Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support importing RSA parameters manually for encryption with Pkcs1PublicEncryptingKey #581

Open
Vadmeme opened this issue Nov 10, 2024 · 3 comments · May be fixed by #582
Open

Support importing RSA parameters manually for encryption with Pkcs1PublicEncryptingKey #581

Vadmeme opened this issue Nov 10, 2024 · 3 comments · May be fixed by #582
Assignees
@skmcgrail
Labels
enhancement New feature or request

Comments

@Vadmeme
Copy link

Vadmeme commented Nov 10, 2024
edited
Loading

Security issue notifications

If you discover a potential security issue in AWS-LC for Rust we ask that you notify AWS Security via our
vulnerability reporting page. Please do not create a
public github issue, if in doubt contact AWS security first.

Problem:

At the moment it seems there is no way to get a Pkcs1PublicEncryptingKey with a custom n and e.
There already exists PublicKeyComponents::verify but this only handles signature verification, so having something for encryption does not seem out of scope.

Solution:

I think the simplest and ideal solution is to allow getting a PublicEncryptingKey from a PublicKeyComponents. This would best be done by adding a build_encrypting_key () helper. This should be trivial as all that would be required is to call build_rsa() and pass the resulting EVP_PKEY to PublicEncryptingKey::new.

  • Does this change any public APIs? Yes, would ideally allow converting a PublicKeyComponents to a PublicEncryptingKey
  • Which algorithm(s) will this impact? RSA

Requirements / Acceptance Criteria:

What must a solution address in order to solve the problem? How do we know the solution is complete?

  • RFC links: N/A
  • Related Issues: N/A
  • Will the Usage Guide or other documentation need to be updated? Yes
  • Testing: I am not sure about the testing requirements, from my eyes it seems trivial to implement.

Out of scope:

Enforcing the secure usage of these apis would likeley be out of scope, if the user wants to manually supply RSA parameters its likely for some more low-level operation.
@Vadmeme Vadmeme linked a pull request Nov 10, 2024 that will close this issue
Open
@Vadmeme
Copy link
Author

Vadmeme commented Nov 10, 2024

Did a preliminary implementation in #582
Please let me know if any changes need to be made.

@justsmth
Copy link
Contributor

Thanks for the PR!

Your request and proposed change make sense to me. Before a PR for this can be merged, more testing for it will need to be added. We will also need to consider how the API change might fit in with some longer-term plans that we have.

@justsmth justsmth added the enhancement New feature or request label Nov 11, 2024
@Vadmeme
Copy link
Author

Vadmeme commented Nov 16, 2024

Thanks for your consideration, I went ahead an implemented a test near the test for RsaPublicKeyComponents (just checks if building the key succeeds + encrypting a test message). Also fixed import order.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skmcgrail skmcgrail

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement PublicKeyComponents::build_encrypting_key Vadmeme/aws-lc-rs
3 participants
@skmcgrail @Vadmeme @justsmth