Skip to content

Commit

Permalink
feat: switch to CryptoRngCore
Browse files Browse the repository at this point in the history 
Follow the signature v2 change and Switch the rest of the code ot use
CryptoRngCore instead of CryptoRng+RngCore combo.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
  • Loading branch information
@lumag
lumag committed Nov 7, 2022
1 parent 139e1b3 commit 5f7ef14
Show file tree
Hide file tree
Showing 7 changed files with 38 additions and 40 deletions.
6 changes: 3 additions & 3 deletions src/algorithms.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use num_bigint::{BigUint, RandPrime};
#[allow(unused_imports)]
use num_traits::Float;
use num_traits::{FromPrimitive, One, Zero};
use rand_core::{CryptoRng, RngCore};
use rand_core::CryptoRngCore;

use crate::errors::{Error, Result};
use crate::key::RsaPrivateKey;
Expand All @@ -29,7 +29,7 @@ const EXP: u64 = 65537;
///
/// [1]: https://patents.google.com/patent/US4405829A/en
/// [2]: https://cacr.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
pub fn generate_multi_prime_key<R: RngCore + CryptoRng>(
pub fn generate_multi_prime_key<R: CryptoRngCore>(
rng: &mut R,
nprimes: usize,
bit_size: usize,
Expand All @@ -49,7 +49,7 @@ pub fn generate_multi_prime_key<R: RngCore + CryptoRng>(
///
/// [1]: https://patents.google.com/patent/US4405829A/en
/// [2]: http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
pub fn generate_multi_prime_key_with_exp<R: RngCore + CryptoRng>(
pub fn generate_multi_prime_key_with_exp<R: CryptoRngCore>(
rng: &mut R,
nprimes: usize,
bit_size: usize,
Expand Down
8 changes: 4 additions & 4 deletions src/internals.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use alloc::vec;
use alloc::vec::Vec;
use num_bigint::{BigInt, BigUint, IntoBigInt, IntoBigUint, ModInverse, RandBigInt, ToBigInt};
use num_traits::{One, Signed, Zero};
use rand_core::{CryptoRng, RngCore};
use rand_core::CryptoRngCore;
use zeroize::Zeroize;

use crate::errors::{Error, Result};
Expand All @@ -18,7 +18,7 @@ pub fn encrypt<K: PublicKeyParts>(key: &K, m: &BigUint) -> BigUint {
/// Performs raw RSA decryption with no padding, resulting in a plaintext `BigUint`.
/// Peforms RSA blinding if an `Rng` is passed.
#[inline]
pub fn decrypt<R: RngCore + CryptoRng>(
pub fn decrypt<R: CryptoRngCore>(
mut rng: Option<&mut R>,
priv_key: &RsaPrivateKey,
c: &BigUint,
Expand Down Expand Up @@ -108,7 +108,7 @@ pub fn decrypt<R: RngCore + CryptoRng>(
/// Peforms RSA blinding if an `Rng` is passed.
/// This will also check for errors in the CRT computation.
#[inline]
pub fn decrypt_and_check<R: RngCore + CryptoRng>(
pub fn decrypt_and_check<R: CryptoRngCore>(
rng: Option<&mut R>,
priv_key: &RsaPrivateKey,
c: &BigUint,
Expand All @@ -127,7 +127,7 @@ pub fn decrypt_and_check<R: RngCore + CryptoRng>(
}

/// Returns the blinded c, along with the unblinding factor.
pub fn blind<R: RngCore + CryptoRng, K: PublicKeyParts>(
pub fn blind<R: CryptoRngCore, K: PublicKeyParts>(
rng: &mut R,
key: &K,
c: &BigUint,
Expand Down
16 changes: 8 additions & 8 deletions src/key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use num_bigint::traits::ModInverse;
use num_bigint::Sign::Plus;
use num_bigint::{BigInt, BigUint};
use num_traits::{One, ToPrimitive};
use rand_core::{CryptoRng, RngCore};
use rand_core::CryptoRngCore;
#[cfg(feature = "serde")]
use serde_crate::{Deserialize, Serialize};
use zeroize::Zeroize;
Expand Down Expand Up @@ -173,7 +173,7 @@ impl From<&RsaPrivateKey> for RsaPublicKey {
/// Generic trait for operations on a public key.
pub trait PublicKey: EncryptionPrimitive + PublicKeyParts {
/// Encrypt the given message.
fn encrypt<R: RngCore + CryptoRng>(
fn encrypt<R: CryptoRngCore>(
&self,
rng: &mut R,
padding: PaddingScheme,
Expand All @@ -198,7 +198,7 @@ impl PublicKeyParts for RsaPublicKey {
}

