From 1720215ee07b4db0f417fa21ce0c03002953a47d Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Mon, 4 Dec 2023 12:17:57 -0700 Subject: [PATCH 01/23] README.md: update link to security audit (#399) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6f191df0..ad8bd3f2 100644 --- a/README.md +++ b/README.md @@ -117,7 +117,7 @@ dual licensed as above, without any additional terms or conditions. [//]: # (links) [RustCrypto]: https://github.com/RustCrypto/ -[audit]: https://www.opentech.fund/results/security-safety-audits/deltachat/ +[audit]: https://public.opentech.fund/documents/1907_OTF_DeltaChat_RPGP_RustRSA_GB_Report_v1.pdf [open security issues]: https://github.com/RustCrypto/RSA/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity [modular exponentiation is not constant time]: https://github.com/RustCrypto/RSA/issues/19 [random blinding]: https://en.wikipedia.org/wiki/Blinding_(cryptography) From cef3942178fc34b04dfc14f80c2cf309bff4ed26 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 19 Jan 2024 20:52:13 +0000 Subject: [PATCH 02/23] Fix unused import warnings (#404) Newer versions of rustc report these. They were previously ignored because they were `pub use`, but inside of a non-`pub` module. --- src/pkcs1v15/signature.rs | 15 ++++++--------- src/pss/signature.rs | 17 +++++++---------- 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/src/pkcs1v15/signature.rs b/src/pkcs1v15/signature.rs index a640da32..a07b6468 100644 --- a/src/pkcs1v15/signature.rs +++ b/src/pkcs1v15/signature.rs @@ -1,17 +1,14 @@ -pub use ::signature::{ - hazmat::{PrehashSigner, PrehashVerifier}, - DigestSigner, DigestVerifier, Error, Keypair, RandomizedDigestSigner, RandomizedSigner, Result, - SignatureEncoding, Signer, Verifier, -}; -use spki::{ - der::{asn1::BitString, Result as DerResult}, - SignatureBitStringEncoding, -}; +//! `RSASSA-PKCS1-v1_5` signatures. use crate::algorithms::pad::uint_to_be_pad; +use ::signature::SignatureEncoding; use alloc::{boxed::Box, string::ToString}; use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex}; use num_bigint::BigUint; +use spki::{ + der::{asn1::BitString, Result as DerResult}, + SignatureBitStringEncoding, +}; /// `RSASSA-PKCS1-v1_5` signatures as described in [RFC8017 § 8.2]. /// diff --git a/src/pss/signature.rs b/src/pss/signature.rs index fa47d6d9..031e2201 100644 --- a/src/pss/signature.rs +++ b/src/pss/signature.rs @@ -1,19 +1,16 @@ -pub use ::signature::{ - hazmat::{PrehashSigner, PrehashVerifier}, - DigestSigner, DigestVerifier, Error, Keypair, RandomizedDigestSigner, RandomizedSigner, Result, - SignatureEncoding, Signer, Verifier, -}; -use spki::{ - der::{asn1::BitString, Result as DerResult}, - SignatureBitStringEncoding, -}; +//! `RSASSA-PSS` signatures. use crate::algorithms::pad::uint_to_be_pad; +use ::signature::SignatureEncoding; use alloc::{boxed::Box, string::ToString}; use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex}; use num_bigint::BigUint; +use spki::{ + der::{asn1::BitString, Result as DerResult}, + SignatureBitStringEncoding, +}; -/// RSASSA-PSS signatures as described in [RFC8017 § 8.1]. +/// `RSASSA-PSS` signatures as described in [RFC8017 § 8.1]. /// /// [RFC8017 § 8.1]: https://datatracker.ietf.org/doc/html/rfc8017#section-8.1 #[derive(Clone, PartialEq, Eq)] From dfb719fcac81929f899c2eed156d1bb3359db557 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 19 Jan 2024 21:13:17 +0000 Subject: [PATCH 03/23] Bump version to v0.10.0-pre (#403) NOTE: not for release. This signifies that we are going to make breaking changes to the `master` branch which are incompatible with v0.9 releases. The first prerelease of this series published to crates.io will be v0.10.0-pre.0 at some point in the future. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index e4b22655..86da55c2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rsa" -version = "0.9.6" +version = "0.10.0-pre" authors = ["RustCrypto Developers", "dignifiedquire "] edition = "2021" description = "Pure Rust RSA implementation" From 4f99b25efe575021cb234cb530780bc426ab9d94 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 19 Jan 2024 21:31:54 +0000 Subject: [PATCH 04/23] Bump format/signature dependencies to prereleases; MSRV 1.72 (#405) This makes it possible to use `rsa` with prerelease versions of `x509-cert`. Bumps the following dependencies: - `const-oid` v0.10.0-pre.2 - `digest` v0.11.0-pre.7 - `pkcs1` v0.8.0-pre.0 - `pkcs8` v0.11.0-pre.0 - `signature` v2.3.0-pre.2 - `sha1` v0.11.0-pre.2 - `sha2` v0.11.0-pre.2 - `sha3` v0.11.0-pre.2 - `spki` v0.8.0-pre.0 --- .github/workflows/ci.yml | 4 +- Cargo.lock | 124 +++++++++++++++++++++++++++------------ Cargo.toml | 24 ++++---- README.md | 4 +- 4 files changed, 103 insertions(+), 53 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d14d1614..74188db1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: rust: - - 1.65.0 # MSRV + - 1.72.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -35,7 +35,7 @@ jobs: strategy: matrix: rust: - - 1.65.0 # MSRV + - 1.72.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/Cargo.lock b/Cargo.lock index c20e26fa..dfa60272 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -61,6 +61,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.11.0-pre.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0edadbde8e0243b49d434f9a23ec0590af201f400a34d7d51049284e4a77c568" +dependencies = [ + "crypto-common 0.2.0-pre.4", +] + [[package]] name = "block-padding" version = "0.3.3" @@ -97,15 +106,15 @@ version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ - "crypto-common", + "crypto-common 0.1.6", "inout", ] [[package]] name = "const-oid" -version = "0.9.5" +version = "0.10.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "f7e3352a27098ba6b09546e5f13b15165e6a88b5c2723afecb3ea9576b27e3ea" [[package]] name = "cpufeatures" @@ -126,11 +135,22 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.0-pre.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "806e4e3731d44f1340b069551225b44c2056c105cad9e67f0c46266db8a3a6b9" +dependencies = [ + "getrandom", + "hybrid-array", + "rand_core", +] + [[package]] name = "der" -version = "0.7.8" +version = "0.8.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "b489fd2221710c1dd46637d66b984161fb66134f81437a8489800306bcc2ecea" dependencies = [ "const-oid", "pem-rfc7468", @@ -143,12 +163,22 @@ version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", - "const-oid", - "crypto-common", + "block-buffer 0.10.4", + "crypto-common 0.1.6", "subtle", ] +[[package]] +name = "digest" +version = "0.11.0-pre.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "957713a19ffdda287c63772e607f848512f67ba948f17d8e42cb8d50fd98a786" +dependencies = [ + "block-buffer 0.11.0-pre.4", + "const-oid", + "crypto-common 0.2.0-pre.4", +] + [[package]] name = "errno" version = "0.3.7" @@ -204,7 +234,16 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", +] + +[[package]] +name = "hybrid-array" +version = "0.2.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b700a69c9d992339e82b6cda619873ee17768be06e80ed5ef07c50c50d499ab" +dependencies = [ + "typenum", ] [[package]] @@ -219,9 +258,9 @@ dependencies = [ [[package]] name = "keccak" -version = "0.1.4" +version = "0.2.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f6d5ed8676d904364de097082f4e7d240b571b67989ced0240f08b7f966f940" +checksum = "a7cdd4f0dc5807b9a2b25dd48a3f58e862606fe7bd47f41ecde36e97422d7e90" dependencies = [ "cpufeatures", ] @@ -308,24 +347,24 @@ version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ - "digest", + "digest 0.10.7", "hmac", ] [[package]] name = "pem-rfc7468" -version = "0.7.0" +version = "1.0.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +checksum = "76a65e1c27d1680f8805b3f8c9949f08d6aa5d6cbd088c9896e64a53821dc27d" dependencies = [ "base64ct", ] [[package]] name = "pkcs1" -version = "0.7.5" +version = "0.8.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +checksum = "4f6af6e88ac39402f67488e22faa9eb15cf065f520cf4a09419393691a6d0133" dependencies = [ "der", "pkcs8", @@ -334,24 +373,24 @@ dependencies = [ [[package]] name = "pkcs5" -version = "0.7.1" +version = "0.8.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" +checksum = "2c6aebdab8ec0fe71f347de8d37212be79ccdedeb0f46133b0cf2bc5f6d2c65a" dependencies = [ "aes", "cbc", "der", "pbkdf2", "scrypt", - "sha2", + "sha2 0.10.8", "spki", ] [[package]] name = "pkcs8" -version = "0.10.2" +version = "0.11.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +checksum = "935c09e0aecb0cb8f8907b57438b19a068cb74a25189b06724f061170b2465ff" dependencies = [ "der", "pkcs5", @@ -465,11 +504,11 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rsa" -version = "0.9.6" +version = "0.10.0-pre" dependencies = [ "base64ct", "const-oid", - "digest", + "digest 0.11.0-pre.7", "hex-literal", "num-bigint-dig", "num-integer", @@ -484,7 +523,7 @@ dependencies = [ "serde", "serde_test", "sha1", - "sha2", + "sha2 0.11.0-pre.2", "sha3", "signature", "spki", @@ -534,7 +573,7 @@ checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" dependencies = [ "pbkdf2", "salsa20", - "sha2", + "sha2 0.10.8", ] [[package]] @@ -568,13 +607,13 @@ dependencies = [ [[package]] name = "sha1" -version = "0.10.6" +version = "0.11.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +checksum = "301ed48dd873557d86a1843ebcdd511b628f13ec5401a0efa7007dc5a595eb1f" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.11.0-pre.7", ] [[package]] @@ -585,26 +624,37 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0-pre.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e18b939d4051b69874cbdb8f55de6a14ae44b357ccb94bdbd0a2122f8f875a46" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.11.0-pre.7", ] [[package]] name = "sha3" -version = "0.10.8" +version = "0.11.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +checksum = "9cecb44e361133b3304a1b3e325a1d8c999339fec8c19762b55e1509a17d6806" dependencies = [ - "digest", + "digest 0.11.0-pre.7", "keccak", ] [[package]] name = "signature" -version = "2.2.0" +version = "2.3.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +checksum = "017ea2f120415e4bf9c6177425b40386f207284147564e19d196c7bc90483c08" dependencies = [ - "digest", + "digest 0.11.0-pre.7", "rand_core", ] @@ -622,9 +672,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.7.3" +version = "0.8.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +checksum = "cb2b56670f5ef52934c97efad30bf42585de0c33ec3e2a886e38b80d2db67243" dependencies = [ "base64ct", "der", diff --git a/Cargo.toml b/Cargo.toml index 86da55c2..d02274f9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,25 +10,25 @@ repository = "https://github.com/RustCrypto/RSA" keywords = ["rsa", "encryption", "security", "crypto"] categories = ["cryptography"] readme = "README.md" -rust-version = "1.65" +rust-version = "1.72" [dependencies] num-bigint = { version = "0.8.2", features = ["i128", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" } num-traits = { version= "0.2.9", default-features = false, features = ["libm"] } num-integer = { version = "0.1.39", default-features = false } rand_core = { version = "0.6.4", default-features = false } -const-oid = { version = "0.9", default-features = false } +const-oid = { version = "=0.10.0-pre.2", default-features = false } subtle = { version = "2.1.1", default-features = false } -digest = { version = "0.10.5", default-features = false, features = ["alloc", "oid"] } -pkcs1 = { version = "0.7.5", default-features = false, features = ["alloc", "pkcs8"] } -pkcs8 = { version = "0.10.2", default-features = false, features = ["alloc"] } -signature = { version = ">2.0, <2.3", default-features = false , features = ["alloc", "digest", "rand_core"] } -spki = { version = "0.7.3", default-features = false, features = ["alloc"] } +digest = { version = "=0.11.0-pre.7", default-features = false, features = ["alloc", "oid"] } +pkcs1 = { version = "=0.8.0-pre.0", default-features = false, features = ["alloc", "pkcs8"] } +pkcs8 = { version = "=0.11.0-pre.0", default-features = false, features = ["alloc"] } +signature = { version = "=2.3.0-pre.2", default-features = false , features = ["alloc", "digest", "rand_core"] } +spki = { version = "=0.8.0-pre.0", default-features = false, features = ["alloc"] } zeroize = { version = "1.5", features = ["alloc"] } # optional dependencies -sha1 = { version = "0.10.5", optional = true, default-features = false, features = ["oid"] } -sha2 = { version = "0.10.6", optional = true, default-features = false, features = ["oid"] } +sha1 = { version = "=0.11.0-pre.2", optional = true, default-features = false, features = ["oid"] } +sha2 = { version = "=0.11.0-pre.2", optional = true, default-features = false, features = ["oid"] } serde = { version = "1.0.184", optional = true, default-features = false, features = ["derive"] } [dev-dependencies] @@ -40,9 +40,9 @@ rand_xorshift = "0.3" rand_chacha = "0.3" rand = "0.8" rand_core = { version = "0.6", default-features = false } -sha1 = { version = "0.10.5", default-features = false, features = ["oid"] } -sha2 = { version = "0.10.6", default-features = false, features = ["oid"] } -sha3 = { version = "0.10.7", default-features = false, features = ["oid"] } +sha1 = { version = "=0.11.0-pre.2", default-features = false, features = ["oid"] } +sha2 = { version = "=0.11.0-pre.2", default-features = false, features = ["oid"] } +sha3 = { version = "=0.11.0-pre.2", default-features = false, features = ["oid"] } [[bench]] name = "key" diff --git a/README.md b/README.md index ad8bd3f2..7a301a68 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ You can follow our work on mitigating this issue in [#390]. ## Minimum Supported Rust Version (MSRV) -All crates in this repository support Rust 1.65 or higher. +This crate supports Rust 1.72 or higher. In the future MSRV can be changed, but it will be done with a minor version bump. @@ -108,7 +108,7 @@ dual licensed as above, without any additional terms or conditions. [doc-link]: https://docs.rs/rsa [build-image]: https://github.com/rustcrypto/RSA/workflows/CI/badge.svg [build-link]: https://github.com/RustCrypto/RSA/actions?query=workflow%3ACI+branch%3Amaster -[msrv-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg +[msrv-image]: https://img.shields.io/badge/rustc-1.72+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260047-RSA [deps-image]: https://deps.rs/repo/github/RustCrypto/RSA/status.svg From c1205ff208fe769fe34c65d7cb6a261818c51588 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 19 Jan 2024 21:45:48 +0000 Subject: [PATCH 05/23] v0.10.0-pre.0 (#406) --- Cargo.lock | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index dfa60272..e50aa015 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -504,7 +504,7 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rsa" -version = "0.10.0-pre" +version = "0.10.0-pre.0" dependencies = [ "base64ct", "const-oid", diff --git a/Cargo.toml b/Cargo.toml index d02274f9..8a74c739 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rsa" -version = "0.10.0-pre" +version = "0.10.0-pre.0" authors = ["RustCrypto Developers", "dignifiedquire "] edition = "2021" description = "Pure Rust RSA implementation" From 4097f17fee4a1280ed162d84f3053fe60e42a8d8 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 6 Feb 2024 04:46:39 -0800 Subject: [PATCH 06/23] Bump digest/signature dependencies to new prereleases (#410) Bumps the following: - `digest` v0.11.0-pre.8 - `signature` v2.3.0-pre.3 - `sha1` v0.11.0-pre.3 - `sha2` v0.11.0-pre.3 --- Cargo.lock | 50 +++++++++++++++++++++++++------------------------- Cargo.toml | 14 +++++++------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e50aa015..0fae9874 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,11 +63,11 @@ dependencies = [ [[package]] name = "block-buffer" -version = "0.11.0-pre.4" +version = "0.11.0-pre.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0edadbde8e0243b49d434f9a23ec0590af201f400a34d7d51049284e4a77c568" +checksum = "3ded684142010808eb980d9974ef794da2bcf97d13396143b1515e9f0fb4a10e" dependencies = [ - "crypto-common 0.2.0-pre.4", + "crypto-common 0.2.0-pre.5", ] [[package]] @@ -137,9 +137,9 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.0-pre.4" +version = "0.2.0-pre.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "806e4e3731d44f1340b069551225b44c2056c105cad9e67f0c46266db8a3a6b9" +checksum = "b7aa2ec04f5120b830272a481e8d9d8ba4dda140d2cda59b0f1110d5eb93c38e" dependencies = [ "getrandom", "hybrid-array", @@ -170,13 +170,13 @@ dependencies = [ [[package]] name = "digest" -version = "0.11.0-pre.7" +version = "0.11.0-pre.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "957713a19ffdda287c63772e607f848512f67ba948f17d8e42cb8d50fd98a786" +checksum = "065d93ead7c220b85d5b4be4795d8398eac4ff68b5ee63895de0a3c1fb6edf25" dependencies = [ - "block-buffer 0.11.0-pre.4", + "block-buffer 0.11.0-pre.5", "const-oid", - "crypto-common 0.2.0-pre.4", + "crypto-common 0.2.0-pre.5", ] [[package]] @@ -239,9 +239,9 @@ dependencies = [ [[package]] name = "hybrid-array" -version = "0.2.0-rc.1" +version = "0.2.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b700a69c9d992339e82b6cda619873ee17768be06e80ed5ef07c50c50d499ab" +checksum = "dcda354500b318c287a6b91c1cfbc42edd53d52d259a80783ceb5e3986fca2b2" dependencies = [ "typenum", ] @@ -508,7 +508,7 @@ version = "0.10.0-pre.0" dependencies = [ "base64ct", "const-oid", - "digest 0.11.0-pre.7", + "digest 0.11.0-pre.8", "hex-literal", "num-bigint-dig", "num-integer", @@ -523,7 +523,7 @@ dependencies = [ "serde", "serde_test", "sha1", - "sha2 0.11.0-pre.2", + "sha2 0.11.0-pre.3", "sha3", "signature", "spki", @@ -607,13 +607,13 @@ dependencies = [ [[package]] name = "sha1" -version = "0.11.0-pre.2" +version = "0.11.0-pre.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "301ed48dd873557d86a1843ebcdd511b628f13ec5401a0efa7007dc5a595eb1f" +checksum = "3885de8cb916f223718c1ccd47a840b91f806333e76002dc5cb3862154b4fed3" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.11.0-pre.7", + "digest 0.11.0-pre.8", ] [[package]] @@ -629,32 +629,32 @@ dependencies = [ [[package]] name = "sha2" -version = "0.11.0-pre.2" +version = "0.11.0-pre.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e18b939d4051b69874cbdb8f55de6a14ae44b357ccb94bdbd0a2122f8f875a46" +checksum = "8f33549bf3064b62478926aa89cbfc7c109aab66ae8f0d5d2ef839e482cc30d6" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.11.0-pre.7", + "digest 0.11.0-pre.8", ] [[package]] name = "sha3" -version = "0.11.0-pre.2" +version = "0.11.0-pre.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cecb44e361133b3304a1b3e325a1d8c999339fec8c19762b55e1509a17d6806" +checksum = "f32c02b9987a647a3d6af14c3e88df86594e4283050d9d8ee3a035df247785b9" dependencies = [ - "digest 0.11.0-pre.7", + "digest 0.11.0-pre.8", "keccak", ] [[package]] name = "signature" -version = "2.3.0-pre.2" +version = "2.3.0-pre.