-
-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Add a non OpenSSL RSA impl #252
Conversation
I know there are still some test failures to sort through, but I just want to say that this is super helpful and I would love to get this PR (or similar) landed! Dealing with the whole openssl-sys nonsense is so annoying, and makes cross-compilation more difficult |
Agreed! I tried sorting out the test failures (it's complaining about extraneous data at the end of the test keys) but haven't been able to find time to dive deeper yet. Would really appreciate any help with sorting these out |
This is probably caused by: #270 |
Hey folks, I rebased this branch and a new test is falling
|
Thanks @robertabcd , now we are down to
|
russh-keys/src/key.rs
Outdated
let pss = match hash { | ||
SignatureHash::SHA1 => Pss::new::<Sha1>(), | ||
SignatureHash::SHA2_256 => Pss::new::<Sha256>(), | ||
SignatureHash::SHA2_512 => Pss::new::<Sha512>(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't debug but those tests are about signing/verifying. I think this should use PKCS#1 v1.5 padding scheme, instead of PSS. See rsa::pkcs1v15
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ya,
page 15 https://www.rfc-editor.org/rfc/rfc4253
and
page 4 https://datatracker.ietf.org/doc/html/rfc8332
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that would be Pkcs1v15Sign
, then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the pointers, I have changed this part and rsa_signature
, but the same tests are failling
failures:
test::test_agent
test::test_loewenheim
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
buffer
needs to be hashed before passing into verify
. I guess you could use VerifyingKey
, that can hash it for you.
I have a general comment on this PR: There are a lot of duplications on |
Hey folks, was RSA support implemented already? If so, can you close this one? Sorry for not being able to push this forward earlier, got caught up with some other stuff. |
has non-openssl RSA support been implemented? if so, how can one use it? |
It's pretty bleeding-edge right now. You'll need |
Thanks @robertabcd ! |
Unable to run in Rust version 1.71.1 stable
Solved it. |
Tests are failing: