diff --git a/src/pss.rs b/src/pss.rs index 5042eda5..e9db6575 100644 --- a/src/pss.rs +++ b/src/pss.rs @@ -51,8 +51,17 @@ pub struct Pss { } impl Pss { + /// New PSS padding for the given digest with a salt value of the given length. + pub fn new(salt_len: usize) -> Self { + Self { + blinded: false, + digest: Box::new(T::new()), + salt_len: Some(salt_len), + } + } + /// New PSS padding for the given digest. - pub fn new() -> Self { + pub fn new_unsalted() -> Self { Self { blinded: false, digest: Box::new(T::new()), @@ -60,17 +69,24 @@ impl Pss { } } - /// New PSS padding for the given digest with a salt value of the given length. - pub fn new_with_salt(len: usize) -> Self { + /// Create a new signing key with a prefix for the digest `D`. + #[deprecated(since = "0.9.0", note = "use Pss::new instead")] + pub fn new_with_salt(salt_len: usize) -> Self { + Self::new::(salt_len) + } + + /// New PSS padding for blinded signatures (RSA-BSSA) for the given digest + /// with a salt value of the given length. + pub fn new_blinded(salt_len: usize) -> Self { Self { - blinded: false, + blinded: true, digest: Box::new(T::new()), - salt_len: Some(len), + salt_len: Some(salt_len), } } /// New PSS padding for blinded signatures (RSA-BSSA) for the given digest. - pub fn new_blinded() -> Self { + pub fn new_blinded_unsalted() -> Self { Self { blinded: true, digest: Box::new(T::new()), @@ -80,14 +96,11 @@ impl Pss { /// New PSS padding for blinded signatures (RSA-BSSA) for the given digest /// with a salt value of the given length. + #[deprecated(since = "0.9.0", note = "use Pss::new_blinded instead")] pub fn new_blinded_with_salt( - len: usize, + salt_len: usize, ) -> Self { - Self { - blinded: true, - digest: Box::new(T::new()), - salt_len: Some(len), - } + Self::new_blinded::(salt_len) } } @@ -652,8 +665,17 @@ impl SigningKey where D: Digest, { + /// Create a new RSASSA-PSS signing key with a salt of the given length. + pub fn new(key: RsaPrivateKey, salt_len: usize) -> Self { + Self { + inner: key, + salt_len: Some(salt_len), + phantom: Default::default(), + } + } + /// Create a new RSASSA-PSS signing key. - pub fn new(key: RsaPrivateKey) -> Self { + pub fn new_unsalted(key: RsaPrivateKey) -> Self { Self { inner: key, salt_len: None, @@ -662,16 +684,29 @@ where } /// Create a new RSASSA-PSS signing key with a salt of the given length. + #[deprecated(since = "0.9.0", note = "use SigningKey::new instead")] pub fn new_with_salt_len(key: RsaPrivateKey, salt_len: usize) -> Self { - Self { - inner: key, + Self::new(key, salt_len) + } + + /// Generate a new random RSASSA-PSS signing key with a salt of the given length. + pub fn random( + rng: &mut R, + bit_size: usize, + salt_len: usize, + ) -> Result { + Ok(Self { + inner: RsaPrivateKey::new(rng, bit_size)?, salt_len: Some(salt_len), phantom: Default::default(), - } + }) } /// Generate a new random RSASSA-PSS signing key. - pub fn random(rng: &mut R, bit_size: usize) -> Result { + pub fn random_unsalted( + rng: &mut R, + bit_size: usize, + ) -> Result { Ok(Self { inner: RsaPrivateKey::new(rng, bit_size)?, salt_len: None, @@ -680,16 +715,13 @@ where } /// Generate a new random RSASSA-PSS signing key with a salt of the given length. + #[deprecated(since = "0.9.0", note = "use SigningKey::random instead")] pub fn random_with_salt_len( rng: &mut R, bit_size: usize, salt_len: usize, ) -> Result { - Ok(Self { - inner: RsaPrivateKey::new(rng, bit_size)?, - salt_len: Some(salt_len), - phantom: Default::default(), - }) + Self::random(rng, bit_size, salt_len) } /// Return specified salt length for this key @@ -754,7 +786,7 @@ where D: Digest, { fn from(key: RsaPrivateKey) -> Self { - Self::new(key) + Self::new_unsalted(key) } } @@ -1172,7 +1204,7 @@ mod test { for (text, sig, expected) in &tests { let digest = Sha1::digest(text.as_bytes()).to_vec(); - let result = pub_key.verify(Pss::new::(), &digest, sig); + let result = pub_key.verify(Pss::new_unsalted::(), &digest, sig); match expected { true => result.expect("failed to verify"), false => { @@ -1270,11 +1302,11 @@ mod test { for test in &tests { let digest = Sha1::digest(test.as_bytes()).to_vec(); let sig = priv_key - .sign_with_rng(&mut rng.clone(), Pss::new::(), &digest) + .sign_with_rng(&mut rng.clone(), Pss::new_unsalted::(), &digest) .expect("failed to sign"); priv_key - .verify(Pss::new::(), &digest, &sig) + .verify(Pss::new_unsalted::(), &digest, &sig) .expect("failed to verify"); } } @@ -1289,11 +1321,15 @@ mod test { for test in &tests { let digest = Sha1::digest(test.as_bytes()).to_vec(); let sig = priv_key - .sign_with_rng(&mut rng.clone(), Pss::new_blinded::(), &digest) + .sign_with_rng( + &mut rng.clone(), + Pss::new_blinded_unsalted::(), + &digest, + ) .expect("failed to sign"); priv_key - .verify(Pss::new::(), &digest, &sig) + .verify(Pss::new_unsalted::(), &digest, &sig) .expect("failed to verify"); } } @@ -1304,7 +1340,7 @@ mod test { let tests = ["test\n"]; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let signing_key = SigningKey::::new(priv_key); + let signing_key = SigningKey::::new_unsalted(priv_key); let verifying_key = signing_key.verifying_key(); for test in &tests { @@ -1338,7 +1374,7 @@ mod test { let tests = ["test\n"]; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let signing_key = SigningKey::new(priv_key); + let signing_key = SigningKey::new_unsalted(priv_key); let verifying_key = signing_key.verifying_key(); for test in &tests { @@ -1419,7 +1455,7 @@ mod test { let tests = [Sha1::digest("test\n")]; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let signing_key = SigningKey::::new(priv_key); + let signing_key = SigningKey::::new_unsalted(priv_key); let verifying_key = signing_key.verifying_key(); for test in &tests { @@ -1460,11 +1496,11 @@ mod test { let digest = Sha1::digest(plaintext.as_bytes()).to_vec(); let sig = priv_key - .sign_with_rng(&mut rng.clone(), Pss::new::(), &digest) + .sign_with_rng(&mut rng.clone(), Pss::new_unsalted::(), &digest) .expect("failed to sign"); priv_key - .verify(Pss::new::(), &digest, &sig) + .verify(Pss::new_unsalted::(), &digest, &sig) .expect("failed to verify"); } }