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "017ea2f120415e4bf9c6177425b40386f207284147564e19d196c7bc90483c08" +checksum = "1700c22ba9ce32c7b0a1495068a906c3552e7db386af7cf865162e0dea498523" dependencies = [ - "digest 0.11.0-pre.7", + "digest 0.11.0-pre.8", "rand_core", ] diff --git a/Cargo.toml b/Cargo.toml index 8a74c739..95a0a953 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,16 +19,16 @@ num-integer = { version = "0.1.39", default-features = false } rand_core = { version = "0.6.4", default-features = false } const-oid = { version = "=0.10.0-pre.2", default-features = false } subtle = { version = "2.1.1", default-features = false } -digest = { version = "=0.11.0-pre.7", default-features = false, features = ["alloc", "oid"] } +digest = { version = "=0.11.0-pre.8", default-features = false, features = ["alloc", "oid"] } pkcs1 = { version = "=0.8.0-pre.0", default-features = false, features = ["alloc", "pkcs8"] } pkcs8 = { version = "=0.11.0-pre.0", default-features = false, features = ["alloc"] } -signature = { version = "=2.3.0-pre.2", default-features = false , features = ["alloc", "digest", "rand_core"] } +signature = { version = "=2.3.0-pre.3", default-features = false , features = ["alloc", "digest", "rand_core"] } spki = { version = "=0.8.0-pre.0", default-features = false, features = ["alloc"] } zeroize = { version = "1.5", features = ["alloc"] } # optional dependencies -sha1 = { version = "=0.11.0-pre.2", optional = true, default-features = false, features = ["oid"] } -sha2 = { version = "=0.11.0-pre.2", optional = true, default-features = false, features = ["oid"] } +sha1 = { version = "=0.11.0-pre.3", optional = true, default-features = false, features = ["oid"] } +sha2 = { version = "=0.11.0-pre.3", optional = true, default-features = false, features = ["oid"] } serde = { version = "1.0.184", optional = true, default-features = false, features = ["derive"] } [dev-dependencies] @@ -40,9 +40,9 @@ rand_xorshift = "0.3" rand_chacha = "0.3" rand = "0.8" rand_core = { version = "0.6", default-features = false } -sha1 = { version = "=0.11.0-pre.2", default-features = false, features = ["oid"] } -sha2 = { version = "=0.11.0-pre.2", default-features = false, features = ["oid"] } -sha3 = { version = "=0.11.0-pre.2", default-features = false, features = ["oid"] } +sha1 = { version = "=0.11.0-pre.3", default-features = false, features = ["oid"] } +sha2 = { version = "=0.11.0-pre.3", default-features = false, features = ["oid"] } +sha3 = { version = "=0.11.0-pre.3", default-features = false, features = ["oid"] } [[bench]] name = "key" From 4cb8aece0b8f2c3f85d752c15afb94f5d546bd26 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 6 Feb 2024 09:09:41 -0700 Subject: [PATCH 07/23] v0.10.0-pre.1 (#411) --- Cargo.lock | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0fae9874..be2f48c4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -504,7 +504,7 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rsa" -version = "0.10.0-pre.0" +version = "0.10.0-pre.1" dependencies = [ "base64ct", "const-oid", diff --git a/Cargo.toml b/Cargo.toml index 95a0a953..f8977424 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rsa" -version = "0.10.0-pre.0" +version = "0.10.0-pre.1" authors = ["RustCrypto Developers", "dignifiedquire "] edition = "2021" description = "Pure Rust RSA implementation" From d011ca543b469d13bc967458b6fdc59a7b0f061d Mon Sep 17 00:00:00 2001 From: Bruce Date: Tue, 13 Feb 2024 15:19:21 -0500 Subject: [PATCH 08/23] Add Marvin toolkit container (#400) This contains a Docker image which can be used for testing for the Marvin Attack: https://people.redhat.com/~hkario/marvin/ --- marvin-toolkit/Cargo.toml | 13 ++++ marvin-toolkit/Dockerfile | 23 ++++++ marvin-toolkit/README.md | 66 +++++++++++++++++ marvin-toolkit/entrypoint.sh | 133 +++++++++++++++++++++++++++++++++++ 4 files changed, 235 insertions(+) create mode 100644 marvin-toolkit/Cargo.toml create mode 100644 marvin-toolkit/Dockerfile create mode 100644 marvin-toolkit/README.md create mode 100644 marvin-toolkit/entrypoint.sh diff --git a/marvin-toolkit/Cargo.toml b/marvin-toolkit/Cargo.toml new file mode 100644 index 00000000..7ad3142b --- /dev/null +++ b/marvin-toolkit/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "rust-crypto" +version = "0.1.0" +edition = "2021" + +[dependencies] +anyhow = "1" +clap = { version = "4", features = ["derive"] } +rsa = "0.9" + +[patch.crates-io] +rsa = { git = "https://github.com/RustCrypto/RSA", branch = "const-crypto-biguint" } +crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint", branch = "master" } \ No newline at end of file diff --git a/marvin-toolkit/Dockerfile b/marvin-toolkit/Dockerfile new file mode 100644 index 00000000..afabec4f --- /dev/null +++ b/marvin-toolkit/Dockerfile @@ -0,0 +1,23 @@ +FROM python:3.12-bookworm + +# Create non-root user +RUN adduser rustcrypto --disabled-password --gecos "" + +USER rustcrypto + +# Install Rust +RUN curl -sSf https://sh.rustup.rs | sh -s -- -y +ENV PATH="/home/rustcrypto/.cargo/bin:${PATH}" + +# Clone the marvin-toolkit repository +RUN cd $HOME \ + && git clone https://github.com/tomato42/marvin-toolkit.git \ + && cd marvin-toolkit \ + && chmod +x *.sh \ + && ./step0.sh +WORKDIR "/home/rustcrypto/marvin-toolkit" + +# Generating private keys, ciphertexts, building RustCrypto/RSA, should all be done at runtime +COPY --chmod=777 entrypoint.sh ./entrypoint.sh + +ENTRYPOINT ["./entrypoint.sh"] \ No newline at end of file diff --git a/marvin-toolkit/README.md b/marvin-toolkit/README.md new file mode 100644 index 00000000..aa54b3d7 --- /dev/null +++ b/marvin-toolkit/README.md @@ -0,0 +1,66 @@ +# Marvin tool-kit integration +This document describes the procedure for replicating the analysis for the Marvin attack. This analysis is best done on a container for reproducibility. + +**TL;DR**: +```bash +# Build the image +docker build -t marvin:latest . + +# Create the output directory and allow container to write to it +mkdir -p outputs +chmod a+rw outputs + +# Run the analysis +docker run -d --rm \ + --name marvin \ + -v $(pwd)/outputs:/home/rustcrypto/marvin-toolkit/outputs \ + -v $(pwd)/Cargo.toml:/home/rustcrypto/marvin-toolkit/example/rust-crypto/Cargo.toml \ + marvin:latest + +# Use "docker logs -f marvin" to read live output + +# Read the output +cat outputs/results/report.txt +``` + +## Adjusting analysis parameters +For more help on the options pass in the `-h` flag in the `docker run` command: + +``` +docker run ... marvin:latest -h +``` + +There are two main parameters of the analysis: RSA key size and the number of repetitions during ciphertext generation. + +RSA key size is specified through `-s <1024|2048|4096>`. The number of repetition is specified through `-n `. A larger repetition number will increase the confidence of the analysis, but will make the analysis take longer. The default key size is 2048 and the default repetition count is 100,000. + +```bash +# Run analysis for RSA 4096 with 1 million repetition +docker run -d --rm \ + --name marvin \ + marvin:latest -s 4096 -n 1000000 +``` + +## Extracting keys, ciphertexts, and analysis results (WIP) +After the analysis is done, the generate keys, ciphertexts, and the analysis outputs are all copied into the directory `/home/rustcrypto/marvin-toolkit/outputs`. To extract and preserve these artifacts, mount a volume into this directory, such as using a bind mount: + +```bash +mkdir -p outputs +chmod a+rw outputs + +# Mount +docker run -d --rm --name "marvin" \ + -v $(pwd)/outputs:/home/rustcrypto/marvin-toolkit/outputs \ + marvin:latest +``` + +## Compile test harness with custom `Cargo.toml` +The test harness is compiled at container run-time, so a custom `Cargo.toml` can be passed into the container at runtime to compile the test harness using custom versions of `RustCrypto/RSA` and/or `RustCrypto/crypto-bigint`: + +```bash +docker run -d --rm --name "marvin" \ + -v $(pwd)/Cargo.toml:/home/rustcrypto/marvin-toolkit/example/rust-crypto/Cargo.toml \ + marvin:latest +``` + +If no `Cargo.toml` is specified, the default one will use `rsa = 0.9` \ No newline at end of file diff --git a/marvin-toolkit/entrypoint.sh b/marvin-toolkit/entrypoint.sh new file mode 100644 index 00000000..3f71564e --- /dev/null +++ b/marvin-toolkit/entrypoint.sh @@ -0,0 +1,133 @@ +#!/bin/bash + +# Build the test harness +cd example/rust-crypto +cargo update --quiet +cargo build --profile release --quiet +cd ~/marvin-toolkit + +# Parse CLI inputs to $size and $repeat +size=2048 +repeat=100000 + +# Function to display help message +display_help() { + echo "Usage: $0 [-s SIZE] [-n NUMBER] [-h]" + echo " -s SIZE Set the RSA key size (1024, 2048, or 4096; default: 2048)" + echo " -n NUMBER Set the repeat number (integer; default: 100000)" + echo " -h Display this help message" +} + +# Parse command-line arguments using getopts +while getopts ":s:n:h" opt; do + case $opt in + s) + size=$OPTARG + if [[ ! "$size" =~ ^(1024|2048|4096)$ ]]; then + echo "Error: Invalid size. Please choose 1024, 2048, or 4096." + exit 1 + fi + ;; + n) + repeat=$OPTARG + if ! [[ "$repeat" =~ ^[0-9]+$ ]]; then + echo "Error: Invalid number. Please specify a valid integer." + exit 1 + fi + ;; + h) + display_help + exit 0 + ;; + \?) + echo "Error: Invalid option -$OPTARG" + display_help + exit 1 + ;; + :) + echo "Error: Option -$OPTARG requires an argument." + display_help + exit 1 + ;; + esac +done +size_bytes=$(($size / 8)) + +# Step 1: Generate key pairs +. ./certgen/certgen/lib.sh +name="rsa${size}" +tmp_file="$(mktemp)" +if ! x509KeyGen -s $size $name &> "$tmp_file"; then + echo "ERROR $size bit key generation failed" >&2 + cat "$tmp_file" >&2 + exit 1 +fi +if ! x509SelfSign $name &> "$tmp_file"; then + echo "ERROR: $size bit key self-signing failed" >&2 + cat "$tmp_file" >&2 + exit 1 +fi + +echo "RSA $size bit private key in old OpenSSL PEM format is in" $(x509Key $name) +echo "RSA $size bit private key in old OpenSSL DER format is in" $(x509Key --der $name) +echo "RSA $size bit private key in PKCS#8 PEM format is in" $(x509Key --pkcs8 $name) +echo "RSA $size bit private key in PKCS#8 DER format is in" $(x509Key --der --pkcs8 $name) +echo "RSA $size bit private key in PKCS#12 format is in" $(x509Key --with-cert --pkcs12 $name) +echo "RSA $size bit self-signed certificate is in" $(x509Cert $name) +echo + +# Generate ciphertexts +case $size in + 1024) + PYTHONPATH=tlsfuzzer ./marvin-venv/bin/python ./step2.py \ + -c rsa1024/cert.pem -o rsa1024_repeat \ + --repeat ${repeat} --verbose \ + no_structure no_padding=48 signature_padding=8 \ + valid_repeated_byte_payload="118 0xff" \ + valid_repeated_byte_payload="118 0x01" \ + valid=48 header_only \ + no_header_with_payload=48 zero_byte_in_padding="48 4" \ + valid=0 valid=118 + ;; + 2048) + PYTHONPATH=tlsfuzzer ./marvin-venv/bin/python ./step2.py \ + -c rsa2048/cert.pem -o rsa2048_repeat \ + --repeat ${repeat} --verbose \ + no_structure no_padding=48 signature_padding=8 \ + valid_repeated_byte_payload="246 0xff" \ + valid_repeated_byte_payload="246 0x01" \ + valid=48 header_only \ + no_header_with_payload=48 zero_byte_in_padding="48 4" \ + valid=0 valid=192 valid=246 + ;; + 4096) + PYTHONPATH=tlsfuzzer ./marvin-venv/bin/python ./step2.py \ + -c rsa4096/cert.pem -o rsa4096_repeat \ + --repeat ${repeat} --verbose \ + no_structure no_padding=48 signature_padding=8 \ + valid_repeated_byte_payload="502 0xff" \ + valid_repeated_byte_payload="502 0x01" \ + valid=48 header_only \ + no_header_with_payload=48 zero_byte_in_padding="48 4" \ + valid=0 valid=192 valid=502 + ;; +esac + +# Run decryptions and analyze data +echo "Starting decryption" +./example/rust-crypto/target/release/rust-crypto \ + -i rsa${size}_repeat/ciphers.bin \ + -o rsa${size}_repeat/raw_times.csv -k rsa${size}/pkcs8.pem -n $size_bytes +echo "Decryptions finished" +PYTHONPATH=tlsfuzzer marvin-venv/bin/python3 tlsfuzzer/tlsfuzzer/extract.py \ +-l rsa${size}_repeat/log.csv --raw-times rsa${size}_repeat/raw_times.csv \ +-o rsa${size}_repeat/ \ +--clock-frequency 1000 +PYTHONPATH=tlsfuzzer marvin-venv/bin/python3 tlsfuzzer/tlsfuzzer/analysis.py \ +-o rsa${size}_repeat/ --verbose + +# Copy over the keys and the results, if the results directory exists +if [[ -d ~/marvin-toolkit/outputs ]]; then + cp -r rsa${size} ~/marvin-toolkit/outputs/keys + cp -r rsa${size}_repeat ~/marvin-toolkit/outputs/results +fi \ No newline at end of file From e54fb7da1a7dea1602bdb7da8e9fbbca9edc4060 Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Wed, 27 Mar 2024 15:15:14 +0200 Subject: [PATCH 09/23] pss: support DecodePrivateKey and DecodePublicKey traits (#424) * pkcs1v15: ensure that these keys are used only with the old RSA OID RSA PSS keys can be used either with the old rsaEncryption OID or with the id-RSASSA-PSS, while PKCS1v15 are limited to rsaEncryption. Enforce this limitation before adding support for is-RSASSA-PSS handling. Signed-off-by: Dmitry Baryshkov * feat: allow id-RSASSA-PSS in verify_algorithm_id() Allow both rsaEncoding and id-RSASSA-PSS OIDs in verify_algorithm_id(). Signed-off-by: Dmitry Baryshkov * pss: support DecodePrivateKey and DecodePublicKey traits Implement necessary conversion traits to enable DecodePrivateKey and DecodePublicKey traits implementation. --------- Signed-off-by: Dmitry Baryshkov --- src/encoding.rs | 25 +++++++++++---- src/pkcs1v15/signing_key.rs | 3 ++ src/pkcs1v15/verifying_key.rs | 2 ++ src/pss.rs | 5 ++- src/pss/signing_key.rs | 15 +++++++++ src/pss/verifying_key.rs | 23 +++++++++++++- tests/examples/pkcs8/rsa2048-rfc9421-priv.der | Bin 0 -> 1218 bytes tests/examples/pkcs8/rsa2048-rfc9421-pub.der | Bin 0 -> 294 bytes tests/pkcs8.rs | 30 ++++++++++++++++++ 9 files changed, 93 insertions(+), 10 deletions(-) create mode 100644 tests/examples/pkcs8/rsa2048-rfc9421-priv.der create mode 100644 tests/examples/pkcs8/rsa2048-rfc9421-pub.der diff --git a/src/encoding.rs b/src/encoding.rs index bc0fac2c..b6ce17be 100644 --- a/src/encoding.rs +++ b/src/encoding.rs @@ -8,16 +8,29 @@ use crate::{ BigUint, RsaPrivateKey, RsaPublicKey, }; use core::convert::{TryFrom, TryInto}; -use pkcs8::{der::Encode, Document, EncodePrivateKey, EncodePublicKey, SecretDocument}; +use pkcs8::{ + der::Encode, Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument, +}; use zeroize::Zeroizing; +/// ObjectID for the RSA PSS keys +pub const ID_RSASSA_PSS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.10"); + /// Verify that the `AlgorithmIdentifier` for a key is correct. fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> pkcs8::spki::Result<()> { - algorithm.assert_algorithm_oid(pkcs1::ALGORITHM_OID)?; - - if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() { - return Err(pkcs8::spki::Error::KeyMalformed); - } + match algorithm.oid { + pkcs1::ALGORITHM_OID => { + if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() { + return Err(pkcs8::spki::Error::KeyMalformed); + } + } + ID_RSASSA_PSS => { + if !algorithm.parameters.is_none() { + return Err(pkcs8::spki::Error::KeyMalformed); + } + } + _ => return Err(pkcs8::spki::Error::OidUnknown { oid: algorithm.oid }), + }; Ok(()) } diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs index 24754589..eb60a5bd 100644 --- a/src/pkcs1v15/signing_key.rs +++ b/src/pkcs1v15/signing_key.rs @@ -248,6 +248,9 @@ where type Error = pkcs8::Error; fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + private_key_info + .algorithm + .assert_algorithm_oid(pkcs1::ALGORITHM_OID)?; RsaPrivateKey::try_from(private_key_info).map(Self::new) } } diff --git a/src/pkcs1v15/verifying_key.rs b/src/pkcs1v15/verifying_key.rs index fafb4a4d..9e11c544 100644 --- a/src/pkcs1v15/verifying_key.rs +++ b/src/pkcs1v15/verifying_key.rs @@ -198,6 +198,8 @@ where type Error = pkcs8::spki::Error; fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result { + spki.algorithm.assert_algorithm_oid(pkcs1::ALGORITHM_OID)?; + RsaPublicKey::try_from(spki).map(Self::new) } } diff --git a/src/pss.rs b/src/pss.rs index e0b94137..6d4fae8c 100644 --- a/src/pss.rs +++ b/src/pss.rs @@ -22,7 +22,7 @@ pub use self::{ use alloc::{boxed::Box, vec::Vec}; use core::fmt::{self, Debug}; -use const_oid::{AssociatedOid, ObjectIdentifier}; +use const_oid::AssociatedOid; use digest::{Digest, DynDigest, FixedOutputReset}; use num_bigint::BigUint; use pkcs1::RsaPssParams; @@ -32,6 +32,7 @@ use rand_core::CryptoRngCore; use crate::algorithms::pad::{uint_to_be_pad, uint_to_zeroizing_be_pad}; use crate::algorithms::pss::*; use crate::algorithms::rsa::{rsa_decrypt_and_check, rsa_encrypt}; +use crate::encoding::ID_RSASSA_PSS; use crate::errors::{Error, Result}; use crate::traits::PublicKeyParts; use crate::traits::SignatureScheme; @@ -240,8 +241,6 @@ fn get_pss_signature_algo_id(salt_len: u8) -> pkcs8::spki::Result(salt_len); Ok(AlgorithmIdentifierOwned { diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs index 39b41472..be2d203d 100644 --- a/src/pss/signing_key.rs +++ b/src/pss/signing_key.rs @@ -1,4 +1,5 @@ use super::{get_pss_signature_algo_id, sign_digest, Signature, VerifyingKey}; +use crate::encoding::ID_RSASSA_PSS; use crate::{Result, RsaPrivateKey}; use const_oid::AssociatedOid; use core::marker::PhantomData; @@ -219,4 +220,18 @@ where } } +impl TryFrom> for SigningKey +where + D: Digest + AssociatedOid, +{ + type Error = pkcs8::Error; + + fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + private_key_info + .algorithm + .assert_algorithm_oid(ID_RSASSA_PSS)?; + RsaPrivateKey::try_from(private_key_info).map(Self::new) + } +} + impl ZeroizeOnDrop for SigningKey where D: Digest {} diff --git a/src/pss/verifying_key.rs b/src/pss/verifying_key.rs index ed065492..e98fc7c5 100644 --- a/src/pss/verifying_key.rs +++ b/src/pss/verifying_key.rs @@ -1,10 +1,11 @@ use super::{verify_digest, Signature}; +use crate::encoding::ID_RSASSA_PSS; use crate::RsaPublicKey; use core::marker::PhantomData; use digest::{Digest, FixedOutputReset}; use pkcs8::{ spki::{der::AnyRef, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier}, - Document, EncodePublicKey, + AssociatedOid, Document, EncodePublicKey, }; use signature::{hazmat::PrehashVerifier, DigestVerifier, Verifier}; @@ -156,3 +157,23 @@ where key.inner } } + +impl TryFrom> for VerifyingKey +where + D: Digest + AssociatedOid, +{ + type Error = pkcs8::spki::Error; + + fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result { + match spki.algorithm.oid { + ID_RSASSA_PSS | pkcs1::ALGORITHM_OID => (), + _ => { + return Err(spki::Error::OidUnknown { + oid: spki.algorithm.oid, + }); + } + } + + RsaPublicKey::try_from(spki).map(Self::new) + } +} diff --git a/tests/examples/pkcs8/rsa2048-rfc9421-priv.der b/tests/examples/pkcs8/rsa2048-rfc9421-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..4585234df3b88c33591dc19ec04a394f650f0e23 GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)y1_>&LNQUOtExwzPX+oI6340o8E!TDWNB{lBMvoxU5K z*$`GqOG9_n0`g}27ehLqO9;@7=K4%$xl zRVy31TAs|SJVaYIv`Lism=hz@9zc`UaQ>HQthy|QEYMAyS_*s^0N|h-JeE*u(MVU& zr{9879(qmZ?Vg6Wh6RD`lL5uHS+jUu^1GJmMaqtcA0?5Afy^)jP+YQJIVV$}mW%}b z4?Bj?%1%y46x2!MoQU#N7E4ebOU7?0yDGede*yeXOEfRFq0b}w(DL`iFGV!sV)k#d z&fFLwaf3qQjM!l8Avc5CVm6?94>KSG(+5cG91>M+e5Y7`jtAV~*mub!z9EKxwyl;# zP5`rp{}gcyww-_x9ycM&=3M%U6dDwg)k90SQ-p!*vUFnAPTd}*UBV*-G45l;qhOxG zi>7+M;M}31E{=I?wMbes8`6En2?BwE0K@DEb?tjwmNW{OY2B7|xX%t!tw55sb|9v% zse#%L5EI{F4B^POFu@VpaugDdApeb}TTIxZ;YFz9aKBH7$m<|Jmr|&tLgixMpG8+` zxY{+$x+)V-UE*{C3u<;C@IB&o{J-8S16D(g(S6hbQmcT$CwoXqrbEjWilBPi!vcYU z0HV<7mP~CYw50M0ktU`>8ye?moDl%ZAo>wTTTmEw-thB9!2*GS0Ev+`OQ5N$U}!)*PO)*2nWuqv8Um_7 z(k2lDxi8%=5Nh+mP-{gba7|FW;0s!tG$7B7~52g<=)Kxcz-${hGX}3#9MthFQh@4`5Ur*lyK{mEVNP%~nvylZ; zLjr+;0F4kTeTcubpreHUUNb{>U8H3->KF+;bm(bPEI%F7H#lXRgn0Hf(6a_uj+p$A zv0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>luZw1zdiK$0e?7Xd zKU+5W0WH3pk!fETtBoLyM10F+W5uqWq-};=cF%tEEb+^JE*(Z6j&a+>aNQia-f6y| z1>?yNIy!LVXOn!DhTwoc4&M%p>X0ukNM!erCv`gFeX<2S)jT}&4(#l!6anghJ2Rd$ z#hEj$2uBUsokgW+9ES^-Eb{(Zi7J-Yb=G>S&M%uM*Dpw*17Xzw0Nz$o+})-ux-GQe zOB4H{$dutZ^n;Q*Xf{dg4-3wX3QHzfpbk9dYMeVkl>yao_FA}ToY@do sNlQa_)dKQn`xiqxpGyePjpN03rf|-XReJePXIGjsbEU}J0s{d60l^xBrvLx| literal 0 HcmV?d00001 diff --git a/tests/pkcs8.rs b/tests/pkcs8.rs index ee597e18..17a0f00c 100644 --- a/tests/pkcs8.rs +++ b/tests/pkcs8.rs @@ -14,10 +14,17 @@ const RSA_2048_PRIV_PEM: &str = include_str!("examples/pkcs8/rsa2048-priv.pem"); #[cfg(feature = "pem")] const RSA_2048_PUB_PEM: &str = include_str!("examples/pkcs8/rsa2048-pub.pem"); +/// RSA-2048 PSS PKCS#8 private key encoded as DER +const RSA_2048_PSS_PRIV_DER: &[u8] = include_bytes!("examples/pkcs8/rsa2048-rfc9421-priv.der"); + +/// RSA-2048 PSS PKCS#8 public key encoded as DER +const RSA_2048_PSS_PUB_DER: &[u8] = include_bytes!("examples/pkcs8/rsa2048-rfc9421-pub.der"); + use hex_literal::hex; use rsa::{ pkcs1v15, pkcs8::{DecodePrivateKey, DecodePublicKey, EncodePrivateKey, EncodePublicKey}, + pss, traits::{PrivateKeyParts, PublicKeyParts}, RsaPrivateKey, RsaPublicKey, }; @@ -51,6 +58,29 @@ fn decode_rsa2048_pub_der() { let _ = pkcs1v15::VerifyingKey::::from_public_key_der(RSA_2048_PUB_DER).unwrap(); } +#[test] +fn decode_rsa2048_pss_priv_der() { + let key = RsaPrivateKey::from_pkcs8_der(RSA_2048_PSS_PRIV_DER).unwrap(); + + assert_eq!(&key.n().to_bytes_be(), &hex!("AF8B669B7AF6D1677F3DBAAF3F5B36F9012DBE9B91695F18AB8D208D447CCB6463C5AE9DA46D865C76CF7EF32CF1CB7E2E1D461F8E71DBC470DD1CB9DE69BEA005E3C90F3A3A70E467937C9586E0803E0EDF0E8CEA902F2E4864F79027753AE27DB2053CD53C3CF30EECECAB1401EA803B339E33C59933AD08470DD99D45A5681C870B982CF2FE5A892A96D775D67AAACE2F9B27D72F48A00361D50000DE5652DCDDA62CBA2DB4E04B13FBA1C894E139F483923A683649EC0F0BCE8D0A4B2658A00E3CE66A9C3B419501D570F65AB868E4FDBFA77E9DBE1B9CD91056494B4377D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB")); + assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); + assert_eq!(&key.d().to_bytes_be(), &hex!("9407C8A9FA426289954A17C02A7C1FDA50FD234C0A8E41EC0AD64289FE24025C10AAA5BA37EB482F76DD391F9559FD10D590480EDA4EF7552B1BBA5A9ECCAB3C445B36B44994F8981323D31E4093D670FE9768ACBA2C862CD04D9C5A0A7C1800E0A01B3C96506AD14857D0A7DF82521E7A4DE7ED9E86B7860581ED9301C5B659B3785DF2BB96EA45CA8E871F25918981CC3004505CB25E3927539F968C04FD0F3B86D0CA4E4E4714D449E39C88F254164B501E4BC66F29BB2ABC847F01FC4E4B342FB5A1CF23FAD0F2F7C52F4534E262F66FB3CEDC1821718342E28CD860EC213783DA6236A07A0F332003D30748EC1C12556D7CA7587E8E07DCE1D95EC4A611")); + assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("E55FBA212239C846821579BE7E4D44336C700167A478F542032BEBF506D3945382670B7D5B08D48E1B4A46EB22E54ABE21867FB6AD96444E00B386FF14710CB69D80111E3721CBE65CFA8A141A1492D5434BB7538481EBB27462D54EDD1EA55DC2230431EE63C4A3609EC28BA67ABEE0DCA1A12E8E796BB5485A331BD27DC509")); + assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("C3EC0875ED7B5B96340A9869DD9674B8CF0E52AD4092B57620A6AEA981DA0F1013DF610CE1C8B630C111DA7214128E20FF8DA55B4CD8A2E145A8E370BF4F87C8EB203E9752A8A442E562E09F455769B8DA35CCBA2A134F5DE274020B6A7620F03DE276FCBFDE2B0356438DD17DD40152AB80C1277B4849A643CB158AA07ADBC3")); + + let _ = pss::SigningKey::::from_pkcs8_der(RSA_2048_PSS_PRIV_DER).unwrap(); +} + +#[test] +fn decode_rsa2048_pss_pub_der() { + let key = RsaPublicKey::from_public_key_der(RSA_2048_PSS_PUB_DER).unwrap(); + + assert_eq!(&key.n().to_bytes_be(), &hex!