impl PublicKey for RsaPublicKey {
fn encrypt<R: RngCore + CryptoRng>(
fn encrypt<R: CryptoRngCore>(
&self,
rng: &mut R,
padding: PaddingScheme,
Expand Down Expand Up @@ -281,15 +281,15 @@ impl PrivateKey for RsaPrivateKey {}

impl RsaPrivateKey {
/// Generate a new Rsa key pair of the given bit size using the passed in `rng`.
pub fn new<R: RngCore + CryptoRng>(rng: &mut R, bit_size: usize) -> Result<RsaPrivateKey> {
pub fn new<R: CryptoRngCore>(rng: &mut R, bit_size: usize) -> Result<RsaPrivateKey> {
generate_multi_prime_key(rng, 2, bit_size)
}

/// Generate a new RSA key pair of the given bit size and the public exponent
/// using the passed in `rng`.
///
/// Unless you have specific needs, you should use `RsaPrivateKey::new` instead.
pub fn new_with_exp<R: RngCore + CryptoRng>(
pub fn new_with_exp<R: CryptoRngCore>(
rng: &mut R,
bit_size: usize,
exp: &BigUint,
Expand Down Expand Up @@ -458,7 +458,7 @@ impl RsaPrivateKey {
/// Decrypt the given message.
///
/// Uses `rng` to blind the decryption process.
pub fn decrypt_blinded<R: RngCore + CryptoRng>(
pub fn decrypt_blinded<R: CryptoRngCore>(
&self,
rng: &mut R,
padding: PaddingScheme,
Expand Down Expand Up @@ -501,7 +501,7 @@ impl RsaPrivateKey {
/// Sign the given digest using the provided rng
///
/// Use `rng` for signature process.
pub fn sign_with_rng<R: RngCore + CryptoRng>(
pub fn sign_with_rng<R: CryptoRngCore>(
&self,
rng: &mut R,
padding: PaddingScheme,
Expand All @@ -519,7 +519,7 @@ impl RsaPrivateKey {
/// Sign the given digest.
///
/// Use `rng` for blinding.
pub fn sign_blinded<R: RngCore + CryptoRng>(
pub fn sign_blinded<R: CryptoRngCore>(
&self,
rng: &mut R,
padding: PaddingScheme,
Expand Down
8 changes: 4 additions & 4 deletions src/oaep.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use alloc::string::String;
use alloc::vec;
use alloc::vec::Vec;
use rand_core::{CryptoRng, RngCore};
use rand_core::CryptoRngCore;

