Aligns RSA DSA implementation with https://datatracker.ietf.org/doc/d…

…raft-ietf-lamps-pq-composite-sigs/03/
codespree · Nov 1, 2024 · 5c7ebe7 · 5c7ebe7
1 parent ca7d2d9
commit 5c7ebe7
Show file tree

Hide file tree

Showing 8 changed files with 97 additions and 116 deletions.
diff --git a/src/dsa/common/config/oids.rs b/src/dsa/common/config/oids.rs
@@ -19,14 +19,15 @@ impl Oid for DsaType {
     /// The OID for the DSA
     fn get_oid(&self) -> String {
         match self {
-            // RSA PSS with SHA512
-            DsaType::Rsa2048PssSHA256 | DsaType::Rsa3072PssSHA512 | DsaType::Rsa4096PssSha512 => {
+            // rsassa-pss(10)
+            // [other identifier: id-RSASSA-PSS]
+            DsaType::Rsa2048PssSha256 | DsaType::Rsa3072PssSha256 | DsaType::Rsa4096PssSha384 => {
                 "1.2.840.113549.1.1.10"
             }
-            // RSA PKCS#1 v1.5 with SHA256
-            DsaType::Rsa2048Pkcs15SHA256 => "1.2.840.113549.1.1.11",
-            // RSA PKCS#1 v1.5 with SHA512
-            DsaType::Rsa3072Pkcs15SHA512 | DsaType::Rsa4096Pkcs15Sha512 => "1.2.840.113549.1.1.13",
+            // sha256WithRSAEncryption(11)
+            DsaType::Rsa2048Pkcs15Sha256 | DsaType::Rsa3072Pkcs15Sha256 => "1.2.840.113549.1.1.11",
+            // sha384WithRSAEncryption(12)
+            DsaType::Rsa4096Pkcs15Sha384 => "1.2.840.113549.1.1.12",
             // ECDSA with SHA256
             DsaType::EcdsaBrainpoolP256r1SHA256 | DsaType::EcdsaP256SHA256 => "1.2.840.10045.4.3.2",
             // ECDSA with SHA384

diff --git a/src/dsa/common/config/pk_len.rs b/src/dsa/common/config/pk_len.rs
@@ -14,13 +14,13 @@ impl PKLen for DsaType {
     /// The length of the public key in bytes or `None` if the length is not fixed
     fn get_pk_len(&self) -> Option<usize> {
         match self {
-            DsaType::Rsa2048Pkcs15SHA256 => Some(270),
-            DsaType::Rsa2048PssSHA256 => Some(270),
-            DsaType::Rsa3072Pkcs15SHA512 => Some(398),
-            DsaType::Rsa3072PssSHA512 => Some(398),
+            DsaType::Rsa2048Pkcs15Sha256 => Some(270),
+            DsaType::Rsa2048PssSha256 => Some(270),
+            DsaType::Rsa3072Pkcs15Sha256 => Some(398),
+            DsaType::Rsa3072PssSha256 => Some(398),
             // TODO: Fill in the rest of the public key lengths
-            DsaType::Rsa4096Pkcs15Sha512 => None,
-            DsaType::Rsa4096PssSha512 => None,
+            DsaType::Rsa4096Pkcs15Sha384 => None,
+            DsaType::Rsa4096PssSha384 => None,
 
             DsaType::EcdsaP256SHA256 => Some(65),
             DsaType::EcdsaBrainpoolP256r1SHA256 => Some(65),

diff --git a/src/dsa/common/config/sig_len.rs b/src/dsa/common/config/sig_len.rs
@@ -14,13 +14,13 @@ impl SigLen for DsaType {
     /// The length of the signature in bytes
     fn get_sig_len(&self) -> Option<usize> {
         match self {
-            DsaType::Rsa2048Pkcs15SHA256 => Some(256),
-            DsaType::Rsa2048PssSHA256 => Some(256),
-            DsaType::Rsa3072Pkcs15SHA512 => Some(384),
-            DsaType::Rsa3072PssSHA512 => Some(384),
+            DsaType::Rsa2048Pkcs15Sha256 => Some(256),
+            DsaType::Rsa2048PssSha256 => Some(256),
+            DsaType::Rsa3072Pkcs15Sha256 => Some(384),
+            DsaType::Rsa3072PssSha256 => Some(384),
             // TODO: Fill in the rest of the public key lengths
-            DsaType::Rsa4096Pkcs15Sha512 => None,
-            DsaType::Rsa4096PssSha512 => None,
+            DsaType::Rsa4096Pkcs15Sha384 => None,
+            DsaType::Rsa4096PssSha384 => None,
 
