Update from 0.8 to 0.9 broke verification after reading PEM and using Sha256 PSS #361
Description
[package]
name = "rsa-repro"
version = "0.1.0"
edition = "2021"
[dependencies]
hex = "0.4.3"
rand = "0.8.5"
rsa9 = { version = "0.9.2", features = ["sha2"], package = "rsa" }
rsa8 = { version = "0.8.2", features = ["sha2"], package = "rsa" }fn main() {
use rsa::pkcs8::EncodePublicKey;
use rsa::sha2::Digest;
use rsa::RsaPrivateKey;
use rsa8 as rsa;
let mut rng = rand::thread_rng();
let bits = 2048;
let data = vec![0_u8; 100];
let private_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key");
let public_key = private_key.to_public_key();
let mut h = rsa::sha2::Sha256::default();
h.update(&data);
let hash = h.finalize();
let pss = rsa::Pss::new::<rsa::sha2::Sha256>();
let sig = private_key.sign_with_rng(&mut rng, pss, &hash).unwrap();
let pem = public_key
.to_public_key_pem(rsa::pkcs8::LineEnding::LF)
.unwrap();
dbg!(&pem, hex::encode(hash), hex::encode(&sig));
t_rsa8(&pem, &hash, &sig);
t_rsa9(&pem, &hash, &sig);
}
fn t_rsa8(public_key_pem: &str, hashed_data: &[u8], sig: &[u8]) {
use rsa8::pkcs8::DecodePublicKey;
use rsa8::{PublicKey, RsaPublicKey};
println!("START RSA-8");
let pk = RsaPublicKey::from_public_key_pem(public_key_pem).expect("Failed to parse PEM");
pk.verify(rsa8::Pss::new::<rsa8::sha2::Sha256>(), hashed_data, sig)
.expect("Failed to verify data against signature");
println!("END RSA-8");
}
fn t_rsa9(public_key_pem: &str, hashed_data: &[u8], sig: &[u8]) {
use rsa9::pkcs8::DecodePublicKey;
use rsa9::RsaPublicKey;
println!("START RSA-9");
let pk = RsaPublicKey::from_public_key_pem(public_key_pem).expect("Failed to parse PEM");
pk.verify(rsa9::Pss::new::<rsa9::sha2::Sha256>(), hashed_data, sig)
.expect("Failed to verify data against signature");
println!("END RSA-9");
}This breaks:
cargo run --release --quiet
[src/main.rs:25] &pem = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00i3sOjgQLWZqWJeO2DG\nzFp/fwH5tdlVaUA4lOBTGX0hb5+QQelaH/PxyaHuRQ7NSoiFo4VFvYPsMvtcleny\nWpfO0Iq7nVophNjo49KWrXJKkQs8wcNc0vG07PcVgUCvG7z9VX5BJxi1zxnXiUtC\nQ/KIuS93M9rzrRBP2sBwZaQWn2WJqPAj3dmt3JiPYaCdQzviSzMhzTRMEbtQQSfY\nMUhEq4xLKQXvatRRIgtDg/a15+YHGuxSGigYGGUaxn9jzqcsYKVmzAZVbhK0KrNs\n1vqXg0LXlVKvh5n49rDXRwGSXHuNgbX+nDUGqrYEgtKcioPd9ECZpebEPEXkjTBK\n0QIDAQAB\n-----END PUBLIC KEY-----\n"
[src/main.rs:25] hex::encode(hash) = "cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3"
[src/main.rs:25] hex::encode(&sig) = "70d501c5426f0b197639cbc4c8ebe7f1ffc07baeb124940d43a36da97b89ccda2247b7c4ef1a6be01e3f696a049d2b5cd117cf6ab2f740223437943ba6fd361e5f7a67a5c7ac578318d1643f4719bc12d23c69be309116c1f72d58bfcde54d48f4d9914429d6c101153d43d287dd1f734c43db33c56e0bddbf648504ca59fbf2810a3fa8a1a34c4baf9d1bd54dddfb2c69ea122048772d902cd0b7939a89a0d9ea1a32d518e22e17a124ecb42d75c1ca1232e27c163b92f5321e22e83b4974cd85b494758030e16c35cf1717a9d7b02ccd471dfc82828c782999cd72a7879fdd516d38a67ba933f80757e2b9d293f67916cf29facd4613fc6bcb8e3ea9bd6a1c"
START RSA-8
END RSA-8
START RSA-9
thread 'main' panicked at 'Failed to verify data against signature: Verification', src/main.rs:51:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
This looks like a similar problem to #330 maybe ?