-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for RSA-PSS #127
Conversation
I think |
516f707
to
27de723
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the patch!
@@ -27,6 +27,10 @@ pub struct CreateRsaKey { | |||
#[structopt(short = 's', long = "for-signing")] | |||
is_for_signing: bool, | |||
|
|||
/// Supply this flag to create a signing key with PSS scheme and SHA-256 hash algorithm. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should probably make clear both in the code documentation and in the CLI documentation what the "priority" between these two flags is (this one and the previous).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have added comments in the code and also in the CLI about this.
tests/parsec-cli-tests.sh
Outdated
@@ -45,11 +45,13 @@ delete_key() { | |||
create_key() { | |||
# $1 - key type ("RSA" or "ECC") | |||
# $2 - key name | |||
# $3 - key usage ("SIGN" or "OAEP"), only consulted if $1 == "RSA" | |||
# $3 - key usage ("PKCS1_V15", "PSS" or "OAEP"), only consulted if $1 == "RSA" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Be advised, PKCS1 v1.5 is a name for both an encryption and a signature scheme, so you'd need to disambiguate somewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shall I rename it to SIGN_PKCS1_V15
and SIGN_PSS
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That works!
031d0dc
to
4fa8f46
Compare
The "-s" option by default creates an RSA signing key with PKCS1 v1.5 scheme. This patch adds a "-p" option to create an RSA with PSS scheme. Also it enabled CSR creation with PSS keys. Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
The newer version of rust clippy fails with "multiple_crate_versions" error even when src has "#![allow(clippy::multiple_crate_versions)]" This is solved by explicity adding the clippy.toml. Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💯
Signed-off-by: Gowtham Suresh Kumar gowtham.sureshkumar@arm.com