WIP: Add a non OpenSSL RSA impl

[darleybarreto]

Tests are failing:

failures:
    test::test_agent
    test::test_decode_rsa_secret_key
    test::test_gpg
    test::test_loewenheim
    test::test_nikao
    test::test_o01eg
    test::test_pkcs8
    test::test_pkcs8_encrypted

test result: FAILED. 9 passed; 8 failed; 0 ignored; 0 measured; 0 filtered out; finished in 1.19s

[Eugeny]

Looks like it's failing in the key parser (here or here) in 8 out of 9 tests

[darleybarreto]

Looks like it's failing in the key parser (here or here) in 8 out of 9 tests

Thanks for the pointers, now only 4 are failing:

failures:
    test::test_agent
    test::test_loewenheim
    test::test_o01eg
    test::test_pkcs8_encrypted

Something is wrong with decode_secret_key, not sure what.

[samuela]

I know there are still some test failures to sort through, but I just want to say that this is super helpful and I would love to get this PR (or similar) landed! Dealing with the whole openssl-sys nonsense is so annoying, and makes cross-compilation more difficult

[Eugeny]

Agreed! I tried sorting out the test failures (it's complaining about extraneous data at the end of the test keys) but haven't been able to find time to dive deeper yet.

Would really appreciate any help with sorting these out

[robertabcd]

Thanks for the pointers, now only 4 are failing:

failures:
    test::test_agent
    test::test_loewenheim
    test::test_o01eg
    test::test_pkcs8_encrypted

Something is wrong with decode_secret_key, not sure what.

This is probably caused by: #270

[darleybarreto]

Hey folks, I rebased this branch and a new test is falling

failures:
    test::test_agent
    test::test_decode_pkcs8_rsa_secret_key
    test::test_loewenheim
    test::test_pkcs8_encrypted

test_decode_pkcs8_rsa_secret_key was added after I opened this PR

[darleybarreto]

Thanks @robertabcd , now we are down to

failures:
    test::test_agent
    test::test_loewenheim

[robertabcd]

I didn't debug but those tests are about signing/verifying. I think this should use PKCS#1 v1.5 padding scheme, instead of PSS. See rsa::pkcs1v15.

[robertabcd]

ya,
page 15 https://www.rfc-editor.org/rfc/rfc4253
and
page 4 https://datatracker.ietf.org/doc/html/rfc8332

[darleybarreto]

that would be Pkcs1v15Sign, then?

[darleybarreto]

Thanks for the pointers, I have changed this part and rsa_signature, but the same tests are failling

failures:
    test::test_agent
    test::test_loewenheim

[robertabcd]

buffer needs to be hashed before passing into verify. I guess you could use VerifyingKey, that can hash it for you.

[robertabcd]

I have a general comment on this PR: There are a lot of duplications on openssl and !openssl code branches which also dup the ssh protocol handling code. For example, reading and writing mpints. This can be error-prone in the future, because we will need to manually ensure they are identical on the protocol handling part. I would suggest we only branch on part of the code that is necessary.

[darleybarreto]

Hey folks, was RSA support implemented already? If so, can you close this one?

Sorry for not being able to push this forward earlier, got caught up with some other stuff.

[samuela]

Hey folks, was RSA support implemented already? If so, can you close this one?

has non-openssl RSA support been implemented? if so, how can one use it?

[robertabcd]

Hey folks, was RSA support implemented already? If so, can you close this one?

has non-openssl RSA support been implemented? if so, how can one use it?

It's pretty bleeding-edge right now. You'll need 0.44.0-beta.1. By not enabling the openssl feature, you'll be using pure-Rust RSA.

[samuela]

Thanks @robertabcd !

[TheBlindM]

Unable to run in Rust version 1.71.1 stable

error[E0658]: use of unstable library feature 'result_option_inspect'
   --> C:\Users\bangfu\.cargo\registry\src\index.crates.io-6f17d22bba15001f\russh-0.44.0-beta.2\src\server\encrypted.rs:430:26
    |
430 |                         .inspect(|hash| pubkey.set_algorithm(*hash));
    |                          ^^^^^^^
    |
    = note: see issue #91345 <https://github.com/rust-lang/rust/issues/91345> for more information

Solved it.
rustup update