("AF8B669B7AF6D1677F3DBAAF3F5B36F9012DBE9B91695F18AB8D208D447CCB6463C5AE9DA46D865C76CF7EF32CF1CB7E2E1D461F8E71DBC470DD1CB9DE69BEA005E3C90F3A3A70E467937C9586E0803E0EDF0E8CEA902F2E4864F79027753AE27DB2053CD53C3CF30EECECAB1401EA803B339E33C59933AD08470DD99D45A5681C870B982CF2FE5A892A96D775D67AAACE2F9B27D72F48A00361D50000DE5652DCDDA62CBA2DB4E04B13FBA1C894E139F483923A683649EC0F0BCE8D0A4B2658A00E3CE66A9C3B419501D570F65AB868E4FDBFA77E9DBE1B9CD91056494B4377D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB")); + assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); + + let _ = pss::VerifyingKey::::from_public_key_der(RSA_2048_PSS_PUB_DER).unwrap(); +} + #[test] fn encode_rsa2048_priv_der() { let key = RsaPrivateKey::from_pkcs8_der(RSA_2048_PRIV_DER).unwrap(); From 4512b5a59e5c9ff6dbdb46cacafaeb540997e296 Mon Sep 17 00:00:00 2001 From: Lasse Edslev <99122403+LWEdslev@users.noreply.github.com> Date: Fri, 5 Apr 2024 03:26:17 +0200 Subject: [PATCH 10/23] added serdect support (#420) Co-authored-by: Tony Arcieri --- Cargo.lock | 37 +++++++--- Cargo.toml | 3 +- src/encoding.rs | 2 +- src/key.rs | 120 +++++++++++++++++---------------- src/oaep/decrypting_key.rs | 44 ++++++++++++ src/oaep/encrypting_key.rs | 48 +++++++++++++ src/pkcs1v15/decrypting_key.rs | 28 +++++++- src/pkcs1v15/encrypting_key.rs | 28 +++++++- src/pkcs1v15/signature.rs | 41 +++++++++++ src/pkcs1v15/signing_key.rs | 65 +++++++++++++++++- src/pkcs1v15/verifying_key.rs | 70 ++++++++++++++++++- src/pss/blinded_signing_key.rs | 76 ++++++++++++++++++++- src/pss/signature.rs | 44 ++++++++++++ src/pss/signing_key.rs | 70 +++++++++++++++++-- src/pss/verifying_key.rs | 67 +++++++++++++++++- 15 files changed, 661 insertions(+), 82 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index be2f48c4..ddfc86f2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -19,6 +19,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64ct" version = "1.6.0" @@ -406,9 +412,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" dependencies = [ "unicode-ident", ] @@ -441,9 +447,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -522,6 +528,7 @@ dependencies = [ "rand_xorshift", "serde", "serde_test", + "serdect", "sha1", "sha2 0.11.0-pre.3", "sha3", @@ -578,18 +585,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.192" +version = "1.0.197" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bca2a08484b285dcb282d0f67b26cadc0df8b19f8c12502c13d966bf9482f001" +checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.192" +version = "1.0.197" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1" +checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" dependencies = [ "proc-macro2", "quote", @@ -605,6 +612,16 @@ dependencies = [ "serde", ] +[[package]] +name = "serdect" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a84f14a19e9a014bb9f4512488d9829a68e04ecabffb0f9904cd1ace94598177" +dependencies = [ + "base16ct", + "serde", +] + [[package]] name = "sha1" version = "0.11.0-pre.3" @@ -688,9 +705,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.39" +version = "2.0.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "7383cd0e49fff4b6b90ca5670bfd3e9d6a733b3f90c686605aa7eec8c4996032" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index f8977424..bc017393 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,6 +28,7 @@ zeroize = { version = "1.5", features = ["alloc"] } # optional dependencies sha1 = { version = "=0.11.0-pre.3", optional = true, default-features = false, features = ["oid"] } +serdect = { version = "0.2.0", optional = true } sha2 = { version = "=0.11.0-pre.3", optional = true, default-features = false, features = ["oid"] } serde = { version = "1.0.184", optional = true, default-features = false, features = ["derive"] } @@ -52,7 +53,7 @@ default = ["std", "pem", "u64_digit"] hazmat = [] getrandom = ["rand_core/getrandom"] nightly = ["num-bigint/nightly"] -serde = ["dep:serde", "num-bigint/serde"] +serde = ["dep:serde", "dep:serdect", "num-bigint/serde"] pem = ["pkcs1/pem", "pkcs8/pem"] pkcs5 = ["pkcs8/encryption"] u64_digit = ["num-bigint/u64_digit"] diff --git a/src/encoding.rs b/src/encoding.rs index b6ce17be..3151791d 100644 --- a/src/encoding.rs +++ b/src/encoding.rs @@ -17,7 +17,7 @@ use zeroize::Zeroizing; pub const ID_RSASSA_PSS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.10"); /// Verify that the `AlgorithmIdentifier` for a key is correct. -fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> pkcs8::spki::Result<()> { +pub(crate) fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> pkcs8::spki::Result<()> { match algorithm.oid { pkcs1::ALGORITHM_OID => { if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() { diff --git a/src/key.rs b/src/key.rs index 5e6de22f..03931dab 100644 --- a/src/key.rs +++ b/src/key.rs @@ -6,9 +6,13 @@ use num_bigint::{BigInt, BigUint}; use num_integer::Integer; use num_traits::{FromPrimitive, One, ToPrimitive}; use rand_core::CryptoRngCore; -#[cfg(feature = "serde")] -use serde::{Deserialize, Serialize}; use zeroize::{Zeroize, ZeroizeOnDrop}; +#[cfg(feature = "serde")] +use { + serdect::serde::{de, ser, Deserialize, Serialize}, + spki::{EncodePublicKey, DecodePublicKey}, + pkcs8::{EncodePrivateKey, DecodePrivateKey} +}; use crate::algorithms::generate::generate_multi_prime_key_with_exp; use crate::algorithms::rsa::{ @@ -23,7 +27,6 @@ use crate::CrtValue; /// Represents the public part of an RSA key. #[derive(Debug, Clone, Hash, PartialEq, Eq)] -#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct RsaPublicKey { /// Modulus: product of prime numbers `p` and `q` n: BigUint, @@ -36,7 +39,6 @@ pub struct RsaPublicKey { /// Represents a whole RSA key, public and private parts. #[derive(Debug, Clone)] -#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct RsaPrivateKey { /// Public components of the private key. pubkey_components: RsaPublicKey, @@ -45,7 +47,6 @@ pub struct RsaPrivateKey { /// Prime factors of N, contains >= 2 elements. pub(crate) primes: Vec, /// precomputed values to speed up private operations - #[cfg_attr(feature = "serde", serde(skip))] pub(crate) precomputed: Option, } @@ -531,6 +532,50 @@ fn check_public_with_max_size(public_key: &impl PublicKeyParts, max_size: usize) Ok(()) } +#[cfg(feature = "serde")] +impl Serialize for RsaPublicKey { + fn serialize(&self, serializer: S) -> core::prelude::v1::Result + where + S: serdect::serde::Serializer, + { + let der = self.to_public_key_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der, serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de> Deserialize<'de> for RsaPublicKey { + fn deserialize(deserializer: D) -> core::prelude::v1::Result + where + D: serdect::serde::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_public_key_der(&der_bytes).map_err(de::Error::custom) + } +} + +#[cfg(feature = "serde")] +impl Serialize for RsaPrivateKey { + fn serialize(&self, serializer: S) -> core::prelude::v1::Result + where + S: ser::Serializer, + { + let der = self.to_pkcs8_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der.as_bytes(), serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de> Deserialize<'de> for RsaPrivateKey { + fn deserialize(deserializer: D) -> core::prelude::v1::Result + where + D: de::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_pkcs8_der(&der_bytes).map_err(de::Error::custom) + } +} + #[cfg(test)] mod tests { use super::*; @@ -640,66 +685,23 @@ mod tests { #[cfg(feature = "serde")] fn test_serde() { use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; - use serde_test::{assert_tokens, Token}; + use serde_test::{assert_tokens, Configure, Token}; let mut rng = ChaCha8Rng::from_seed([42; 32]); let priv_key = RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); let priv_tokens = [ - Token::Struct { - name: "RsaPrivateKey", - len: 3, - }, - Token::Str("pubkey_components"), - Token::Struct { - name: "RsaPublicKey", - len: 2, - }, - Token::Str("n"), - Token::Seq { len: Some(2) }, - Token::U32(3814409919), - Token::U32(3429654832), - Token::SeqEnd, - Token::Str("e"), - Token::Seq { len: Some(1) }, - Token::U32(65537), - Token::SeqEnd, - Token::StructEnd, - Token::Str("d"), - Token::Seq { len: Some(2) }, - Token::U32(1482162201), - Token::U32(1675500232), - Token::SeqEnd, - Token::Str("primes"), - Token::Seq { len: Some(2) }, - Token::Seq { len: Some(1) }, - Token::U32(4133289821), - Token::SeqEnd, - Token::Seq { len: Some(1) }, - Token::U32(3563808971), - Token::SeqEnd, - Token::SeqEnd, - Token::StructEnd, - ]; - assert_tokens(&priv_key, &priv_tokens); - - let priv_tokens = [ - Token::Struct { - name: "RsaPublicKey", - len: 2, - }, - Token::Str("n"), - Token::Seq { len: Some(2) }, - Token::U32(3814409919), - Token::U32(3429654832), - Token::SeqEnd, - Token::Str("e"), - Token::Seq { len: Some(1) }, - Token::U32(65537), - Token::SeqEnd, - Token::StructEnd, + Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc") ]; - assert_tokens(&RsaPublicKey::from(priv_key), &priv_tokens); + assert_tokens(&priv_key.clone().readable(), &priv_tokens); + + let priv_tokens = [Token::Str( + "3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001", + )]; + assert_tokens( + &RsaPublicKey::from(priv_key.clone()).readable(), + &priv_tokens, + ); } #[test] diff --git a/src/oaep/decrypting_key.rs b/src/oaep/decrypting_key.rs index eacff38e..83ab2824 100644 --- a/src/oaep/decrypting_key.rs +++ b/src/oaep/decrypting_key.rs @@ -11,12 +11,15 @@ use alloc::{ use core::marker::PhantomData; use digest::{Digest, FixedOutputReset}; use rand_core::CryptoRngCore; +#[cfg(feature = "serde")] +use serde::{Deserialize, Serialize}; use zeroize::ZeroizeOnDrop; /// Decryption key for PKCS#1 v1.5 decryption as described in [RFC8017 § 7.1]. /// /// [RFC8017 § 7.1]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1 #[derive(Debug, Clone)] +#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct DecryptingKey where D: Digest, @@ -94,3 +97,44 @@ where MGD: Digest + FixedOutputReset, { } + +impl PartialEq for DecryptingKey +where + D: Digest, + MGD: Digest + FixedOutputReset, +{ + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.label == other.label + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + use sha2::Sha256; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let decrypting_key = DecryptingKey::::new( + RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"), + ); + + let tokens = [ + Token::Struct { name: "DecryptingKey", len: 4 }, + Token::Str("inner"), + Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc"), + Token::Str("label"), + Token::None, + Token::Str("phantom"), + Token::UnitStruct { name: "PhantomData", }, + Token::Str("mg_phantom"), + Token::UnitStruct { name: "PhantomData", }, + Token::StructEnd, + ]; + assert_tokens(&decrypting_key.readable(), &tokens); + } +} diff --git a/src/oaep/encrypting_key.rs b/src/oaep/encrypting_key.rs index 0951e652..1565e467 100644 --- a/src/oaep/encrypting_key.rs +++ b/src/oaep/encrypting_key.rs @@ -7,11 +7,14 @@ use alloc::{ use core::marker::PhantomData; use digest::{Digest, FixedOutputReset}; use rand_core::CryptoRngCore; +#[cfg(feature = "serde")] +use serde::{Deserialize, Serialize}; /// Encryption key for PKCS#1 v1.5 encryption as described in [RFC8017 § 7.1]. /// /// [RFC8017 § 7.1]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1 #[derive(Debug, Clone)] +#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct EncryptingKey where D: Digest, @@ -62,3 +65,48 @@ where encrypt_digest::<_, D, MGD>(rng, &self.inner, msg, self.label.as_ref().cloned()) } } + +impl PartialEq for EncryptingKey +where + D: Digest, + MGD: Digest + FixedOutputReset, +{ + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.label == other.label + } +} + +#[cfg(test)] +mod tests { + + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let encrypting_key = EncryptingKey::::new(priv_key.to_public_key()); + + let tokens = [ + Token::Struct { + name: "EncryptingKey", + len: 4, + }, + Token::Str("inner"), + Token::Str( + "3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001", + ), + Token::Str("label"), + Token::None, + Token::Str("phantom"), + Token::UnitStruct { name: "PhantomData", }, + Token::Str("mg_phantom"), + Token::UnitStruct { name: "PhantomData", }, + Token::StructEnd, + ]; + assert_tokens(&encrypting_key.readable(), &tokens); + } +} diff --git a/src/pkcs1v15/decrypting_key.rs b/src/pkcs1v15/decrypting_key.rs index 0bd6dc89..78aee178 100644 --- a/src/pkcs1v15/decrypting_key.rs +++ b/src/pkcs1v15/decrypting_key.rs @@ -6,12 +6,15 @@ use crate::{ }; use alloc::vec::Vec; use rand_core::CryptoRngCore; +#[cfg(feature = "serde")] +use serde::{Deserialize, Serialize}; use zeroize::ZeroizeOnDrop; /// Decryption key for PKCS#1 v1.5 decryption as described in [RFC8017 § 7.2]. /// /// [RFC8017 § 7.2]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.2 -#[derive(Debug, Clone)] +#[derive(Debug, Clone, PartialEq)] +#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct DecryptingKey { inner: RsaPrivateKey, } @@ -49,3 +52,26 @@ impl EncryptingKeypair for DecryptingKey { } impl ZeroizeOnDrop for DecryptingKey {} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let decrypting_key = + DecryptingKey::new(RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key")); + + let tokens = [ + Token::Struct { name: "DecryptingKey", len: 1 }, + Token::Str("inner"), + Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc"), + Token::StructEnd, + ]; + assert_tokens(&decrypting_key.readable(), &tokens); + } +} diff --git a/src/pkcs1v15/encrypting_key.rs b/src/pkcs1v15/encrypting_key.rs index 80db0f60..f1ff3fd3 100644 --- a/src/pkcs1v15/encrypting_key.rs +++ b/src/pkcs1v15/encrypting_key.rs @@ -1,12 +1,15 @@ use super::encrypt; use crate::{traits::RandomizedEncryptor, Result, RsaPublicKey}; use alloc::vec::Vec; +#[cfg(feature = "serde")] +use serde::{Deserialize, Serialize}; use rand_core::CryptoRngCore; /// Encryption key for PKCS#1 v1.5 encryption as described in [RFC8017 § 7.2]. /// /// [RFC8017 § 7.2]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.2 -#[derive(Debug, Clone)] +#[derive(Debug, Clone, PartialEq)] +#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct EncryptingKey { pub(super) inner: RsaPublicKey, } @@ -27,3 +30,26 @@ impl RandomizedEncryptor for EncryptingKey { encrypt(rng, &self.inner, msg) } } + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let encrypting_key = EncryptingKey::new(priv_key.to_public_key()); + + let tokens = [ + Token::Struct { name: "EncryptingKey", len: 1 }, + Token::Str("inner"), + Token::Str("3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001"), + Token::StructEnd, + ]; + assert_tokens(&encrypting_key.clone().readable(), &tokens); + } +} \ No newline at end of file diff --git a/src/pkcs1v15/signature.rs b/src/pkcs1v15/signature.rs index a07b6468..d8fd2708 100644 --- a/src/pkcs1v15/signature.rs +++ b/src/pkcs1v15/signature.rs @@ -3,6 +3,8 @@ use crate::algorithms::pad::uint_to_be_pad; use ::signature::SignatureEncoding; use alloc::{boxed::Box, string::ToString}; +#[cfg(feature = "serde")] +use serdect::serde::{de, Deserialize, Serialize}; use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex}; use num_bigint::BigUint; use spki::{ @@ -79,3 +81,42 @@ impl Display for Signature { write!(f, "{:X}", self) } } + +#[cfg(feature = "serde")] +impl Serialize for Signature { + fn serialize(&self, serializer: S) -> core::result::Result + where + S: serdect::serde::Serializer, + { + serdect::slice::serialize_hex_lower_or_bin(&self.to_bytes(), serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de> Deserialize<'de> for Signature { + fn deserialize(deserializer: D) -> core::result::Result + where + D: serdect::serde::Deserializer<'de>, + { + serdect::slice::deserialize_hex_or_bin_vec(deserializer)?.as_slice().try_into().map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use serde_test::{assert_tokens, Configure, Token}; + let signature = Signature { + inner: BigUint::new(Vec::from([42])), + len: 1, + }; + + let tokens = [ + Token::Str("2a"), + ]; + assert_tokens(&signature.readable(), &tokens); + } +} \ No newline at end of file diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs index eb60a5bd..ac6fa3e7 100644 --- a/src/pkcs1v15/signing_key.rs +++ b/src/pkcs1v15/signing_key.rs @@ -7,10 +7,15 @@ use pkcs8::{ spki::{ der::AnyRef, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier, SignatureAlgorithmIdentifier, - }, - AssociatedOid, EncodePrivateKey, SecretDocument, + }, AssociatedOid, EncodePrivateKey, SecretDocument }; use rand_core::CryptoRngCore; +#[cfg(feature = "serde")] +use { + pkcs8::DecodePrivateKey, + serdect::serde::{de, ser, Deserialize, Serialize}, +}; + use signature::{ hazmat::PrehashSigner, DigestSigner, Keypair, RandomizedDigestSigner, RandomizedSigner, Signer, }; @@ -256,3 +261,59 @@ where } impl ZeroizeOnDrop for SigningKey where D: Digest {} + +impl PartialEq for SigningKey where D: Digest { + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.prefix == other.prefix + } +} + +#[cfg(feature = "serde")] +impl Serialize for SigningKey +where + D: Digest, +{ + fn serialize(&self, serializer: S) -> core::result::Result + where + S: serdect::serde::Serializer, + { + let der = self.to_pkcs8_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der.as_bytes(), serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de, D> Deserialize<'de> for SigningKey +where + D: Digest + AssociatedOid, +{ + fn deserialize(deserializer: De) -> core::result::Result + where + De: serdect::serde::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_pkcs8_der(&der_bytes).map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + use sha2::Sha256; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let signing_key = SigningKey::::new(priv_key); + + let tokens = [ + Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc") + ]; + + assert_tokens(&signing_key.readable(), &tokens); + } +} \ No newline at end of file diff --git a/src/pkcs1v15/verifying_key.rs b/src/pkcs1v15/verifying_key.rs index 9e11c544..baa77c98 100644 --- a/src/pkcs1v15/verifying_key.rs +++ b/src/pkcs1v15/verifying_key.rs @@ -8,9 +8,17 @@ use pkcs8::{ der::AnyRef, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier, SignatureAlgorithmIdentifier, }, - AssociatedOid, Document, EncodePublicKey, + AssociatedOid, }; + +#[cfg(feature = "serde")] +use { + serdect::serde::{de, ser, Deserialize, Serialize}, + spki::DecodePublicKey, +}; + use signature::{hazmat::PrehashVerifier, DigestVerifier, Verifier}; +use spki::{Document, EncodePublicKey}; /// Verifying key for `RSASSA-PKCS1-v1_5` signatures as described in [RFC8017 § 8.2]. /// @@ -203,3 +211,63 @@ where RsaPublicKey::try_from(spki).map(Self::new) } } + +impl PartialEq for VerifyingKey +where + D: Digest, +{ + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.prefix == other.prefix + } +} + +#[cfg(feature = "serde")] +impl Serialize for VerifyingKey +where + D: Digest, +{ + fn serialize(&self, serializer: S) -> Result + where + S: serde::Serializer, + { + let der = self.to_public_key_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der, serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de, D> Deserialize<'de> for VerifyingKey +where + D: Digest + AssociatedOid, +{ + fn deserialize(deserializer: De) -> Result + where + De: serde::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_public_key_der(&der_bytes).map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + use sha2::Sha256; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let pub_key = priv_key.to_public_key(); + let verifying_key = VerifyingKey::::new(pub_key); + + let tokens = [ + Token::Str("3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001") + ]; + + assert_tokens(&verifying_key.readable(), &tokens); + } +} diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs index adc0ff5f..5d46d5a8 100644 --- a/src/pss/blinded_signing_key.rs +++ b/src/pss/blinded_signing_key.rs @@ -15,7 +15,11 @@ use signature::{ hazmat::RandomizedPrehashSigner, Keypair, RandomizedDigestSigner, RandomizedSigner, }; use zeroize::ZeroizeOnDrop; - +#[cfg(feature = "serde")] +use { + serdect::serde::{de, ser, Deserialize, Serialize}, + pkcs8::DecodePrivateKey, +}; /// Signing key for producing "blinded" RSASSA-PSS signatures as described in /// [draft-irtf-cfrg-rsa-blind-signatures](https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/). #[derive(Debug, Clone)] @@ -197,4 +201,74 @@ where } } +impl TryFrom> for BlindedSigningKey +where + D: Digest + AssociatedOid, +{ + type Error = pkcs8::Error; + + fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + RsaPrivateKey::try_from(private_key_info).map(Self::new) + } +} + impl ZeroizeOnDrop for BlindedSigningKey where D: Digest {} + +impl PartialEq for BlindedSigningKey +where + D: Digest, +{ + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.salt_len == other.salt_len + } +} + +#[cfg(feature = "serde")] +impl Serialize for BlindedSigningKey +where + D: Digest, +{ + fn serialize(&self, serializer: S) -> core::result::Result + where + S: serde::Serializer, + { + let der = self.to_pkcs8_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der.as_bytes(), serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de, D> Deserialize<'de> for BlindedSigningKey +where + D: Digest + AssociatedOid, +{ + fn deserialize(deserializer: De) -> core::result::Result + where + De: serde::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_pkcs8_der(&der_bytes).map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + use sha2::Sha256; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let signing_key = BlindedSigningKey::::new( + RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"), + ); + + let tokens = [ + Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc") + ]; + assert_tokens(&signing_key.readable(), &tokens); + } +} diff --git a/src/pss/signature.rs b/src/pss/signature.rs index 031e2201..d7d32ae8 100644 --- a/src/pss/signature.rs +++ b/src/pss/signature.rs @@ -5,6 +5,8 @@ use ::signature::SignatureEncoding; use alloc::{boxed::Box, string::ToString}; use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex}; use num_bigint::BigUint; +#[cfg(feature = "serde")] +use serdect::serde::{de, Deserialize, Serialize}; use spki::{ der::{asn1::BitString, Result as DerResult}, SignatureBitStringEncoding, @@ -73,3 +75,45 @@ impl Display for Signature { write!(f, "{:X}", self) } } + +#[cfg(feature = "serde")] +impl Serialize for Signature { + fn serialize(&self, serializer: S) -> core::result::Result + where + S: serdect::serde::Serializer, + { + serdect::slice::serialize_hex_lower_or_bin(&self.to_bytes(), serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de> Deserialize<'de> for Signature { + fn deserialize(deserializer: D) -> core::result::Result + where + D: serdect::serde::Deserializer<'de>, + { + serdect::slice::deserialize_hex_or_bin_vec(deserializer)? + .as_slice() + .try_into() + .map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use serde_test::{assert_tokens, Configure, Token}; + let signature = Signature { + inner: BigUint::new(Vec::from([42])), + len: 1, + }; + + let tokens = [ + Token::Str("2a"), + ]; + assert_tokens(&signature.readable(), &tokens); + } +} \ No newline at end of file diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs index be2d203d..0ed526bd 100644 --- a/src/pss/signing_key.rs +++ b/src/pss/signing_key.rs @@ -1,5 +1,5 @@ use super::{get_pss_signature_algo_id, sign_digest, Signature, VerifyingKey}; -use crate::encoding::ID_RSASSA_PSS; +use crate::encoding::verify_algorithm_id; use crate::{Result, RsaPrivateKey}; use const_oid::AssociatedOid; use core::marker::PhantomData; @@ -16,6 +16,11 @@ use signature::{ hazmat::RandomizedPrehashSigner, Keypair, RandomizedDigestSigner, RandomizedSigner, }; use zeroize::ZeroizeOnDrop; +#[cfg(feature = "serde")] +use { + pkcs8::DecodePrivateKey, + serdect::serde::{de, ser, Deserialize, Serialize}, +}; #[cfg(feature = "getrandom")] use { @@ -227,11 +232,68 @@ where type Error = pkcs8::Error; fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { - private_key_info - .algorithm - .assert_algorithm_oid(ID_RSASSA_PSS)?; + verify_algorithm_id(&private_key_info.algorithm)?; RsaPrivateKey::try_from(private_key_info).map(Self::new) } } impl ZeroizeOnDrop for SigningKey where D: Digest {} + +impl PartialEq for SigningKey +where + D: Digest, +{ + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.salt_len == other.salt_len + } +} + +#[cfg(feature = "serde")] +impl Serialize for SigningKey +where + D: Digest, +{ + fn serialize(&self, serializer: S) -> core::result::Result + where + S: serdect::serde::Serializer, + { + let der = self.to_pkcs8_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der.as_bytes(), serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de, D> Deserialize<'de> for SigningKey +where + D: Digest + AssociatedOid, +{ + fn deserialize(deserializer: De) -> core::result::Result + where + De: serdect::serde::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_pkcs8_der(&der_bytes).map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + use sha2::Sha256; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let signing_key = SigningKey::::new(priv_key); + + let tokens = [ + Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc") + ]; + + assert_tokens(&signing_key.readable(), &tokens); + } +} diff --git a/src/pss/verifying_key.rs b/src/pss/verifying_key.rs index e98fc7c5..b1ea02e6 100644 --- a/src/pss/verifying_key.rs +++ b/src/pss/verifying_key.rs @@ -8,6 +8,11 @@ use pkcs8::{ AssociatedOid, Document, EncodePublicKey, }; use signature::{hazmat::PrehashVerifier, DigestVerifier, Verifier}; +#[cfg(feature = "serde")] +use { + serdect::serde::{de, ser, Deserialize, Serialize}, + spki::DecodePublicKey, +}; /// Verifying key for checking the validity of RSASSA-PSS signatures as /// described in [RFC8017 § 8.1]. @@ -165,7 +170,7 @@ where type Error = pkcs8::spki::Error; fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result { - match spki.algorithm.oid { + match spki.algorithm.oid { ID_RSASSA_PSS | pkcs1::ALGORITHM_OID => (), _ => { return Err(spki::Error::OidUnknown { @@ -177,3 +182,63 @@ where RsaPublicKey::try_from(spki).map(Self::new) } } + +impl PartialEq for VerifyingKey +where + D: Digest, +{ + fn eq(&self, other: &Self) -> bool { + self.inner == other.inner && self.salt_len == other.salt_len + } +} + +#[cfg(feature = "serde")] +impl Serialize for VerifyingKey +where + D: Digest, +{ + fn serialize(&self, serializer: S) -> Result + where + S: serde::Serializer, + { + let der = self.to_public_key_der().map_err(ser::Error::custom)?; + serdect::slice::serialize_hex_lower_or_bin(&der, serializer) + } +} + +#[cfg(feature = "serde")] +impl<'de, D> Deserialize<'de> for VerifyingKey +where + D: Digest + AssociatedOid, +{ + fn deserialize(deserializer: De) -> Result + where + De: serde::Deserializer<'de>, + { + let der_bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?; + Self::from_public_key_der(&der_bytes).map_err(de::Error::custom) + } +} + +#[cfg(test)] +mod tests { + #[test] + #[cfg(feature = "serde")] + fn test_serde() { + use super::*; + use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng}; + use serde_test::{assert_tokens, Configure, Token}; + use sha2::Sha256; + + let mut rng = ChaCha8Rng::from_seed([42; 32]); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let pub_key = priv_key.to_public_key(); + let verifying_key = VerifyingKey::::new(pub_key); + + let tokens = [ + Token::Str("3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001") + ]; + + assert_tokens(&verifying_key.readable(), &tokens); + } +} From 429a137a4b2cf1331d24f5682286684771d7cac1 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Wed, 5 Jun 2024 09:14:24 -0600 Subject: [PATCH 11/23] Cargo.lock: bump dependencies (#433) Updates the following dependencies: $ cargo update Updating crates.io index Updating aes v0.8.3 -> v0.8.4 Updating autocfg v1.1.0 -> v1.3.0 Removing bitflags v1.3.2 Removing bitflags v2.4.1 Adding bitflags v2.5.0 Updating cpufeatures v0.2.11 -> v0.2.12 Updating errno v0.3.7 -> v0.3.9 Updating fastrand v2.0.1 -> v2.1.0 Updating getrandom v0.2.11 -> v0.2.15 Updating hybrid-array v0.2.0-rc.5 -> v0.2.0-rc.8 Updating libc v0.2.150 -> v0.2.155 Updating linux-raw-sys v0.4.11 -> v0.4.14 (latest: v0.6.4) Updating num-integer v0.1.45 -> v0.1.46 Updating num-iter v0.1.43 -> v0.1.45 Updating num-traits v0.2.17 -> v0.2.19 Updating proc-macro2 v1.0.79 -> v1.0.85 Updating quote v1.0.35 -> v1.0.36 Removing redox_syscall v0.4.1 Updating regex-syntax v0.8.2 -> v0.8.3 Updating rustix v0.38.25 -> v0.38.34 Updating serde v1.0.197 -> v1.0.203 Updating serde_derive v1.0.197 -> v1.0.203 Updating smallvec v1.11.2 -> v1.13.2 Updating syn v2.0.53 -> v2.0.66 Updating tempfile v3.8.1 -> v3.10.1 Updating windows-sys v0.48.0 -> v0.52.0 Updating windows-targets v0.48.5 -> v0.52.5 Updating windows_aarch64_gnullvm v0.48.5 -> v0.52.5 Updating windows_aarch64_msvc v0.48.5 -> v0.52.5 Updating windows_i686_gnu v0.48.5 -> v0.52.5 Adding windows_i686_gnullvm v0.52.5 Updating windows_i686_msvc v0.48.5 -> v0.52.5 Updating windows_x86_64_gnu v0.48.5 -> v0.52.5 Updating windows_x86_64_gnullvm v0.48.5 -> v0.52.5 Updating windows_x86_64_msvc v0.48.5 -> v0.52.5 Updating zeroize v1.7.0 -> v1.8.1 --- Cargo.lock | 156 +++++++++++++++++++++++++---------------------------- 1 file changed, 73 insertions(+), 83 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ddfc86f2..8e074dd6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "aes" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", @@ -15,9 +15,9 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "base16ct" @@ -48,15 +48,9 @@ checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" [[package]] name = "bitflags" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" - -[[package]] -name = "bitflags" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" @@ -124,9 +118,9 @@ checksum = "f7e3352a27098ba6b09546e5f13b15165e6a88b5c2723afecb3ea9576b27e3ea" [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] @@ -187,9 +181,9 @@ dependencies = [ [[package]] name = "errno" -version = "0.3.7" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys", @@ -197,9 +191,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "fnv" @@ -219,9 +213,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -245,9 +239,9 @@ dependencies = [ [[package]] name = "hybrid-array" -version = "0.2.0-rc.5" +version = "0.2.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcda354500b318c287a6b91c1cfbc42edd53d52d259a80783ceb5e3986fca2b2" +checksum = "53668f5da5a41d9eaf4bf7064be46d1ebe6a4e1ceed817f387587b18f2b51047" dependencies = [ "typenum", ] @@ -282,9 +276,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.150" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libm" @@ -294,9 +288,9 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "linux-raw-sys" -version = "0.4.11" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "num-bigint-dig" @@ -318,19 +312,18 @@ dependencies = [ [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.43" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -339,9 +332,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -412,9 +405,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" dependencies = [ "unicode-ident", ] @@ -427,7 +420,7 @@ checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.4.1", + "bitflags", "lazy_static", "num-traits", "rand", @@ -447,9 +440,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -493,20 +486,11 @@ dependencies = [ "rand_core", ] -[[package]] -name = "redox_syscall" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" -dependencies = [ - "bitflags 1.3.2", -] - [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "rsa" @@ -540,11 +524,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.25" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.4.1", + "bitflags", "errno", "libc", "linux-raw-sys", @@ -585,18 +569,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.197" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" dependencies = [ "proc-macro2", "quote", @@ -677,9 +661,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.2" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "spin" @@ -705,9 +689,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.53" +version = "2.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7383cd0e49fff4b6b90ca5670bfd3e9d6a733b3f90c686605aa7eec8c4996032" +checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" dependencies = [ "proc-macro2", "quote", @@ -716,13 +700,12 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.8.1" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef1adac450ad7f4b3c28589471ade84f25f731a7a0fe30d71dfa9f60fd808e5" +checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", "fastrand", - "redox_syscall", "rustix", "windows-sys", ] @@ -768,22 +751,23 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "windows-sys" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -792,48 +776,54 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" -version = "0.48.5" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" From e6c4db707b662eb2afcc12d4b693f1e203ecd4fd Mon Sep 17 00:00:00 2001 From: Artyom Pavlov Date: Wed, 26 Jun 2024 17:15:39 +0300 Subject: [PATCH 12/23] Tweak OAEP's `MAX_LABEL_LEN` constant (#437) --- src/algorithms/oaep.rs | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/algorithms/oaep.rs b/src/algorithms/oaep.rs index 0ba2de9d..37bfaa3e 100644 --- a/src/algorithms/oaep.rs +++ b/src/algorithms/oaep.rs @@ -11,9 +11,12 @@ use zeroize::Zeroizing; use super::mgf::{mgf1_xor, mgf1_xor_digest}; use crate::errors::{Error, Result}; -// 2**61 -1 (pow is not const yet) -// TODO: This is the maximum for SHA-1, unclear from the RFC what the values are for other hashing functions. -const MAX_LABEL_LEN: u64 = 2_305_843_009_213_693_951; +/// Maximum label size (2^64 bits) for SHA-1 and SHA-256 hash functions. +/// +/// In theory, other hash functions (e.g. SHA-512 and SHA-3) can process longer labels, +/// but such huge inputs are practically impossible on one machine, so we use this limit +/// for all hash functions. +const MAX_LABEL_LEN: u64 = 1 << 61; #[inline] fn encrypt_internal( @@ -65,7 +68,7 @@ pub(crate) fn oaep_encrypt( let h_size = digest.output_size(); let label = label.unwrap_or_default(); - if label.len() as u64 > MAX_LABEL_LEN { + if label.len() as u64 >= MAX_LABEL_LEN { return Err(Error::LabelTooLong); } @@ -99,7 +102,7 @@ pub(crate) fn oaep_encrypt_digest< let h_size = ::output_size(); let label = label.unwrap_or_default(); - if label.len() as u64 > MAX_LABEL_LEN { + if label.len() as u64 >= MAX_LABEL_LEN { return Err(Error::LabelTooLong); } @@ -133,7 +136,7 @@ pub(crate) fn oaep_decrypt( let h_size = digest.output_size(); let label = label.unwrap_or_default(); - if label.len() as u64 > MAX_LABEL_LEN { + if label.len() as u64 >= MAX_LABEL_LEN { return Err(Error::Decryption); } @@ -173,7 +176,7 @@ pub(crate) fn oaep_decrypt_digest( let h_size = ::output_size(); let label = label.unwrap_or_default(); - if label.len() as u64 > MAX_LABEL_LEN { + if label.len() as u64 >= MAX_LABEL_LEN { return Err(Error::LabelTooLong); } From fd92bd9bca8e33e3eba488836ead34a67c5c72e1 Mon Sep 17 00:00:00 2001 From: Artyom Pavlov Date: Wed, 26 Jun 2024 18:15:15 +0300 Subject: [PATCH 13/23] Add Clippy and rustfmt CI jobs (#438) --- .github/workflows/ci.yml | 10 - .github/workflows/workspace.yml | 47 +++++ benches/key.rs | 62 ++++++- src/algorithms/mgf.rs | 4 +- src/encoding.rs | 6 +- src/key.rs | 159 +++++++++++----- src/oaep/encrypting_key.rs | 8 +- src/pkcs1v15/encrypting_key.rs | 13 +- src/pkcs1v15/signature.rs | 15 +- src/pkcs1v15/signing_key.rs | 10 +- src/pkcs1v15/verifying_key.rs | 6 +- src/pss.rs | 39 +++- src/pss/blinded_signing_key.rs | 2 +- src/pss/signature.rs | 6 +- src/pss/verifying_key.rs | 8 +- tests/pkcs1.rs | 316 ++++++++++++++++++++++++++++++-- tests/pkcs8.rs | 188 +++++++++++++++++-- 17 files changed, 760 insertions(+), 139 deletions(-) create mode 100644 .github/workflows/workspace.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74188db1..fde31fd0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,16 +48,6 @@ jobs: - run: cargo test --release --features getrandom - run: cargo test --release --features serde - doc: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: RustCrypto/actions/cargo-cache@master - - uses: dtolnay/rust-toolchain@master - with: - toolchain: stable - - run: cargo doc --all-features - minimal-versions: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml new file mode 100644 index 00000000..c67ebc50 --- /dev/null +++ b/.github/workflows/workspace.yml @@ -0,0 +1,47 @@ +name: Workspace + +on: + pull_request: + paths-ignore: + - README.md + push: + branches: master + paths-ignore: + - README.md + +jobs: + clippy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: 1.79.0 + components: clippy + - run: cargo clippy --all -- -D warnings + + fmt: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: stable + components: rustfmt + - run: cargo fmt --all -- --check + + doc: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + # We need Nightly for doc_auto_cfg + toolchain: nightly-2024-06-25 + - uses: Swatinem/rust-cache@v2 + - env: + RUSTDOCFLAGS: "-Dwarnings --cfg docsrs" + run: cargo doc --no-deps --features std,pem,serde,hazmat,sha2 diff --git a/benches/key.rs b/benches/key.rs index 39260388..bc1e4bca 100644 --- a/benches/key.rs +++ b/benches/key.rs @@ -10,19 +10,67 @@ use rsa::{Pkcs1v15Encrypt, Pkcs1v15Sign, RsaPrivateKey}; use sha2::{Digest, Sha256}; use test::Bencher; -const DECRYPT_VAL: &'static str = - "XW4qfrpQDarEMBfPyIYE9UvuOFkbBi0tiGYbIOJPLMNe/LWuPD0BQ7ceqlOlPPcKLinYz0DlnqW3It/V7ae59zw9afA3YIWdq0Ut2BnYL+aJixnqaP+PjsQNcHg6axCF11iNQ4jpXrZDiQcI+q9EEzZDTMsiMxtjfgBQUd8LHT87YoQXDWaFPCVpliACMc8aUk442kH1tc4jEuXwjEjFErvAM/J7VizCdU/dnKrlq2mBDzvZ6hxY9TYHFB/zY6DZPJAgEMUxYWCR9xPJ7X256DV1Kt0Ht33DWoFcgh/pPLM1q9pK0HVxCdclXfZOeCqlrLgZ5Gxv5DM4BtV7Z4m85w=="; +const DECRYPT_VAL: &str = "\ + XW4qfrpQDarEMBfPyIYE9UvuOFkbBi0tiGYbIOJPLMNe/LWuPD0BQ7ceqlOlPPcK\ + LinYz0DlnqW3It/V7ae59zw9afA3YIWdq0Ut2BnYL+aJixnqaP+PjsQNcHg6axCF\ + 11iNQ4jpXrZDiQcI+q9EEzZDTMsiMxtjfgBQUd8LHT87YoQXDWaFPCVpliACMc8a\ + Uk442kH1tc4jEuXwjEjFErvAM/J7VizCdU/dnKrlq2mBDzvZ6hxY9TYHFB/zY6DZ\ + PJAgEMUxYWCR9xPJ7X256DV1Kt0Ht33DWoFcgh/pPLM1q9pK0HVxCdclXfZOeCql\ + rLgZ5Gxv5DM4BtV7Z4m85w=="; fn get_key() -> RsaPrivateKey { RsaPrivateKey::from_components( - BigUint::from_str_radix("14314132931241006650998084889274020608918049032671858325988396851334124245188214251956198731333464217832226406088020736932173064754214329009979944037640912127943488972644697423190955557435910767690712778463524983667852819010259499695177313115447116110358524558307947613422897787329221478860907963827160223559690523660574329011927531289655711860504630573766609239332569210831325633840174683944553667352219670930408593321661375473885147973879086994006440025257225431977751512374815915392249179976902953721486040787792801849818254465486633791826766873076617116727073077821584676715609985777563958286637185868165868520557", 10).unwrap(), + BigUint::from_str_radix( + "1431413293124100665099808488927402060891804903267185832598839685\ + 1334124245188214251956198731333464217832226406088020736932173064\ + 7542143290099799440376409121279434889726446974231909555574359107\ + 6769071277846352498366785281901025949969517731311544711611035852\ + 4558307947613422897787329221478860907963827160223559690523660574\ + 3290119275312896557118605046305737666092393325692108313256338401\ + 7468394455366735221967093040859332166137547388514797387908699400\ + 6440025257225431977751512374815915392249179976902953721486040787\ + 7928018498182544654866337918267668730766171167270730778215846767\ + 15609985777563958286637185868165868520557", + 10, + ) + .unwrap(), BigUint::from_u32(3).unwrap(), - BigUint::from_str_radix("9542755287494004433998723259516013739278699355114572217325597900889416163458809501304132487555642811888150937392013824621448709836142886006653296025093941418628992648429798282127303704957273845127141852309016655778568546006839666463451542076964744073572349705538631742281931858219480985907271975884773482372966847639853897890615456605598071088189838676728836833012254065983259638538107719766738032720239892094196108713378822882383694456030043492571063441943847195939549773271694647657549658603365629458610273821292232646334717612674519997533901052790334279661754176490593041941863932308687197618671528035670452762731", 10).unwrap(), + BigUint::from_str_radix( + "9542755287494004433998723259516013739278699355114572217325597900\ + 8894161634588095013041324875556428118881509373920138246214487098\ + 3614288600665329602509394141862899264842979828212730370495727384\ + 5127141852309016655778568546006839666463451542076964744073572349\ + 7055386317422819318582194809859072719758847734823729668476398538\ + 9789061545660559807108818983867672883683301225406598325963853810\ + 7719766738032720239892094196108713378822882383694456030043492571\ + 0634419438471959395497732716946476575496586033656294586102738212\ + 9223264633471761267451999753390105279033427966175417649059304194\ + 1863932308687197618671528035670452762731", + 10, + ) + .unwrap(), vec![ - BigUint::from_str_radix("130903255182996722426771613606077755295583329135067340152947172868415809027537376306193179624298874215608270802054347609836776473930072411958753044562214537013874103802006369634761074377213995983876788718033850153719421695468704276694983032644416930879093914927146648402139231293035971427838068945045019075433",10).unwrap(), - BigUint::from_str_radix("109348945610485453577574767652527472924289229538286649661240938988020367005475727988253438647560958573506159449538793540472829815903949343191091817779240101054552748665267574271163617694640513549693841337820602726596756351006149518830932261246698766355347898158548465400674856021497190430791824869615170301029", 10).unwrap() + BigUint::from_str_radix( + "1309032551829967224267716136060777552955833291350673401529471728\ + 6841580902753737630619317962429887421560827080205434760983677647\ + 3930072411958753044562214537013874103802006369634761074377213995\ + 9838767887180338501537194216954687042766949830326444169308790939\ + 14927146648402139231293035971427838068945045019075433", + 10, + ) + .unwrap(), + BigUint::from_str_radix( + "1093489456104854535775747676525274729242892295382866496612409389\ + 8802036700547572798825343864756095857350615944953879354047282981\ + 5903949343191091817779240101054552748665267574271163617694640513\ + 5496938413378206027265967563510061495188309322612466987663553478\ + 98158548465400674856021497190430791824869615170301029", + 10, + ) + .unwrap(), ], - ).unwrap() + ) + .unwrap() } #[bench] diff --git a/src/algorithms/mgf.rs b/src/algorithms/mgf.rs index 5dc6eff9..009a5030 100644 --- a/src/algorithms/mgf.rs +++ b/src/algorithms/mgf.rs @@ -9,7 +9,7 @@ pub(crate) fn mgf1_xor(out: &mut [u8], digest: &mut dyn DynDigest, seed: &[u8]) let mut counter = [0u8; 4]; let mut i = 0; - const MAX_LEN: u64 = core::u32::MAX as u64 + 1; + const MAX_LEN: u64 = u32::MAX as u64 + 1; assert!(out.len() as u64 <= MAX_LEN); while i < out.len() { @@ -43,7 +43,7 @@ where let mut counter = [0u8; 4]; let mut i = 0; - const MAX_LEN: u64 = core::u32::MAX as u64 + 1; + const MAX_LEN: u64 = u32::MAX as u64 + 1; assert!(out.len() as u64 <= MAX_LEN); while i < out.len() { diff --git a/src/encoding.rs b/src/encoding.rs index 3151791d..51d5032d 100644 --- a/src/encoding.rs +++ b/src/encoding.rs @@ -17,7 +17,9 @@ use zeroize::Zeroizing; pub const ID_RSASSA_PSS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.10"); /// Verify that the `AlgorithmIdentifier` for a key is correct. -pub(crate) fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> pkcs8::spki::Result<()> { +pub(crate) fn verify_algorithm_id( + algorithm: &pkcs8::AlgorithmIdentifierRef, +) -> pkcs8::spki::Result<()> { match algorithm.oid { pkcs1::ALGORITHM_OID => { if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() { @@ -25,7 +27,7 @@ pub(crate) fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> } } ID_RSASSA_PSS => { - if !algorithm.parameters.is_none() { + if algorithm.parameters.is_some() { return Err(pkcs8::spki::Error::KeyMalformed); } } diff --git a/src/key.rs b/src/key.rs index 03931dab..b7747d6f 100644 --- a/src/key.rs +++ b/src/key.rs @@ -9,9 +9,9 @@ use rand_core::CryptoRngCore; use zeroize::{Zeroize, ZeroizeOnDrop}; #[cfg(feature = "serde")] use { + pkcs8::{DecodePrivateKey, EncodePrivateKey}, serdect::serde::{de, ser, Deserialize, Serialize}, - spki::{EncodePublicKey, DecodePublicKey}, - pkcs8::{EncodePrivateKey, DecodePrivateKey} + spki::{DecodePublicKey, EncodePublicKey}, }; use crate::algorithms::generate::generate_multi_prime_key_with_exp; @@ -690,9 +690,11 @@ mod tests { let mut rng = ChaCha8Rng::from_seed([42; 32]); let priv_key = RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); - let priv_tokens = [ - Token::Str("3054020100300d06092a864886f70d01010105000440303e020100020900cc6c6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d46b68cb02046d9a09f102047b4e3a4f020500f45065cc") - ]; + let priv_tokens = [Token::Str( + "3054020100300d06092a864886f70d01010105000440303e020100020900cc6c\ + 6130e35b46bf0203010001020863de1ac858580019020500f65cff5d020500d4\ + 6b68cb02046d9a09f102047b4e3a4f020500f45065cc", + )]; assert_tokens(&priv_key.clone().readable(), &priv_tokens); let priv_tokens = [Token::Str( @@ -708,15 +710,81 @@ mod tests { fn invalid_coeff_private_key_regression() { use base64ct::{Base64, Encoding}; - let n = Base64::decode_vec("wC8GyQvTCZOK+iiBR5fGQCmzRCTWX9TQ3aRG5gGFk0wB6EFoLMAyEEqeG3gS8xhAm2rSWYx9kKufvNat3iWlbSRVqkcbpVAYlj2vTrpqDpJl+6u+zxFYoUEBevlJJkAhl8EuCccOA30fVpcfRvXPTtvRd3yFT9E9EwZljtgSI02w7gZwg7VIxaGeajh5Euz6ZVQZ+qNRKgXrRC7gPRqVyI6Dt0Jc+Su5KBGNn0QcPDzOahWha1ieaeMkFisZ9mdpsJoZ4tw5eicLaUomKzALHXQVt+/rcZSrCd6/7uUo11B/CYBM4UfSpwXaL88J9AE6A5++no9hmJzaF2LLp+Qwx4yY3j9TDutxSAjsraxxJOGZ3XyA9nG++Ybt3cxZ5fP7ROjxCfROBmVv5dYn0O9OBIqYeCH6QraNpZMadlLNIhyMv8Y+P3r5l/PaK4VJaEi5pPosnEPawp0W0yZDzmjk2z1LthaRx0aZVrAjlH0Rb/6goLUQ9qu1xsDtQVVpN4A89ZUmtTWORnnJr0+595eHHxssd2gpzqf4bPjNITdAEuOCCtpvyi4ls23zwuzryUYjcUOEnsXNQ+DrZpLKxdtsD/qNV/j1hfeyBoPllC3cV+6bcGOFcVGbjYqb+Kw1b0+jL69RSKQqgmS+qYqr8c48nDRxyq3QXhR8qtzUwBFSLVk=").unwrap(); + let n = Base64::decode_vec( + "wC8GyQvTCZOK+iiBR5fGQCmzRCTWX9TQ3aRG5gGFk0wB6EFoLMAyEEqeG3gS8xhA\ + m2rSWYx9kKufvNat3iWlbSRVqkcbpVAYlj2vTrpqDpJl+6u+zxFYoUEBevlJJkAh\ + l8EuCccOA30fVpcfRvXPTtvRd3yFT9E9EwZljtgSI02w7gZwg7VIxaGeajh5Euz6\ + ZVQZ+qNRKgXrRC7gPRqVyI6Dt0Jc+Su5KBGNn0QcPDzOahWha1ieaeMkFisZ9mdp\ + sJoZ4tw5eicLaUomKzALHXQVt+/rcZSrCd6/7uUo11B/CYBM4UfSpwXaL88J9AE6\ + A5++no9hmJzaF2LLp+Qwx4yY3j9TDutxSAjsraxxJOGZ3XyA9nG++Ybt3cxZ5fP7\ + ROjxCfROBmVv5dYn0O9OBIqYeCH6QraNpZMadlLNIhyMv8Y+P3r5l/PaK4VJaEi5\ + pPosnEPawp0W0yZDzmjk2z1LthaRx0aZVrAjlH0Rb/6goLUQ9qu1xsDtQVVpN4A8\ + 9ZUmtTWORnnJr0+595eHHxssd2gpzqf4bPjNITdAEuOCCtpvyi4ls23zwuzryUYj\ + cUOEnsXNQ+DrZpLKxdtsD/qNV/j1hfeyBoPllC3cV+6bcGOFcVGbjYqb+Kw1b0+j\ + L69RSKQqgmS+qYqr8c48nDRxyq3QXhR8qtzUwBFSLVk=", + ) + .unwrap(); let e = Base64::decode_vec("AQAB").unwrap(); - let d = Base64::decode_vec("qQazSQ+FRN7nVK1bRsROMRB8AmsDwLVEHivlz1V3Td2Dr+oW3YUMgxedhztML1IdQJPq/ad6qErJ6yRFNySVIjDaxzBTOEoB1eHa1btOnBJWb8rVvvjaorixvJ6Tn3i4EuhsvVy9DoR1k4rGj3qSIiFjUVvLRDAbLyhpGgEfsr0Z577yJmTC5E8JLRMOKX8Tmxsk3jPVpsgd65Hu1s8S/ZmabwuHCf9SkdMeY/1bd/9i7BqqJeeDLE4B5x1xcC3z3scqDUTzqGO+vZPhjgprPDRlBamVwgenhr7KwCn8iaLamFinRVwOAag8BeBqOJj7lURiOsKQa9FIX1kdFUS1QMQxgtPycLjkbvCJjriqT7zWKsmJ7l8YLs6Wmm9/+QJRwNCEVdMTXKfCP1cJjudaiskEQThfUldtgu8gUDNYbQ/Filb2eKfiX4h1TiMxZqUZHVZyb9nShbQoXJ3vj/MGVF0QM8TxhXM8r2Lv9gDYU5t9nQlUMLhs0jVjai48jHABbFNyH3sEcOmJOIwJrCXw1dzG7AotwyaEVUHOmL04TffmwCFfnyrLjbFgnyOeoyIIBYjcY7QFRm/9nupXMTH5hZ2qrHfCJIp0KK4tNBdQqmnHapFl5l6Le1s4qBS5bEIzjitobLvAFm9abPlDGfxmY6mlrMK4+nytwF9Ct7wc1AE=").unwrap(); - let primes = vec![ - Base64::decode_vec("9kQWEAzsbzOcdPa+s5wFfw4XDd7bB1q9foZ31b1+TNjGNxbSBCFlDF1q98vwpV6nM8bWDh/wtbNoETSQDgpEnYOQ26LWEw6YY1+q1Q2GGEFceYUf+Myk8/vTc8TN6Zw0bKZBWy10Qo8h7xk4JpzuI7NcxvjJYTkS9aErFxi3vVH0aiZC0tmfaCqr8a2rJxyVwqreRpOjwAWrotMsf2wGsF4ofx5ScoFy5GB5fJkkdOrW1LyTvZAUCX3cstPr19+TNC5zZOk7WzZatnCkN5H5WzalWtZuu0oVL205KPOa3R8V2yv5e6fm0v5fTmqSuvjmaMJLXCN4QJkmIzojO99ckQ==").unwrap(), - Base64::decode_vec("x8exdMjVA2CiI+Thx7loHtVcevoeE2sZ7btRVAvmBqo+lkHwxb7FHRnWvuj6eJSlD2f0T50EewIhhiW3R9BmktCk7hXjbSCnC1u9Oxc1IAUm/7azRqyfCMx43XhLxpD+xkBCpWkKDLxGczsRwTuaP3lKS3bSdBrNlGmdblubvVBIq4YZ2vXVlnYtza0cS+dgCK7BGTqUsrCUd/ZbIvwcwZkZtpkhj1KQfto9X/0OMurBzAqbkeq1cyRHXHkOfN/qbUIIRqr9Ii7Eswf9Vk8xp2O1Nt8nzcYS9PFD12M5eyaeFEkEYfpNMNGuTzp/31oqVjbpoCxS6vuWAZyADxhISQ==").unwrap(), - Base64::decode_vec("is7d0LY4HoXszlC2NO7gejkq7XqL4p1W6hZJPYTNx+r37t1CC2n3Vvzg6kNdpRixDhIpXVTLjN9O7UO/XuqSumYKJIKoP52eb4Tg+a3hw5Iz2Zsb5lUTNSLgkQSBPAf71LHxbL82JL4g1nBUog8ae60BwnVArThKY4EwlJguGNw09BAU4lwf6csDl/nX2vfVwiAloYpeZkHL+L8m+bueGZM5KE2jEz+7ztZCI+T+E5i69rZEYDjx0lfLKlEhQlCW3HbCPELqXgNJJkRfi6MP9kXa9lSfnZmoT081RMvqonB/FUa4HOcKyCrw9XZEtnbNCIdbitfDVEX+pSSD7596wQ==").unwrap(), - Base64::decode_vec("GPs0injugfycacaeIP5jMa/WX55VEnKLDHom4k6WlfDF4L4gIGoJdekcPEUfxOI5faKvHyFwRP1wObkPoRBDM0qZxRfBl4zEtpvjHrd5MibSyJkM8+J0BIKk/nSjbRIGeb3hV5O56PvGB3S0dKhCUnuVObiC+ne7izplsD4OTG70l1Yud33UFntyoMxrxGYLUSqhBMmZfHquJg4NOWOzKNY/K+EcHDLj1Kjvkcgv9Vf7ocsVxvpFdD9uGPceQ6kwRDdEl6mb+6FDgWuXVyqR9+904oanEIkbJ7vfkthagLbEf57dyG6nJlqh5FBZWxGIR72YGypPuAh7qnnqXXjY2Q==").unwrap(), - Base64::decode_vec("CUWC+hRWOT421kwRllgVjy6FYv6jQUcgDNHeAiYZnf5HjS9iK2ki7v8G5dL/0f+Yf+NhE/4q8w4m8go51hACrVpP1p8GJDjiT09+RsOzITsHwl+ceEKoe56ZW6iDHBLlrNw5/MtcYhKpjNU9KJ2udm5J/c9iislcjgckrZG2IB8ADgXHMEByZ5DgaMl4AKZ1Gx8/q6KftTvmOT5rNTMLi76VN5KWQcDWK/DqXiOiZHM7Nr4dX4me3XeRgABJyNR8Fqxj3N1+HrYLe/zs7LOaK0++F9Ul3tLelhrhsvLxei3oCZkF9A/foD3on3luYA+1cRcxWpSY3h2J4/22+yo4+Q==").unwrap(), + let d = Base64::decode_vec( + "qQazSQ+FRN7nVK1bRsROMRB8AmsDwLVEHivlz1V3Td2Dr+oW3YUMgxedhztML1Id\ + QJPq/ad6qErJ6yRFNySVIjDaxzBTOEoB1eHa1btOnBJWb8rVvvjaorixvJ6Tn3i4\ + EuhsvVy9DoR1k4rGj3qSIiFjUVvLRDAbLyhpGgEfsr0Z577yJmTC5E8JLRMOKX8T\ + mxsk3jPVpsgd65Hu1s8S/ZmabwuHCf9SkdMeY/1bd/9i7BqqJeeDLE4B5x1xcC3z\ + 3scqDUTzqGO+vZPhjgprPDRlBamVwgenhr7KwCn8iaLamFinRVwOAag8BeBqOJj7\ + lURiOsKQa9FIX1kdFUS1QMQxgtPycLjkbvCJjriqT7zWKsmJ7l8YLs6Wmm9/+QJR\ + wNCEVdMTXKfCP1cJjudaiskEQThfUldtgu8gUDNYbQ/Filb2eKfiX4h1TiMxZqUZ\ + HVZyb9nShbQoXJ3vj/MGVF0QM8TxhXM8r2Lv9gDYU5t9nQlUMLhs0jVjai48jHAB\ + bFNyH3sEcOmJOIwJrCXw1dzG7AotwyaEVUHOmL04TffmwCFfnyrLjbFgnyOeoyII\ + BYjcY7QFRm/9nupXMTH5hZ2qrHfCJIp0KK4tNBdQqmnHapFl5l6Le1s4qBS5bEIz\ + jitobLvAFm9abPlDGfxmY6mlrMK4+nytwF9Ct7wc1AE=", + ) + .unwrap(); + let primes = [ + Base64::decode_vec( + "9kQWEAzsbzOcdPa+s5wFfw4XDd7bB1q9foZ31b1+TNjGNxbSBCFlDF1q98vwpV6n\ + M8bWDh/wtbNoETSQDgpEnYOQ26LWEw6YY1+q1Q2GGEFceYUf+Myk8/vTc8TN6Zw0\ + bKZBWy10Qo8h7xk4JpzuI7NcxvjJYTkS9aErFxi3vVH0aiZC0tmfaCqr8a2rJxyV\ + wqreRpOjwAWrotMsf2wGsF4ofx5ScoFy5GB5fJkkdOrW1LyTvZAUCX3cstPr19+T\ + NC5zZOk7WzZatnCkN5H5WzalWtZuu0oVL205KPOa3R8V2yv5e6fm0v5fTmqSuvjm\ + aMJLXCN4QJkmIzojO99ckQ==", + ) + .unwrap(), + Base64::decode_vec( + "x8exdMjVA2CiI+Thx7loHtVcevoeE2sZ7btRVAvmBqo+lkHwxb7FHRnWvuj6eJSl\ + D2f0T50EewIhhiW3R9BmktCk7hXjbSCnC1u9Oxc1IAUm/7azRqyfCMx43XhLxpD+\ + xkBCpWkKDLxGczsRwTuaP3lKS3bSdBrNlGmdblubvVBIq4YZ2vXVlnYtza0cS+dg\ + CK7BGTqUsrCUd/ZbIvwcwZkZtpkhj1KQfto9X/0OMurBzAqbkeq1cyRHXHkOfN/q\ + bUIIRqr9Ii7Eswf9Vk8xp2O1Nt8nzcYS9PFD12M5eyaeFEkEYfpNMNGuTzp/31oq\ + VjbpoCxS6vuWAZyADxhISQ==", + ) + .unwrap(), + Base64::decode_vec( + "is7d0LY4HoXszlC2NO7gejkq7XqL4p1W6hZJPYTNx+r37t1CC2n3Vvzg6kNdpRix\ + DhIpXVTLjN9O7UO/XuqSumYKJIKoP52eb4Tg+a3hw5Iz2Zsb5lUTNSLgkQSBPAf7\ + 1LHxbL82JL4g1nBUog8ae60BwnVArThKY4EwlJguGNw09BAU4lwf6csDl/nX2vfV\ + wiAloYpeZkHL+L8m+bueGZM5KE2jEz+7ztZCI+T+E5i69rZEYDjx0lfLKlEhQlCW\ + 3HbCPELqXgNJJkRfi6MP9kXa9lSfnZmoT081RMvqonB/FUa4HOcKyCrw9XZEtnbN\ + CIdbitfDVEX+pSSD7596wQ==", + ) + .unwrap(), + Base64::decode_vec( + "GPs0injugfycacaeIP5jMa/WX55VEnKLDHom4k6WlfDF4L4gIGoJdekcPEUfxOI5\ + faKvHyFwRP1wObkPoRBDM0qZxRfBl4zEtpvjHrd5MibSyJkM8+J0BIKk/nSjbRIG\ + eb3hV5O56PvGB3S0dKhCUnuVObiC+ne7izplsD4OTG70l1Yud33UFntyoMxrxGYL\ + USqhBMmZfHquJg4NOWOzKNY/K+EcHDLj1Kjvkcgv9Vf7ocsVxvpFdD9uGPceQ6kw\ + RDdEl6mb+6FDgWuXVyqR9+904oanEIkbJ7vfkthagLbEf57dyG6nJlqh5FBZWxGI\ + R72YGypPuAh7qnnqXXjY2Q==", + ) + .unwrap(), + Base64::decode_vec( + "CUWC+hRWOT421kwRllgVjy6FYv6jQUcgDNHeAiYZnf5HjS9iK2ki7v8G5dL/0f+Y\ + f+NhE/4q8w4m8go51hACrVpP1p8GJDjiT09+RsOzITsHwl+ceEKoe56ZW6iDHBLl\ + rNw5/MtcYhKpjNU9KJ2udm5J/c9iislcjgckrZG2IB8ADgXHMEByZ5DgaMl4AKZ1\ + Gx8/q6KftTvmOT5rNTMLi76VN5KWQcDWK/DqXiOiZHM7Nr4dX4me3XeRgABJyNR8\ + Fqxj3N1+HrYLe/zs7LOaK0++F9Ul3tLelhrhsvLxei3oCZkF9A/foD3on3luYA+1\ + cRcxWpSY3h2J4/22+yo4+Q==", + ) + .unwrap(), ]; RsaPrivateKey::from_components( @@ -757,39 +825,38 @@ mod tests { // -----END PUBLIC KEY----- let n = BigUint::from_bytes_be(&hex!( - " - 90c06207caac3555c0b0947a5e8b681f5af6aed665ff1cd42b6b487f2f7d68f1 - 38f3dbbee6d2f10908507fe6bcf75e7cbd20e9af6ff1c202bcc3dbb45e9bb69b - b5d12a354c4b463a50820d16879373ceeb5574fdd9272be3b90d55c1a64855de - cf80520e94be2caa56c1737ed0042ef9c99c7ddb6cc76f3ada211ba90beae0fc - 0a19024e74e474ca5747f0ee327892bf6eebc83974478dbfbebed40d0ffc626c - 518071df5626abda386eed72585b676efb99b3ba111fb2f4b8fb0323bccb0c9b - 5aa35e1da54f1cccac3e14fb1d4588d7b9b9f62d4ea6e570c049efcc34101147 - fd7798549a42d86f9a90cee7fa0dd9f1ff4e10242280824872afd09782757abc - 46773cab6989c08747193b7aa4c49a0065830a87e6f7e54455758b2c10317267 - b9187358e41a5e5fef6fcbf81c8bc5e136ad1192aa7f3a5bc9270b22261b3c40 - 211d729d64c776cd8f219126e27227de3c0a40666b8da40c71243673a6187baf - 8943eadf0c3d3fd150076dad97e286a68185db8523a61e548cba7a6834e4ce98 - 5af954c9eafb9d819a3d14b526a0f8d2fef13ad99ee48f10c3a00f8853d7853a - 812b7a1c72bed38066f75779690bc12af9eb0d1eb8e2f7c4757c84e415725629 - d15c4d68c18213f18a86d4ccc08552b3c80c97165de073ac0440af253e8578c4 - 8857f396e5eba6cd01ed1250feb2c32d77939f8be8bd47874151daed87e8c963 - 32f697ea7950bee7a2c12bb484200bcbd08de5aeae6f22ff9922e38075b56026 - 2472f039de08e9362cfdd19c0f0cd0749ebd85bddc3882fb887f9789ed8e388e - 7e2eb2455399f166d5c9767ff378f8ebea465a0be2d2e3326fe6ed80e5e3050b - fb6c6a9dc8731ce4baa4e5b17b131113c79d6f290318095e37e7571a4ba697ab - 5ea56190131e06d300310064776ba0330907e1cc41acdef4eeaa53964ef30c71 - 023c3cf71af2d1d9e83900ffc80e07ec2442a3dbd50e957686a22f1d8f512364 - fb71e936f24990a4abcdbef2bea2f98cd77f1d1ca5625942c79347c146dee6e3 - 043eb622f63e627f4ebf20d6056133a4bd0f55dd13dcf429e0e73830969f543c - b31d86d9a878ca79d841444359cc0e31c0283fa6dd27b702b7ee05dad12c30f7 - f84bf1309678efb8da108efcedc423da8587bd127ca082d417c8726f7889fb80 - 326c3fa6fddd507ac7841b2f2e5c8780d486a0d68229ee2957a8ec24e00e4ab4 - de3fc811a4b5047c2b7920d071e9f2f9b61638dc15fb84cca46cad28e1ef539d - bcf249876f2647757b9a5e4f0b2ea6e7aabdf47dae826e9e259428bdb07e5a2a - 68b98f141f5537be7a590cb3ba15b0bb15824652e8da8f70eb847240058a336a - 1b6db7f88268aaf89f0b33b905d72c25338b13e61a51873c2d427021a3f29207 - 179ad32f423793f0c090dda025ce41df0e94afbc80ab5eda9b1a268aa2553a99" + "90c06207caac3555c0b0947a5e8b681f5af6aed665ff1cd42b6b487f2f7d68f1" + "38f3dbbee6d2f10908507fe6bcf75e7cbd20e9af6ff1c202bcc3dbb45e9bb69b" + "b5d12a354c4b463a50820d16879373ceeb5574fdd9272be3b90d55c1a64855de" + "cf80520e94be2caa56c1737ed0042ef9c99c7ddb6cc76f3ada211ba90beae0fc" + "0a19024e74e474ca5747f0ee327892bf6eebc83974478dbfbebed40d0ffc626c" + "518071df5626abda386eed72585b676efb99b3ba111fb2f4b8fb0323bccb0c9b" + "5aa35e1da54f1cccac3e14fb1d4588d7b9b9f62d4ea6e570c049efcc34101147" + "fd7798549a42d86f9a90cee7fa0dd9f1ff4e10242280824872afd09782757abc" + "46773cab6989c08747193b7aa4c49a0065830a87e6f7e54455758b2c10317267" + "b9187358e41a5e5fef6fcbf81c8bc5e136ad1192aa7f3a5bc9270b22261b3c40" + "211d729d64c776cd8f219126e27227de3c0a40666b8da40c71243673a6187baf" + "8943eadf0c3d3fd150076dad97e286a68185db8523a61e548cba7a6834e4ce98" + "5af954c9eafb9d819a3d14b526a0f8d2fef13ad99ee48f10c3a00f8853d7853a" + "812b7a1c72bed38066f75779690bc12af9eb0d1eb8e2f7c4757c84e415725629" + "d15c4d68c18213f18a86d4ccc08552b3c80c97165de073ac0440af253e8578c4" + "8857f396e5eba6cd01ed1250feb2c32d77939f8be8bd47874151daed87e8c963" + "32f697ea7950bee7a2c12bb484200bcbd08de5aeae6f22ff9922e38075b56026" + "2472f039de08e9362cfdd19c0f0cd0749ebd85bddc3882fb887f9789ed8e388e" + "7e2eb2455399f166d5c9767ff378f8ebea465a0be2d2e3326fe6ed80e5e3050b" + "fb6c6a9dc8731ce4baa4e5b17b131113c79d6f290318095e37e7571a4ba697ab" + "5ea56190131e06d300310064776ba0330907e1cc41acdef4eeaa53964ef30c71" + "023c3cf71af2d1d9e83900ffc80e07ec2442a3dbd50e957686a22f1d8f512364" + "fb71e936f24990a4abcdbef2bea2f98cd77f1d1ca5625942c79347c146dee6e3" + "043eb622f63e627f4ebf20d6056133a4bd0f55dd13dcf429e0e73830969f543c" + "b31d86d9a878ca79d841444359cc0e31c0283fa6dd27b702b7ee05dad12c30f7" + "f84bf1309678efb8da108efcedc423da8587bd127ca082d417c8726f7889fb80" + "326c3fa6fddd507ac7841b2f2e5c8780d486a0d68229ee2957a8ec24e00e4ab4" + "de3fc811a4b5047c2b7920d071e9f2f9b61638dc15fb84cca46cad28e1ef539d" + "bcf249876f2647757b9a5e4f0b2ea6e7aabdf47dae826e9e259428bdb07e5a2a" + "68b98f141f5537be7a590cb3ba15b0bb15824652e8da8f70eb847240058a336a" + "1b6db7f88268aaf89f0b33b905d72c25338b13e61a51873c2d427021a3f29207" + "179ad32f423793f0c090dda025ce41df0e94afbc80ab5eda9b1a268aa2553a99" )); let e = BigUint::from_u64(65537).unwrap(); diff --git a/src/oaep/encrypting_key.rs b/src/oaep/encrypting_key.rs index 1565e467..9a9ae290 100644 --- a/src/oaep/encrypting_key.rs +++ b/src/oaep/encrypting_key.rs @@ -102,9 +102,13 @@ mod tests { Token::Str("label"), Token::None, Token::Str("phantom"), - Token::UnitStruct { name: "PhantomData", }, + Token::UnitStruct { + name: "PhantomData", + }, Token::Str("mg_phantom"), - Token::UnitStruct { name: "PhantomData", }, + Token::UnitStruct { + name: "PhantomData", + }, Token::StructEnd, ]; assert_tokens(&encrypting_key.readable(), &tokens); diff --git a/src/pkcs1v15/encrypting_key.rs b/src/pkcs1v15/encrypting_key.rs index f1ff3fd3..2850f79d 100644 --- a/src/pkcs1v15/encrypting_key.rs +++ b/src/pkcs1v15/encrypting_key.rs @@ -1,9 +1,9 @@ use super::encrypt; use crate::{traits::RandomizedEncryptor, Result, RsaPublicKey}; use alloc::vec::Vec; +use rand_core::CryptoRngCore; #[cfg(feature = "serde")] use serde::{Deserialize, Serialize}; -use rand_core::CryptoRngCore; /// Encryption key for PKCS#1 v1.5 encryption as described in [RFC8017 § 7.2]. /// @@ -45,11 +45,16 @@ mod tests { let encrypting_key = EncryptingKey::new(priv_key.to_public_key()); let tokens = [ - Token::Struct { name: "EncryptingKey", len: 1 }, + Token::Struct { + name: "EncryptingKey", + len: 1, + }, Token::Str("inner"), - Token::Str("3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001"), + Token::Str( + "3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001", + ), Token::StructEnd, ]; assert_tokens(&encrypting_key.clone().readable(), &tokens); } -} \ No newline at end of file +} diff --git a/src/pkcs1v15/signature.rs b/src/pkcs1v15/signature.rs index d8fd2708..679911fc 100644 --- a/src/pkcs1v15/signature.rs +++ b/src/pkcs1v15/signature.rs @@ -3,10 +3,10 @@ use crate::algorithms::pad::uint_to_be_pad; use ::signature::SignatureEncoding; use alloc::{boxed::Box, string::ToString}; -#[cfg(feature = "serde")] -use serdect::serde::{de, Deserialize, Serialize}; use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex}; use num_bigint::BigUint; +#[cfg(feature = "serde")] +use serdect::serde::{de, Deserialize, Serialize}; use spki::{ der::{asn1::BitString, Result as DerResult}, SignatureBitStringEncoding, @@ -98,7 +98,10 @@ impl<'de> Deserialize<'de> for Signature { where D: serdect::serde::Deserializer<'de>, { - serdect::slice::deserialize_hex_or_bin_vec(deserializer)?.as_slice().try_into().map_err(de::Error::custom) + serdect::slice::deserialize_hex_or_bin_vec(deserializer)? + .as_slice() + .try_into() + .map_err(de::Error::custom) } } @@ -114,9 +117,7 @@ mod tests { len: 1, }; - let tokens = [ - Token::Str("2a"), - ]; + let tokens = [Token::Str("2a")]; assert_tokens(&signature.readable(), &tokens); } -} \ No newline at end of file +} diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs index ac6fa3e7..8914479d 100644 --- a/src/pkcs1v15/signing_key.rs +++ b/src/pkcs1v15/signing_key.rs @@ -7,7 +7,8 @@ use pkcs8::{ spki::{ der::AnyRef, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier, SignatureAlgorithmIdentifier, - }, AssociatedOid, EncodePrivateKey, SecretDocument + }, + AssociatedOid, EncodePrivateKey, SecretDocument, }; use rand_core::CryptoRngCore; #[cfg(feature = "serde")] @@ -262,7 +263,10 @@ where impl ZeroizeOnDrop for SigningKey where D: Digest {} -impl PartialEq for SigningKey where D: Digest { +impl PartialEq for SigningKey +where + D: Digest, +{ fn eq(&self, other: &Self) -> bool { self.inner == other.inner && self.prefix == other.prefix } @@ -316,4 +320,4 @@ mod tests { assert_tokens(&signing_key.readable(), &tokens); } -} \ No newline at end of file +} diff --git a/src/pkcs1v15/verifying_key.rs b/src/pkcs1v15/verifying_key.rs index baa77c98..fa23e8f7 100644 --- a/src/pkcs1v15/verifying_key.rs +++ b/src/pkcs1v15/verifying_key.rs @@ -264,9 +264,9 @@ mod tests { let pub_key = priv_key.to_public_key(); let verifying_key = VerifyingKey::::new(pub_key); - let tokens = [ - Token::Str("3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001") - ]; + let tokens = [Token::Str( + "3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001", + )]; assert_tokens(&verifying_key.readable(), &tokens); } diff --git a/src/pss.rs b/src/pss.rs index 6d4fae8c..0ae5a7e5 100644 --- a/src/pss.rs +++ b/src/pss.rs @@ -275,14 +275,35 @@ mod test { // -----END RSA PRIVATE KEY----- RsaPrivateKey::from_components( - BigUint::from_str_radix("9353930466774385905609975137998169297361893554149986716853295022578535724979677252958524466350471210367835187480748268864277464700638583474144061408845077", 10).unwrap(), + BigUint::from_str_radix( + "9353930466774385905609975137998169297361893554149986716853295022\ + 5785357249796772529585244663504712103678351874807482688642774647\ + 00638583474144061408845077", + 10, + ) + .unwrap(), BigUint::from_u64(65537).unwrap(), - BigUint::from_str_radix("7266398431328116344057699379749222532279343923819063639497049039389899328538543087657733766554155839834519529439851673014800261285757759040931985506583861", 10).unwrap(), + BigUint::from_str_radix( + "7266398431328116344057699379749222532279343923819063639497049039\ + 3898993285385430876577337665541558398345195294398516730148002612\ + 85757759040931985506583861", + 10, + ) + .unwrap(), vec![ - BigUint::from_str_radix("98920366548084643601728869055592650835572950932266967461790948584315647051443",10).unwrap(), - BigUint::from_str_radix("94560208308847015747498523884063394671606671904944666360068158221458669711639", 10).unwrap() + BigUint::from_str_radix( + "98920366548084643601728869055592650835572950932266967461790948584315647051443", + 10, + ) + .unwrap(), + BigUint::from_str_radix( + "94560208308847015747498523884063394671606671904944666360068158221458669711639", + 10, + ) + .unwrap(), ], - ).unwrap() + ) + .unwrap() } #[test] @@ -565,10 +586,10 @@ mod test { for test in &tests { let sig = signing_key - .sign_prehash_with_rng(&mut rng, &test) + .sign_prehash_with_rng(&mut rng, test) .expect("failed to sign"); verifying_key - .verify_prehash(&test, &sig) + .verify_prehash(test, &sig) .expect("failed to verify"); } } @@ -584,10 +605,10 @@ mod test { for test in &tests { let sig = signing_key - .sign_prehash_with_rng(&mut rng, &test) + .sign_prehash_with_rng(&mut rng, test) .expect("failed to sign"); verifying_key - .verify_prehash(&test, &sig) + .verify_prehash(test, &sig) .expect("failed to verify"); } } diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs index 5d46d5a8..9f990125 100644 --- a/src/pss/blinded_signing_key.rs +++ b/src/pss/blinded_signing_key.rs @@ -17,8 +17,8 @@ use signature::{ use zeroize::ZeroizeOnDrop; #[cfg(feature = "serde")] use { - serdect::serde::{de, ser, Deserialize, Serialize}, pkcs8::DecodePrivateKey, + serdect::serde::{de, ser, Deserialize, Serialize}, }; /// Signing key for producing "blinded" RSASSA-PSS signatures as described in /// [draft-irtf-cfrg-rsa-blind-signatures](https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/). diff --git a/src/pss/signature.rs b/src/pss/signature.rs index d7d32ae8..ea3d1ce9 100644 --- a/src/pss/signature.rs +++ b/src/pss/signature.rs @@ -111,9 +111,7 @@ mod tests { len: 1, }; - let tokens = [ - Token::Str("2a"), - ]; + let tokens = [Token::Str("2a")]; assert_tokens(&signature.readable(), &tokens); } -} \ No newline at end of file +} diff --git a/src/pss/verifying_key.rs b/src/pss/verifying_key.rs index b1ea02e6..2fd62d37 100644 --- a/src/pss/verifying_key.rs +++ b/src/pss/verifying_key.rs @@ -170,7 +170,7 @@ where type Error = pkcs8::spki::Error; fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result { - match spki.algorithm.oid { + match spki.algorithm.oid { ID_RSASSA_PSS | pkcs1::ALGORITHM_OID => (), _ => { return Err(spki::Error::OidUnknown { @@ -235,9 +235,9 @@ mod tests { let pub_key = priv_key.to_public_key(); let verifying_key = VerifyingKey::::new(pub_key); - let tokens = [ - Token::Str("3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001") - ]; + let tokens = [Token::Str( + "3024300d06092a864886f70d01010105000313003010020900cc6c6130e35b46bf0203010001", + )]; assert_tokens(&verifying_key.readable(), &tokens); } diff --git a/tests/pkcs1.rs b/tests/pkcs1.rs index eff97f6d..6790e137 100644 --- a/tests/pkcs1.rs +++ b/tests/pkcs1.rs @@ -50,11 +50,51 @@ fn decode_rsa2048_priv_der() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa2048-priv.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BDCFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B758A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A6910C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5CC27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DBABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBEB143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FDE65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E4228DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BD" + "CFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B7" + "58A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455" + "DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A691" + "0C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5C" + "C27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F" + "76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DB" + "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" + "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" + "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" + "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" + "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" + "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" + "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" + ) + ); } #[test] @@ -63,11 +103,75 @@ fn decode_rsa4096_priv_der() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa4096-priv.