-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP]: switch to crypto-bigint for decryption #394
base: master
Are you sure you want to change the base?
Conversation
@dignifiedquire I think it'd be good to land a spike / PoC of this even if all the algorithms aren't yet implemented, since it would unblock splitting up the work on (re)implementing those |
@tarcieri can I be assigned to the poc please? I would like to gain experience. EDIT: I did not undertand the message yet. If the exploit is already made, yes I can read it. Just do not reinvent the whell. I was already working on. EDIT2: Can you just provide me as much tools as possible please? I am currenyly reading the doc of marvin-tool |
I can see difference but I would like a tool or a procedure to analyze the time spent. I am currently working with |
@tarcieri most things are working now 🎉 I would appreciate some help with debugging the last failures, seems the proptests are discovering some roundtrip issues in the encoding/decoding and the last regular test that is a problem is dealign with a |
and also feel free to start to review the code/fix up anything you think needs improving |
This is awesome! I'm excited to see this PR progressing so much.
I looked into this for a few minutes and these two appear to be different cases of the same problem. |
src/algorithms/generate.rs
Outdated
pub d: BigUint, | ||
pub primes: Vec<BigUint>, | ||
pub n: Odd<BoxedUint>, | ||
pub e: u64, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's good to limit e
to 64 bits. See RFC 8017 Section 3.1:
In a valid RSA public key, the RSA modulus n is a product of u distinct odd primes r_i, i = 1, 2, ..., u, where u >= 2, and the RSA public exponent e is an integer between 3 and n - 1 satisfying GCD(e,\lambda(n)) = 1, where \lambda(n) = LCM(r_1 - 1, ..., r_u - 1). By convention, the first two primes r_1 and r_2 may also be denoted p and q, respectively.
The exponent e shall be an odd positive integer such that:
2¹⁶ < e < 2²⁵⁶.
It should still be BoxedUint
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for pointing this out, our default safe constants restricting it, but you are right, it should be possible for larger exponents. this is now fixed
I tried testing this PR in a
|
@@ -1,10 +1,8 @@ | |||
//! Generate prime components for the RSA Private Key | |||
|
|||
use alloc::vec::Vec; | |||
use num_bigint::{BigUint, RandPrime}; | |||
#[allow(unused_imports)] | |||
use num_traits::Float; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Float::ln
was used to provide support for f64::ln on non-std (used line 45).
@dignifiedquire |
no, haven't had time to fix the afformentioned issues yet |
@dignifiedquire |
@tarcieri current benchmarks
|
Very, very WIP
Uncomplete, unordered task list
RsaPrivateKey
RsaPublicKey
decrypt
implementationBigUint
to return owned versionsTests
algorithms::pad::tests::test_left_pad
algorithms::pkcs1v15::tests::test_non_zero_bytes
algorithms::rsa::tests::recover_primes_works
key::tests::build_key_from_p_q
key::tests::build_key_from_primes
key::tests::invalid_coeff_private_key_regression
algorithms::generate::tests::key_generation_128
key::tests::key_generation_128
algorithms::generate::tests::test_impossible_keys
algorithms::generate::tests::key_generation_multi_3_256
algorithms::generate::tests::key_generation_multi_4_64
key::tests::key_generation_multi_4_64
key::tests::reject_oversized_private_key
key::tests::test_from_into
key::tests::key_generation_multi_3_256
key::tests::test_serde
oaep::decrypting_key::tests::test_serde
oaep::encrypting_key::tests::test_serde
oaep::tests::test_decrypt_oaep_invalid_hash
oaep::tests::test_decrypt_oaep_invalid_hash_traits
oaep::tests::test_encrypt_decrypt_oaep
oaep::tests::test_encrypt_decrypt_oaep_traits
pkcs1v15::decrypting_key::tests::test_serde
pkcs1v15::encrypting_key::tests::test_serde
pkcs1v15::signature::tests::test_serde
pkcs1v15::signing_key::tests::test_serde
pkcs1v15::tests::test_decrypt_pkcs1v15
pkcs1v15::tests::test_decrypt_pkcs1v15_traits
pkcs1v15::tests::test_encrypt_decrypt_pkcs1v15
pkcs1v15::tests::test_encrypt_decrypt_pkcs1v15_traits
pkcs1v15::tests::test_sign_pkcs1v15
pkcs1v15::tests::test_sign_pkcs1v15_digest_signer
pkcs1v15::tests::test_sign_pkcs1v15_signer
pkcs1v15::tests::test_sign_pkcs1v15_signer_sha2_256
pkcs1v15::tests::test_sign_pkcs1v15_signer_sha3_256
pkcs1v15::tests::test_unpadded_signature
pkcs1v15::tests::test_unpadded_signature_hazmat
pkcs1v15::tests::test_verify_pkcs1v15
pkcs1v15::tests::test_verify_pkcs1v15_digest_signer
pkcs1v15::tests::test_verify_pkcs1v15_signer
pkcs1v15::verifying_key::tests::test_serde
pss::blinded_signing_key::tests::test_serde
pss::signature::tests::test_serde
pss::signing_key::tests::test_serde
algorithms::generate::tests::key_generation_1024
pss::test::test_sign_and_verify_pss_blinded_hazmat
pss::test::test_sign_and_verify_pss_hazmat
pss::test::test_sign_and_verify_roundtrip
pss::test::test_sign_and_verify_roundtrip_blinded_digest_signer
pss::test::test_sign_and_verify_roundtrip_blinded_signer
pss::test::test_sign_and_verify_roundtrip_digest_signer
pss::test::test_sign_and_verify_roundtrip_signer
pss::test::test_sign_blinded_and_verify_roundtrip
pss::test::test_verify_pss
pss::test::test_verify_pss_digest_signer
pss::test::test_verify_pss_hazmat
pss::test::test_verify_pss_signer
algorithms::generate::tests::key_generation_multi_5_64
pss::verifying_key::tests::test_serde
key::tests::test_negative_decryption_value
key::tests::key_generation_multi_5_64
pss::test::test_sign_and_verify_2049bit_key
key::tests::key_generation_1024
algorithms::generate::tests::key_generation_multi_8_576
key::tests::key_generation_multi_8_576