rename feature

src/crypto/ecdsa.rs

@@ -1,7 +1,7 @@
-#[cfg(feature = "use_aws_lc_rs")]
+#[cfg(feature = "fips")]
 use aws_lc_rs as ring;
 
-#[cfg(not(feature = "use_aws_lc_rs"))]
+#[cfg(not(feature = "fips"))]
 use ring;
 
 use ring::{rand, signature};
@@ -32,6 +32,7 @@ pub(crate) fn alg_to_ec_signing(alg: Algorithm) -> &'static signature::EcdsaSign
 
 /// The actual ECDSA signing + encoding
 /// The key needs to be in PKCS8 format
+#[cfg(not(feature = "fips"))]
 pub fn sign(
     alg: &'static signature::EcdsaSigningAlgorithm,
     key: &[u8],
@@ -42,3 +43,17 @@ pub fn sign(
     let out = signing_key.sign(&rng, message)?;
     Ok(b64_encode(out))
 }
+
+/// The actual ECDSA signing + encoding
+/// The key needs to be in PKCS8 format
+#[cfg(feature = "fips")]
+pub fn sign(
+    alg: &'static signature::EcdsaSigningAlgorithm,
+    key: &[u8],
+    message: &[u8],
+) -> Result<String> {
+    let rng = rand::SystemRandom::new();
+    let signing_key = signature::EcdsaKeyPair::from_pkcs8(alg, key)?;
+    let out = signing_key.sign(&rng, message)?;
+    Ok(b64_encode(out))
+}

src/crypto/eddsa.rs

@@ -1,7 +1,7 @@
-#[cfg(feature = "use_aws_lc_rs")]
+#[cfg(feature = "fips")]
 use aws_lc_rs as ring;
 
-#[cfg(not(feature = "use_aws_lc_rs"))]
+#[cfg(not(feature = "fips"))]
 use ring;
 
 use crate::algorithms::Algorithm;

src/crypto/mod.rs

@@ -1,7 +1,7 @@
-#[cfg(feature = "use_aws_lc_rs")]
+#[cfg(feature = "fips")]
 use aws_lc_rs as ring;
 
-#[cfg(not(feature = "use_aws_lc_rs"))]
+#[cfg(not(feature = "fips"))]
 use ring;
 
 use ring::constant_time::verify_slices_are_equal;

src/crypto/rsa.rs

@@ -1,7 +1,7 @@
-#[cfg(feature = "use_aws_lc_rs")]
+#[cfg(feature = "fips")]
 use aws_lc_rs as ring;
 
-#[cfg(not(feature = "use_aws_lc_rs"))]
+#[cfg(not(feature = "fips"))]
 use ring;
 
 use ring::{rand, signature};
@@ -47,10 +47,7 @@ pub(crate) fn sign(
     let key_pair = signature::RsaKeyPair::from_der(key)
         .map_err(|e| ErrorKind::InvalidRsaKey(e.to_string()))?;
 
-    #[cfg(feature = "use_aws_lc_rs")]
-    let mut signature = vec![0; key_pair.public_modulus_len()];
-    #[cfg(not(feature = "use_aws_lc_rs"))]
-    let mut signature = vec![0; key_pair.public().modulus_len()];
+    let mut signature = get_signature(&key_pair);
 
     let rng = rand::SystemRandom::new();
     key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::RsaFailedSigning)?;
@@ -70,3 +67,13 @@ pub(crate) fn verify_from_components(
     let res = pubkey.verify(alg, message, &signature_bytes);
     Ok(res.is_ok())
 }
+
+#[cfg(feature = "fips")]
+fn get_signature(key_pair: &signature::RsaKeyPair) -> Vec<u8> {
+    vec![0; key_pair.public_modulus_len()]
+}
+
+#[cfg(not(feature = "fips"))]
+fn get_signature(key_pair: &signature::RsaKeyPair) -> Vec<u8> {
+    vec![0; key_pair.public().modulus_len()]
+}

src/errors.rs

@@ -1,7 +1,7 @@
-#[cfg(feature = "use_aws_lc_rs")]
+#[cfg(feature = "fips")]
 use aws_lc_rs as ring;
 
-#[cfg(not(feature = "use_aws_lc_rs"))]
+#[cfg(not(feature = "fips"))]
 use ring;
 use std::error::Error as StdError;
 use std::fmt;