             // P256 and P384 variations do not have a fixed sig_len
             DsaType::EcdsaP256SHA256 => None,

diff --git a/src/dsa/common/config/sk_len.rs b/src/dsa/common/config/sk_len.rs
@@ -15,13 +15,13 @@ impl SKLen for DsaType {
     fn get_sk_len(&self) -> Option<usize> {
         match self {
             // RSAs do not have a fixed sk length
-            DsaType::Rsa2048Pkcs15SHA256 => None,
-            DsaType::Rsa2048PssSHA256 => None,
-            DsaType::Rsa3072Pkcs15SHA512 => None,
-            DsaType::Rsa3072PssSHA512 => None,
+            DsaType::Rsa2048Pkcs15Sha256 => None,
+            DsaType::Rsa2048PssSha256 => None,
+            DsaType::Rsa3072Pkcs15Sha256 => None,
+            DsaType::Rsa3072PssSha256 => None,
             // TODO: Fill in the rest of the public key lengths
-            DsaType::Rsa4096Pkcs15Sha512 => None,
-            DsaType::Rsa4096PssSha512 => None,
+            DsaType::Rsa4096Pkcs15Sha384 => None,
+            DsaType::Rsa4096PssSha384 => None,
 
             DsaType::EcdsaP256SHA256 => Some(32),
             DsaType::EcdsaBrainpoolP256r1SHA256 => Some(32),

diff --git a/src/dsa/common/dsa_type.rs b/src/dsa/common/dsa_type.rs
@@ -6,12 +6,12 @@ use super::config::oids::Oid;
 #[derive(Clone, Debug, PartialEq, EnumIter)]
 pub enum DsaType {
     // RSA
-    Rsa2048PssSHA256,
-    Rsa2048Pkcs15SHA256,
-    Rsa3072PssSHA512,
-    Rsa3072Pkcs15SHA512,
-    Rsa4096PssSha512,
-    Rsa4096Pkcs15Sha512,
+    Rsa2048PssSha256,
+    Rsa2048Pkcs15Sha256,
+    Rsa3072PssSha256,
+    Rsa3072Pkcs15Sha256,
+    Rsa4096PssSha384,
+    Rsa4096Pkcs15Sha384,
 
     // ECDSA
     EcdsaP256SHA256,

diff --git a/src/dsa/composite_dsa.rs b/src/dsa/composite_dsa.rs
@@ -116,13 +116,13 @@ impl PrehashDsa for CompositeDsaManager {
         let result = match dsa_type {
             PrehashDsaType::MlDsa44Rsa2048Pss | PrehashDsaType::MlDsa44Rsa2048PssSha256 => Self {
                 dsa_info,
-                trad_dsa: Box::new(DsaManager::new(DsaType::Rsa2048PssSHA256)?),
+                trad_dsa: Box::new(DsaManager::new(DsaType::Rsa2048PssSha256)?),
                 pq_dsa: Box::new(PrehashDsaManager::new(PrehashDsaType::MlDsa44)?),
             },
             PrehashDsaType::MlDsa44Rsa2048Pkcs15 | PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => {
                 Self {
                     dsa_info,
-                    trad_dsa: Box::new(DsaManager::new(DsaType::Rsa2048Pkcs15SHA256)?),
+                    trad_dsa: Box::new(DsaManager::new(DsaType::Rsa2048Pkcs15Sha256)?),
                     pq_dsa: Box::new(PrehashDsaManager::new(PrehashDsaType::MlDsa44)?),
                 }
             }
@@ -138,25 +138,25 @@ impl PrehashDsa for CompositeDsaManager {
             },
             PrehashDsaType::MlDsa65Rsa3072Pss | PrehashDsaType::MlDsa65Rsa3072PssSha512 => Self {
                 dsa_info,
-                trad_dsa: Box::new(DsaManager::new(DsaType::Rsa3072PssSHA512)?),
+                trad_dsa: Box::new(DsaManager::new(DsaType::Rsa3072PssSha256)?),
                 pq_dsa: Box::new(PrehashDsaManager::new(PrehashDsaType::MlDsa65)?),
             },
             PrehashDsaType::MlDsa65Rsa3072Pkcs15 | PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => {
                 Self {
                     dsa_info,
-                    trad_dsa: Box::new(DsaManager::new(DsaType::Rsa3072Pkcs15SHA512)?),
+                    trad_dsa: Box::new(DsaManager::new(DsaType::Rsa3072Pkcs15Sha256)?),
                     pq_dsa: Box::new(PrehashDsaManager::new(PrehashDsaType::MlDsa65)?),
                 }
             }
             PrehashDsaType::MlDsa65Rsa4096Pss | PrehashDsaType::MlDsa65Rsa4096PssSha512 => Self {
                 dsa_info,
-                trad_dsa: Box::new(DsaManager::new(DsaType::Rsa4096PssSha512)?),
+                trad_dsa: Box::new(DsaManager::new(DsaType::Rsa4096PssSha384)?),
                 pq_dsa: Box::new(PrehashDsaManager::new(PrehashDsaType::MlDsa65)?),
             },
             PrehashDsaType::MlDsa65Rsa4096Pkcs15 | PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => {
                 Self {
                     dsa_info,
-                    trad_dsa: Box::new(DsaManager::new(DsaType::Rsa4096Pkcs15Sha512)?),
+                    trad_dsa: Box::new(DsaManager::new(DsaType::Rsa4096Pkcs15Sha384)?),
                     pq_dsa: Box::new(PrehashDsaManager::new(PrehashDsaType::MlDsa65)?),
                 }
             }

