha256>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha256>(salt_len); + let hashed = Sha256::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } CryptoHash::Sha384 => { - let signing_key = - SigningKey::<Sha384>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha384>(salt_len); + let hashed = Sha384::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } CryptoHash::Sha512 => { - let signing_key = - SigningKey::<Sha512>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha512>(salt_len); + let hashed = Sha512::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } } .to_vec() @@ -301,6 +303,7 @@ pub async fn op_crypto_sign_key( pub struct VerifyArg { key: KeyData, algorithm: Algorithm, + salt_length: Option<u32>, hash: Option<CryptoHash>, signature: JsBuffer, named_curve: Option<CryptoNamedCurve>, @@ -319,57 +322,61 @@ pub async fn op_crypto_verify_key( use rsa::pkcs1v15::Signature; use rsa::pkcs1v15::VerifyingKey; let public_key = read_rsa_public_key(args.key)?; - let signature: Signature = args.signature.to_vec().into(); + let signature: Signature = args.signature.as_ref().try_into()?; match args .hash .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let verifying_key = VerifyingKey::<Sha1>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha1>::new(public_key); verifying_key.verify(data, &signature).is_ok() } CryptoHash::Sha256 => { - let verifying_key = - VerifyingKey::<Sha256>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha256>::new(public_key); verifying_key.verify(data, &signature).is_ok() } CryptoHash::Sha384 => { - let verifying_key = - VerifyingKey::<Sha384>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha384>::new(public_key); verifying_key.verify(data, &signature).is_ok() } CryptoHash::Sha512 => { - let verifying_key = - VerifyingKey::<Sha512>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha512>::new(public_key); verifying_key.verify(data, &signature).is_ok() } } } Algorithm::RsaPss => { - use rsa::pss::Signature; - use rsa::pss::VerifyingKey; let public_key = read_rsa_public_key(args.key)?; - let signature: Signature = args.signature.to_vec().into(); + let signature = args.signature.as_ref(); + + let salt_len = args + .salt_length + .ok_or_else(|| type_error("Missing argument saltLength".to_string()))? + as usize; match args .hash .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let verifying_key: VerifyingKey<Sha1> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha1>(salt_len); + let hashed = Sha1::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } CryptoHash::Sha256 => { - let verifying_key: VerifyingKey<Sha256> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha256>(salt_len); + let hashed = Sha256::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } CryptoHash::Sha384 => { - let verifying_key: VerifyingKey<Sha384> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha384>(salt_len); + let hashed = Sha384::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } CryptoHash::Sha512 => { - let verifying_key: VerifyingKey<Sha512> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha512>(salt_len); + let hashed = Sha512::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } } } |