This allows reuse of the `RsaSignatureAssociatedOid` trait to pull
implementation of `SignatureAlgorithmIdentifier` in other crates (like
`yubihsm.rs`).
The padding mode modules have gotten quite large.
This commit refactors types into respective submodules, with the
toplevel module defining the same-named padding schemes.
There were several modules that defined traits, including one called
`traits`.
This consolidates all of them under `traits`, retaining the previous
module structure as internal submodules:
- `keytraits` => `traits::keys`
- `padding` => `traits::padding`
- `traits` => `traits::encryption`
Additionally this removes the traits that were re-exported at the
toplevel, instead re-exporting them all under `traits`.
`RsaPrivateKey` self-zeroizes on drop, so add the `ZeroizeOnDrop` marker
trait to `RsaPrivateKey` and all newtypes thereof, i.e. `DecryptingKey`
and `SigningKey` for the various padding modes.
This also removes the `Zeroize` impl on `RsaPrivateKey`, since it
self-zeroizes on `Drop`, and allowing `Zeroize` might accidentally
permit use-after-zeroize vulnerabilities.
In both the PKCS#1v1.5 and PSS implementations, checks the signature
value to ensure it does not overflow the modulus.
In the PKCS#1v1.5 implementation, checks the signature length to ensure
it matches the public key size. The PSS implementation was already doing
this.
Closes#272
* feat: decouple key generation and random generation
Make generate_multi_prime_key_with_exp() generic enough to generate
abstract key structure. Rewrite RsaPrivateKey constructors to use
RsaPrivateKey::from_components().
* feat: move key-related traits to separate module
Move PublicKeyParts to the separate module.
* feat: stop using RsaPrivateKey in internals.rs
Make internals.rs generic enough to be moved to the algorithms module.
* feat: move soft RSA implementation to crate::algorithms::rsa.rs
Separate software RSA implementation to separate module under
crate::algorithms.
* key: drop raw_int_*_primitive wrappers
Now as raw_int_encryption_primitive() and raw_int_decryption_primitive()
became simple wrappers around properly defined functions we can inline
them and always use software RSA algorithm from src::algorithms::rsa.rs.
* feat: move internals.rs to src/algortihms/pad.rs
internals.rs now contains only small functions related to BigUint to
Vec<u8> conversion. Move them to src/algorithms/pad.rs and get rid of
internals.rs
* algorithms: protect all functions with pub(crate)
While it is expected that the functions inside algorithms crates might
be useful (and used) by other parties, they are low level functions and
as such impose a high risk of being misused. Protect all of them with
pub(crate) to prevent them from being exposed by mistake.
Also add big fat warnings to raw RSA functions, which should never be
used unless authors knows exactly what they are using.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
The crate contains several exported traits targeting
hardware-accelerated implementations (PublicKey, PrivateKey,
EncryptionPrimitive, DecriptionPrimitive). However these traits
overcomplicate internal structure of the crate. It is not clear, which
level of API can be implemented by the hardware accelerators.
The crate is already quite complicated, implementing both
PaddingScheme-based API and Signer/Verifier/Encryptor/Decryptor API.
Remove the complication for now. The proper level of indirection can be
introduced once support for actual hardware accelerators is implemented.
Inline and drop the RsaPrivateKey::raw_decryption_primitive() function.
There is no need to zeroize argument, it is ciphertext, so it can be
assumed to be safe.
Change raw_int_decryption_primitive() and raw_int_decryption_primitive()
to output Result<BigUint> instead of Result<Vec<u8>>, because they also
take BigUint rather than Vec<u8> or &[u8].
In order to simplify adding support for RSA hardware accelerators, move
all formatting and padding functions to a separate modules, making it
theoretically possible to use that for implementing support for
low-level RSA hardware accelerators.
Also follows the pkcs1v15 change and use BigUint as a Signature's
internal implementation.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
This one half of #220.
Doing anything with a signature involves converting it from bytes into a
`BigUint`, so this changes the inner type the latter which is more
useful.
It should also help address #272, since it will enable doing those sort
of checks more eagerly.
Following #290, which amended `pkcs1v15::SigningKey`, this commit makes
a corresponding change to `Pkcs1v15Sign` so the method name is
consistent with `SigningKey::new_unprefixed`
Renames the following:
- `SigningKey::new` => `SigningKey::new_unprefixed`
- `SigningKey::new_with_prefix` => `SigningKey::new`
- `VerifyingKey::new` => `VerifyingKey::new_unprefixed`
- `VerifyingKey::new_with_prefix` => `VerifyingKey::new`
The `*_with_prefix` methods are preserved with a deprecation warning,
which should help people migrate to the new versions.
