Expose RSA_PKCS1_SHA1 for RSA signing

src/rsa/convert_nist_rsa_test_vectors.py

@@ -143,11 +143,12 @@ def print_verify_test(case, n, e):
     print('Result = %s' % case['Result'])
     print('')
 
-def main(fn, test_type, padding_alg):
+def main(fn, test_type, padding_alg, alg):
     input_file_digest = hashlib.sha384(open(fn, 'rb').read()).hexdigest()
     # File header
     print("# RSA %(padding_alg)s Test Vectors for FIPS 186-4 from %(fn)s in" % \
             { "fn": fn, "padding_alg": padding_alg })
+    print("# http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip")
     print("# http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3rsatestvectors.zip")
     print("# accessible from")
     print("# http://csrc.nist.gov/groups/STM/cavp/digital-signatures.html#test-vectors")
@@ -180,6 +181,10 @@ def main(fn, test_type, padding_alg):
             last_field = "S"
 
     for case in parse(fn, last_field):
+        if alg is not None and case['SHAAlg'] != alg:
+            debug("Skipping filtered algorithm", DEBUG)
+            continue
+
         if case['SHAAlg'] == 'SHA224':
             # SHA224 not supported in *ring*.
             debug("Skipping due to use of SHA224", DEBUG)
@@ -223,10 +228,11 @@ def main(fn, test_type, padding_alg):
     debug("%d test cases output." % num_cases, True)
 
 if __name__ == '__main__':
-    if len(sys.argv) != 2:
-        print("Usage:\n python %s <filename>" % sys.argv[0])
+    if len(sys.argv) not in [2, 3]:
+        print("Usage:\n python %s <filename> [algorithm]" % sys.argv[0])
     else:
         fn = sys.argv[1]
+        alg = sys.argv[2] if len(sys.argv) > 2 else None
         if 'PSS' in fn:
             pad_alg = 'PSS'
         elif '15' in fn:
@@ -243,4 +249,4 @@ def main(fn, test_type, padding_alg):
             print("Could not determine test type.")
             quit()
 
-        main(sys.argv[1], test_type, pad_alg)
+        main(sys.argv[1], test_type, pad_alg, alg)

src/rsa/padding.rs

@@ -19,10 +19,12 @@ mod pkcs1;
 mod pss;
 
 pub use self::{
-    pkcs1::{PKCS1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512},
+    pkcs1::{
+        PKCS1, RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384,
+        RSA_PKCS1_SHA512,
+    },
     pss::{PSS, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512},
 };
-pub(super) use pkcs1::RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY;
 
 /// Common features of both RSA padding encoding and RSA padding verification.
 pub trait Padding: 'static + Sync + crate::sealed::Sealed + core::fmt::Debug {

src/rsa/padding/pkcs1.rs

@@ -103,12 +103,8 @@ macro_rules! rsa_pkcs1_padding {
     };
 }
 
-// Intentionally not exposed except internally for signature verification. At a
-// minimum, we'd need to create test vectors for signing with it, which we
-// don't currently have. But, it's a bad idea to use SHA-1 anyway, so perhaps
-// we just won't ever expose it.
 rsa_pkcs1_padding!(
-    pub(in super::super) RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY,
+    pub RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY,
     &digest::SHA1_FOR_LEGACY_USE_ONLY,
     &SHA1_PKCS1_DIGESTINFO_PREFIX,
     "PKCS#1 1.5 padding using SHA-1 for RSA signatures."

src/signature.rs

@@ -280,8 +280,8 @@ pub use crate::ec::{
 #[cfg(feature = "alloc")]
 pub use crate::rsa::{
     padding::{
-        RsaEncoding, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256,
-        RSA_PSS_SHA384, RSA_PSS_SHA512,
+        RsaEncoding, RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384,
+        RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512,
     },
     verification::{
         RsaPublicKeyComponents, RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY,