Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PasswordRecipientInfoBuilder for CMS #1273

Merged
merged 42 commits into from
Jan 7, 2025

Conversation

bkstein
Copy link
Contributor

@bkstein bkstein commented Nov 30, 2023

This provides a builder for CMS' PasswordRecipientInfo according to RFC 3211.
In contrast to the KeyTransRecipientInfoBuilder the key-encryption algorithm must be provided by the user (who has to provide an implementation of PwriEncryptor). This allows for more flexibility in choosing allgorithms for key derivation and encryption.
An example for using the implementation is in the new test.

@bkstein bkstein marked this pull request as draft November 30, 2023 15:15
@bkstein
Copy link
Contributor Author

bkstein commented Nov 30, 2023

@tarcieri Regarding the security alert: I assume, I have to wait for the rsa ct issue to be fixed?

cms/src/builder.rs Outdated Show resolved Hide resolved
cms/src/builder.rs Outdated Show resolved Hide resolved
/// Provided password encryptor
pub key_encryptor: P,
/// Random number generator
pub rng: &'r mut R,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could be worth changing the signature of RecipientInfoBuilder::build trait function to build_with_rng, just so we don't have to bind the rng like that.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or maybe not, it's not object-safe anymore.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we leave it as it is? Or what kind of binding would you prefer?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too fan of the &mut R in an object. I think that makes it harder to use. You need two instances of the RNG: for example in the context of HSM, you might not have two references to the RNG easily (kough pkcs11 kough).

If we could bring in the rng "late" (it's already in the EnvelopedDataBuilder::build_with_rng context), that be great. But the Vec<Box<dyn RecipientInfoBuilder>> requires it to be object-safe, which makes it impossible.

I don't have a good solution to offer, but that's my concern here (not a blocker obviously).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the only solution I could come up with is this one: bkstein#1
But this introduces some API breakage in the builder (but we can just push that in a cms-0.3)

bkstein and others added 3 commits December 4, 2023 08:32
@baloo
Copy link
Member

baloo commented Dec 4, 2023

(@bkstein if you rebase, the security audit error should go away. This is not actionable for now and we'll ignore it until RSA 0.10 is released)

der/src/asn1/octet_string.rs Outdated Show resolved Hide resolved
cms/src/builder.rs Outdated Show resolved Hide resolved
@bkstein
Copy link
Contributor Author

bkstein commented Apr 26, 2024

@baloo First, I apologize for the long time beeing absent. We were busy working on our project and we had this PR as a local patch. But I'm interested in making this official and would like to resume. I started by updating to the master branch and experienced problems with the new crate versions. The clippy error is due to incompatible versioning of some Dependencies (digest is referenced by ecdsa with version v0.11.0-pre.8, but I introduced pkdf2, which references digest v0.10.7):

$ cargo tree
...
│   │       [dev-dependencies]
│   │       ├── ecdsa v0.17.0-pre.5 (https://github.com/RustCrypto/signatures#c2f3ee64)
...
│   │       │   ├── digest v0.11.0-pre.8
...
│   │       │   ├── elliptic-curve v0.14.0-pre.5
...
│   │       │   │   ├── digest v0.11.0-pre.8 (*)
...
│   │       │   │   ├── pkcs8 v0.11.0-pre.0 (/home/bkstein/Projects/github.com/RustCrypto/formats/pkcs8)
...
│   │       │   │   │   ├── pkcs5 v0.8.0-pre.0 (/home/bkstein/Projects/github.com/RustCrypto/formats/pkcs5)
...
│   │       │   │   │   │   ├── pbkdf2 v0.12.2
│   │       │   │   │   │   │   ├── digest v0.10.7
...

At the moment, I don't see how to resolve this.

@baloo
Copy link
Member

baloo commented Apr 26, 2024

Ha, this is an oversight. I've bumped a bunch of dependencies in the ecosystem to pre-release versions but forgot pkcs5.

See; #1391

(also: no need to apologize, we all have various priorities :))

@bkstein
Copy link
Contributor Author

bkstein commented Jul 28, 2024

@baloo I updated this PR to the latest master and dependencies. As for me, this can be merged.

@bkstein bkstein marked this pull request as ready for review July 28, 2024 21:27
@bkstein bkstein changed the title Draft: PasswordRecipientInfoBuilder for CMS PasswordRecipientInfoBuilder for CMS Jul 28, 2024
@bkstein
Copy link
Contributor Author

bkstein commented Aug 6, 2024

@baloo Reverted to draft, because I think, it's better to modify the rng handling. You mentioned above, that 2 rng's are now necessary for the pwri-builder. But it should be possible to get by with one rng, if I pass it from the builder to the encryption method.

@bkstein bkstein marked this pull request as draft August 6, 2024 10:37
@bkstein
Copy link
Contributor Author

bkstein commented Oct 13, 2024

@baloo I tried to write a test for the PasswordRecipientInfoBuilder and hit the problem, that my current implementation needs two separate rng's. I did not find a way around this problem and would like to resume your proposal of using build_with_rng() methods. Do you still have that branch? I know, you deleted it on github. If not, I still have it and could reincarnate it, but ownership would be mine, then. Were that ok for you?

@baloo
Copy link
Member

baloo commented Oct 14, 2024

Do you still have that branch? I know, you deleted it on github.

You can grab it back in anycase:

git fetch https://github.com/bkstein/RustCrypto-formats.git refs/pull/1/head:baloo/cms/pwri-builder

I still have it and could reincarnate it, but ownership would be mine, then. Were that ok for you?

Yes! Please grab it!

@bkstein bkstein marked this pull request as ready for review October 16, 2024 18:12
@bkstein
Copy link
Contributor Author

bkstein commented Oct 16, 2024

@baloo I think, this PR is ready. However, there is a problem in CI with cargo-audit which is not related to my changes, I think.

@tarcieri
Copy link
Member

tarcieri commented Oct 16, 2024

@bkstein rebasing should fix the audit

Edit: oh hmm, weird, that seems like a new error. May need to disable the cache.

Edit again: opened #1576

@bkstein
Copy link
Contributor Author

bkstein commented Jan 7, 2025

@baloo @tarcieri I almost forgot this PR. It is ready since last October. I implemented baloo's proposal (-> don't store a mutable reference to an rng in the builder struct) and rebased the branch. It's ready from my side (if the pipeline succeeds).

@bkstein bkstein requested a review from baloo January 7, 2025 13:36
@tarcieri tarcieri merged commit ba13a25 into RustCrypto:master Jan 7, 2025
165 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants