rsa/pss/
signing_key.rs

1use super::{get_pss_signature_algo_id, sign_digest, Signature, VerifyingKey};
2use crate::{Result, RsaPrivateKey};
3use const_oid::AssociatedOid;
4use core::marker::PhantomData;
5use digest::{Digest, FixedOutputReset};
6use pkcs8::{
7    spki::{
8        der::AnyRef, AlgorithmIdentifierOwned, AlgorithmIdentifierRef,
9        AssociatedAlgorithmIdentifier, DynSignatureAlgorithmIdentifier,
10    },
11    EncodePrivateKey, SecretDocument,
12};
13use rand_core::CryptoRngCore;
14use signature::{
15    hazmat::RandomizedPrehashSigner, Keypair, RandomizedDigestSigner, RandomizedSigner,
16};
17use zeroize::ZeroizeOnDrop;
18
19#[cfg(feature = "getrandom")]
20use {
21    rand_core::OsRng,
22    signature::{hazmat::PrehashSigner, Signer},
23};
24
25/// Signing key for producing RSASSA-PSS signatures as described in
26/// [RFC8017 § 8.1].
27///
28/// [RFC8017 § 8.1]: https://datatracker.ietf.org/doc/html/rfc8017#section-8.1
29#[derive(Debug, Clone)]
30pub struct SigningKey<D>
31where
32    D: Digest,
33{
34    inner: RsaPrivateKey,
35    salt_len: usize,
36    phantom: PhantomData<D>,
37}
38
39impl<D> SigningKey<D>
40where
41    D: Digest,
42{
43    /// Create a new RSASSA-PSS signing key.
44    /// Digest output size is used as a salt length.
45    pub fn new(key: RsaPrivateKey) -> Self {
46        Self::new_with_salt_len(key, <D as Digest>::output_size())
47    }
48
49    /// Create a new RSASSA-PSS signing key with a salt of the given length.
50    pub fn new_with_salt_len(key: RsaPrivateKey, salt_len: usize) -> Self {
51        Self {
52            inner: key,
53            salt_len,
54            phantom: Default::default(),
55        }
56    }
57
58    /// Generate a new random RSASSA-PSS signing key.
59    /// Digest output size is used as a salt length.
60    pub fn random<R: CryptoRngCore + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
61        Self::random_with_salt_len(rng, bit_size, <D as Digest>::output_size())
62    }
63
64    /// Generate a new random RSASSA-PSS signing key with a salt of the given length.
65    pub fn random_with_salt_len<R: CryptoRngCore + ?Sized>(
66        rng: &mut R,
67        bit_size: usize,
68        salt_len: usize,
69    ) -> Result<Self> {
70        Ok(Self {
71            inner: RsaPrivateKey::new(rng, bit_size)?,
72            salt_len,
73            phantom: Default::default(),
74        })
75    }
76
77    /// Return specified salt length for this key
78    pub fn salt_len(&self) -> usize {
79        self.salt_len
80    }
81}
82
83//
84// `*Signer` trait impls
85//
86
87impl<D> RandomizedDigestSigner<D, Signature> for SigningKey<D>
88where
89    D: Digest + FixedOutputReset,
90{
91    fn try_sign_digest_with_rng(
92        &self,
93        rng: &mut impl CryptoRngCore,
94        digest: D,
95    ) -> signature::Result<Signature> {
96        sign_digest::<_, D>(rng, false, &self.inner, &digest.finalize(), self.salt_len)?
97            .as_slice()
98            .try_into()
99    }
100}
101
102impl<D> RandomizedSigner<Signature> for SigningKey<D>
103where
104    D: Digest + FixedOutputReset,
105{
106    fn try_sign_with_rng(
107        &self,
108        rng: &mut impl CryptoRngCore,
109        msg: &[u8],
110    ) -> signature::Result<Signature> {
111        self.try_sign_digest_with_rng(rng, D::new_with_prefix(msg))
112    }
113}
114
115impl<D> RandomizedPrehashSigner<Signature> for SigningKey<D>
116where
117    D: Digest + FixedOutputReset,
118{
119    fn sign_prehash_with_rng(
120        &self,
121        rng: &mut impl CryptoRngCore,
122        prehash: &[u8],
123    ) -> signature::Result<Signature> {
124        sign_digest::<_, D>(rng, false, &self.inner, prehash, self.salt_len)?
125            .as_slice()
126            .try_into()
127    }
128}
129
130#[cfg(feature = "getrandom")]
131impl<D> PrehashSigner<Signature> for SigningKey<D>
132where
133    D: Digest + FixedOutputReset,
134{
135    fn sign_prehash(&self, prehash: &[u8]) -> signature::Result<Signature> {
136        self.sign_prehash_with_rng(&mut OsRng, prehash)
137    }
138}
139
140#[cfg(feature = "getrandom")]
141impl<D> Signer<Signature> for SigningKey<D>
142where
143    D: Digest + FixedOutputReset,
144{
145    fn try_sign(&self, msg: &[u8]) -> signature::Result<Signature> {
146        self.try_sign_with_rng(&mut OsRng, msg)
147    }
148}
149
150//
151// Other trait impls
152//
153
154impl<D> AsRef<RsaPrivateKey> for SigningKey<D>
155where
156    D: Digest,
157{
158    fn as_ref(&self) -> &RsaPrivateKey {
159        &self.inner
160    }
161}
162
163impl<D> AssociatedAlgorithmIdentifier for SigningKey<D>
164where
165    D: Digest,
166{
167    type Params = AnyRef<'static>;
168
169    const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID;
170}
171
172impl<D> DynSignatureAlgorithmIdentifier for SigningKey<D>
173where
174    D: Digest + AssociatedOid,
175{
176    fn signature_algorithm_identifier(&self) -> pkcs8::spki::Result<AlgorithmIdentifierOwned> {
177        get_pss_signature_algo_id::<D>(self.salt_len as u8)
178    }
179}
180
181impl<D> EncodePrivateKey for SigningKey<D>
182where
183    D: Digest,
184{
185    fn to_pkcs8_der(&self) -> pkcs8::Result<SecretDocument> {
186        self.inner.to_pkcs8_der()
187    }
188}
189
190impl<D> From<RsaPrivateKey> for SigningKey<D>
191where
192    D: Digest,
193{
194    fn from(key: RsaPrivateKey) -> Self {
195        Self::new(key)
196    }
197}
198
199impl<D> From<SigningKey<D>> for RsaPrivateKey
200where
201    D: Digest,
202{
203    fn from(key: SigningKey<D>) -> Self {
204        key.inner
205    }
206}
207
208impl<D> Keypair for SigningKey<D>
209where
210    D: Digest,
211{
212    type VerifyingKey = VerifyingKey<D>;
213    fn verifying_key(&self) -> Self::VerifyingKey {
214        VerifyingKey {
215            inner: self.inner.to_public_key(),
216            salt_len: self.salt_len,
217            phantom: Default::default(),
218        }
219    }
220}
221
222impl<D> ZeroizeOnDrop for SigningKey<D> where D: Digest {}
rsa/pss/signing_key.rs

rsa/pss/
signing_key.rs
