Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RSA PSS signing #71

Merged
merged 11 commits into from
Nov 21, 2023
Merged

RSA PSS signing #71

merged 11 commits into from
Nov 21, 2023

Conversation

jschneider-bensch
Copy link
Contributor

This PR addresses RSA-PSS signing in tls13crypto.

Type of change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation
  • Automation

Motivation and Context

RSA-PSS is among the mandatory signature algorithms to implement for RFC 8446.

Changes

I've extended sign in tls13crypto to handle the RSA-PSS case, and also adapted certificate_verify to build the correct message when sending out an RSA signature.

Some specific things, where I'm not sure how I did it is necessarily how it should be done:

  • I'm giving a new argument cert to sign, so that libcrux can extract an RSA public key. This public key can then be used to build the actual signing key given the private exponent bytes in the sk argument. This meant changing the way sign is called in one location where we have the certificate around anyway. Alternatively we would have to get all the information for libcrux from sk, which probably means parsing a full ASN.1 private key from those bytes, i.e. extending the minimal parser in tls13cert to do that. The way I did it now seemed like an okay compromise to me.
  • Previously, when creating the certificate_verify message for ECDSA certificates, it was clear how long the signature should be and this is actually checked. In the case of RSA signatures the length depends on the length of the key, which is not available at the point where the check should take place (I think). Must this length be checked or is that more a sanity check for the steps before?

Checklist

  • I have linked an issue to this PR
  • I have described the changes
  • I have read and understood the code of conduct, contribution guidelines, and contributor license agreement
  • I have added tests for all changes (in a separate PR, Algorithms selection for simple server and client #70 )
  • I have tested that all tests pass locally and all checks pass
  • I have updated documentation if necessary

Fixes #

@jschneider-bensch jschneider-bensch requested a review from a team as a code owner November 17, 2023 09:02
franziskuskiefer
franziskuskiefer requested changes Nov 18, 2023
View reviewed changes
Copy link
Member

@franziskuskiefer franziskuskiefer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally lgtm. The design choices make sense to me. We might clean some of that up later but it certainly makes sense here.
Let's get #70 in first, then this will have tests on ci.

src/tls13crypto.rs Outdated Show resolved Hide resolved
src/tls13crypto.rs Outdated Show resolved Hide resolved
src/tls13formats.rs Outdated Show resolved Hide resolved
@jschneider-bensch
Copy link
Contributor Author

When #70 is in I should remove the should_panic from the RSA tests, too, before we merge this.

franziskuskiefer
franziskuskiefer approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@franziskuskiefer franziskuskiefer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@franziskuskiefer franziskuskiefer merged commit 5f4b527 into main Nov 21, 2023
6 checks passed
@franziskuskiefer franziskuskiefer deleted the jonas/rsa-signing branch November 21, 2023 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@franziskuskiefer franziskuskiefer franziskuskiefer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jschneider-bensch @franziskuskiefer