New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use pkcs1
and pkcs8
crates; MSRV 1.51+
#104
Conversation
Sidebar: I noticed the #![cfg_attr(not(test), no_std)] An alternative to this is to have a separate integration tests directory i.e. https://github.com/RustCrypto/utils/tree/master/pkcs8/tests Integration tests are linked separately from the crate you're developing and automatically get There are a few other items marked Also I think it'd be nice to standardize on a set of test vectors. The ones in the Edit: split out the encoding tests into |
It's not always possible to use integration tests, e.g. if tests are for private internals of a module. But apart from that I agree that we should prefer the #![no_std]
#[cfg(features = "std")]
extern crate std; We can modify it to use |
Well yeah, I'd call those unit tests 😉 |
Note: I'm going to add a set of traits to the From there I'd like to add an optional |
9013ba0
to
1785ca0
Compare
pkcs1
and pkcs8
cratespkcs1
and pkcs8
crates; MSRV 1.51+
Note that this is going to need an MSRV bump to 1.51, so maybe it would make sense to merge #92 first, cut another release, and then merge this after cutting the next release |
9ddc2ee
to
35ea859
Compare
pkcs1
and pkcs8
crates; MSRV 1.51+pkcs1
and pkcs8
crates; MSRV 1.51+
Removing WIP/draft. Aside from some rustdoc on how to use the traits from the It's now extensively tested with all of the RSA vectors from the
|
1f7e7f3
to
9ef9526
Compare
accc4b3
to
4261a06
Compare
Calling this finished for now. I've added some preliminary documentation, although it's not quite as extensive as the documentation it's replacing. I can add more if desired. |
Cargo.toml
Outdated
digest = { version = "0.9.0", default-features = false } | ||
pkcs1 = { version = "0.2.2", default-features = false } | ||
pkcs8 = { version = "0.7.4", default-features = false } | ||
|
||
[dependencies.zeroize] | ||
version = "=1.3" # zeroize 1.4 is MSRV 1.51+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we bump MSRV to 1.51, lets update this as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bumped MSRV in 2f2a673.
I went with a less restrictive >=1, <1.5
requirement to ensure rsa
can be used alongside crates which are locking =1.3
. Otherwise it wouldn't be possible to use both /cc @newpavlov
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work, thank you! I love the smell of delted code and more constant time options even more.
Released 0.4.1, so feel free to rebase & merge when you are ready. |
This is an initial attempt to switch the `rsa` crate to use the `pkcs1` and `pkcs8` crates from https://github.com/rustcrypto/utils
2f2a673
to
aa9a0fb
Compare
Rebased and squashed |
Closes #75
Switches the
rsa
crate to use thepkcs1
andpkcs8
crates from https://github.com/rustcrypto/utilsRationale
pkcs8
crate provides the following traits which can be used to abstract over the algorithm used by a particular key (NOTE: this PR does not yet impl these traits, but probably should)FromPrivateKey
FromPublicKey
ToPrivateKey
ToPublicKey
pem-rfc7468
crate implements a constant time PEM parser which leverages thebase64ct
crate for constant-time encoding/decoding.rsa
crate who is also leveraging any of RustCrypto's elliptic curve crates such asp256
,p384
, ork256
will have fewer overall dependencies.pkcs8
crate has support forENCRYPTED PRIVATE KEY
s using thepkcs5
crate. With this it can encrypt any PKCS#8 key under a password with scrypt-based key derivation and AES-CBC encryption (unfortunately PKCS#8 has no support for AEADs, alas)Notes
This is the first time I've attempted to use the
pkcs1
crate as it's brand new, so this integration is effectively taking it out for a test drive.One of the key parts of format encoding/decoding with RSA when implementing PKCS#1 and PKCS#8 is that the latter is effectively a wrapper for the former in modern use. So therefore it seems like there should be a first-class integration between the
pkcs1
andpkcs8
crates, namely I think thepkcs1
crate should support an optional dependency onpkcs8
.While the
pkcs8
crate has some nice traits like the aforementionedFromPrivateKey
/ToPrivateKey
, thepkcs1
crate does not. Thersa
crate defines some traits for this (e.g.PrivateKeyEncoding
,PrivateKeyPemEncoding
) but I really feel like the traits should get hoisted up into thepkcs1
crate.If that were to happen, I think that the integration with the
rsa
crate could just be for PKCS#1 DER encoding/decoding. Concerns like PKCS#8 and PEM could be hoisted up into traits defined by thepkcs1
crate.