use digest::DynDigest;
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
Expand All @@ -23,7 +23,7 @@ const MAX_LABEL_LEN: u64 = 2_305_843_009_213_693_951;
///
/// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
#[inline]
pub fn encrypt<R: RngCore + CryptoRng, K: PublicKey>(
pub fn encrypt<R: CryptoRngCore, K: PublicKey>(
rng: &mut R,
pub_key: &K,
msg: &[u8],
Expand Down Expand Up @@ -80,7 +80,7 @@ pub fn encrypt<R: RngCore + CryptoRng, K: PublicKey>(
///
/// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
#[inline]
pub fn decrypt<R: RngCore + CryptoRng, SK: PrivateKey>(
pub fn decrypt<R: CryptoRngCore, SK: PrivateKey>(
rng: Option<&mut R>,
priv_key: &SK,
ciphertext: &[u8],
Expand All @@ -104,7 +104,7 @@ pub fn decrypt<R: RngCore + CryptoRng, SK: PrivateKey>(
/// `rng` is given. It returns one or zero in valid that indicates whether the
/// plaintext was correctly structured.
#[inline]
fn decrypt_inner<R: RngCore + CryptoRng, SK: PrivateKey>(
fn decrypt_inner<R: CryptoRngCore, SK: PrivateKey>(
rng: Option<&mut R>,
priv_key: &SK,
ciphertext: &[u8],
Expand Down
17 changes: 10 additions & 7 deletions src/pkcs1v15.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex};
use core::marker::PhantomData;
use digest::Digest;
use pkcs8::{AssociatedOid, Document, EncodePrivateKey, EncodePublicKey, SecretDocument};
use rand_core::{CryptoRng, CryptoRngCore, RngCore};
use rand_core::CryptoRngCore;
use signature::{
hazmat::{PrehashSigner, PrehashVerifier},
DigestSigner, DigestVerifier, Keypair, RandomizedDigestSigner, RandomizedSigner,
Expand Down Expand Up @@ -96,7 +96,7 @@ impl Display for Signature {
/// scheme from PKCS#1 v1.5. The message must be no longer than the
/// length of the public modulus minus 11 bytes.
#[inline]
pub(crate) fn encrypt<R: RngCore + CryptoRng, PK: PublicKey>(
pub(crate) fn encrypt<R: CryptoRngCore, PK: PublicKey>(
rng: &mut R,
pub_key: &PK,
msg: &[u8],
Expand Down Expand Up @@ -128,7 +128,7 @@ pub(crate) fn encrypt<R: RngCore + CryptoRng, PK: PublicKey>(
/// forge signatures as if they had the private key. See
/// `decrypt_session_key` for a way of solving this problem.
#[inline]
pub(crate) fn decrypt<R: RngCore + CryptoRng, SK: PrivateKey>(
pub(crate) fn decrypt<R: CryptoRngCore, SK: PrivateKey>(
rng: Option<&mut R>,
priv_key: &SK,
ciphertext: &[u8],
Expand Down Expand Up @@ -157,7 +157,7 @@ pub(crate) fn decrypt<R: RngCore + CryptoRng, SK: PrivateKey>(
/// messages to signatures and identify the signed messages. As ever,
/// signatures provide authenticity, not confidentiality.
#[inline]
pub(crate) fn sign<R: RngCore + CryptoRng, SK: PrivateKey>(
pub(crate) fn sign<R: CryptoRngCore, SK: PrivateKey>(
rng: Option<&mut R>,
priv_key: &SK,
prefix: &[u8],
Expand Down Expand Up @@ -245,7 +245,7 @@ where
/// in order to maintain constant memory access patterns. If the plaintext was
/// valid then index contains the index of the original message in em.
#[inline]
fn decrypt_inner<R: RngCore + CryptoRng, SK: PrivateKey>(
fn decrypt_inner<R: CryptoRngCore, SK: PrivateKey>(
rng: Option<&mut R>,
priv_key: &SK,
ciphertext: &[u8],
Expand Down Expand Up @@ -290,7 +290,7 @@ fn decrypt_inner<R: RngCore + CryptoRng, SK: PrivateKey>(
/// Fills the provided slice with random values, which are guaranteed
/// to not be zero.
#[inline]
fn non_zero_random_bytes<R: RngCore + CryptoRng>(rng: &mut R, data: &mut [u8]) {
fn non_zero_random_bytes<R: CryptoRngCore>(rng: &mut R, data: &mut [u8]) {
rng.fill_bytes(data);

