std.crypto: add DER parser and RSA #19771
Conversation
clickingbuttons
commented
Apr 26, 2024
•
clickingbuttons
commented
- Add secure DER parser.
- Use in ECDSA.
- Add comments to Wycheproof tests.
- Move Wycheproof test suite to external file.
- Use in Ed25519.
- Not public.
- Ready for use in Certificate, which will be done in another PR for ease of review.
- Use in ECDSA.
- Add std.crypto.rsa.
- Modulus_bits up to 4096.
- Any hash function for PSS or PKCS1v1.5 signatures.
- Use in Certificate and tls.Client.
- Add secure DER parser. - Use in ECDSA. - Add comments to Wycheproof tests. - Move Wycheproof test suite to external file. - Use in Ed25519. - Not public. - Add std.crypto.rsa. - Modulus_bits up to 4096. - Any hash function for signatures. - Use it in Certificate and tls.Client.
| // TODO: compare hash values instead of emsa values | ||
| const expected = try emsaEncode(hash, em); | ||
|
|
||
| if (!std.mem.eql(u8, expected, em)) return error.Inconsistent; |
There was a problem hiding this comment.
Not sure if this needs to be constant time or not. It's not mentioned anywhere, so I guessed it's okay to use the fast version.
| if (!expected_zero.isZero()) return error.KeyMismatch; | ||
|
|
||
| // TODO: check that d * e is one mod p-1 and mod q-1. Note d and e were bound | ||
| // const de = secret.private_exponent.mul(public.public_exponent); |
There was a problem hiding this comment.
Need some help here. Can also just remove this incorrect commented code for now.
|
Once again, that should be split into more focused PRs. Maybe starting with a PR that introduces a
And a PR that extracts the current RSA code from Once the serialization toolkit is done, the DER and PEM parser can be used everywhere, from Then, other improvements to |
|
Sure, let's be surgical. I've split this up into issues: Edit: As for blinding, I'm not sure that's required to make a public RSA module. Feel free to correct me in the issue. |