diff --git a/src/dsa/dsa_manager.rs b/src/dsa/dsa_manager.rs
@@ -21,12 +21,12 @@ const ML_DSA_TYPES: [PrehashDsaType; 3] = [
 ];
 
 const RSA_DSA_TYPES: [DsaType; 6] = [
-    DsaType::Rsa2048Pkcs15SHA256,
-    DsaType::Rsa2048PssSHA256,
-    DsaType::Rsa3072Pkcs15SHA512,
-    DsaType::Rsa3072PssSHA512,
-    DsaType::Rsa4096Pkcs15Sha512,
-    DsaType::Rsa4096PssSha512,
+    DsaType::Rsa2048Pkcs15Sha256,
+    DsaType::Rsa2048PssSha256,
+    DsaType::Rsa3072Pkcs15Sha256,
+    DsaType::Rsa3072PssSha256,
+    DsaType::Rsa4096Pkcs15Sha384,
+    DsaType::Rsa4096PssSha384,
 ];
 
 const EC_DSA_TYPES: [DsaType; 6] = [

diff --git a/src/dsa/rsa_dsa.rs b/src/dsa/rsa_dsa.rs
@@ -1,3 +1,5 @@
+use openssl::hash::MessageDigest;
+use openssl::rsa::Padding;
 use openssl::sign::RsaPssSaltlen;
 use rand::SeedableRng;
 use rand_chacha::ChaCha20Rng;
@@ -16,6 +18,40 @@ pub struct RsaDsaManager {
     pub dsa_info: DsaInfo,
 }
 
+impl RsaDsaManager {
+    fn get_hash_and_padding(&self) -> (MessageDigest, Padding) {
+        match self.dsa_info.dsa_type {
+            DsaType::Rsa2048Pkcs15Sha256 => (
+                openssl::hash::MessageDigest::sha256(),
+                openssl::rsa::Padding::PKCS1,
+            ),
+            DsaType::Rsa2048PssSha256 => (
+                openssl::hash::MessageDigest::sha256(),
+                openssl::rsa::Padding::PKCS1_PSS,
+            ),
+            DsaType::Rsa3072Pkcs15Sha256 => (
+                openssl::hash::MessageDigest::sha256(),
+                openssl::rsa::Padding::PKCS1,
+            ),
+            DsaType::Rsa3072PssSha256 => (
+                openssl::hash::MessageDigest::sha256(),
+                openssl::rsa::Padding::PKCS1_PSS,
+            ),
+            DsaType::Rsa4096Pkcs15Sha384 => (
+                openssl::hash::MessageDigest::sha384(),
+                openssl::rsa::Padding::PKCS1,
+            ),
+            DsaType::Rsa4096PssSha384 => (
+                openssl::hash::MessageDigest::sha384(),
+                openssl::rsa::Padding::PKCS1_PSS,
+            ),
+            _ => {
+                panic!("Not implemented");
+            }
+        }
+    }
+}
+
 impl Dsa for RsaDsaManager {
     /// Create a new DSA instance
     ///
@@ -58,12 +94,12 @@ impl Dsa for RsaDsaManager {
         rng: &mut impl rand_core::CryptoRngCore,
     ) -> Result<(Vec<u8>, Vec<u8>)> {
         let bits = match self.dsa_info.dsa_type {
-            DsaType::Rsa2048Pkcs15SHA256 => 2048,
-            DsaType::Rsa2048PssSHA256 => 2048,
-            DsaType::Rsa3072Pkcs15SHA512 => 3072,
-            DsaType::Rsa3072PssSHA512 => 3072,
-            DsaType::Rsa4096Pkcs15Sha512 => 4096,
-            DsaType::Rsa4096PssSha512 => 4096,
+            DsaType::Rsa2048Pkcs15Sha256 => 2048,
+            DsaType::Rsa2048PssSha256 => 2048,
+            DsaType::Rsa3072Pkcs15Sha256 => 3072,
+            DsaType::Rsa3072PssSha256 => 3072,
+            DsaType::Rsa4096Pkcs15Sha384 => 4096,
+            DsaType::Rsa4096PssSha384 => 4096,
             _ => {
                 return Err(QuantCryptError::NotImplemented);
             }
@@ -104,35 +140,7 @@ impl Dsa for RsaDsaManager {
         let pkey =
             openssl::pkey::PKey::from_rsa(rsa_sk).map_err(|_| QuantCryptError::SignatureFailed)?;
 