for el in data {
Expand Down Expand Up @@ -595,7 +595,10 @@ mod tests {
use num_bigint::BigUint;
use num_traits::FromPrimitive;
use num_traits::Num;
use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng};
use rand_chacha::{
rand_core::{RngCore, SeedableRng},
ChaCha8Rng,
};
use sha1::{Digest, Sha1};
use sha2::Sha256;
use sha3::Sha3_256;
Expand Down
17 changes: 6 additions & 11 deletions src/pss.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex};
use core::marker::PhantomData;
use digest::{Digest, DynDigest, FixedOutputReset};
use pkcs8::{Document, EncodePrivateKey, EncodePublicKey, SecretDocument};
use rand_core::{CryptoRng, CryptoRngCore, RngCore};
use rand_core::CryptoRngCore;
use signature::{
hazmat::{PrehashVerifier, RandomizedPrehashSigner},
DigestVerifier, Keypair, RandomizedDigestSigner, RandomizedSigner, SignatureEncoding, Verifier,
Expand Down Expand Up @@ -132,8 +132,7 @@ where
/// Note that hashed must be the result of hashing the input message using the
/// given hash function. The opts argument may be nil, in which case sensible
/// defaults are used.
// TODO: bind T with the CryptoRng trait
pub(crate) fn sign<T: RngCore + CryptoRng, SK: PrivateKey>(
pub(crate) fn sign<T: CryptoRngCore, SK: PrivateKey>(
rng: &mut T,
blind: bool,
priv_key: &SK,
Expand All @@ -146,7 +145,7 @@ pub(crate) fn sign<T: RngCore + CryptoRng, SK: PrivateKey>(
sign_pss_with_salt(blind.then(|| rng), priv_key, hashed, &salt, digest)
}

pub(crate) fn sign_digest<T: RngCore + CryptoRng, SK: PrivateKey, D: Digest + FixedOutputReset>(
pub(crate) fn sign_digest<T: CryptoRngCore, SK: PrivateKey, D: Digest + FixedOutputReset>(
rng: &mut T,
blind: bool,
priv_key: &SK,
Expand All @@ -158,7 +157,7 @@ pub(crate) fn sign_digest<T: RngCore + CryptoRng, SK: PrivateKey, D: Digest + Fi
sign_pss_with_salt_digest::<_, _, D>(blind.then(|| rng), priv_key, hashed, &salt)
}

fn generate_salt<T: RngCore + ?Sized, SK: PrivateKey>(
fn generate_salt<T: CryptoRngCore + ?Sized, SK: PrivateKey>(
rng: &mut T,
priv_key: &SK,
salt_len: Option<usize>,
Expand All @@ -177,7 +176,7 @@ fn generate_salt<T: RngCore + ?Sized, SK: PrivateKey>(
/// Note that hashed must be the result of hashing the input message using the
/// given hash function. salt is a random sequence of bytes whose length will be
/// later used to verify the signature.
fn sign_pss_with_salt<T: CryptoRng + RngCore, SK: PrivateKey>(
fn sign_pss_with_salt<T: CryptoRngCore, SK: PrivateKey>(
blind_rng: Option<&mut T>,
priv_key: &SK,
hashed: &[u8],
Expand All @@ -190,11 +189,7 @@ fn sign_pss_with_salt<T: CryptoRng + RngCore, SK: PrivateKey>(
priv_key.raw_decryption_primitive(blind_rng, &em, priv_key.size())
}

fn sign_pss_with_salt_digest<
T: CryptoRng + RngCore,
SK: PrivateKey,
D: Digest + FixedOutputReset,
>(
fn sign_pss_with_salt_digest<T: CryptoRngCore, SK: PrivateKey, D: Digest + FixedOutputReset>(
blind_rng: Option<&mut T>,
priv_key: &SK,
hashed: &[u8],
Expand Down
6 changes: 3 additions & 3 deletions src/raw.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use alloc::vec::Vec;
use num_bigint::BigUint;
use rand_core::{CryptoRng, RngCore};
use rand_core::CryptoRngCore;
use zeroize::Zeroize;

use crate::errors::{Error, Result};
Expand All @@ -14,7 +14,7 @@ pub trait EncryptionPrimitive {

pub trait DecryptionPrimitive {
/// Do NOT use directly! Only for implementors.
fn raw_decryption_primitive<R: RngCore + CryptoRng>(
fn raw_decryption_primitive<R: CryptoRngCore>(
&self,
rng: Option<&mut R>,
ciphertext: &[u8],
Expand Down Expand Up @@ -43,7 +43,7 @@ impl EncryptionPrimitive for RsaPublicKey {
}

impl DecryptionPrimitive for RsaPrivateKey {
fn raw_decryption_primitive<R: RngCore + CryptoRng>(
fn raw_decryption_primitive<R: CryptoRngCore>(
&self,
rng: Option<&mut R>,
ciphertext: &[u8],
Expand Down

0 comments on commit 5f7ef14

Please sign in to comment.