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1EBDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E026B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368FEE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E25540EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7ED5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D975D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0" + "BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375" + "852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1E" + "BDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E02" + "6B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E" + "365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F" + "6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C" + "52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919" + "D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368F" + "EE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E2554" + "0EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7E" + "D5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875" + "506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D97" + "5D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73" + "E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4" + "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("9FE3097B2322B90FAB6606C017A095EBE640C39C100BCEE02F238FA14DAFF38E9E57568F1127ED4436126B904631B127EC395BB3EE127EB82C88D2562A7FB55FED8D1450B7E4E2D2F37F5742636FCC6F289963522D5B5706082CADFA01C0EE99B4D0E9274D3A992E06974CBE01694686356962AC1959FD9BD447E5B9968C0543DF1BF134742AF345CDB2FA1F9371B0D4CF61C68D16D653D8E999D4FD3A16CF978A35AA40E860CDCE09655DD8B4CF19D4141B1E92AD5E51A8E4A5C27FA745611D90E49D0E9282222AB6F126643E1C77578816FCE3B98F321D2549F294A470DF8453446BF36F985DF25ED8FDE9FDF3073FB27727DF48E9E1FC7056BC78965090B7850126406462C8253051EF84E34EE3C3CEB8F96C658C38BE45558D2F64E29D223350555FC1EFA28EC1F4AFB5BA4080F09A86CDC3538C1AD7C972E6D7A3612E6845BA9AFBDF19F09060D1A779DE9635E2D2F8E0C510BA24C6C44B30C9BDFAF85BE917AEC5D43AFAB1AA3ADD33CC83DA93CAC69218F6A36EB47F199D5424C95FD9ED7B1E8BE2AEAA6433B227241316C20EE792650CEB48BFD634446B19D286B4EA1722498DA1A36973210EC3824751A5808D9AAEF59C449E19A5077CFECA126BD9A8DD4996561D4E27B3609FF82C5B1B21E627845D44961B33B875D5C4FA9FF357EF6BE3364969E1337C91B29A07B9A913CDE40CE2D5530C900E73751685E65431")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("D0213A79425B665B719118448893EC3275600F63DBF85B77F4E8E99EF302F6E82596048F6DCA772DE6BBF1124DB84B0AFE61B03A8604AB0079ED53F3304797AD01B38C44FE27A5A45E378483A804B56A4A967F48F01A866E721E67E4C9A1048AF68927FAA43D6A85D93E7BF7074DBA797563FCABE12309B76653C6DB614DC231CC556D9F25AC4841A02D31CDF3015B212307F9D0C79FEB5D3956CE53CC8FA1651BE60761F19F74672489EAF9F215409F39956E77A82183F1F72BB2FEDDF1B9FBFC4AD89EA445809DDBD5BD595277990C0BE9366FBB2ECF7B057CC1C3DC8FB77BF8456D07BBC95B3C1815F48E62B81468C3D4D9D96C0F48DAB04993BE8D91EDE5")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("CE36C6810522ABE5D6465F36EB137DA3B9EA4A5F1D27C6614729EB8E5E2E5CB88E3EF1A473A21944B66557B3DC2CE462E4BF3446CB4990037E5672B1705CBAE81B65BAF967A266DC18EFE80F4DBBFE1A59063205CE2943CADF421CCE74AF7063FD1A83AF3C39AF84525F59BDC1FF54815F52AFD1E8D4862B2C3654F6CFA83DC08E2A9D52B9F833C646AF7694467DFC5F7D7AD7B441895FCB7FFBED526324B0154A15823F5107C89548EDDCB61DA5308C6CC834D4A0C16DFA6CA1D67B61A65677EB1719CD125D0EF0DB8802FB76CFC17577BCB2510AE294E1BF8A9173A2B85C16A6B508C98F2D770B7F3DE48D9E720C53E263680B57E7109410015745570652FD")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "9FE3097B2322B90FAB6606C017A095EBE640C39C100BCEE02F238FA14DAFF38E" + "9E57568F1127ED4436126B904631B127EC395BB3EE127EB82C88D2562A7FB55F" + "ED8D1450B7E4E2D2F37F5742636FCC6F289963522D5B5706082CADFA01C0EE99" + "B4D0E9274D3A992E06974CBE01694686356962AC1959FD9BD447E5B9968C0543" + "DF1BF134742AF345CDB2FA1F9371B0D4CF61C68D16D653D8E999D4FD3A16CF97" + "8A35AA40E860CDCE09655DD8B4CF19D4141B1E92AD5E51A8E4A5C27FA745611D" + "90E49D0E9282222AB6F126643E1C77578816FCE3B98F321D2549F294A470DF84" + "53446BF36F985DF25ED8FDE9FDF3073FB27727DF48E9E1FC7056BC78965090B7" + "850126406462C8253051EF84E34EE3C3CEB8F96C658C38BE45558D2F64E29D22" + "3350555FC1EFA28EC1F4AFB5BA4080F09A86CDC3538C1AD7C972E6D7A3612E68" + "45BA9AFBDF19F09060D1A779DE9635E2D2F8E0C510BA24C6C44B30C9BDFAF85B" + "E917AEC5D43AFAB1AA3ADD33CC83DA93CAC69218F6A36EB47F199D5424C95FD9" + "ED7B1E8BE2AEAA6433B227241316C20EE792650CEB48BFD634446B19D286B4EA" + "1722498DA1A36973210EC3824751A5808D9AAEF59C449E19A5077CFECA126BD9" + "A8DD4996561D4E27B3609FF82C5B1B21E627845D44961B33B875D5C4FA9FF357" + "EF6BE3364969E1337C91B29A07B9A913CDE40CE2D5530C900E73751685E65431" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "D0213A79425B665B719118448893EC3275600F63DBF85B77F4E8E99EF302F6E8" + "2596048F6DCA772DE6BBF1124DB84B0AFE61B03A8604AB0079ED53F3304797AD" + "01B38C44FE27A5A45E378483A804B56A4A967F48F01A866E721E67E4C9A1048A" + "F68927FAA43D6A85D93E7BF7074DBA797563FCABE12309B76653C6DB614DC231" + "CC556D9F25AC4841A02D31CDF3015B212307F9D0C79FEB5D3956CE53CC8FA165" + "1BE60761F19F74672489EAF9F215409F39956E77A82183F1F72BB2FEDDF1B9FB" + "FC4AD89EA445809DDBD5BD595277990C0BE9366FBB2ECF7B057CC1C3DC8FB77B" + "F8456D07BBC95B3C1815F48E62B81468C3D4D9D96C0F48DAB04993BE8D91EDE5" + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "CE36C6810522ABE5D6465F36EB137DA3B9EA4A5F1D27C6614729EB8E5E2E5CB8" + "8E3EF1A473A21944B66557B3DC2CE462E4BF3446CB4990037E5672B1705CBAE8" + "1B65BAF967A266DC18EFE80F4DBBFE1A59063205CE2943CADF421CCE74AF7063" + "FD1A83AF3C39AF84525F59BDC1FF54815F52AFD1E8D4862B2C3654F6CFA83DC0" + "8E2A9D52B9F833C646AF7694467DFC5F7D7AD7B441895FCB7FFBED526324B015" + "4A15823F5107C89548EDDCB61DA5308C6CC834D4A0C16DFA6CA1D67B61A65677" + "EB1719CD125D0EF0DB8802FB76CFC17577BCB2510AE294E1BF8A9173A2B85C16" + "A6B508C98F2D770B7F3DE48D9E720C53E263680B57E7109410015745570652FD" + ) + ); } #[test] @@ -76,7 +180,20 @@ fn decode_rsa2048_pub_der() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa2048-pub.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); } @@ -86,7 +203,27 @@ fn decode_rsa4096_pub_der() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa4096-pub.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1EBDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E026B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368FEE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E25540EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7ED5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D975D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0" + "BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375" + "852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1E" + "BDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E02" + "6B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E" + "365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F" + "6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C" + "52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919" + "D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368F" + "EE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E2554" + "0EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7E" + "D5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875" + "506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D97" + "5D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73" + "E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4" + "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); } @@ -125,11 +262,53 @@ fn decode_rsa2048_priv_pem() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa2048-priv.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BDCFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B758A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A6910C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5CC27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DBABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBEB143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FDE65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E4228DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BD" + "CFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B7" + "58A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455" + "DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A691" + "0C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5C" + "C27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F" + "76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DB" + "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" + "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" + "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" + "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" + + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" + "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" + "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" + "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" + + ) + ); } #[test] @@ -139,11 +318,76 @@ fn decode_rsa4096_priv_pem() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa4096-priv.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1EBDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E026B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368FEE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E25540EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7ED5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D975D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0" + "BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375" + "852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1E" + "BDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E02" + "6B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E" + "365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F" + "6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C" + "52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919" + "D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368F" + "EE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E2554" + "0EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7E" + "D5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875" + "506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D97" + "5D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73" + "E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4" + "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" + + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("9FE3097B2322B90FAB6606C017A095EBE640C39C100BCEE02F238FA14DAFF38E9E57568F1127ED4436126B904631B127EC395BB3EE127EB82C88D2562A7FB55FED8D1450B7E4E2D2F37F5742636FCC6F289963522D5B5706082CADFA01C0EE99B4D0E9274D3A992E06974CBE01694686356962AC1959FD9BD447E5B9968C0543DF1BF134742AF345CDB2FA1F9371B0D4CF61C68D16D653D8E999D4FD3A16CF978A35AA40E860CDCE09655DD8B4CF19D4141B1E92AD5E51A8E4A5C27FA745611D90E49D0E9282222AB6F126643E1C77578816FCE3B98F321D2549F294A470DF8453446BF36F985DF25ED8FDE9FDF3073FB27727DF48E9E1FC7056BC78965090B7850126406462C8253051EF84E34EE3C3CEB8F96C658C38BE45558D2F64E29D223350555FC1EFA28EC1F4AFB5BA4080F09A86CDC3538C1AD7C972E6D7A3612E6845BA9AFBDF19F09060D1A779DE9635E2D2F8E0C510BA24C6C44B30C9BDFAF85BE917AEC5D43AFAB1AA3ADD33CC83DA93CAC69218F6A36EB47F199D5424C95FD9ED7B1E8BE2AEAA6433B227241316C20EE792650CEB48BFD634446B19D286B4EA1722498DA1A36973210EC3824751A5808D9AAEF59C449E19A5077CFECA126BD9A8DD4996561D4E27B3609FF82C5B1B21E627845D44961B33B875D5C4FA9FF357EF6BE3364969E1337C91B29A07B9A913CDE40CE2D5530C900E73751685E65431")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("D0213A79425B665B719118448893EC3275600F63DBF85B77F4E8E99EF302F6E82596048F6DCA772DE6BBF1124DB84B0AFE61B03A8604AB0079ED53F3304797AD01B38C44FE27A5A45E378483A804B56A4A967F48F01A866E721E67E4C9A1048AF68927FAA43D6A85D93E7BF7074DBA797563FCABE12309B76653C6DB614DC231CC556D9F25AC4841A02D31CDF3015B212307F9D0C79FEB5D3956CE53CC8FA1651BE60761F19F74672489EAF9F215409F39956E77A82183F1F72BB2FEDDF1B9FBFC4AD89EA445809DDBD5BD595277990C0BE9366FBB2ECF7B057CC1C3DC8FB77BF8456D07BBC95B3C1815F48E62B81468C3D4D9D96C0F48DAB04993BE8D91EDE5")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("CE36C6810522ABE5D6465F36EB137DA3B9EA4A5F1D27C6614729EB8E5E2E5CB88E3EF1A473A21944B66557B3DC2CE462E4BF3446CB4990037E5672B1705CBAE81B65BAF967A266DC18EFE80F4DBBFE1A59063205CE2943CADF421CCE74AF7063FD1A83AF3C39AF84525F59BDC1FF54815F52AFD1E8D4862B2C3654F6CFA83DC08E2A9D52B9F833C646AF7694467DFC5F7D7AD7B441895FCB7FFBED526324B0154A15823F5107C89548EDDCB61DA5308C6CC834D4A0C16DFA6CA1D67B61A65677EB1719CD125D0EF0DB8802FB76CFC17577BCB2510AE294E1BF8A9173A2B85C16A6B508C98F2D770B7F3DE48D9E720C53E263680B57E7109410015745570652FD")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "9FE3097B2322B90FAB6606C017A095EBE640C39C100BCEE02F238FA14DAFF38E" + "9E57568F1127ED4436126B904631B127EC395BB3EE127EB82C88D2562A7FB55F" + "ED8D1450B7E4E2D2F37F5742636FCC6F289963522D5B5706082CADFA01C0EE99" + "B4D0E9274D3A992E06974CBE01694686356962AC1959FD9BD447E5B9968C0543" + "DF1BF134742AF345CDB2FA1F9371B0D4CF61C68D16D653D8E999D4FD3A16CF97" + "8A35AA40E860CDCE09655DD8B4CF19D4141B1E92AD5E51A8E4A5C27FA745611D" + "90E49D0E9282222AB6F126643E1C77578816FCE3B98F321D2549F294A470DF84" + "53446BF36F985DF25ED8FDE9FDF3073FB27727DF48E9E1FC7056BC78965090B7" + "850126406462C8253051EF84E34EE3C3CEB8F96C658C38BE45558D2F64E29D22" + "3350555FC1EFA28EC1F4AFB5BA4080F09A86CDC3538C1AD7C972E6D7A3612E68" + "45BA9AFBDF19F09060D1A779DE9635E2D2F8E0C510BA24C6C44B30C9BDFAF85B" + "E917AEC5D43AFAB1AA3ADD33CC83DA93CAC69218F6A36EB47F199D5424C95FD9" + "ED7B1E8BE2AEAA6433B227241316C20EE792650CEB48BFD634446B19D286B4EA" + "1722498DA1A36973210EC3824751A5808D9AAEF59C449E19A5077CFECA126BD9" + "A8DD4996561D4E27B3609FF82C5B1B21E627845D44961B33B875D5C4FA9FF357" + "EF6BE3364969E1337C91B29A07B9A913CDE40CE2D5530C900E73751685E65431" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "D0213A79425B665B719118448893EC3275600F63DBF85B77F4E8E99EF302F6E8" + "2596048F6DCA772DE6BBF1124DB84B0AFE61B03A8604AB0079ED53F3304797AD" + "01B38C44FE27A5A45E378483A804B56A4A967F48F01A866E721E67E4C9A1048A" + "F68927FAA43D6A85D93E7BF7074DBA797563FCABE12309B76653C6DB614DC231" + "CC556D9F25AC4841A02D31CDF3015B212307F9D0C79FEB5D3956CE53CC8FA165" + "1BE60761F19F74672489EAF9F215409F39956E77A82183F1F72BB2FEDDF1B9FB" + "FC4AD89EA445809DDBD5BD595277990C0BE9366FBB2ECF7B057CC1C3DC8FB77B" + "F8456D07BBC95B3C1815F48E62B81468C3D4D9D96C0F48DAB04993BE8D91EDE5" + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "CE36C6810522ABE5D6465F36EB137DA3B9EA4A5F1D27C6614729EB8E5E2E5CB8" + "8E3EF1A473A21944B66557B3DC2CE462E4BF3446CB4990037E5672B1705CBAE8" + "1B65BAF967A266DC18EFE80F4DBBFE1A59063205CE2943CADF421CCE74AF7063" + "FD1A83AF3C39AF84525F59BDC1FF54815F52AFD1E8D4862B2C3654F6CFA83DC0" + "8E2A9D52B9F833C646AF7694467DFC5F7D7AD7B441895FCB7FFBED526324B015" + "4A15823F5107C89548EDDCB61DA5308C6CC834D4A0C16DFA6CA1D67B61A65677" + "EB1719CD125D0EF0DB8802FB76CFC17577BCB2510AE294E1BF8A9173A2B85C16" + "A6B508C98F2D770B7F3DE48D9E720C53E263680B57E7109410015745570652FD" + ) + ); } #[test] @@ -153,7 +397,19 @@ fn decode_rsa2048_pub_pem() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa2048-pub.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); } @@ -164,7 +420,27 @@ fn decode_rsa4096_pub_pem() { // Extracted using: // $ openssl asn1parse -in tests/examples/pkcs1/rsa4096-pub.pem - assert_eq!(&key.n().to_bytes_be(), &hex!("A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1EBDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E026B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368FEE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E25540EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7ED5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D975D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "A7A74572811EA2617E49E85BD730DDE30F103F7D88EE3F765E540D3DD993BBB0" + "BA140002859D0B40897436637F58B828EA74DF8321634077F99D4AA2D54CA375" + "852EF597661D3713CE1EF3B4FD6A8E220238E467668A2C7EE3861D2212AE6A1E" + "BDDFA88B62DF10F6BCF79EFF4AC298FB2563DF1B8764381AF9B1FB0CCD085E02" + "6B0AD9F6721A235177D0396B48754AD4A75242250A873BF2F6E7EE3C75DD613E" + "365BA4F3210A6CC66B90A2FA3F762CA6884087B6BF8161EB144819F0F572F21F" + "6C8E273E70D45A365B8B2819CE734613CC23B01329A17901F17078403861F54C" + "52A051E2A58C75C2D9D80091BB9808A106C1F7ECB4034E15058BEEC725C5F919" + "D62EAA234B62628D346C60BB919E70851DAB38571E6F0ED7634129F994EA368F" + "EE7373DFDEC04445EBCA47FA20ED1540A860C948BABC98DA591CA1DE2E2E2554" + "0EF9B7CB353F60213B814A45D359EFA9B811EEFF08C65993BF8A85C2BFEAAA7E" + "D5E6B43E18AE604464CE5F96150136E7D09F8B24FAD43D7870118CFA7BC24875" + "506EBBC321B977E0861AEA50128620121F0B394A9CDD0A42411A1350C0770D97" + "5D71B00A90436240C967A0C3A5C20A0F6DE77F3F2CAFDA94ED0143C1F6E34F73" + "E0CAC279EEEB7C637723A2B026C82802E1A4AEBAA8846DF98E7919498773E0D4" + "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); } diff --git a/tests/pkcs8.rs b/tests/pkcs8.rs index 17a0f00c..8f500728 100644 --- a/tests/pkcs8.rs +++ b/tests/pkcs8.rs @@ -38,11 +38,51 @@ fn decode_rsa2048_priv_der() { let key = RsaPrivateKey::from_pkcs8_der(RSA_2048_PRIV_DER).unwrap(); // Note: matches PKCS#1 test vectors - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BDCFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B758A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A6910C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5CC27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DBABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBEB143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FDE65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E4228DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BD" + "CFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B7" + "58A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455" + "DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A691" + "0C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5C" + "C27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F" + "76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DB" + "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" + "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" + "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" + "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" + "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" + "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" + "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" + ) + ); let _ = pkcs1v15::SigningKey::::from_pkcs8_der(RSA_2048_PRIV_DER).unwrap(); } @@ -52,7 +92,19 @@ fn decode_rsa2048_pub_der() { let key = RsaPublicKey::from_public_key_der(RSA_2048_PUB_DER).unwrap(); // Note: matches PKCS#1 test vectors - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); let _ = pkcs1v15::VerifyingKey::::from_public_key_der(RSA_2048_PUB_DER).unwrap(); @@ -62,11 +114,53 @@ fn decode_rsa2048_pub_der() { fn decode_rsa2048_pss_priv_der() { let key = RsaPrivateKey::from_pkcs8_der(RSA_2048_PSS_PRIV_DER).unwrap(); - assert_eq!(&key.n().to_bytes_be(), &hex!("AF8B669B7AF6D1677F3DBAAF3F5B36F9012DBE9B91695F18AB8D208D447CCB6463C5AE9DA46D865C76CF7EF32CF1CB7E2E1D461F8E71DBC470DD1CB9DE69BEA005E3C90F3A3A70E467937C9586E0803E0EDF0E8CEA902F2E4864F79027753AE27DB2053CD53C3CF30EECECAB1401EA803B339E33C59933AD08470DD99D45A5681C870B982CF2FE5A892A96D775D67AAACE2F9B27D72F48A00361D50000DE5652DCDDA62CBA2DB4E04B13FBA1C894E139F483923A683649EC0F0BCE8D0A4B2658A00E3CE66A9C3B419501D570F65AB868E4FDBFA77E9DBE1B9CD91056494B4377D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "AF8B669B7AF6D1677F3DBAAF3F5B36F9012DBE9B91695F18AB8D208D447CCB64" + "63C5AE9DA46D865C76CF7EF32CF1CB7E2E1D461F8E71DBC470DD1CB9DE69BEA0" + "05E3C90F3A3A70E467937C9586E0803E0EDF0E8CEA902F2E4864F79027753AE2" + "7DB2053CD53C3CF30EECECAB1401EA803B339E33C59933AD08470DD99D45A568" + "1C870B982CF2FE5A892A96D775D67AAACE2F9B27D72F48A00361D50000DE5652" + "DCDDA62CBA2DB4E04B13FBA1C894E139F483923A683649EC0F0BCE8D0A4B2658" + "A00E3CE66A9C3B419501D570F65AB868E4FDBFA77E9DBE1B9CD91056494B4377" + "D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB" + + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("9407C8A9FA426289954A17C02A7C1FDA50FD234C0A8E41EC0AD64289FE24025C10AAA5BA37EB482F76DD391F9559FD10D590480EDA4EF7552B1BBA5A9ECCAB3C445B36B44994F8981323D31E4093D670FE9768ACBA2C862CD04D9C5A0A7C1800E0A01B3C96506AD14857D0A7DF82521E7A4DE7ED9E86B7860581ED9301C5B659B3785DF2BB96EA45CA8E871F25918981CC3004505CB25E3927539F968C04FD0F3B86D0CA4E4E4714D449E39C88F254164B501E4BC66F29BB2ABC847F01FC4E4B342FB5A1CF23FAD0F2F7C52F4534E262F66FB3CEDC1821718342E28CD860EC213783DA6236A07A0F332003D30748EC1C12556D7CA7587E8E07DCE1D95EC4A611")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("E55FBA212239C846821579BE7E4D44336C700167A478F542032BEBF506D3945382670B7D5B08D48E1B4A46EB22E54ABE21867FB6AD96444E00B386FF14710CB69D80111E3721CBE65CFA8A141A1492D5434BB7538481EBB27462D54EDD1EA55DC2230431EE63C4A3609EC28BA67ABEE0DCA1A12E8E796BB5485A331BD27DC509")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("C3EC0875ED7B5B96340A9869DD9674B8CF0E52AD4092B57620A6AEA981DA0F1013DF610CE1C8B630C111DA7214128E20FF8DA55B4CD8A2E145A8E370BF4F87C8EB203E9752A8A442E562E09F455769B8DA35CCBA2A134F5DE274020B6A7620F03DE276FCBFDE2B0356438DD17DD40152AB80C1277B4849A643CB158AA07ADBC3")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "9407C8A9FA426289954A17C02A7C1FDA50FD234C0A8E41EC0AD64289FE24025C" + "10AAA5BA37EB482F76DD391F9559FD10D590480EDA4EF7552B1BBA5A9ECCAB3C" + "445B36B44994F8981323D31E4093D670FE9768ACBA2C862CD04D9C5A0A7C1800" + "E0A01B3C96506AD14857D0A7DF82521E7A4DE7ED9E86B7860581ED9301C5B659" + "B3785DF2BB96EA45CA8E871F25918981CC3004505CB25E3927539F968C04FD0F" + "3B86D0CA4E4E4714D449E39C88F254164B501E4BC66F29BB2ABC847F01FC4E4B" + "342FB5A1CF23FAD0F2F7C52F4534E262F66FB3CEDC1821718342E28CD860EC21" + "3783DA6236A07A0F332003D30748EC1C12556D7CA7587E8E07DCE1D95EC4A611" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "E55FBA212239C846821579BE7E4D44336C700167A478F542032BEBF506D39453" + "82670B7D5B08D48E1B4A46EB22E54ABE21867FB6AD96444E00B386FF14710CB6" + "9D80111E3721CBE65CFA8A141A1492D5434BB7538481EBB27462D54EDD1EA55D" + "C2230431EE63C4A3609EC28BA67ABEE0DCA1A12E8E796BB5485A331BD27DC509" + + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "C3EC0875ED7B5B96340A9869DD9674B8CF0E52AD4092B57620A6AEA981DA0F10" + "13DF610CE1C8B630C111DA7214128E20FF8DA55B4CD8A2E145A8E370BF4F87C8" + "EB203E9752A8A442E562E09F455769B8DA35CCBA2A134F5DE274020B6A7620F0" + "3DE276FCBFDE2B0356438DD17DD40152AB80C1277B4849A643CB158AA07ADBC3" + ) + ); let _ = pss::SigningKey::::from_pkcs8_der(RSA_2048_PSS_PRIV_DER).unwrap(); } @@ -75,7 +169,19 @@ fn decode_rsa2048_pss_priv_der() { fn decode_rsa2048_pss_pub_der() { let key = RsaPublicKey::from_public_key_der(RSA_2048_PSS_PUB_DER).unwrap(); - assert_eq!