Remove primitive traits #300
Conversation
Follow the pkcs1v15 change and use BigUint as a Signature's internal implementation. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
The crate contains several exported traits targeting hardware-accelerated implementations (PublicKey, PrivateKey, EncryptionPrimitive, DecriptionPrimitive). However these traits overcomplicate internal structure of the crate. It is not clear, which level of API can be implemented by the hardware accelerators. The crate is already quite complicated, implementing both PaddingScheme-based API and Signer/Verifier/Encryptor/Decryptor API. Remove the complication for now. The proper level of indirection can be introduced once support for actual hardware accelerators is implemented. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
|
cc @str4d I'm generally in favor of this change. However, I think there is value in using the I think we should provide a different API for that though: one that encodes/decodes padded messages according to a padding scheme, then you can plug those encoded messages into the accelerator. That's sort of what I was suggesting in #226. |
|
Good question. Looking at the PKCS11, I'd expect that the hw crypto handles all the details (judging from Generally I think there are only two levels where hw accel can be plugged:
For the second one we obviously do not need any additional processing, for the first one we have to plug that into into high-level implementation. It would not be enough to just format the messages. One would have to dup all the checks and supporting code. I hardly can imaging some "middle" form of implementation which would require just message formatting. But, I migth be wrong here. But if there is one, it might be better to change raw.rs to use |
That's true of certain HSMs. However, many of the cryptographic accelerators for MCUs I'm familiar with provide only a low-level unpadded interface, and it would be nice if the A YubiKey is one example: https://github.com/iqlusioninc/yubikey.rs/blob/0071566097bf4ca3b182d31547451581058593a3/src/certificate.rs#L399-L435 Anyway, this is all just something to keep in mind and probably better discussed on #226. |
There was a problem hiding this comment.
Approving this PR but I'd love to hear from @dignifiedquire and/or @str4d before merging
|
Thanks for the pointer, I'll take a look. |
|
@lumag I was thinking something of the opposite direction: make all of the functionality for computing padded messages part of the public API, so anything that needs help constructing the padded messages can consume it. And That way we don't need to worry about building an API for cryptographic accelerators, which may need to e.g. use |
|
Ah. I see. And |
|
#34 has the origins of and discussions about the APIs you are removing. The intention was that a crate like #32 is the issue for my original motivating use case of "just define OAEP etc. safely once inside the I don't mind what direction this crate goes, as I don't have a personally motivating use case for RSA-plus-YubiKey anymore (we used P256 instead for Perhaps implementing an example of using |
|
@str4d In the original design, what would be the user-visible type for the 'Rsa Private key handled by Yubikey'? It could not be |
|
@tarcieri ok, I took a glance on separating the formatting to separate module. Intermediate question. What is the rule for zeroizing the ciphertext? Do we need to do that? |
|
@lumag I left the original code that was doing that intact, however personally I don't see a practical reason to zeroize ciphertext... it's protected by cryptography! |
@str4d a system which exposes the encoding/decoding of padded messages would definitely be "some assembly required" versus one where you could just plug in an implementation of the primitive operations. In the case of the existing I think the traits being removed in this PR don't quite have a clear enough design to be useful for the intended use cases, which is why I'm in favor of removing them. They feel more like leaky abstractions which aren't actually being used to abstract over anything in practice, they're just complicating the implementation at present. |
Inline and drop the RsaPrivateKey::raw_decryption_primitive() function. There is no need to zeroize argument, it is ciphertext, so it can be assumed to be safe. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Change raw_int_decryption_primitive() and raw_int_decryption_primitive() to output Result<BigUint> instead of Result<Vec<u8>>, because they also take BigUint rather than Vec<u8> or &[u8]. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
In order to simplify adding support for RSA hardware accelerators, move all formatting and padding functions to a separate modules, making it theoretically possible to use that for implementing support for low-level RSA hardware accelerators. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
There is no need to export some the functions from internals.rs. Mark them as private. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
|
@tarcieri @str4d I moved all PKCS1v15/PSS/OAEP handling (except the RSA transformation) to separate module. These functions are not exported, but it would very easy to export them under the "hazmat" feature if the need arises (or to move them to some generic |
|
I think the API is mostly there, we might need to meditate regarding |
|
Going to merge this and cut another prerelease |
This started as an attempt to remove traits implemented by
src/raw.rs.After removing them I stumbled upon the unused indirection on
RsaPublicKeyandRsaPrivateKeyin the form ofPublicKeyandPrivateKeytraits. We already have traits which can be implemented by high-level hardware accelerators:Signer/VerifiersandEncryptor/Decryptorfamilies of API. Low level RSA implementations would more likely reimplement parts ofcrate::internal.Thus this PR ended up dropping both families of traits:
PublicKey,PrivateKeyandEncryptionPrimitive,DecriptionPrimitive.