-        let (hash, padding) = match self.dsa_info.dsa_type {
-            DsaType::Rsa2048Pkcs15SHA256 => (
-                openssl::hash::MessageDigest::sha256(),
-                openssl::rsa::Padding::PKCS1,
-            ),
-            DsaType::Rsa2048PssSHA256 => (
-                openssl::hash::MessageDigest::sha256(),
-                openssl::rsa::Padding::PKCS1_PSS,
-            ),
-            DsaType::Rsa3072Pkcs15SHA512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1,
-            ),
-            DsaType::Rsa3072PssSHA512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1_PSS,
-            ),
-            DsaType::Rsa4096Pkcs15Sha512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1,
-            ),
-            DsaType::Rsa4096PssSha512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1_PSS,
-            ),
-            _ => {
-                panic!("Not implemented");
-            }
-        };
+        let (hash, padding) = self.get_hash_and_padding();
 
         // Createa a signer
         let mut signer = openssl::sign::Signer::new(hash, &pkey)
@@ -178,35 +186,7 @@ impl Dsa for RsaDsaManager {
         let pkey = openssl::pkey::PKey::from_rsa(rsa_pk)
             .map_err(|_| QuantCryptError::SignatureVerificationFailed)?;
 
-        let (hash, padding) = match self.dsa_info.dsa_type {
-            DsaType::Rsa2048Pkcs15SHA256 => (
-                openssl::hash::MessageDigest::sha256(),
-                openssl::rsa::Padding::PKCS1,
-            ),
-            DsaType::Rsa2048PssSHA256 => (
-                openssl::hash::MessageDigest::sha256(),
-                openssl::rsa::Padding::PKCS1_PSS,
-            ),
-            DsaType::Rsa3072Pkcs15SHA512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1,
-            ),
-            DsaType::Rsa3072PssSHA512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1_PSS,
-            ),
-            DsaType::Rsa4096Pkcs15Sha512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1,
-            ),
-            DsaType::Rsa4096PssSha512 => (
-                openssl::hash::MessageDigest::sha512(),
-                openssl::rsa::Padding::PKCS1_PSS,
-            ),
-            _ => {
-                panic!("Not implemented");
-            }
-        };
+        let (hash, padding) = self.get_hash_and_padding();
 
         // Create a verifier
         let mut verifier = openssl::sign::Verifier::new(hash, &pkey)
@@ -263,37 +243,37 @@ mod tests {
 
     #[test]
     fn test_rsa_2048_pkcs15_sha256() {
-        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa2048Pkcs15SHA256);
+        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa2048Pkcs15Sha256);
         test_dsa!(rsa_dsa_manager);
     }
 
     #[test]
     fn test_rsa_2048_pss_sha256() {
-        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa2048PssSHA256);
+        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa2048PssSha256);
         test_dsa!(rsa_dsa_manager);
     }
 
     #[test]
-    fn test_rsa_3072_pkcs15_sha512() {
-        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa3072Pkcs15SHA512);
+    fn test_rsa_3072_pkcs15_sha256() {
+        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa3072Pkcs15Sha256);
         test_dsa!(rsa_dsa_manager);
     }
 
     #[test]
-    fn test_rsa_3072_pss_sha512() {
-        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa3072PssSHA512);
+    fn test_rsa_3072_pss_sha256() {
+        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa3072PssSha256);
         test_dsa!(rsa_dsa_manager);
     }
 
     #[test]
-    fn test_rsa_4096_pkcs15_sha512() {
-        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa4096Pkcs15Sha512);
+    fn test_rsa_4096_pkcs15_sha384() {
+        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa4096Pkcs15Sha384);
         test_dsa!(rsa_dsa_manager);
     }
 
     #[test]
-    fn test_rsa_4096_pss_sha512() {
-        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa4096PssSha512);
+    fn test_rsa_4096_pss_sha384() {
+        let rsa_dsa_manager = RsaDsaManager::new(DsaType::Rsa4096PssSha384);
         test_dsa!(rsa_dsa_manager);
     }
 }