Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PSS signature verification should not require rng #172

Closed
lumag opened this issue Jul 31, 2022 · 3 comments
Closed

PSS signature verification should not require rng #172

lumag opened this issue Jul 31, 2022 · 3 comments

Comments

@lumag
Copy link
Contributor

lumag commented Jul 31, 2022

Currently creation of PSS PaddingSchema object requires the RngCore, however if the software is only verifying the signature, it should not require the random number generator. Please consider changing the rng to Option<> or adding new_verify_pss / new_verify_pss_with_salt.
lumag added a commit to lumag/RSA that referenced this issue Jul 31, 2022
@lumag
PaddingScheme: allow creating verify-only PSS padding schemes (RustCr…
8425b99 
…ypto#172)

If the software is only going to verify the PSS signatures, there is no
need to provide RNG as a part of PaddingScheme. Add new API calls to
allow creating such verify-only padding schemes.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
@lumag lumag mentioned this issue Jul 31, 2022
Merged
lumag added a commit to lumag/RSA that referenced this issue Jul 31, 2022
@lumag
PaddingScheme: remove rng from PSS padding scheme (RustCrypto#172)
a63a66a 
The passed rng is not necessary for PSS signature verification. Instead
of passing artificial unused RNG through the PaddingScheme, add new
sign_with_rng() API and pass rng directly. In the sign_blinded() use the
passed rng both for salt generation and for the blinding process.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
@tarcieri
Copy link
Member

I left some notes on #172, but in general I think the signature code is really due for a refactor.

I'd need to write up a more concrete plan for what I have in mind though. It would be nice to actually impl the traits from the signature crate.

@lumag
Copy link
Contributor Author

lumag commented Jul 31, 2022

I tried looking onto the signature-based implementation, but stopped after seeing no good way to implement RsaSignature. Unlike ECDSA, where the signature is bound by the size of the curve/field, for the RSA there is no such limitation. Or I can add the artificial limitation of not supporting anything above RSA16384. Does that sound good?

@tarcieri
Copy link
Member

I can open a new issue and sketch out a more complete design

lumag added a commit to lumag/RSA that referenced this issue Jul 31, 2022
@lumag
PaddingScheme: remove rng from PSS padding scheme (RustCrypto#172)
5cccb27 
The passed rng is not necessary for PSS signature verification. Instead
of passing artificial unused RNG through the PaddingScheme, add new
sign_with_rng() API and pass rng directly. In the sign_blinded() use the
passed rng both for salt generation and for the blinding process.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
lumag added a commit to lumag/RSA that referenced this issue Aug 23, 2022
@lumag
PaddingScheme: remove rng from PSS padding scheme (RustCrypto#172)
85d6256 
The passed rng is not necessary for PSS signature verification. Instead
of passing artificial unused RNG through the PaddingScheme, add new
sign_with_rng() API and pass rng directly. In the sign_blinded() use the
passed rng both for salt generation and for the blinding process.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
tarcieri pushed a commit that referenced this issue Aug 29, 2022
@lumag
PaddingScheme: remove rng from PSS padding scheme (#172) (#173)
2ffd3ae 
The passed rng is not necessary for PSS signature verification. Instead
of passing artificial unused RNG through the PaddingScheme, add new
sign_with_rng() API and pass rng directly. In the sign_blinded() use the
passed rng both for salt generation and for the blinding process.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
@lumag lumag closed this as completed Sep 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @lumag