From b860e5c5fe66bb013f9ff5b50e218e414a79e069 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 20 Jan 2023 12:35:36 -0700 Subject: [PATCH] Add `sha2` feature with `oid` subfeature enabled We seem to be running into a lot of people who are having trouble with PKCS#1 v1.5 signatures because the failure mode for the `oid` feature of the `sha2` crate being disabled is fairly unscrutable. See #234, #253, and the semi-related tracking issue for #238. If `rsa` has a `sha2` feature, we can always ensure `oid` is enabled, and this can be used in code examples. It also means users don't need two crates to create/verify PKCS#1 v1.5 signatures. RSA is used commonly enough with the SHA2 family that this integration probably makes sense. --- Cargo.toml | 8 +++++++- src/lib.rs | 10 ++++++++-- src/pkcs1v15.rs | 12 ++++++++++-- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 80563b0d..f201b086 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,6 +26,12 @@ pkcs8 = { version = "0.9", default-features = false, features = ["alloc"] } signature = { version = "2", default-features = false , features = ["digest", "rand_core"] } zeroize = { version = "1", features = ["alloc"] } +[dependencies.sha2] +version = "0.10.6" +optional = true +default-features = false +features = ["oid"] + [dependencies.serde_crate] package = "serde" optional = true @@ -59,7 +65,7 @@ pkcs5 = ["pkcs8/encryption"] getrandom = ["rand_core/getrandom"] [package.metadata.docs.rs] -features = ["std", "pem", "serde", "expose-internals"] +features = ["std", "pem", "serde", "expose-internals", "sha2"] rustdoc-args = ["--cfg", "docsrs"] [profile.dev] diff --git a/src/lib.rs b/src/lib.rs index bcbe1bd7..1149b0e7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -54,11 +54,15 @@ //! ``` //! //! ## PKCS#1 v1.5 signatures -//! ``` +//! +//! Note: requires `sha2` feature of `rsa` crate is enabled. +//! +#![cfg_attr(feature = "sha2", doc = "```")] +#![cfg_attr(not(feature = "sha2"), doc = "```ignore")] //! use rsa::RsaPrivateKey; //! use rsa::pkcs1v15::{SigningKey, VerifyingKey}; //! use rsa::signature::{Keypair, RandomizedSigner, SignatureEncoding, Verifier}; -//! use sha2::{Digest, Sha256}; +//! use rsa::sha2::{Digest, Sha256}; //! //! let mut rng = rand::thread_rng(); //! @@ -224,6 +228,8 @@ mod raw; pub use pkcs1; pub use pkcs8; +#[cfg(feature = "sha2")] +pub use sha2; pub use crate::{ key::{PublicKey, PublicKeyParts, RsaPrivateKey, RsaPublicKey}, diff --git a/src/pkcs1v15.rs b/src/pkcs1v15.rs index 13dc4c53..a5eb046b 100644 --- a/src/pkcs1v15.rs +++ b/src/pkcs1v15.rs @@ -412,7 +412,11 @@ impl SigningKey where D: Digest, { - /// Create a new signing key from the give RSA private key. + /// Create a new signing key from the give RSA private key with an empty prefix. + /// + /// ## Note: unprefixed signatures are uncommon + /// + /// In most cases you'll want to use [`SigningKey::new_with_prefix`]. pub fn new(key: RsaPrivateKey) -> Self { Self { inner: key, @@ -587,7 +591,11 @@ impl VerifyingKey where D: Digest, { - /// Create a new verifying key from an RSA public key. + /// Create a new verifying key from an RSA public key with an empty prefix. + /// + /// ## Note: unprefixed signatures are uncommon + /// + /// In most cases you'll want to use [`SigningKey::new_with_prefix`]. pub fn new(key: RsaPublicKey) -> Self { Self { inner: key,