Closes#238
* feat: relax Sized requirement for random source parameters
* oaep: move OAEP test cases to src/oaep.rs
There is little point in having only OAEP test cases in src/key.rs. Move
them to proper module, oaep.rs.
* oaep: mark two functions as private
Currently the crate doesn't mark the oaep module as public. Thus it
makes little sense to mark top-level functions as public. Drop the
modifier.
* feat: traits: add traits for encryption and decryption
Add traits following the signature design for encryption and decryption.
* oaep: add support for new encryption API
Add new EncryptingKey and DecryptingKey structs implementing Encryptor /
Decryptor traits.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
We seem to be running into a lot of people who are having trouble with
PKCS#1 v1.5 signatures because the failure mode for the `oid` feature of
the `sha2` crate being disabled is fairly unscrutable.
See #234, #253, and the semi-related tracking issue for #238.
If `rsa` has a `sha2` feature, we can always ensure `oid` is enabled,
and this can be used in code examples. It also means users don't need
two crates to create/verify PKCS#1 v1.5 signatures.
RSA is used commonly enough with the SHA2 family that this integration
probably makes sense.
Splits up the `PaddingScheme` enum into four structs, named after the
previous variants of the struct (adopting capitalization from the Rust
API guidelines):
- `oaep::Oaep`
- `pkcs1v15::{Pkcs1v15Encrypt, Pkcs1v15Sign}`
- `pss::Pss`
All of these are re-exported from the toplevel.
Each of these structs impls one or more of the following traits:
- `PaddingScheme`: used for encryption
- `SignatureScheme`: used for signing
The `PaddingScheme` constructors have been remapped as follows:
- `new_oaep` => `Oaep::new`
- `new_oaep_with_label` => `Oaep::new_with_label`
- `new_oaep_with_mgf_hash` => `Oaep::new_with_mgf_hash`
- `new_oaep_with_mgf_hash_with_label` => `Oaep::new_with_mgf_hash_and_label`
- `new_pkcs1v15_encrypt` => `Pkcs1v15Encrypt`
- `new_pkcs1v15_sign` => `Pkcs1v15Sign::new`
- `new_pkcs1v15_sign_raw` => `Pkcs1v15Sign::new_raw`
- `new_pss` => `Pss::{new, new_blinded}`
- `new_pss_with_salt` => `Pss::{new_with_salt new_blinded_with_salt}`
Also uses the new `CryptoRngCore` where possible instead of separate
`CryptoRng + RngCore`, and switches to `signature` v2.0.0-pre.3
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Rework the crate to implement traits from the preview of the signature
crate. Use `Vec<u8>` as `Self::Repr` type.
Drop the hand-crafted `From` traits, replacing them with the
implementation of the `Keypair` trait.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Several types and methods were missing documentation.
This commit adds document and enables warnings for `missing_docs`.
Additionally it updates all references to PKCS#1 RFCs to use RFC8017,
which documents the latest version of PKCS#1.
Drop internal implementation of `AssociatedHash` and use `AssociatedOid`
trait from `const_oid` to get the OID corresponding to the `Digest` and to
format the ASN.1 prefix.
Also removes the previous `Hash` enum as it was used for looking up OIDs.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Implement Deref<Target = [u8]> for the Signature types to allow
automatically dereferencing Signature as byte slices.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
- Change the `SigningKey` and `VerifiyingKey` implementations accept raw
message rather than pre-hashed message.
- Implement the experimental (preview) `DigestSigner` and `DigestVerifier`
traits for the PKCS1v15 structs.
- Implement the experimental (preview) `RandomizedDigestSigner` and
`DigestVerifier` traits for the PSS structs.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Refactor the `rsa` crate to use the API defined by the signature crate.
This adds `pss` and `pkcs1v15` modules, each of them providing
`Signature`, `Verifier` and `Signer`/`RandomizedSigner` implementations.
Add tests for pkcs1v15 and pss signature verification functions to check
that verifying invalid signatures returns an error.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Adds an error case in the event the number of `primes` provides is fewer
than 2, which prevents panics when invoking methods which expect primes
to always be present at indices 0 and 1 (i.e. `p` and `q`)
Fixes#163
* No-std support
* Fix tests
* Cleanly error out when building without the alloc feature
* Run no-std tests on arm-linux-gnu target
* Fix nostd tests
* Attempt 2 at fixing nostd tests
* Fix warnings when running tests in nostd mode
* fixup! No-std support
