-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: add support for RSA-PSS keys #26960
crypto: add support for RSA-PSS keys #26960
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the use case for this? rsa-pss keys can only come from X.509 SubjectPublicKeyInfo, AFAICT, so its not clear to me where node could get them from until we support extraction of public keys from certs, anyhow, so I guess this is prep for that? I don't think jamming "sign" parameters into a "key" is great from an API usage point of view, but since this is mirroring openssl, I guess we have to go along with it. The docs might recommend against using these key types unless required for interop. I'm puzzled by EVP_PKEY_RSA2, that's a pretty opaque name for an OpenSSL key type :-(. I'm not sure any of these concerns are addressable, given OpenSSL is our crypto lib. I left a few small change requests/reminders, but basically LGTM. I'll approve once its updated.
Let me ask a different question: What is the alternative to this? OpenSSL supports RSA-PSS since 1.1.1, and so does node (kind of). One can already load RSA-PSS keys, except that node will crash on
You can also load RSA-PSS keys just like any other RSA key from a file, see the test scripts.
I assume the motivation behind this is to prevent people and applications from using the key for anything other than the algorithm it was meant for, and, if required, with the exact parameters it was meant for. Using the same key for different algorithms is often considered bad practice. WebCrypto restricts all keys to specific parameterized algorithms IIRC.
I don't know about OpenSSL and their motivation, but I don't see many alternatives for them either. I think OpenSSL does exactly what it should do when given an RSA-PSS key.
I did not add anything related to
I think this is similar to ed25519 and X25519. They are essentially the same thing (except encoded differently), but they are used for different algorithms. We could use the same key type as we do for
I think these downsides justify a separate key type, but feel free to disagree. Maybe I'm wrong and these implications aren't true! |
+1 for keeping the two separate key types. |
OK, that background helps. Particularly your point about the non-x.509 transport of these kinds of keys in PEM (PKCS8 I assume). So, I've no objections. I'm also, a little, heartened that the number of EVP_PKEY types isn't endless, so the list won't grow too much larger. Still a couple nits with the docs, but otherwise LGTM. |
I think it's getting too long too quickly, but I don't think there is anything we can do about it. On the brighter side, OpenSSL doesn't support much more right now, and as long as the rest of our APIs do not depend on the exact key type, we should be fine.
Thank you for reviewing so quickly, I'll try to get to it ASAP. |
@tniessen this requires a rebase. |
This commit adds support for RSA-PSS keys, including - KeyObjects of type rsa-pss, - key pair generation for RSA-PSS, and - signing and verification using RSA-PSS keys.
b79c831
to
70a2145
Compare
Ping @nodejs/crypto |
Landed in 969bd1e. |
This commit adds support for RSA-PSS keys, including - KeyObjects of type rsa-pss, - key pair generation for RSA-PSS, and - signing and verification using RSA-PSS keys. PR-URL: #26960 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Thank you, Daniel! |
These functions are used by Node.js in nodejs/node#26960. BoringSSL does not support EVP_PKEY_RSA_PSS keys, so they always fail. This simplifies building Node with BoringSSL. Change-Id: I81c4cdba8791a60d965bc176d09e5c818153860c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38524 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
This commit adds support for RSA-PSS keys, including
KeyObject
s of type'rsa-pss'
,cc @nodejs/crypto
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes