ring
ring copied to clipboard
Add support generating RSA PKCS#1 signatures using SHA-1
Currently we have RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY
for verifying signatures that use SHA-1 (and weak keys).
However, we don't expose the ability to produce such signatures. Some ring users need to support existing protocols where SHA-1 signatures are (unfortunately) negotiated. For example, in many common OpenSSH deployments, the client and server will work together to negotiate SHA-1 instead of a stronger digest algorithm.
In the code we have this:
rsa_pkcs1_padding!(
pub(in super::super) RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY,
&digest::SHA1_FOR_LEGACY_USE_ONLY,
&SHA1_PKCS1_DIGESTINFO_PREFIX,
"PKCS#1 1.5 padding using SHA-1 for RSA signatures."
);
Compare this to others:
rsa_pkcs1_padding!(
pub RSA_PKCS1_SHA256,
&digest::SHA256,
&SHA256_PKCS1_DIGESTINFO_PREFIX,
"PKCS#1 1.5 padding using SHA-256 for RSA signatures."
);
It seems like we "just" need to change the visibility of this and a few other declarations, and add some tests.
I updated the description to indicate the intended scope: Add support for generating PKCS#1 SHA-1 signatures, only. I'm not intending to add support for PSS or OAEP support using SHA-1 at this time, though I am also not ruling out ever adding support, if we find a need.