(&key.n().to_bytes_be(), &hex!("AF8B669B7AF6D1677F3DBAAF3F5B36F9012DBE9B91695F18AB8D208D447CCB6463C5AE9DA46D865C76CF7EF32CF1CB7E2E1D461F8E71DBC470DD1CB9DE69BEA005E3C90F3A3A70E467937C9586E0803E0EDF0E8CEA902F2E4864F79027753AE27DB2053CD53C3CF30EECECAB1401EA803B339E33C59933AD08470DD99D45A5681C870B982CF2FE5A892A96D775D67AAACE2F9B27D72F48A00361D50000DE5652DCDDA62CBA2DB4E04B13FBA1C894E139F483923A683649EC0F0BCE8D0A4B2658A00E3CE66A9C3B419501D570F65AB868E4FDBFA77E9DBE1B9CD91056494B4377D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "AF8B669B7AF6D1677F3DBAAF3F5B36F9012DBE9B91695F18AB8D208D447CCB64" + "63C5AE9DA46D865C76CF7EF32CF1CB7E2E1D461F8E71DBC470DD1CB9DE69BEA0" + "05E3C90F3A3A70E467937C9586E0803E0EDF0E8CEA902F2E4864F79027753AE2" + "7DB2053CD53C3CF30EECECAB1401EA803B339E33C59933AD08470DD99D45A568" + "1C870B982CF2FE5A892A96D775D67AAACE2F9B27D72F48A00361D50000DE5652" + "DCDDA62CBA2DB4E04B13FBA1C894E139F483923A683649EC0F0BCE8D0A4B2658" + "A00E3CE66A9C3B419501D570F65AB868E4FDBFA77E9DBE1B9CD91056494B4377" + "D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); let _ = pss::VerifyingKey::::from_public_key_der(RSA_2048_PSS_PUB_DER).unwrap(); @@ -110,11 +216,51 @@ fn decode_rsa2048_priv_pem() { let key = RsaPrivateKey::from_pkcs8_pem(RSA_2048_PRIV_PEM).unwrap(); // Note: matches PKCS#1 test vectors - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); - assert_eq!(&key.d().to_bytes_be(), &hex!("7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BDCFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B758A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A6910C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5CC27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DBABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1")); - assert_eq!(&key.primes()[0].to_bytes_be(), &hex!("DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBEB143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67")); - assert_eq!(&key.primes()[1].to_bytes_be(), &hex!("D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FDE65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E4228DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9")); + assert_eq!( + &key.d().to_bytes_be(), + &hex!( + "7ECC8362C0EDB0741164215E22F74AB9D91BA06900700CF63690E5114D8EE6BD" + "CFBB2E3F9614692A677A083F168A5E52E5968E6407B9D97C6E0E4064F82DA0B7" + "58A14F17B9B7D41F5F48E28D6551704F56E69E7AA9FA630FC76428C06D25E455" + "DCFC55B7AC2B4F76643FDED3FE15FF78ABB27E65ACC4AAD0BDF6DB27EF60A691" + "0C5C4A085ED43275AB19C1D997A32C6EFFCE7DF2D1935F6E601EEDE161A12B5C" + "C27CA21F81D2C99C3D1EA08E90E3053AB09BEFA724DEF0D0C3A3C1E9740C0D9F" + "76126A149EC0AA7D8078205484254D951DB07C4CF91FB6454C096588FD5924DB" + "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" + ) + ); + assert_eq!( + &key.primes()[0].to_bytes_be(), + &hex!( + "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" + "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" + "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" + "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" + ) + ); + assert_eq!( + &key.primes()[1].to_bytes_be(), + &hex!( + "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" + "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" + "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" + "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" + ) + ); let _ = pkcs1v15::SigningKey::::from_pkcs8_pem(RSA_2048_PRIV_PEM).unwrap(); } @@ -125,7 +271,19 @@ fn decode_rsa2048_pub_pem() { let key = RsaPublicKey::from_public_key_pem(RSA_2048_PUB_PEM).unwrap(); // Note: matches PKCS#1 test vectors - assert_eq!(&key.n().to_bytes_be(), &hex!("B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEAC89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F")); + assert_eq!( + &key.n().to_bytes_be(), + &hex!( + "B6C42C515F10A6AAF282C63EDBE24243A170F3FA2633BD4833637F47CA4F6F36" + "E03A5D29EFC3191AC80F390D874B39E30F414FCEC1FCA0ED81E547EDC2CD382C" + "76F61C9018973DB9FA537972A7C701F6B77E0982DFC15FC01927EE5E7CD94B4F" + "599FF07013A7C8281BDF22DCBC9AD7CABB7C4311C982F58EDB7213AD4558B332" + "266D743AED8192D1884CADB8B14739A8DADA66DC970806D9C7AC450CB13D0D7C" + "575FB198534FC61BC41BC0F0574E0E0130C7BBBFBDFDC9F6A6E2E3E2AFF1CBEA" + "C89BA57884528D55CFB08327A1E8C89F4E003CF2888E933241D9D695BCBBACDC" + "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" + ) + ); assert_eq!(&key.e().to_bytes_be(), &hex!("010001")); let _ = pkcs1v15::VerifyingKey::::from_public_key_pem(RSA_2048_PUB_PEM).unwrap(); From c66690221bbbef9a912adbbd6cfc518a827720f7 Mon Sep 17 00:00:00 2001 From: Gabriele Musco Date: Mon, 8 Jul 2024 21:36:12 +0200 Subject: [PATCH 14/23] fix: remove oaep decrypt key size limit (#418) (#441) As per #418, let me know if this is the preferred way or if you'd rather remove the limit some other way Co-authored-by: Gabriele Musco --- src/oaep.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/oaep.rs b/src/oaep.rs index 0cbd1e3b..31c07059 100644 --- a/src/oaep.rs +++ b/src/oaep.rs @@ -240,8 +240,6 @@ fn decrypt( mgf_digest: &mut dyn DynDigest, label: Option, ) -> Result> { - key::check_public(priv_key)?; - if ciphertext.len() != priv_key.size() { return Err(Error::Decryption); } From eb412a1562834162522af9a56eca905d3385621d Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sat, 27 Jul 2024 18:12:47 -0600 Subject: [PATCH 15/23] Use latest prereleases (#443) Bumps the following dependencies to their latest prerelease versions: - `const-oid` v0.10.0-rc.0 - `digest` v0.11.0-pre.9 - `pkcs1` v0.8.0-rc.0 - `pkcs8` v0.11.0-rc.0 - `signature` v2.3.0-pre.4 - `spki` v0.8.0-rc.0 - `sha1` v0.11.0-pre.4 - `sha2` v0.11.0-pre.4 Note: `pkcs5` is temporarily sourced from this PR due to circular dependency problems: https://github.com/RustCrypto/formats/pull/1461 --- Cargo.lock | 249 ++++++++++++++++++++++++++++------------------------- Cargo.toml | 24 +++--- 2 files changed, 145 insertions(+), 128 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8e074dd6..68a4216e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,17 +2,40 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aead" +version = "0.6.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5f451b77e2f92932dc411da6ef9f3d33efad68a6f14a7a83e559453458e85ac" +dependencies = [ + "crypto-common", +] + [[package]] name = "aes" -version = "0.8.4" +version = "0.9.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +checksum = "183b3b4639f8f7237857117abb74f3dc8648b77e67ff78d9cb6959fd7e76f387" dependencies = [ "cfg-if", "cipher", "cpufeatures", ] +[[package]] +name = "aes-gcm" +version = "0.11.0-pre.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4ca4317859cecdb9849cf94087998a04efc7beedc07855836cb2534fd9aa4db" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "autocfg" version = "1.3.0" @@ -54,29 +77,20 @@ checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -dependencies = [ - "generic-array", -] - -[[package]] -name = "block-buffer" -version = "0.11.0-pre.5" +version = "0.11.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ded684142010808eb980d9974ef794da2bcf97d13396143b1515e9f0fb4a10e" +checksum = "17092d478f4fadfb35a7e082f62e49f0907fdf048801d9d706277e34f9df8a78" dependencies = [ - "crypto-common 0.2.0-pre.5", + "crypto-common", ] [[package]] name = "block-padding" -version = "0.3.3" +version = "0.4.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93" +checksum = "0d7992d59cd95a984bde8833d4d025886eec3718777971ad15c58df0b070254a" dependencies = [ - "generic-array", + "hybrid-array", ] [[package]] @@ -87,9 +101,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cbc" -version = "0.1.2" +version = "0.2.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" +checksum = "1f400d6c533c8e3b0545892ac95831d897c816335fec5d2d57d886a241acf13e" dependencies = [ "cipher", ] @@ -102,19 +116,19 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cipher" -version = "0.4.4" +version = "0.5.0-pre.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +checksum = "c71c893d5a1e8257048dbb29954d2e1f85f091a150304f1defe4ca2806da5d3f" dependencies = [ - "crypto-common 0.1.6", + "crypto-common", "inout", ] [[package]] name = "const-oid" -version = "0.10.0-pre.2" +version = "0.10.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7e3352a27098ba6b09546e5f13b15165e6a88b5c2723afecb3ea9576b27e3ea" +checksum = "9adcf94f05e094fca3005698822ec791cb4433ced416afda1c5ca3b8dfc05a2f" [[package]] name = "cpufeatures" @@ -127,30 +141,29 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.1.6" +version = "0.2.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +checksum = "8c070b79a496dccd931229780ad5bbedd535ceff6c3565605a8e440e18e1aa2b" dependencies = [ - "generic-array", - "typenum", + "getrandom", + "hybrid-array", + "rand_core", ] [[package]] -name = "crypto-common" -version = "0.2.0-pre.5" +name = "ctr" +version = "0.10.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7aa2ec04f5120b830272a481e8d9d8ba4dda140d2cda59b0f1110d5eb93c38e" +checksum = "7f1637b299862a663dd5af70ee109d53555eff68b99b454fe535ed6599b0e9b3" dependencies = [ - "getrandom", - "hybrid-array", - "rand_core", + "cipher", ] [[package]] name = "der" -version = "0.8.0-pre.0" +version = "0.8.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b489fd2221710c1dd46637d66b984161fb66134f81437a8489800306bcc2ecea" +checksum = "05d9c07d3bd80cf0935ce478d07edf7e7a5b158446757f988f3e62082227b700" dependencies = [ "const-oid", "pem-rfc7468", @@ -159,24 +172,14 @@ dependencies = [ [[package]] name = "digest" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -dependencies = [ - "block-buffer 0.10.4", - "crypto-common 0.1.6", - "subtle", -] - -[[package]] -name = "digest" -version = "0.11.0-pre.8" +version = "0.11.0-pre.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "065d93ead7c220b85d5b4be4795d8398eac4ff68b5ee63895de0a3c1fb6edf25" +checksum = "cf2e3d6615d99707295a9673e889bf363a04b2a466bd320c65a72536f7577379" dependencies = [ - "block-buffer 0.11.0-pre.5", + "block-buffer", "const-oid", - "crypto-common 0.2.0-pre.5", + "crypto-common", + "subtle", ] [[package]] @@ -201,16 +204,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "generic-array" -version = "0.14.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", -] - [[package]] name = "getrandom" version = "0.2.15" @@ -222,6 +215,16 @@ dependencies = [ "wasi", ] +[[package]] +name = "ghash" +version = "0.6.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b92860fda25ab571512af210134cde2c42732cd53253bcee3f21b288b7afbc4" +dependencies = [ + "opaque-debug", + "polyval", +] + [[package]] name = "hex-literal" version = "0.4.1" @@ -230,30 +233,30 @@ checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46" [[package]] name = "hmac" -version = "0.12.1" +version = "0.13.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +checksum = "e4b1fb14e4df79f9406b434b60acef9f45c26c50062cccf1346c6103b8c47d58" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] name = "hybrid-array" -version = "0.2.0-rc.8" +version = "0.2.0-rc.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53668f5da5a41d9eaf4bf7064be46d1ebe6a4e1ceed817f387587b18f2b51047" +checksum = "4d306b679262030ad8813a82d4915fc04efff97776e4db7f8eb5137039d56400" dependencies = [ "typenum", ] [[package]] name = "inout" -version = "0.1.3" +version = "0.2.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +checksum = "bbc33218cf9ce7b927426ee4ad3501bcc5d8c26bf5fb4a82849a083715aca427" dependencies = [ "block-padding", - "generic-array", + "hybrid-array", ] [[package]] @@ -340,30 +343,36 @@ dependencies = [ "libm", ] +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + [[package]] name = "pbkdf2" -version = "0.12.2" +version = "0.13.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" +checksum = "85e11753d5193f26dc27ae698e0b536b5e511b7799c5ac475ec10783f26d164a" dependencies = [ - "digest 0.10.7", + "digest", "hmac", ] [[package]] name = "pem-rfc7468" -version = "1.0.0-pre.0" +version = "1.0.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76a65e1c27d1680f8805b3f8c9949f08d6aa5d6cbd088c9896e64a53821dc27d" +checksum = "b2b24c1c4a3b352d47de5ec824193e68317dc0ce041f6279a4771eb550ab7f8c" dependencies = [ "base64ct", ] [[package]] name = "pkcs1" -version = "0.8.0-pre.0" +version = "0.8.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f6af6e88ac39402f67488e22faa9eb15cf065f520cf4a09419393691a6d0133" +checksum = "0d2f4c73d459a85331915baebd5082dce5ee8ef16fd9a1ca75559ac91e66a9ee" dependencies = [ "der", "pkcs8", @@ -372,24 +381,26 @@ dependencies = [ [[package]] name = "pkcs5" -version = "0.8.0-pre.0" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c6aebdab8ec0fe71f347de8d37212be79ccdedeb0f46133b0cf2bc5f6d2c65a" +checksum = "8484e50aebd8230b892aaefb7d8db017de6027249838d42e6c70a17d6c888f75" dependencies = [ "aes", + "aes-gcm", "cbc", "der", "pbkdf2", + "rand_core", "scrypt", - "sha2 0.10.8", + "sha2", "spki", ] [[package]] name = "pkcs8" -version = "0.11.0-pre.0" +version = "0.11.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "935c09e0aecb0cb8f8907b57438b19a068cb74a25189b06724f061170b2465ff" +checksum = "66180445f1dce533620a7743467ef85fe1c5e80cdaf7c7053609d7a2fbcdae20" dependencies = [ "der", "pkcs5", @@ -397,6 +408,18 @@ dependencies = [ "spki", ] +[[package]] +name = "polyval" +version = "0.7.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b01cbf5c028f9f862c6f7f5a5544307d7858634df190488d432ec470c8fbc063" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -498,7 +521,7 @@ version = "0.10.0-pre.1" dependencies = [ "base64ct", "const-oid", - "digest 0.11.0-pre.8", + "digest", "hex-literal", "num-bigint-dig", "num-integer", @@ -514,7 +537,7 @@ dependencies = [ "serde_test", "serdect", "sha1", - "sha2 0.11.0-pre.3", + "sha2", "sha3", "signature", "spki", @@ -549,22 +572,23 @@ dependencies = [ [[package]] name = "salsa20" -version = "0.10.2" +version = "0.11.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213" +checksum = "ea4ef53595bd236cf843530a2db25c792acb34e619320d0423e6cbc6d8e3c8c5" dependencies = [ + "cfg-if", "cipher", ] [[package]] name = "scrypt" -version = "0.11.0" +version = "0.12.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" +checksum = "2d3b72607db59bcdf41734bf35ca0d1589a2187fa5ec2f75ff4c61c55ca4dc2c" dependencies = [ "pbkdf2", "salsa20", - "sha2 0.10.8", + "sha2", ] [[package]] @@ -608,54 +632,43 @@ dependencies = [ [[package]] name = "sha1" -version = "0.11.0-pre.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3885de8cb916f223718c1ccd47a840b91f806333e76002dc5cb3862154b4fed3" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest 0.11.0-pre.8", -] - -[[package]] -name = "sha2" -version = "0.10.8" +version = "0.11.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +checksum = "9540978cef7a8498211c1b1c14e5ce920fe5bd524ea84f4a3d72d4602515ae93" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.7", + "digest", ] [[package]] name = "sha2" -version = "0.11.0-pre.3" +version = "0.11.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f33549bf3064b62478926aa89cbfc7c109aab66ae8f0d5d2ef839e482cc30d6" +checksum = "540c0893cce56cdbcfebcec191ec8e0f470dd1889b6e7a0b503e310a94a168f5" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.11.0-pre.8", + "digest", ] [[package]] name = "sha3" -version = "0.11.0-pre.3" +version = "0.11.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f32c02b9987a647a3d6af14c3e88df86594e4283050d9d8ee3a035df247785b9" +checksum = "e485881f388c2818d709796dc883c1ffcadde9d1f0e054f3a5c14974185261a6" dependencies = [ - "digest 0.11.0-pre.8", + "digest", "keccak", ] [[package]] name = "signature" -version = "2.3.0-pre.3" +version = "2.3.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1700c22ba9ce32c7b0a1495068a906c3552e7db386af7cf865162e0dea498523" +checksum = "054d71959c7051b9042c26af337f05cc930575ed2604d7d3ced3158383e59734" dependencies = [ - "digest 0.11.0-pre.8", + "digest", "rand_core", ] @@ -673,9 +686,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.8.0-pre.0" +version = "0.8.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb2b56670f5ef52934c97efad30bf42585de0c33ec3e2a886e38b80d2db67243" +checksum = "ee3fb1c675852398475928637b3ebbdd7e1d0cc24d27b3bbc81788b4eb51e310" dependencies = [ "base64ct", "der", @@ -729,10 +742,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] -name = "version_check" -version = "0.9.4" +name = "universal-hash" +version = "0.6.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "3517d72c5ca6d60f9f2e85d2c772e2652830062a685105a528d19dd823cf87d5" +dependencies = [ + "crypto-common", + "subtle", +] [[package]] name = "wait-timeout" diff --git a/Cargo.toml b/Cargo.toml index bc017393..bb93899f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,22 +14,22 @@ rust-version = "1.72" [dependencies] num-bigint = { version = "0.8.2", features = ["i128", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" } -num-traits = { version= "0.2.9", default-features = false, features = ["libm"] } +num-traits = { version = "0.2.9", default-features = false, features = ["libm"] } num-integer = { version = "0.1.39", default-features = false } rand_core = { version = "0.6.4", default-features = false } -const-oid = { version = "=0.10.0-pre.2", default-features = false } +const-oid = { version = "0.10.0-rc.0", default-features = false } subtle = { version = "2.1.1", default-features = false } -digest = { version = "=0.11.0-pre.8", default-features = false, features = ["alloc", "oid"] } -pkcs1 = { version = "=0.8.0-pre.0", default-features = false, features = ["alloc", "pkcs8"] } -pkcs8 = { version = "=0.11.0-pre.0", default-features = false, features = ["alloc"] } -signature = { version = "=2.3.0-pre.3", default-features = false , features = ["alloc", "digest", "rand_core"] } -spki = { version = "=0.8.0-pre.0", default-features = false, features = ["alloc"] } +digest = { version = "=0.11.0-pre.9", default-features = false, features = ["alloc", "oid"] } +pkcs1 = { version = "0.8.0-rc.0", default-features = false, features = ["alloc", "pkcs8"] } +pkcs8 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] } +signature = { version = "=2.3.0-pre.4", default-features = false, features = ["alloc", "digest", "rand_core"] } +spki = { version = "0.8.0-rc.0", default-features = false, features = ["alloc"] } zeroize = { version = "1.5", features = ["alloc"] } # optional dependencies -sha1 = { version = "=0.11.0-pre.3", optional = true, default-features = false, features = ["oid"] } +sha1 = { version = "=0.11.0-pre.4", optional = true, default-features = false, features = ["oid"] } serdect = { version = "0.2.0", optional = true } -sha2 = { version = "=0.11.0-pre.3", optional = true, default-features = false, features = ["oid"] } +sha2 = { version = "=0.11.0-pre.4", optional = true, default-features = false, features = ["oid"] } serde = { version = "1.0.184", optional = true, default-features = false, features = ["derive"] } [dev-dependencies] @@ -41,9 +41,9 @@ rand_xorshift = "0.3" rand_chacha = "0.3" rand = "0.8" rand_core = { version = "0.6", default-features = false } -sha1 = { version = "=0.11.0-pre.3", default-features = false, features = ["oid"] } -sha2 = { version = "=0.11.0-pre.3", default-features = false, features = ["oid"] } -sha3 = { version = "=0.11.0-pre.3", default-features = false, features = ["oid"] } +sha1 = { version = "=0.11.0-pre.4", default-features = false, features = ["oid"] } +sha2 = { version = "=0.11.0-pre.4", default-features = false, features = ["oid"] } +sha3 = { version = "=0.11.0-pre.4", default-features = false, features = ["oid"] } [[bench]] name = "key" From 5de518cd8969cb5a5a229ea4006d051595d5cc27 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sat, 27 Jul 2024 18:33:53 -0600 Subject: [PATCH 16/23] v0.10.0-pre.2 (#444) --- Cargo.lock | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 68a4216e..8143ebfc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -517,7 +517,7 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "rsa" -version = "0.10.0-pre.1" +version = "0.10.0-pre.2" dependencies = [ "base64ct", "const-oid", diff --git a/Cargo.toml b/Cargo.toml index bb93899f..dbb5a1b1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rsa" -version = "0.10.0-pre.1" +version = "0.10.0-pre.2" authors = ["RustCrypto Developers", "dignifiedquire "] edition = "2021" description = "Pure Rust RSA implementation" From 959a7da18cb4fbab8ce477af372edc983476ef2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Aug 2024 08:14:52 -0600 Subject: [PATCH 17/23] build(deps): bump proptest from 1.4.0 to 1.5.0 (#439) --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8143ebfc..6e7678fb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -437,9 +437,9 @@ dependencies = [ [[package]] name = "proptest" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" +checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d" dependencies = [ "bit-set", "bit-vec", From 45d28969b8094940dc0319cb36f3cb6a4d0af14e Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Wed, 4 Sep 2024 19:44:07 -0600 Subject: [PATCH 18/23] README.md(s): use img.shields.io crate version badges --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a301a68..db8a2daa 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ dual licensed as above, without any additional terms or conditions. [//]: # (badges) -[crate-image]: https://buildstats.info/crate/rsa +[crate-image]: https://img.shields.io/crates/v/rsa [crate-link]: https://crates.io/crates/rsa [doc-image]: https://docs.rs/rsa/badge.svg [doc-link]: https://docs.rs/rsa From aeedb5adf5297892fcb9e11f7c0f6c0157005c58 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Thu, 5 Sep 2024 16:34:06 -0700 Subject: [PATCH 19/23] pkcs8 API changes (#446) see https://github.com/RustCrypto/formats/pull/1483 --- Cargo.lock | 6 ++---- Cargo.toml | 4 ++++ src/encoding.rs | 13 +++++++++---- src/pkcs1v15/signing_key.rs | 4 ++-- src/pss/blinded_signing_key.rs | 4 ++-- src/pss/signing_key.rs | 4 ++-- 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6e7678fb..14f4f51d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -371,8 +371,7 @@ dependencies = [ [[package]] name = "pkcs1" version = "0.8.0-rc.