Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement RSA encrypt/decrypt and sign/verify #6

Merged
merged 9 commits into from
Jun 30, 2022
Merged

Implement RSA encrypt/decrypt and sign/verify #6

merged 9 commits into from
Jun 30, 2022

Conversation

qmuntal
Copy link
Contributor

@qmuntal qmuntal commented Mar 17, 2022
edited
Loading

Please review #5 first.

This PR implements the following RSA algorithms:

  • 17459e4: private and public key generation
  • 90e2201: encryption and decryption without padding and with OAEP or PKCS1 paddings
  • 70eb2ec: sign and verify with PCKS1v15 padding
  • e2bd3b2: sign and verify with PSS padding

The Microsoft Windows Cryptographic Primitives Library Security Policy Document says that exporting the private components of RSA keys is not allowed in FIPS mode:

Exporting the RSA private key by supplying a blob type of BCRYPT_PRIVATE_KEY_BLOB, BCRYPT_RSAFULLPRIVATE_BLOB, or BCRYPT_RSAPRIVATE_BLOB to BCryptExportKey() is not allowed in FIPS mode.

I haven't found any other way to implement GenerateKeyRSA, so at the moment I will use the BCRYPT_RSAFULLPRIVATE_BLOB type and once all the bindings are done we can talk with the CNG team for support on all the pieces that are missing, listed in #4. On the other hand, .NET runtime uses it.

@qmuntal qmuntal mentioned this pull request Mar 17, 2022
Closed
21 tasks
@qmuntal qmuntal force-pushed the dev/qmuntal/rsa branch 2 times, most recently from bc513cf to 844a921 Compare March 17, 2022 17:46
@qmuntal qmuntal mentioned this pull request Mar 18, 2022
Merged
@qmuntal qmuntal force-pushed the dev/qmuntal/rsa branch 2 times, most recently from d65eeb2 to e1f71ab Compare March 24, 2022 14:37
dagood
dagood reviewed Mar 28, 2022
View reviewed changes
cng/aes.go Outdated Show resolved Hide resolved
cng/rsa.go Outdated Show resolved Hide resolved
cng/rsa.go Show resolved Hide resolved
cng/rsa.go Outdated Show resolved Hide resolved
cng/rsa.go Outdated Show resolved Hide resolved
Base automatically changed from dev/qmuntal/aes to main June 28, 2022 10:43
@qmuntal
Copy link
Contributor Author

qmuntal commented Jun 29, 2022

@dagood please review 402be0e, which was been committed after you approved the PR.

dagood
dagood approved these changes Jun 29, 2022
View reviewed changes
Copy link
Member

@dagood dagood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a suggestion on a comment. 😄

cng/big.go Outdated Show resolved Hide resolved
@jaredpar
Copy link
Member

On the other hand, .NET runtime uses it.

We should just sync up with .NET runtime and see if they already went down this discussion path with CNG. Maybe they have the reply handy still.

@jaredpar
Copy link
Member

Made it about halfway through commits. Will pick up the rest tonight / tomorrow morning.

@qmuntal
Copy link
Contributor Author

qmuntal commented Jun 30, 2022

We should just sync up with .NET runtime and see if they already went down this discussion path with CNG. Maybe they have the reply handy still.

@jaredpar good point, who should I contact?

@qmuntal qmuntal merged commit 75b9117 into main Jun 30, 2022
@qmuntal qmuntal deleted the dev/qmuntal/rsa branch June 30, 2022 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaredpar jaredpar jaredpar approved these changes

@dagood dagood dagood approved these changes

@chsienki chsienki Awaiting requested review from chsienki

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qmuntal @jaredpar @dagood