avoid exceptions, be more precise in types

mirage · Mar 19, 2024 · c19f54e · c19f54e
1 parent c4a0874
commit c19f54e
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 12 deletions.
diff --git a/pk/mirage_crypto_pk.mli b/pk/mirage_crypto_pk.mli
@@ -187,12 +187,12 @@ module Rsa : sig
         was produced with the given [key] as per {{!sig_encode}sig_encode}, or
         [None] *)
 
-    val min_key : Digestif.hash' -> bits
+    val min_key : [ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] -> bits
     (** [min_key hash] is the minimum key size required by {{!sign}[sign]}. *)
 
     val sign : ?crt_hardening:bool -> ?mask:mask ->
-      hash:Digestif.hash' -> key:priv -> string or_digest ->
-      string
+      hash:[ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] ->
+      key:priv -> string or_digest -> string
     (** [sign ~crt_hardening ~mask ~hash ~key message] is the PKCS 1.5
         signature of [message], signed by the [key], using the hash function
         [hash]. This is the full signature, with the ASN-encoded message digest
@@ -205,8 +205,9 @@ module Rsa : sig
 
         @raise Invalid_argument if message is a [`Digest] of the wrong size.  *)
 
-    val verify : hashp:(Digestif.hash' -> bool) -> key:pub ->
-      signature:string -> string or_digest -> bool
+    val verify :
+      hashp:([ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] -> bool) ->
+      key:pub -> signature:string -> string or_digest -> bool
     (** [verify ~hashp ~key ~signature message] checks that [signature] is the
         PKCS 1.5 signature of the [message] under the given [key].
 

diff --git a/pk/rsa.ml b/pk/rsa.ml
@@ -279,14 +279,11 @@ module PKCS1 = struct
       `SHA512, "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40"
     ]
     in
-    (fun h ->
-       match List.assoc_opt h map with
-       | None -> invalid_arg "unsupported hash (only MD5 and SHA are supported)"
-       | Some x -> x),
+    (fun h -> List.assoc h map),
     (fun buf -> List.find_opt (fun (_, d) -> is_prefix d buf) map)
 
   let sign ?(crt_hardening = true) ?mask ~hash ~key msg =
-    let module H = (val Digestif.module_of_hash' hash) in
+    let module H = (val Digestif.module_of_hash' (hash :> Digestif.hash')) in
     let module D = Digest_or(H) in
     let msg' = asn_of_hash hash ^ D.digest_or msg in
     sig_encode ~crt_hardening ?mask ~key msg'
@@ -298,13 +295,13 @@ module PKCS1 = struct
     Option.value
       (sig_decode ~key signature >>= fun buf ->
        detect buf >>| fun (hash, asn) ->
-       let module H = (val Digestif.module_of_hash' hash) in
+       let module H = (val Digestif.module_of_hash' (hash :> Digestif.hash')) in
        let module D = Digest_or(H) in
        hashp hash && Eqaf.equal (asn ^ D.digest_or msg) buf)
       ~default:false
 
   let min_key hash =
-    let module H = (val Digestif.module_of_hash' hash) in
+    let module H = (val Digestif.module_of_hash' (hash :> Digestif.hash')) in
     (String.length (asn_of_hash hash) + H.digest_size + min_pad + 2) * 8 + 1
 end