Skip to content

Update to latest commits from main #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Oct 7, 2024
Merged

Update to latest commits from main #5

merged 10 commits into from
Oct 7, 2024

Conversation

fpseverino
Copy link
Owner

[One line description of your change]

Checklist

  • I've run tests to see all new and existing tests pass
  • I've followed the code style of the rest of the project
  • I've read the Contribution Guidelines
  • I've updated the documentation if necessary

If you've made changes to gyb files

  • I've run .script/generate_boilerplate_files_with_gyb and included updated generated files in a commit of this pull request

Motivation:

[Explain here the context, and why you're making that change. What is the problem you're trying to solve.]

Modifications:

[Describe the modifications you've done.]

Result:

[After your change, what will change.]

simonjbeaumont and others added 10 commits September 3, 2024 09:28
@simonjbeaumont
Add support for AES CFB mode in _CryptoExtras (#252)
9f95b4d
@FranzBusch
Add release.yml (#253)
ce204da
@Lukasa
Update BoringSSL to 6a2ccdcc2ed1d37a43a2183658d2ae61fd5ce208 (#255)
81bee98
@ptoffy @Lukasa
extras: Add RSA primitives decoding API (#249)
55201a8 
Motivation:

At times we might need to get the raw elements of an RSA key, e.g when debugging.

Modifications:

Add a getKeyPrimitives method to the RSA (public and private) key structures that returns the elements.
To do this we leverage the built in BoringSSL methods (CCryptoBoringSSL_RSA_get0_n etc.) which return the raw elements of the key. In the Security version of the key we convert the key to a BoringSSL one and just call the BoringSSL method.

Once we get ASN.1 support in _CryptoExtras it might make sense switching the implementation of this method to decode the ASN.1 structure and returns the elements from there.

Result:

New APIs to fetch the key primitives.

---------

Co-authored-by: Cory Benfield <[email protected]>
@ptoffy
extras: Add API to create RSA keys with random primes (#250)
e8f2ddd 
This adds a _createFromNumbers API which creates an RSA key generating p and q primes based on n, e and d

Motivation:

There might be cases where private RSA keys have to be generated based on their raw elements (modulus n, exponent e and private exponent d) without p and q. These are random primes which are integral parts of the key but can be generated based on the former numbers, and are not always included when representing RSA keys, for example these parameters are not required in JWKs

Modifications:

This adds a static _createFromNumbers method which creates a new RSA key given its raw modulus, exponent and private exponent, generating the needed p and q primes without having to provide them as parameters. The algorithm to generate primes is based on a hybrid approach of the Miller Rabin primality test and the proof of Fact 1 in Dan Boneh's Twenty Years of Attacks on the RSA Cryptosystem paper. To write this algorithm, some additions had to be made to the ArbitraryPrecisionInteger

Result:

Private RSA keys can now be generated without providing p and q
@glbrntt
Only include privacy manifest on Darwin (#257)
a24950b 
Motivation:

The privacy manifest is only required on Darwin. It's currently included
on all platforms which results in build warnings.

Modifications:

- Only include manifest on Darwin
- Exclude the privacy manifest from the build on other platforms

Result:

- Fewer warnings
- Resolves #256
@simonjbeaumont
Drop support for Swift 5.8 (#259)
3570357
@simonjbeaumont
crypto: Equatable and Hashable conformance for CryptoKitError and Cry…
ffca28b 
…ptoKitASN1Error (#266)
@gautierdelorme
Support loading RSAPSS public keys with parameters (#268)
b639b5b 
* Support loading RSAPSS public keys with parameters

Parameters are stripped and the key is treated as a regular public key.

* address review + reset algorithm as well

* run update_cmakelists.sh

* attempt to fix the cmake build

* include FetchContent

* early return for non-PSS keys

* simplify code
@Lukasa
Update BoringSSL to 76968bb3d53982560bcf08bcd0ba3e1865fe15cd (#271)
735a29c 
Also fixes the build issues on Windows, resolves #262
@fpseverino fpseverino merged commit 98f7db1 into fpseverino:post-quantum Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@fpseverino @simonjbeaumont @FranzBusch @Lukasa @ptoffy @glbrntt @gautierdelorme