People were missing that the example required the `sha2` crate as a
dependency. See #340.
This changes it to use the re-exported `sha2` crate and notes that the
`sha2` feature must be enabled.
External access to these functions was removed in #304 when the old
`internals` module and `expose-internals` feature were removed. There
are some valid use cases for them, though (see #351), so let's bring
back a subset of what was in `internals` using the same naming and
documentation conventions that the aes crate uses for its hazardous
functions.
Much of the added or changed documentation is derived from that in
the `aes` crate.
Fixes#351.
Adds PKCS#8 (and via blanket impl, PKCS#1) and SPKI decoding trait
support to `pkcs1v15::{SigningKey, VerifyingKey}`.
Also adds basic tests that decoding and encoding works.
The `fmt::{LowerHex, UpperHex}` impls, with the latter called
vicariously via `fmt::Display`, were showing the unpadded signature
rather than the padded one.
This changes these impls to call `SignatureEncoding::to_bytes` first
before displaying the signature.
The `SignatureEncoding` impl added in `rsa` v0.9 (or more specifically,
the `From<Signature>` impl for `Box<[u8]>` failed to properly left pad
the signatures so they matched the modulus size.
This adds the appropriate padding to the signature encoder.
The `RsaPrivateKey` type previously had a `Deref` impl providing access
to the associated `RsaPublicKey`.
`Deref` is intended for "smart pointer types", i.e. container types
which manage a (typically generic) inner type in some way. This doesn't
seem like one of those cases.
`AsRef`, on the other hand, is for cheap reference conversions, which is
exactly what's happening here, so it's a better fit and provides the
same functionality (albeit explicitly rather than via deref coercion).
The padding mode modules have gotten quite large.
This commit refactors types into respective submodules, with the
toplevel module defining the same-named padding schemes.
There were several modules that defined traits, including one called
`traits`.
This consolidates all of them under `traits`, retaining the previous
module structure as internal submodules:
- `keytraits` => `traits::keys`
- `padding` => `traits::padding`
- `traits` => `traits::encryption`
Additionally this removes the traits that were re-exported at the
toplevel, instead re-exporting them all under `traits`.
Adds an on-by-default feature which enables `num-bigint-dig/u64_digit`.
Disabling this on 32-bit platforms (e.g. WASM) should improve
performance.
Closes#252
`RsaPrivateKey` self-zeroizes on drop, so add the `ZeroizeOnDrop` marker
trait to `RsaPrivateKey` and all newtypes thereof, i.e. `DecryptingKey`
and `SigningKey` for the various padding modes.
This also removes the `Zeroize` impl on `RsaPrivateKey`, since it
self-zeroizes on `Drop`, and allowing `Zeroize` might accidentally
permit use-after-zeroize vulnerabilities.
In both the PKCS#1v1.5 and PSS implementations, checks the signature
value to ensure it does not overflow the modulus.
In the PKCS#1v1.5 implementation, checks the signature length to ensure
it matches the public key size. The PSS implementation was already doing
this.
Closes#272
* feat: decouple key generation and random generation
Make generate_multi_prime_key_with_exp() generic enough to generate
abstract key structure. Rewrite RsaPrivateKey constructors to use
RsaPrivateKey::from_components().
* feat: move key-related traits to separate module
Move PublicKeyParts to the separate module.
* feat: stop using RsaPrivateKey in internals.rs
Make internals.rs generic enough to be moved to the algorithms module.
* feat: move soft RSA implementation to crate::algorithms::rsa.rs
Separate software RSA implementation to separate module under
crate::algorithms.
* key: drop raw_int_*_primitive wrappers
Now as raw_int_encryption_primitive() and raw_int_decryption_primitive()
became simple wrappers around properly defined functions we can inline
them and always use software RSA algorithm from src::algorithms::rsa.rs.
* feat: move internals.rs to src/algortihms/pad.rs
internals.rs now contains only small functions related to BigUint to
Vec<u8> conversion. Move them to src/algorithms/pad.rs and get rid of
internals.rs
* algorithms: protect all functions with pub(crate)
While it is expected that the functions inside algorithms crates might
be useful (and used) by other parties, they are low level functions and
as such impose a high risk of being misused. Protect all of them with
pub(crate) to prevent them from being exposed by mistake.
Also add big fat warnings to raw RSA functions, which should never be
used unless authors knows exactly what they are using.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
