[pull] master from RustCrypto:master #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
RSAPrivateKey no longer implements PublicKey. Instead, RSAPublicKey::from(RSAPrivateKey) should be used to obtain a public key.
Key trait refactor
Test assertion is manual and done with openssl
pkcs1v15: Make decrypt() and sign() generic over PrivateKey
Co-Authored-By: str4d <thestr4d@gmail.com>
README.md: remove deps.rs badge
This commit adds a function to `rsa::algorithms` called `generate_multi_prime_key_with_exp` which allows the caller to specify a custom value for the public key exponent. This commit also adds a convenience routine to `rsa::RSAPrivateKey` called `new_with_exp` which allows the caller to specify the custom value for the public key exponent as part of `rsa::RSAPrivateKey` constructor. Exposing the public key exponent matches an OpenSSL call `openssl::rsa::generate_with_e` which is useful in certain settings such when generating the signing keys for SGX enclaves.
This returns the `AlgorithmIdentifierOwned` assuming the default situation where the salt_len is the `output_size` of the `Digest`. This is meant to be used by HSM where the private key is hidden behind an abstraction but to still expose a `DynSignatureAlgorithmIdentifier` trait.
This allows reuse of the `RsaSignatureAssociatedOid` trait to pull implementation of `SignatureAlgorithmIdentifier` in other crates (like `yubihsm.rs`).
Bumps [spki](https://github.com/RustCrypto/formats) from 0.7.2 to 0.7.3. - [Commits](RustCrypto/formats@spki/v0.7.2...spki/v0.7.3) --- updated-dependencies: - dependency-name: spki dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Newer versions of rustc report these. They were previously ignored because they were `pub use`, but inside of a non-`pub` module.
NOTE: not for release. This signifies that we are going to make breaking changes to the `master` branch which are incompatible with v0.9 releases. The first prerelease of this series published to crates.io will be v0.10.0-pre.0 at some point in the future.
This makes it possible to use `rsa` with prerelease versions of `x509-cert`. Bumps the following dependencies: - `const-oid` v0.10.0-pre.2 - `digest` v0.11.0-pre.7 - `pkcs1` v0.8.0-pre.0 - `pkcs8` v0.11.0-pre.0 - `signature` v2.3.0-pre.2 - `sha1` v0.11.0-pre.2 - `sha2` v0.11.0-pre.2 - `sha3` v0.11.0-pre.2 - `spki` v0.8.0-pre.0
Bumps the following: - `digest` v0.11.0-pre.8 - `signature` v2.3.0-pre.3 - `sha1` v0.11.0-pre.3 - `sha2` v0.11.0-pre.3
This contains a Docker image which can be used for testing for the Marvin Attack: https://people.redhat.com/~hkario/marvin/
* pkcs1v15: ensure that these keys are used only with the old RSA OID RSA PSS keys can be used either with the old rsaEncryption OID or with the id-RSASSA-PSS, while PKCS1v15 are limited to rsaEncryption. Enforce this limitation before adding support for is-RSASSA-PSS handling. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> * feat: allow id-RSASSA-PSS in verify_algorithm_id() Allow both rsaEncoding and id-RSASSA-PSS OIDs in verify_algorithm_id(). Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> * pss: support DecodePrivateKey and DecodePublicKey traits Implement necessary conversion traits to enable DecodePrivateKey and DecodePublicKey traits implementation. --------- Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Co-authored-by: Tony Arcieri <bascule@gmail.com>
Updates the following dependencies:
$ cargo update
Updating crates.io index
Updating aes v0.8.3 -> v0.8.4
Updating autocfg v1.1.0 -> v1.3.0
Removing bitflags v1.3.2
Removing bitflags v2.4.1
Adding bitflags v2.5.0
Updating cpufeatures v0.2.11 -> v0.2.12
Updating errno v0.3.7 -> v0.3.9
Updating fastrand v2.0.1 -> v2.1.0
Updating getrandom v0.2.11 -> v0.2.15
Updating hybrid-array v0.2.0-rc.5 -> v0.2.0-rc.8
Updating libc v0.2.150 -> v0.2.155
Updating linux-raw-sys v0.4.11 -> v0.4.14 (latest: v0.6.4)
Updating num-integer v0.1.45 -> v0.1.46
Updating num-iter v0.1.43 -> v0.1.45
Updating num-traits v0.2.17 -> v0.2.19
Updating proc-macro2 v1.0.79 -> v1.0.85
Updating quote v1.0.35 -> v1.0.36
Removing redox_syscall v0.4.1
Updating regex-syntax v0.8.2 -> v0.8.3
Updating rustix v0.38.25 -> v0.38.34
Updating serde v1.0.197 -> v1.0.203
Updating serde_derive v1.0.197 -> v1.0.203
Updating smallvec v1.11.2 -> v1.13.2
Updating syn v2.0.53 -> v2.0.66
Updating tempfile v3.8.1 -> v3.10.1
Updating windows-sys v0.48.0 -> v0.52.0
Updating windows-targets v0.48.5 -> v0.52.5
Updating windows_aarch64_gnullvm v0.48.5 -> v0.52.5
Updating windows_aarch64_msvc v0.48.5 -> v0.52.5
Updating windows_i686_gnu v0.48.5 -> v0.52.5
Adding windows_i686_gnullvm v0.52.5
Updating windows_i686_msvc v0.48.5 -> v0.52.5
Updating windows_x86_64_gnu v0.48.5 -> v0.52.5
Updating windows_x86_64_gnullvm v0.48.5 -> v0.52.5
Updating windows_x86_64_msvc v0.48.5 -> v0.52.5
Updating zeroize v1.7.0 -> v1.8.1
Bumps the following dependencies to their latest prerelease versions: - `const-oid` v0.10.0-rc.0 - `digest` v0.11.0-pre.9 - `pkcs1` v0.8.0-rc.0 - `pkcs8` v0.11.0-rc.0 - `signature` v2.3.0-pre.4 - `spki` v0.8.0-rc.0 - `sha1` v0.11.0-pre.4 - `sha2` v0.11.0-pre.4 Note: `pkcs5` is temporarily sourced from this PR due to circular dependency problems: RustCrypto/formats#1461
Some vendor serialization (NDA :() of signature and public keys will need the size of the salt that was used for signature. Sadly this is only exposed in the signing key (which may be out of reach (HSM)).
Ther are two issues with oddly formed keys that were not properly handled - avoid using `-` to avoid a subtraction with overflow for pkcs - always validate the key in `from_components` to avoid errors in the internal `precompute`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )