Add support for RSA-PSS #127
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I think |
gowthamsk-arm
force-pushed
the
add_pss
branch
4 times, most recently
from
516f707
to
27de723
Compare
ionut-arm
reviewed
May 1, 2024
| @@ -27,6 +27,10 @@ pub struct CreateRsaKey { | |||
| #[structopt(short = 's', long = "for-signing")] | |||
| is_for_signing: bool, | |||
|
|
|||
| /// Supply this flag to create a signing key with PSS scheme and SHA-256 hash algorithm. | |||
There was a problem hiding this comment.
You should probably make clear both in the code documentation and in the CLI documentation what the "priority" between these two flags is (this one and the previous).
There was a problem hiding this comment.
Have added comments in the code and also in the CLI about this.
tests/parsec-cli-tests.sh
Outdated
| @@ -45,11 +45,13 @@ delete_key() { | |||
| create_key() { | |||
| # $1 - key type ("RSA" or "ECC") | |||
| # $2 - key name | |||
| # $3 - key usage ("SIGN" or "OAEP"), only consulted if $1 == "RSA" | |||
| # $3 - key usage ("PKCS1_V15", "PSS" or "OAEP"), only consulted if $1 == "RSA" | |||
There was a problem hiding this comment.
Be advised, PKCS1 v1.5 is a name for both an encryption and a signature scheme, so you'd need to disambiguate somewhere.
There was a problem hiding this comment.
Shall I rename it to SIGN_PKCS1_V15 and SIGN_PSS?
gowthamsk-arm
force-pushed
the
add_pss
branch
3 times, most recently
from
031d0dc
to
4fa8f46
Compare
The "-s" option by default creates an RSA signing key with PKCS1 v1.5 scheme. This patch adds a "-p" option to create an RSA with PSS scheme. Also it enabled CSR creation with PSS keys. Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
The newer version of rust clippy fails with "multiple_crate_versions" error even when src has "#![allow(clippy::multiple_crate_versions)]" This is solved by explicity adding the clippy.toml. Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
tgonzalezorlandoarm
approved these changes
May 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Gowtham Suresh Kumar gowtham.sureshkumar@arm.com