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d2f4c73d459a85331915baebd5082dce5ee8ef16fd9a1ca75559ac91e66a9ee" +source = "git+https://github.com/RustCrypto/formats.git#3fb883b2f445e74f38f51fef63a347ecfe69f623" dependencies = [ "der", "pkcs8", @@ -399,8 +398,7 @@ dependencies = [ [[package]] name = "pkcs8" version = "0.11.0-rc.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66180445f1dce533620a7743467ef85fe1c5e80cdaf7c7053609d7a2fbcdae20" +source = "git+https://github.com/RustCrypto/formats.git#3fb883b2f445e74f38f51fef63a347ecfe69f623" dependencies = [ "der", "pkcs5", diff --git a/Cargo.toml b/Cargo.toml index dbb5a1b1..dd466e24 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -65,3 +65,7 @@ rustdoc-args = ["--cfg", "docsrs"] [profile.dev] opt-level = 2 + +[patch.crates-io] +pkcs1 = { git = "https://github.com/RustCrypto/formats.git" } +pkcs8 = { git = "https://github.com/RustCrypto/formats.git" } diff --git a/src/encoding.rs b/src/encoding.rs index 51d5032d..d487de39 100644 --- a/src/encoding.rs +++ b/src/encoding.rs @@ -9,7 +9,8 @@ use crate::{ }; use core::convert::{TryFrom, TryInto}; use pkcs8::{ - der::Encode, Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument, + der::{asn1::OctetStringRef, Encode}, + Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument, }; use zeroize::Zeroizing; @@ -37,10 +38,10 @@ pub(crate) fn verify_algorithm_id( Ok(()) } -impl TryFrom> for RsaPrivateKey { +impl TryFrom> for RsaPrivateKey { type Error = pkcs8::Error; - fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result { verify_algorithm_id(&private_key_info.algorithm)?; let pkcs1_key = pkcs1::RsaPrivateKey::try_from(private_key_info.private_key)?; @@ -110,7 +111,11 @@ impl EncodePrivateKey for RsaPrivateKey { } .to_der()?; - pkcs8::PrivateKeyInfo::new(pkcs1::ALGORITHM_ID, private_key.as_ref()).try_into() + pkcs8::PrivateKeyInfoRef::new( + pkcs1::ALGORITHM_ID, + OctetStringRef::new(private_key.as_ref())?, + ) + .try_into() } } diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs index 8914479d..b0da5293 100644 --- a/src/pkcs1v15/signing_key.rs +++ b/src/pkcs1v15/signing_key.rs @@ -247,13 +247,13 @@ where }; } -impl TryFrom> for SigningKey +impl TryFrom> for SigningKey where D: Digest + AssociatedOid, { type Error = pkcs8::Error; - fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result { private_key_info .algorithm .assert_algorithm_oid(pkcs1::ALGORITHM_OID)?; diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs index 9f990125..c96c4330 100644 --- a/src/pss/blinded_signing_key.rs +++ b/src/pss/blinded_signing_key.rs @@ -201,13 +201,13 @@ where } } -impl TryFrom> for BlindedSigningKey +impl TryFrom> for BlindedSigningKey where D: Digest + AssociatedOid, { type Error = pkcs8::Error; - fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result { RsaPrivateKey::try_from(private_key_info).map(Self::new) } } diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs index 0ed526bd..16a8f0fa 100644 --- a/src/pss/signing_key.rs +++ b/src/pss/signing_key.rs @@ -225,13 +225,13 @@ where } } -impl TryFrom> for SigningKey +impl TryFrom> for SigningKey where D: Digest + AssociatedOid, { type Error = pkcs8::Error; - fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result { + fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result { verify_algorithm_id(&private_key_info.algorithm)?; RsaPrivateKey::try_from(private_key_info).map(Self::new) } From a39a5e53c4d1d48e349c05237a678f90bac64733 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Sat, 14 Sep 2024 13:05:33 -0700 Subject: [PATCH 20/23] pss: expose salt len in the verifyingkey (#448) Some vendor serialization (NDA :() of signature and public keys will need the size of the salt that was used for signature. Sadly this is only exposed in the signing key (which may be out of reach (HSM)). --- src/pss/verifying_key.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/pss/verifying_key.rs b/src/pss/verifying_key.rs index 2fd62d37..8c4af749 100644 --- a/src/pss/verifying_key.rs +++ b/src/pss/verifying_key.rs @@ -46,6 +46,11 @@ where phantom: Default::default(), } } + + /// Return specified salt length for this key + pub fn salt_len(&self) -> usize { + self.salt_len + } } // From 0ca63f0beadaf1c12188b7e1506834c0a8a378aa Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Mon, 7 Oct 2024 22:53:34 +0000 Subject: [PATCH 21/23] chore(deps): bump hybrid-array from 0.2.0-rc.9 to 0.2.0-rc.10; bump MSRV to 1.81 (#451) --- .github/workflows/ci.yml | 6 +-- .github/workflows/workspace.yml | 2 +- Cargo.lock | 70 ++++++++++++++++----------------- Cargo.toml | 2 +- 4 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fde31fd0..6f79c7f9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: rust: - - 1.72.0 # MSRV + - 1.81.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -35,7 +35,7 @@ jobs: strategy: matrix: rust: - - 1.72.0 # MSRV + - 1.81.0 # MSRV - stable steps: - uses: actions/checkout@v4 @@ -65,6 +65,6 @@ jobs: - uses: RustCrypto/actions/cargo-cache@master - uses: dtolnay/rust-toolchain@master with: - toolchain: nightly-2023-10-01 + toolchain: nightly-2024-10-06 - run: cargo test --release --features nightly - run: cargo build --benches diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index c67ebc50..f09bc7ad 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -17,7 +17,7 @@ jobs: - uses: RustCrypto/actions/cargo-cache@master - uses: dtolnay/rust-toolchain@master with: - toolchain: 1.79.0 + toolchain: 1.81.0 components: clippy - run: cargo clippy --all -- -D warnings diff --git a/Cargo.lock b/Cargo.lock index 14f4f51d..b22274fd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,9 +13,9 @@ dependencies = [ [[package]] name = "aes" -version = "0.9.0-pre.1" +version = "0.9.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "183b3b4639f8f7237857117abb74f3dc8648b77e67ff78d9cb6959fd7e76f387" +checksum = "e7856582c758ade85d71daf27ec6bcea6c1c73913692b07b8dffea2dc03531c9" dependencies = [ "cfg-if", "cipher", @@ -24,9 +24,9 @@ dependencies = [ [[package]] name = "aes-gcm" -version = "0.11.0-pre.1" +version = "0.11.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4ca4317859cecdb9849cf94087998a04efc7beedc07855836cb2534fd9aa4db" +checksum = "0cce27af05d45b901bb28da33ff8b2b2b2044f595b24fc0f36d4882dae91d484" dependencies = [ "aead", "aes", @@ -77,18 +77,18 @@ checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" -version = "0.11.0-rc.0" +version = "0.11.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17092d478f4fadfb35a7e082f62e49f0907fdf048801d9d706277e34f9df8a78" +checksum = "939c0e62efa052fb0b2db2c0f7c479ad32e364c192c3aab605a7641de265a1a7" dependencies = [ - "crypto-common", + "hybrid-array", ] [[package]] name = "block-padding" -version = "0.4.0-rc.0" +version = "0.4.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d7992d59cd95a984bde8833d4d025886eec3718777971ad15c58df0b070254a" +checksum = "8cac2491ec009b98aa75f36cca2b50e3da7d212918fe953886f6a319042f6016" dependencies = [ "hybrid-array", ] @@ -101,9 +101,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cbc" -version = "0.2.0-pre.1" +version = "0.2.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f400d6c533c8e3b0545892ac95831d897c816335fec5d2d57d886a241acf13e" +checksum = "e0729a0a8422deb6056b8fcd89c42b724fe27e69458fa006f00c63cbffffd91b" dependencies = [ "cipher", ] @@ -116,9 +116,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cipher" -version = "0.5.0-pre.6" +version = "0.5.0-pre.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c71c893d5a1e8257048dbb29954d2e1f85f091a150304f1defe4ca2806da5d3f" +checksum = "5b1425e6ce000f05a73096556cabcfb6a10a3ffe3bb4d75416ca8f00819c0b6a" dependencies = [ "crypto-common", "inout", @@ -126,9 +126,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.10.0-rc.0" +version = "0.10.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9adcf94f05e094fca3005698822ec791cb4433ced416afda1c5ca3b8dfc05a2f" +checksum = "6a0d96d207edbe5135e55038e79ab9ad6d75ba83b14cdf62326ce5b12bc46ab5" [[package]] name = "cpufeatures" @@ -141,9 +141,9 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.0-rc.0" +version = "0.2.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c070b79a496dccd931229780ad5bbedd535ceff6c3565605a8e440e18e1aa2b" +checksum = "b0b8ce8218c97789f16356e7896b3714f26c2ee1079b79c0b7ae7064bb9089fa" dependencies = [ "getrandom", "hybrid-array", @@ -152,18 +152,18 @@ dependencies = [ [[package]] name = "ctr" -version = "0.10.0-pre.1" +version = "0.10.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f1637b299862a663dd5af70ee109d53555eff68b99b454fe535ed6599b0e9b3" +checksum = "77e1482d284b80d7fddb211666d513dc5e23b0cc3a03ad398ff70543827c789f" dependencies = [ "cipher", ] [[package]] name = "der" -version = "0.8.0-rc.0" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05d9c07d3bd80cf0935ce478d07edf7e7a5b158446757f988f3e62082227b700" +checksum = "82db698b33305f0134faf590b9d1259dc171b5481ac41d5c8146c3b3ee7d4319" dependencies = [ "const-oid", "pem-rfc7468", @@ -242,9 +242,9 @@ dependencies = [ [[package]] name = "hybrid-array" -version = "0.2.0-rc.9" +version = "0.2.0-rc.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d306b679262030ad8813a82d4915fc04efff97776e4db7f8eb5137039d56400" +checksum = "a5a41e5b0754cae5aaf7915f1df1147ba8d316fc6e019cfcc00fbaba96d5e030" dependencies = [ "typenum", ] @@ -361,17 +361,17 @@ dependencies = [ [[package]] name = "pem-rfc7468" -version = "1.0.0-rc.0" +version = "1.0.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2b24c1c4a3b352d47de5ec824193e68317dc0ce041f6279a4771eb550ab7f8c" +checksum = "b6c1cde4770761bf6bd336f947b9ac1fe700b0a4ec5867cf66cf08597fe89e8c" dependencies = [ "base64ct", ] [[package]] name = "pkcs1" -version = "0.8.0-rc.0" -source = "git+https://github.com/RustCrypto/formats.git#3fb883b2f445e74f38f51fef63a347ecfe69f623" +version = "0.8.0-rc.1" +source = "git+https://github.com/RustCrypto/formats.git#896142c4aa4c3571eded2dbadc6f55a6843424d0" dependencies = [ "der", "pkcs8", @@ -380,9 +380,9 @@ dependencies = [ [[package]] name = "pkcs5" -version = "0.8.0-rc.1" +version = "0.8.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8484e50aebd8230b892aaefb7d8db017de6027249838d42e6c70a17d6c888f75" +checksum = "f8f82982d2266bdb473aad8f0f5deb02405ada818775769f3c71f12e349d1212" dependencies = [ "aes", "aes-gcm", @@ -397,8 +397,8 @@ dependencies = [ [[package]] name = "pkcs8" -version = "0.11.0-rc.0" -source = "git+https://github.com/RustCrypto/formats.git#3fb883b2f445e74f38f51fef63a347ecfe69f623" +version = "0.11.0-rc.1" +source = "git+https://github.com/RustCrypto/formats.git#896142c4aa4c3571eded2dbadc6f55a6843424d0" dependencies = [ "der", "pkcs5", @@ -570,9 +570,9 @@ dependencies = [ [[package]] name = "salsa20" -version = "0.11.0-pre.1" +version = "0.11.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea4ef53595bd236cf843530a2db25c792acb34e619320d0423e6cbc6d8e3c8c5" +checksum = "1affa54a576c40080654b494bb3f3198fa2fe46e0954b85196d122e3561c2fd0" dependencies = [ "cfg-if", "cipher", @@ -580,9 +580,9 @@ dependencies = [ [[package]] name = "scrypt" -version = "0.12.0-pre.1" +version = "0.12.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d3b72607db59bcdf41734bf35ca0d1589a2187fa5ec2f75ff4c61c55ca4dc2c" +checksum = "8a91394d9fa36fde88b8b976973db9fe6a0e4b32eea79f0ca13ba1b818daa3b2" dependencies = [ "pbkdf2", "salsa20", diff --git a/Cargo.toml b/Cargo.toml index dd466e24..5e3e37f6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ repository = "https://github.com/RustCrypto/RSA" keywords = ["rsa", "encryption", "security", "crypto"] categories = ["cryptography"] readme = "README.md" -rust-version = "1.72" +rust-version = "1.81" [dependencies] num-bigint = { version = "0.8.2", features = ["i128", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" } From 324c5674d505db3ce6744377e412a37402d793cd Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 8 Oct 2024 01:00:51 +0000 Subject: [PATCH 22/23] 0.10.0 pre.3 (#452) --- Cargo.lock | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b22274fd..2f7a2e2d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -515,7 +515,7 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "rsa" -version = "0.10.0-pre.2" +version = "0.10.0-pre.3" dependencies = [ "base64ct", "const-oid", diff --git a/Cargo.toml b/Cargo.toml index 5e3e37f6..e7fa5ea0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rsa" -version = "0.10.0-pre.2" +version = "0.10.0-pre.3" authors = ["RustCrypto Developers", "dignifiedquire "] edition = "2021" description = "Pure Rust RSA implementation" From 2e90a98858afdf6efcdf23b7e334cbba55b1bbe2 Mon Sep 17 00:00:00 2001 From: SonOfMosiah Date: Wed, 23 Oct 2024 17:11:55 -0600 Subject: [PATCH 23/23] feat: update subtle --- .idea/.gitignore | 5 ++ .idea/RSA.iml | 8 ++ .idea/modules.xml | 8 ++ .idea/vcs.xml | 6 ++ Cargo.lock | 186 ++++++++++++++++++++++++++++------------------ Cargo.toml | 2 +- 6 files changed, 141 insertions(+), 74 deletions(-) create mode 100644 .idea/.gitignore create mode 100644 .idea/RSA.iml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 00000000..b58b603f --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,5 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ diff --git a/.idea/RSA.iml b/.idea/RSA.iml new file mode 100644 index 00000000..61021940 --- /dev/null +++ b/.idea/RSA.iml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 00000000..3b933851 --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 00000000..35eb1ddf --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index 2f7a2e2d..6a6aa43e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -38,9 +38,9 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.3.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "base16ct" @@ -71,24 +71,24 @@ checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "block-buffer" -version = "0.11.0-rc.2" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "939c0e62efa052fb0b2db2c0f7c479ad32e364c192c3aab605a7641de265a1a7" +checksum = "3fd016a0ddc7cb13661bf5576073ce07330a693f8608a1320b4e20561cc12cdc" dependencies = [ "hybrid-array", ] [[package]] name = "block-padding" -version = "0.4.0-rc.1" +version = "0.4.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cac2491ec009b98aa75f36cca2b50e3da7d212918fe953886f6a319042f6016" +checksum = "6868e23cd7a5b2e18fb2e9a583910b88b8d645dd21017aafc5d0439cf16ae6d6" dependencies = [ "hybrid-array", ] @@ -132,9 +132,9 @@ checksum = "6a0d96d207edbe5135e55038e79ab9ad6d75ba83b14cdf62326ce5b12bc46ab5" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -189,14 +189,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "fastrand" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" +checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6" [[package]] name = "fnv" @@ -242,18 +242,18 @@ dependencies = [ [[package]] name = "hybrid-array" -version = "0.2.0-rc.11" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5a41e5b0754cae5aaf7915f1df1147ba8d316fc6e019cfcc00fbaba96d5e030" +checksum = "45a9a965bb102c1c891fb017c09a05c965186b1265a207640f323ddd009f9deb" dependencies = [ "typenum", ] [[package]] name = "inout" -version = "0.2.0-rc.0" +version = "0.2.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbc33218cf9ce7b927426ee4ad3501bcc5d8c26bf5fb4a82849a083715aca427" +checksum = "14db49369b2c3f15deb5806de446e05c7f07a2d778b54b278c994fcd1d686f31" dependencies = [ "block-padding", "hybrid-array", @@ -270,18 +270,18 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ "spin", ] [[package]] name = "libc" -version = "0.2.155" +version = "0.2.161" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1" [[package]] name = "libm" @@ -343,6 +343,12 @@ dependencies = [ "libm", ] +[[package]] +name = "once_cell" +version = "1.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" + [[package]] name = "opaque-debug" version = "0.3.1" @@ -361,9 +367,9 @@ dependencies = [ [[package]] name = "pem-rfc7468" -version = "1.0.0-rc.1" +version = "1.0.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c1cde4770761bf6bd336f947b9ac1fe700b0a4ec5867cf66cf08597fe89e8c" +checksum = "c2dfbfa5c6f0906884269722c5478e72fd4d6c0e24fe600332c6d62359567ce1" dependencies = [ "base64ct", ] @@ -371,7 +377,7 @@ dependencies = [ [[package]] name = "pkcs1" version = "0.8.0-rc.1" -source = "git+https://github.com/RustCrypto/formats.git#896142c4aa4c3571eded2dbadc6f55a6843424d0" +source = "git+https://github.com/RustCrypto/formats.git#0bd9dea37e3d8cccdb5f7ba5a402f62553d07e05" dependencies = [ "der", "pkcs8", @@ -398,7 +404,7 @@ dependencies = [ [[package]] name = "pkcs8" version = "0.11.0-rc.1" -source = "git+https://github.com/RustCrypto/formats.git#896142c4aa4c3571eded2dbadc6f55a6843424d0" +source = "git+https://github.com/RustCrypto/formats.git#0bd9dea37e3d8cccdb5f7ba5a402f62553d07e05" dependencies = [ "der", "pkcs5", @@ -420,15 +426,18 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] [[package]] name = "proc-macro2" -version = "1.0.85" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" dependencies = [ "unicode-ident", ] @@ -461,9 +470,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -509,9 +518,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.3" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "rsa" @@ -545,15 +554,15 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags", "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -591,18 +600,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.203" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5" dependencies = [ "proc-macro2", "quote", @@ -611,9 +620,9 @@ dependencies = [ [[package]] name = "serde_test" -version = "1.0.176" +version = "1.0.177" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a2f49ace1498612d14f7e0b8245519584db8299541dfe31a06374a828d620ab" +checksum = "7f901ee573cab6b3060453d2d5f0bae4e6d628c23c0a962ff9b5f1d7c8d4f1ed" dependencies = [ "serde", ] @@ -678,15 +687,15 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" -version = "0.8.0-rc.0" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee3fb1c675852398475928637b3ebbdd7e1d0cc24d27b3bbc81788b4eb51e310" +checksum = "37ac66481418fd7afdc584adcf3be9aa572cf6c2858814494dc2a01755f050bc" dependencies = [ "base64ct", "der", @@ -694,15 +703,15 @@ dependencies = [ [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.66" +version = "2.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" +checksum = "5023162dfcd14ef8f32034d8bcd4cc5ddc61ef7a247c024a33e24e1f24d21b56" dependencies = [ "proc-macro2", "quote", @@ -711,14 +720,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.10.1" +version = "3.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" +checksum = "f0f2c9fc62d0beef6951ccffd757e241266a2c833136efbe35af6cd2567dca5b" dependencies = [ "cfg-if", "fastrand", + "once_cell", "rustix", - "windows-sys", + "windows-sys 0.59.0", ] [[package]] @@ -735,9 +745,9 @@ checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -773,11 +783,20 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", @@ -791,51 +810,72 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "zerocopy" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] [[package]] name = "zeroize" diff --git a/Cargo.toml b/Cargo.toml index e7fa5ea0..7d0f286b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,7 +18,7 @@ num-traits = { version = "0.2.9", default-features = false, features = ["libm"] num-integer = { version = "0.1.39", default-features = false } rand_core = { version = "0.6.4", default-features = false } const-oid = { version = "0.10.0-rc.0", default-features = false } -subtle = { version = "2.1.1", default-features = false } +subtle = { version = "2.6.1", default-features = false } digest = { version = "=0.11.0-pre.9", default-features = false, features = ["alloc", "oid"] } pkcs1 = { version = "0.8.0-rc.0", default-features = false, features = ["alloc", "pkcs8"] } pkcs8 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }