[pull] master from RustCrypto:master #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
pkcs1v15: Make decrypt() and sign() generic over PrivateKey
Co-Authored-By: str4d <thestr4d@gmail.com>
README.md: remove deps.rs badge
This commit adds a function to `rsa::algorithms` called `generate_multi_prime_key_with_exp` which allows the caller to specify a custom value for the public key exponent. This commit also adds a convenience routine to `rsa::RSAPrivateKey` called `new_with_exp` which allows the caller to specify the custom value for the public key exponent as part of `rsa::RSAPrivateKey` constructor. Exposing the public key exponent matches an OpenSSL call `openssl::rsa::generate_with_e` which is useful in certain settings such when generating the signing keys for SGX enclaves.
* No-std support * Fix tests * Cleanly error out when building without the alloc feature * Run no-std tests on arm-linux-gnu target * Fix nostd tests * Attempt 2 at fixing nostd tests * Fix warnings when running tests in nostd mode * fixup! No-std support
Co-authored-by: Tony Arcieri <bascule@gmail.com> Co-authored-by: dignifiedquire <me@dignifiedquire.com>
Updates the requirements on [simple_asn1](https://github.com/acw/simple_asn1) to permit the latest version. - [Release notes](https://github.com/acw/simple_asn1/releases) - [Commits](https://github.com/acw/simple_asn1/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the following: - `digest` v0.11.0-pre.8 - `signature` v2.3.0-pre.3 - `sha1` v0.11.0-pre.3 - `sha2` v0.11.0-pre.3
This contains a Docker image which can be used for testing for the Marvin Attack: https://people.redhat.com/~hkario/marvin/
* pkcs1v15: ensure that these keys are used only with the old RSA OID RSA PSS keys can be used either with the old rsaEncryption OID or with the id-RSASSA-PSS, while PKCS1v15 are limited to rsaEncryption. Enforce this limitation before adding support for is-RSASSA-PSS handling. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> * feat: allow id-RSASSA-PSS in verify_algorithm_id() Allow both rsaEncoding and id-RSASSA-PSS OIDs in verify_algorithm_id(). Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> * pss: support DecodePrivateKey and DecodePublicKey traits Implement necessary conversion traits to enable DecodePrivateKey and DecodePublicKey traits implementation. --------- Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Co-authored-by: Tony Arcieri <bascule@gmail.com>
Updates the following dependencies:
$ cargo update
Updating crates.io index
Updating aes v0.8.3 -> v0.8.4
Updating autocfg v1.1.0 -> v1.3.0
Removing bitflags v1.3.2
Removing bitflags v2.4.1
Adding bitflags v2.5.0
Updating cpufeatures v0.2.11 -> v0.2.12
Updating errno v0.3.7 -> v0.3.9
Updating fastrand v2.0.1 -> v2.1.0
Updating getrandom v0.2.11 -> v0.2.15
Updating hybrid-array v0.2.0-rc.5 -> v0.2.0-rc.8
Updating libc v0.2.150 -> v0.2.155
Updating linux-raw-sys v0.4.11 -> v0.4.14 (latest: v0.6.4)
Updating num-integer v0.1.45 -> v0.1.46
Updating num-iter v0.1.43 -> v0.1.45
Updating num-traits v0.2.17 -> v0.2.19
Updating proc-macro2 v1.0.79 -> v1.0.85
Updating quote v1.0.35 -> v1.0.36
Removing redox_syscall v0.4.1
Updating regex-syntax v0.8.2 -> v0.8.3
Updating rustix v0.38.25 -> v0.38.34
Updating serde v1.0.197 -> v1.0.203
Updating serde_derive v1.0.197 -> v1.0.203
Updating smallvec v1.11.2 -> v1.13.2
Updating syn v2.0.53 -> v2.0.66
Updating tempfile v3.8.1 -> v3.10.1
Updating windows-sys v0.48.0 -> v0.52.0
Updating windows-targets v0.48.5 -> v0.52.5
Updating windows_aarch64_gnullvm v0.48.5 -> v0.52.5
Updating windows_aarch64_msvc v0.48.5 -> v0.52.5
Updating windows_i686_gnu v0.48.5 -> v0.52.5
Adding windows_i686_gnullvm v0.52.5
Updating windows_i686_msvc v0.48.5 -> v0.52.5
Updating windows_x86_64_gnu v0.48.5 -> v0.52.5
Updating windows_x86_64_gnullvm v0.48.5 -> v0.52.5
Updating windows_x86_64_msvc v0.48.5 -> v0.52.5
Updating zeroize v1.7.0 -> v1.8.1
Bumps the following dependencies to their latest prerelease versions: - `const-oid` v0.10.0-rc.0 - `digest` v0.11.0-pre.9 - `pkcs1` v0.8.0-rc.0 - `pkcs8` v0.11.0-rc.0 - `signature` v2.3.0-pre.4 - `spki` v0.8.0-rc.0 - `sha1` v0.11.0-pre.4 - `sha2` v0.11.0-pre.4 Note: `pkcs5` is temporarily sourced from this PR due to circular dependency problems: RustCrypto/formats#1461
Some vendor serialization (NDA :() of signature and public keys will need the size of the salt that was used for signature. Sadly this is only exposed in the signing key (which may be out of reach (HSM)).
