Adds an on-by-default feature which enables `num-bigint-dig/u64_digit`.
Disabling this on 32-bit platforms (e.g. WASM) should improve
performance.
Closes#252
`RsaPrivateKey` self-zeroizes on drop, so add the `ZeroizeOnDrop` marker
trait to `RsaPrivateKey` and all newtypes thereof, i.e. `DecryptingKey`
and `SigningKey` for the various padding modes.
This also removes the `Zeroize` impl on `RsaPrivateKey`, since it
self-zeroizes on `Drop`, and allowing `Zeroize` might accidentally
permit use-after-zeroize vulnerabilities.
* feat: decouple key generation and random generation
Make generate_multi_prime_key_with_exp() generic enough to generate
abstract key structure. Rewrite RsaPrivateKey constructors to use
RsaPrivateKey::from_components().
* feat: move key-related traits to separate module
Move PublicKeyParts to the separate module.
* feat: stop using RsaPrivateKey in internals.rs
Make internals.rs generic enough to be moved to the algorithms module.
* feat: move soft RSA implementation to crate::algorithms::rsa.rs
Separate software RSA implementation to separate module under
crate::algorithms.
* key: drop raw_int_*_primitive wrappers
Now as raw_int_encryption_primitive() and raw_int_decryption_primitive()
became simple wrappers around properly defined functions we can inline
them and always use software RSA algorithm from src::algorithms::rsa.rs.
* feat: move internals.rs to src/algortihms/pad.rs
internals.rs now contains only small functions related to BigUint to
Vec<u8> conversion. Move them to src/algorithms/pad.rs and get rid of
internals.rs
* algorithms: protect all functions with pub(crate)
While it is expected that the functions inside algorithms crates might
be useful (and used) by other parties, they are low level functions and
as such impose a high risk of being misused. Protect all of them with
pub(crate) to prevent them from being exposed by mistake.
Also add big fat warnings to raw RSA functions, which should never be
used unless authors knows exactly what they are using.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Switch to using RsaPssParams::new() from pkcs1 crate. This fixes the
issue reported by zlint for x509-cert, where SHA* digest algorithms had
empty parameters instead of NULL parameters (as required by Mozilla
policy and permitted by RFC4055).
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reverts-the-revert from #254, reinstating #251
This reverts commit 26f38ad66a09fc42ed6d73e3b1864f0251db4e2d.
Since we need to upgrade `pkcs1` and `pkcs8`, which are MSRV 1.65, now
is a good time to start making brekaing changes again.
We seem to be running into a lot of people who are having trouble with
PKCS#1 v1.5 signatures because the failure mode for the `oid` feature of
the `sha2` crate being disabled is fairly unscrutable.
See #234, #253, and the semi-related tracking issue for #238.
If `rsa` has a `sha2` feature, we can always ensure `oid` is enabled,
and this can be used in code examples. It also means users don't need
two crates to create/verify PKCS#1 v1.5 signatures.
RSA is used commonly enough with the SHA2 family that this integration
probably makes sense.
This reverts commit da1997d0b786181f3e3375e3eef09899486a3833.
I was probably over-eager on this: it's a breaking change.
There are probably some non-breaking changes we can make first, and when
we're ready to make breaking changes again, we can revert the revert.
Also uses the new `CryptoRngCore` where possible instead of separate
`CryptoRng + RngCore`, and switches to `signature` v2.0.0-pre.3
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Rework the crate to implement traits from the preview of the signature
crate. Use `Vec<u8>` as `Self::Repr` type.
Drop the hand-crafted `From` traits, replacing them with the
implementation of the `Keypair` trait.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
The crate is now using the `PrehashSigner`/`PrehashVerifier` traits,
which were added in `signature` v1.6.1.
However, that release was also yanked, so this commit pins to 1.6.2.
Drop internal implementation of `AssociatedHash` and use `AssociatedOid`
trait from `const_oid` to get the OID corresponding to the `Digest` and to
format the ASN.1 prefix.
Also removes the previous `Hash` enum as it was used for looking up OIDs.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
- Change the `SigningKey` and `VerifiyingKey` implementations accept raw
message rather than pre-hashed message.
- Implement the experimental (preview) `DigestSigner` and `DigestVerifier`
traits for the PKCS1v15 structs.
- Implement the experimental (preview) `RandomizedDigestSigner` and
`DigestVerifier` traits for the PSS structs.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Refactor the `rsa` crate to use the API defined by the signature crate.
This adds `pss` and `pkcs1v15` modules, each of them providing
`Signature`, `Verifier` and `Signer`/`RandomizedSigner` implementations.
Add tests for pkcs1v15 and pss signature verification functions to check
that verifying invalid signatures returns an error.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Adds an error case in the event the number of `primes` provides is fewer
than 2, which prevents panics when invoking methods which expect primes
to always be present at indices 0 and 1 (i.e. `p` and `q`)
Fixes#163
The `zeroize_derive` crate has quite a few dependencies, and in
particular `syn` is a fairly large one with not-insignificant compile
times.
Together with dignifiedquire/num-bigint#35, this will remove the
following dependencies from the dependency tree:
- `proc-macro2`
- `quote`
- `syn`
- `synstructure`
- `zeroize_derive`
