Skip to content

Initial key trait refactor #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
str4d wants to merge 2 commits into from
Closed

Initial key trait refactor #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
819f79f
Introduce raw::{DecryptionPrimitive, EncryptionPrimitive}
str4d Jan 3, 2020
8c45b3f
Introduce key::{PrivateKey, PublicKeyParts}
str4d Jan 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/internals.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ use std::borrow::Cow;
use zeroize::Zeroize;

use crate::errors::{Error, Result};
use crate::key::{PublicKey, RSAPrivateKey};
use crate::key::{PublicKeyParts, RSAPrivateKey};

/// Raw RSA encryption of m with the public key. No padding is performed.
#[inline]
pub fn encrypt<K: PublicKey>(key: &K, m: &BigUint) -> BigUint {
pub fn encrypt<K: PublicKeyParts>(key: &K, m: &BigUint) -> BigUint {
m.modpow(key.e(), key.n())
}

Expand Down Expand Up @@ -125,7 +125,7 @@ pub fn decrypt_and_check<R: Rng>(
}

/// Returns the blinded c, along with the unblinding factor.
pub fn blind<R: Rng, K: PublicKey>(rng: &mut R, key: &K, c: &BigUint) -> (BigUint, BigUint) {
pub fn blind<R: Rng, K: PublicKeyParts>(rng: &mut R, key: &K, c: &BigUint) -> (BigUint, BigUint) {
// Blinding involves multiplying c by r^e.
// Then the decryption operation performs (m^e * r^e)^d mod n
// which equals mr mod n. The factor of r can then be removed
Expand Down Expand Up @@ -162,7 +162,7 @@ pub fn blind<R: Rng, K: PublicKey>(rng: &mut R, key: &K, c: &BigUint) -> (BigUin
}

/// Given an m and and unblinding factor, unblind the m.
pub fn unblind(key: impl PublicKey, m: &BigUint, unblinder: &BigUint) -> BigUint {
pub fn unblind(key: impl PublicKeyParts, m: &BigUint, unblinder: &BigUint) -> BigUint {
(m * unblinder) % key.n()
}

Expand Down
82 changes: 30 additions & 52 deletions src/key.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,27 @@ use crate::errors::{Error, Result};
use crate::hash::Hash;
use crate::padding::PaddingScheme;
use crate::pkcs1v15;
use crate::raw::{DecryptionPrimitive, EncryptionPrimitive};

lazy_static! {
static ref MIN_PUB_EXPONENT: BigUint = BigUint::from_u64(2).unwrap();
static ref MAX_PUB_EXPONENT: BigUint = BigUint::from_u64(1 << (31 - 1)).unwrap();
}

pub trait PublicKeyParts {
/// Returns the modulus of the key.
fn n(&self) -> &BigUint;
/// Returns the public exponent of the key.
fn e(&self) -> &BigUint;
/// Returns the modulus size in bytes. Raw signatures and ciphertexts for
/// or by this public key will have the same size.
fn size(&self) -> usize {
(self.n().bits() + 7) / 8
}
}

pub trait PrivateKey: DecryptionPrimitive + PublicKeyParts {}

/// Represents the public part of an RSA key.
#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg_attr(feature = "serde1", derive(Serialize, Deserialize))]
Expand Down Expand Up @@ -126,17 +141,7 @@ impl From<RSAPrivateKey> for RSAPublicKey {
}

/// Generic trait for operations on a public key.
pub trait PublicKey {
/// Returns the modulus of the key.
fn n(&self) -> &BigUint;
/// Returns the public exponent of the key.
fn e(&self) -> &BigUint;
/// Returns the modulus size in bytes. Raw signatures and ciphertexts for
/// or by this public key will have the same size.
fn size(&self) -> usize {
(self.n().bits() + 7) / 8
}

pub trait PublicKey: EncryptionPrimitive + PublicKeyParts {
/// Encrypt the given message.
fn encrypt<R: Rng>(&self, rng: &mut R, padding: PaddingScheme, msg: &[u8]) -> Result<Vec<u8>>;

Expand All @@ -153,14 +158,17 @@ pub trait PublicKey {
) -> Result<()>;
}

impl PublicKey for RSAPublicKey {
impl PublicKeyParts for RSAPublicKey {
fn n(&self) -> &BigUint {
&self.n
}

fn e(&self) -> &BigUint {
&self.e
}
}

impl PublicKey for RSAPublicKey {
fn encrypt<R: Rng>(&self, rng: &mut R, padding: PaddingScheme, msg: &[u8]) -> Result<Vec<u8>> {
match padding {
PaddingScheme::PKCS1v15 => pkcs1v15::encrypt(rng, self, msg),
Expand Down Expand Up @@ -194,15 +202,17 @@ impl RSAPublicKey {
}
}

impl<'a> PublicKey for &'a RSAPublicKey {
impl<'a> PublicKeyParts for &'a RSAPublicKey {
fn n(&self) -> &BigUint {
&self.n
}

fn e(&self) -> &BigUint {
&self.e
}
}

impl<'a> PublicKey for &'a RSAPublicKey {
fn encrypt<R: Rng>(&self, rng: &mut R, padding: PaddingScheme, msg: &[u8]) -> Result<Vec<u8>> {
(*self).encrypt(rng, padding, msg)
}
Expand All @@ -218,62 +228,30 @@ impl<'a> PublicKey for &'a RSAPublicKey {
}
}

impl PublicKey for RSAPrivateKey {
impl PublicKeyParts for RSAPrivateKey {
fn n(&self) -> &BigUint {
&self.n
}

fn e(&self) -> &BigUint {
&self.e
}

fn encrypt<R: Rng>(&self, rng: &mut R, padding: PaddingScheme, msg: &[u8]) -> Result<Vec<u8>> {
match padding {
PaddingScheme::PKCS1v15 => pkcs1v15::encrypt(rng, self, msg),
PaddingScheme::OAEP => unimplemented!("not yet implemented"),
_ => Err(Error::InvalidPaddingScheme),
}
}

fn verify<H: Hash>(
&self,
padding: PaddingScheme,
hash: Option<&H>,
hashed: &[u8],
sig: &[u8],
) -> Result<()> {
match padding {
PaddingScheme::PKCS1v15 => pkcs1v15::verify(self, hash, hashed, sig),
PaddingScheme::PSS => unimplemented!("not yet implemented"),
_ => Err(Error::InvalidPaddingScheme),
}
}
}

impl<'a> PublicKey for &'a RSAPrivateKey {
impl PrivateKey for RSAPrivateKey {}

impl<'a> PublicKeyParts for &'a RSAPrivateKey {
fn n(&self) -> &BigUint {
&self.n
}

fn e(&self) -> &BigUint {
&self.e
}

fn encrypt<R: Rng>(&self, rng: &mut R, padding: PaddingScheme, msg: &[u8]) -> Result<Vec<u8>> {
(*self).encrypt(rng, padding, msg)
}

fn verify<H: Hash>(
&self,
padding: PaddingScheme,
hash: Option<&H>,
hashed: &[u8],
sig: &[u8],
) -> Result<()> {
(*self).verify(padding, hash, hashed, sig)
}
}

impl<'a> PrivateKey for &'a RSAPrivateKey {}

impl RSAPrivateKey {
/// Generate a new RSA key pair of the given bit size using the passed in `rng`.
pub fn new<R: Rng>(rng: &mut R, bit_size: usize) -> Result<RSAPrivateKey> {
Expand Down Expand Up @@ -457,7 +435,7 @@ impl RSAPrivateKey {

/// Check that the public key is well formed and has an exponent within acceptable bounds.
#[inline]
pub fn check_public(public_key: &impl PublicKey) -> Result<()> {
pub fn check_public(public_key: &impl PublicKeyParts) -> Result<()> {
if public_key.e() < &*MIN_PUB_EXPONENT {
return Err(Error::PublicExponentTooSmall);
}
Expand Down
10 changes: 6 additions & 4 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,21 @@
//! extern crate rsa;
//! extern crate rand;
//!
//! use rsa::{PublicKey, RSAPrivateKey, PaddingScheme};
//! use rsa::{PublicKey, RSAPrivateKey, RSAPublicKey, PaddingScheme};
//! use rand::rngs::OsRng;
//!
//! let mut rng = OsRng;
//! let bits = 2048;
//! let key = RSAPrivateKey::new(&mut rng, bits).expect("failed to generate a key");
//! let private_key = RSAPrivateKey::new(&mut rng, bits).expect("failed to generate a key");
//! let public_key = RSAPublicKey::from(private_key.clone());
Copy link
Member

@dignifiedquire dignifiedquire Mar 6, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably work without calling clone, as this means duplicating a bunch of secrets, when we actually only want the public parts

//!
//! // Encrypt
//! let data = b"hello world";
//! let enc_data = key.encrypt(&mut rng, PaddingScheme::PKCS1v15, &data[..]).expect("failed to encrypt");
//! let enc_data = public_key.encrypt(&mut rng, PaddingScheme::PKCS1v15, &data[..]).expect("failed to encrypt");
//! assert_ne!(&data[..], &enc_data[..]);
//!
//! // Decrypt
//! let dec_data = key.decrypt(PaddingScheme::PKCS1v15, &enc_data).expect("failed to decrypt");
//! let dec_data = private_key.decrypt(PaddingScheme::PKCS1v15, &enc_data).expect("failed to decrypt");
//! assert_eq!(&data[..], &dec_data[..]);
//! ```
//!
Expand Down Expand Up @@ -62,6 +63,7 @@ pub mod padding;

mod key;
mod pkcs1v15;
mod raw;

pub use self::key::{PublicKey, RSAPrivateKey, RSAPublicKey};
pub use self::padding::PaddingScheme;
Expand Down
59 changes: 7 additions & 52 deletions src/pkcs1v15.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
use num_bigint::BigUint;
use rand::Rng;
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
use zeroize::Zeroize;

use crate::errors::{Error, Result};
use crate::hash::Hash;
use crate::internals;
use crate::key::{self, PublicKey, RSAPrivateKey};
use crate::key::{self, PublicKey, PublicKeyParts, RSAPrivateKey};
use crate::raw::DecryptionPrimitive;

// Encrypts the given message with RSA and the padding
// scheme from PKCS#1 v1.5. The message must be no longer than the
Expand All @@ -27,17 +25,7 @@ pub fn encrypt<R: Rng, K: PublicKey>(rng: &mut R, pub_key: &K, msg: &[u8]) -> Re
em[k - msg.len() - 1] = 0;
em[k - msg.len()..].copy_from_slice(msg);

{
let mut m = BigUint::from_bytes_be(&em);
let mut c = internals::encrypt(pub_key, &m).to_bytes_be();
copy_with_left_pad(&mut em, &c);

// clear out tmp values
m.zeroize();
c.zeroize();
}

Ok(em)
pub_key.raw_encryption_primitive(&em)
}

/// Decrypts a plaintext using RSA and the padding scheme from PKCS#1 v1.5.
Expand Down Expand Up @@ -100,18 +88,7 @@ pub fn sign<R: Rng, H: Hash>(
em[k - t_len..k - hash_len].copy_from_slice(&prefix);
em[k - hash_len..k].copy_from_slice(hashed);

{
let mut m = BigUint::from_bytes_be(&em);
let mut c = internals::decrypt_and_check(rng, priv_key, &m)?.to_bytes_be();

copy_with_left_pad(&mut em, &c);

// clear tmp values
m.zeroize();
c.zeroize();
}

Ok(em)
priv_key.raw_decryption_primitive(rng, &em)
}

/// Verifies an RSA PKCS#1 v1.5 signature.
Expand All @@ -130,11 +107,7 @@ pub fn verify<H: Hash, K: PublicKey>(
return Err(Error::Verification);
}

let em = {
let c = BigUint::from_bytes_be(sig);
let m = internals::encrypt(pub_key, &c).to_bytes_be();
internals::left_pad(&m, k)
};
let em = pub_key.raw_encryption_primitive(sig)?;

// EM = 0x00 || 0x01 || PS || 0x00 || T
let mut ok = em[0].ct_eq(&0u8);
Expand Down Expand Up @@ -170,16 +143,6 @@ fn hash_info<H: Hash>(hash: Option<&H>, digest_len: usize) -> Result<(usize, Vec
}
}

#[inline]
fn copy_with_left_pad(dest: &mut [u8], src: &[u8]) {
// left pad with zeros
let padding_bytes = dest.len() - src.len();
for el in dest.iter_mut().take(padding_bytes) {
*el = 0;
}
dest[padding_bytes..].copy_from_slice(src);
}

/// Decrypts ciphertext using `priv_key` and blinds the operation if
/// `rng` is given. It returns one or zero in valid that indicates whether the
/// plaintext was correctly structured. In either case, the plaintext is
Expand All @@ -197,16 +160,7 @@ fn decrypt_inner<R: Rng>(
return Err(Error::Decryption);
}

let em = {
let mut c = BigUint::from_bytes_be(ciphertext);
let mut m = internals::decrypt(rng, priv_key, &c)?;
let em = internals::left_pad(&m.to_bytes_be(), k);

c.zeroize();
m.zeroize();

em
};
let em = priv_key.raw_decryption_primitive(rng, ciphertext)?;

let first_byte_is_zero = em[0].ct_eq(&0u8);
let second_byte_is_two = em[1].ct_eq(&2u8);
Expand Down Expand Up @@ -259,6 +213,7 @@ mod tests {
use super::*;
use base64;
use hex;
use num_bigint::BigUint;
use num_traits::FromPrimitive;
use num_traits::Num;
use rand::thread_rng;
Expand Down
Loading