Ther are two issues with oddly formed keys that were not properly handled - avoid using `-` to avoid a subtraction with overflow for pkcs - always validate the key in `from_components` to avoid errors in the internal `precompute`
The biggest refactor (to date) Replaces all usage of `num-bigint-dig` based `BigInt` usage with the new `crypto-bigint` crate, using `BoxedUint` Current known issue is that we do have a performance regression, which will be able to get rid of over time: ``` # crypto-bigint # macbook m1 test bench_rsa_2048_pkcsv1_decrypt ... bench: 7,184,387.50 ns/iter (+/- 425,598.69) test bench_rsa_2048_pkcsv1_sign_blinded ... bench: 13,453,579.10 ns/iter (+/- 686,276.31) # AMD test bench_rsa_2048_pkcsv1_decrypt ... bench: 9,260,832.80 ns/iter (+/- 30,013.38) test bench_rsa_2048_pkcsv1_sign_blinded ... bench: 16,610,079.40 ns/iter (+/- 251,292.53) # master # macbook m1 test bench_rsa_2048_pkcsv1_decrypt ... bench: 1,117,479.15 ns/iter (+/- 31,334.30) test bench_rsa_2048_pkcsv1_sign_blinded ... bench: 1,337,437.55 ns/iter (+/- 88,624.39) # AMD test bench_rsa_2048_pkcsv1_decrypt ... bench: 1,414,348.80 ns/iter (+/- 12,585.71) test bench_rsa_2048_pkcsv1_sign_blinded ... bench: 1,685,650.00 ns/iter (+/- 11,105.71) ``` ## TODOs - [x] switch internal storage for `RsaPrivateKey` - [x] switch internal storage for `RsaPublicKey` - [x] switch all code to use the new `decrypt` implementation - [x] update public traits using `BigUint` to return owned versions - [x] fix blinding implementation - [x] switch decryption algorithm with precompute to use crypto-bigint ops - [x] go through other algorithms and update what can be done without having primality checks implemented - [x] review & update code for constant time operation - [x] review & update code for performance - [x] benchmarks --------- Co-authored-by: Fethbita <Fethbita@users.noreply.github.com>
This rework oaep to support non-string labels. One use-case is encryption of secrets in TPM. https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=297 > # Section B.4 RSAES_OAEP > > For RSA keys protecting a secret value (such as, an encryption key or a session secret), the L parameter > is a byte stream, the last byte of which must be zero, indicating the intended use of the encrypted value.
Replaces the current approximate `logf()` which we don't really need for this specific form of the argument. Note: I am not sure why we calculate `log(2^floor(bit_size / nprimes))` while we could just as well calculate `log(2^(bit_size/nprimes))`, but I left that part intact.
Notably includes #394 which migrates to `crypto-bigint`
Thanks to @ctz who implemented a basic structure to run these in in graviola, I ported running against the relevant test vectors from https://github.com/C2SP/wycheproof
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )