Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add possibility to use different hash algorithms in RSAES-OAEP #612

Merged
merged 1 commit into from
Oct 9, 2023

Conversation

sjaeckel
Copy link
Member

@sjaeckel sjaeckel commented Mar 11, 2023

The hash algorithms used in the MGF and to create the hash of the Label must not forcibly be the same. This change allows to use different algorithms.

Unfortunately this breaks API if you use rsa_decrypt_key_ex(). The rsa_decrypt_key() macro is still the same.

Checklist

  • documentation is added or updated
  • tests are added or updated

@timlegge
Copy link

timlegge commented Mar 12, 2023

Hi

I made the following changed to perl's CryptX module which should be fine but I get:

realloc(): invalid next size
Aborted (core dumped)

diff --git a/inc/CryptX_PK_RSA.xs.inc b/inc/CryptX_PK_RSA.xs.inc
index 4040d8c9..aacde6f5 100644
--- a/inc/CryptX_PK_RSA.xs.inc
+++ b/inc/CryptX_PK_RSA.xs.inc
@@ -340,10 +340,10 @@ encrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const cha
         RETVAL
 
 SV *
-decrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * oaep_hash = "SHA1", SV * oaep_lparam = NULL)
+decrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * mgf_hash = "SHA1", const char * lparam_hash = "SHA1", SV * oaep_lparam = NULL)
     CODE:
     {
-        int rv, hash_id, stat;
+        int rv, lparam_hash_id, mgf_hash_id, stat;
         unsigned char *lparam_ptr=NULL;
         STRLEN lparam_len=0;
         unsigned char *data_ptr=NULL;
@@ -355,18 +355,20 @@ decrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const cha
 
         RETVAL = newSVpvn(NULL, 0); /* undef */
         if (strnEQ(padding, "oaep", 4)) {
-          hash_id = cryptx_internal_find_hash(oaep_hash);
-          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
+          mgf_hash_id = cryptx_internal_find_hash(mgf_hash);
+          if (mgf_hash_id == -1) croak("FATAL: find_hash failed for '%s'", mgf_hash);
+          lparam_hash_id = cryptx_internal_find_hash(lparam_hash);
+          if (lparam_hash_id == -1) croak("FATAL: find_hash failed for '%s'", lparam_hash);
           if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
           rv = rsa_decrypt_key_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, lparam_ptr, (unsigned long)lparam_len,
-                                  hash_id, LTC_PKCS_1_OAEP, &stat, &self->key);
+                                    mgf_hash_id, lparam_hash_id, LTC_PKCS_1_OAEP, &stat, &self->key);
           if (rv != CRYPT_OK) croak("FATAL: rsa_decrypt_key_ex failed: %s", error_to_string(rv));
           if (stat != 1) croak("FATAL: rsa_decrypt - not valid OAEP packet");
           RETVAL = newSVpvn((char*)buffer, buffer_len);
         }
         else if (strnEQ(padding, "v1.5", 4)) {
           rv = rsa_decrypt_key_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, NULL, 0,
-                                  0, LTC_PKCS_1_V1_5, &stat, &self->key);
+                                  0, -1, LTC_PKCS_1_V1_5, &stat, &self->key);
           if (rv != CRYPT_OK) croak("FATAL: rsa_decrypt_key_ex failed: %s", error_to_string(rv));
           if (stat != 1) croak("FATAL: rsa_decrypt - invalid");
           RETVAL = newSVpvn((char*)buffer, buffer_len);

@sjaeckel
Copy link
Member Author

Ping @karel-m

@sjaeckel
Copy link
Member Author

realloc(): invalid next size
Aborted (core dumped)

ah, I made a mistake, can you please try again?

@timlegge
Copy link

Yes, that was able to decrypt my test

@timlegge
Copy link

Just need the encrypt now and I can test that too :-)

@sjaeckel
Copy link
Member Author

Just need the encrypt now and I can test that too :-)

Can you give it a try?

@sjaeckel sjaeckel changed the title WIP: add possibility to use different hash algorithms in RSAES-OAEP add possibility to use different hash algorithms in RSAES-OAEP Mar 12, 2023
@sjaeckel sjaeckel marked this pull request as ready for review March 12, 2023 15:48
@timlegge
Copy link

timlegge commented Mar 12, 2023

These changes seem to work fine for me. I tested with the following combinations encrypting with a modified Perl Crypt::PK::RSA and decrypting the keys with xmlsec1 (using openssl library)

The data method is just the key used to encrypt the data in my XML files

ok 1 - Successfully Encrypted: Key Method rsa-1_5 Data Method aes128-cbc
ok 5 - Successfully Encrypted: Key Method rsa-1_5 Data Method aes192-cbc
ok 9 - Successfully Encrypted: Key Method rsa-1_5 Data Method aes256-cbc
ok 13 - Successfully Encrypted: Key Method rsa-1_5 Data Method tripledes-cbc
ok 17 - Successfully Encrypted: Key Method rsa-1_5 Data Method aes128-gcm
ok 21 - Successfully Encrypted: Key Method rsa-1_5 Data Method aes192-gcm
ok 25 - Successfully Encrypted: Key Method rsa-1_5 Data Method aes256-gcm
ok 29 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method aes128-cbc
ok 33 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method aes192-cbc
ok 37 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method aes256-cbc
ok 41 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method tripledes-cbc
ok 45 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method aes128-gcm
ok 49 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method aes192-gcm
ok 53 - Successfully Encrypted: Key Method rsa-oaep-mgf1p Data Method aes256-gcm
ok 57 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:aes128-cbc
ok 61 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:aes192-cbc
ok 65 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:aes256-cbc
ok 69 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:tripledes-cbc
ok 73 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:aes128-gcm
ok 77 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:aes192-gcm
ok 81 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha1 Data Method:aes256-gcm
ok 85 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:aes128-cbc
ok 89 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:aes192-cbc
ok 93 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:aes256-cbc
ok 97 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:tripledes-cbc
ok 101 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:aes128-gcm
ok 105 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:aes192-gcm
ok 109 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha224 Data Method:aes256-gcm
ok 113 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:aes128-cbc
ok 117 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:aes192-cbc
ok 121 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:aes256-cbc
ok 125 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:tripledes-cbc
ok 129 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:aes128-gcm
ok 133 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:aes192-gcm
ok 137 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha256 Data Method:aes256-gcm
ok 141 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:aes128-cbc
ok 145 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:aes192-cbc
ok 149 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:aes256-cbc
ok 153 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:tripledes-cbc
ok 157 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:aes128-gcm
ok 161 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:aes192-gcm
ok 165 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha384 Data Method:aes256-gcm
ok 169 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:aes128-cbc
ok 173 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:aes192-cbc
ok 177 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:aes256-cbc
ok 181 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:tripledes-cbc
ok 185 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:aes128-gcm
ok 189 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:aes192-gcm
ok 193 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha1, param:sha512 Data Method:aes256-gcm
ok 197 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:aes128-cbc
ok 201 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:aes192-cbc
ok 205 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:aes256-cbc
ok 209 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:tripledes-cbc
ok 213 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:aes128-gcm
ok 217 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:aes192-gcm
ok 221 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha1 Data Method:aes256-gcm
ok 225 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:aes128-cbc
ok 229 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:aes192-cbc
ok 233 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:aes256-cbc
ok 237 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:tripledes-cbc
ok 241 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:aes128-gcm
ok 245 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:aes192-gcm
ok 249 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha224 Data Method:aes256-gcm
ok 253 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:aes128-cbc
ok 257 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:aes192-cbc
ok 261 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:aes256-cbc
ok 265 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:tripledes-cbc
ok 269 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:aes128-gcm
ok 273 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:aes192-gcm
ok 277 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha256 Data Method:aes256-gcm
ok 281 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:aes128-cbc
ok 285 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:aes192-cbc
ok 289 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:aes256-cbc
ok 293 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:tripledes-cbc
ok 297 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:aes128-gcm
ok 301 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:aes192-gcm
ok 305 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha384 Data Method:aes256-gcm
ok 309 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:aes128-cbc
ok 313 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:aes192-cbc
ok 317 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:aes256-cbc
ok 321 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:tripledes-cbc
ok 325 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:aes128-gcm
ok 329 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:aes192-gcm
ok 333 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha224, param:sha512 Data Method:aes256-gcm
ok 337 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:aes128-cbc
ok 341 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:aes192-cbc
ok 345 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:aes256-cbc
ok 349 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:tripledes-cbc
ok 353 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:aes128-gcm
ok 357 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:aes192-gcm
ok 361 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha1 Data Method:aes256-gcm
ok 365 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:aes128-cbc
ok 369 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:aes192-cbc
ok 373 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:aes256-cbc
ok 377 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:tripledes-cbc
ok 381 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:aes128-gcm
ok 385 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:aes192-gcm
ok 389 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha224 Data Method:aes256-gcm
ok 393 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:aes128-cbc
ok 397 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:aes192-cbc
ok 401 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:aes256-cbc
ok 405 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:tripledes-cbc
ok 409 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:aes128-gcm
ok 413 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:aes192-gcm
ok 417 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha256 Data Method:aes256-gcm
ok 421 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:aes128-cbc
ok 425 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:aes192-cbc
ok 429 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:aes256-cbc
ok 433 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:tripledes-cbc
ok 437 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:aes128-gcm
ok 441 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:aes192-gcm
ok 445 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha384 Data Method:aes256-gcm
ok 449 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:aes128-cbc
ok 453 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:aes192-cbc
ok 457 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:aes256-cbc
ok 461 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:tripledes-cbc
ok 465 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:aes128-gcm
ok 469 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:aes192-gcm
ok 473 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha256, param:sha512 Data Method:aes256-gcm
ok 477 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:aes128-cbc
ok 481 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:aes192-cbc
ok 485 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:aes256-cbc
ok 489 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:tripledes-cbc
ok 493 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:aes128-gcm
ok 497 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:aes192-gcm
ok 501 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha1 Data Method:aes256-gcm
ok 505 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:aes128-cbc
ok 509 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:aes192-cbc
ok 513 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:aes256-cbc
ok 517 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:tripledes-cbc
ok 521 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:aes128-gcm
ok 525 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:aes192-gcm
ok 529 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha224 Data Method:aes256-gcm
ok 533 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:aes128-cbc
ok 537 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:aes192-cbc
ok 541 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:aes256-cbc
ok 545 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:tripledes-cbc
ok 549 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:aes128-gcm
ok 553 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:aes192-gcm
ok 557 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha256 Data Method:aes256-gcm
ok 561 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:aes128-cbc
ok 565 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:aes192-cbc
ok 569 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:aes256-cbc
ok 573 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:tripledes-cbc
ok 577 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:aes128-gcm
ok 581 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:aes192-gcm
ok 585 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha384 Data Method:aes256-gcm
ok 589 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:aes128-cbc
ok 593 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:aes192-cbc
ok 597 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:aes256-cbc
ok 601 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:tripledes-cbc
ok 605 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:aes128-gcm
ok 609 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:aes192-gcm
ok 613 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha384, param:sha512 Data Method:aes256-gcm
ok 617 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:aes128-cbc
ok 621 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:aes192-cbc
ok 625 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:aes256-cbc
ok 629 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:tripledes-cbc
ok 633 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:aes128-gcm
ok 637 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:aes192-gcm
ok 641 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha1 Data Method:aes256-gcm
ok 645 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:aes128-cbc
ok 649 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:aes192-cbc
ok 653 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:aes256-cbc
ok 657 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:tripledes-cbc
ok 661 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:aes128-gcm
ok 665 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:aes192-gcm
ok 669 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha224 Data Method:aes256-gcm
ok 673 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:aes128-cbc
ok 677 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:aes192-cbc
ok 681 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:aes256-cbc
ok 685 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:tripledes-cbc
ok 689 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:aes128-gcm
ok 693 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:aes192-gcm
ok 697 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha256 Data Method:aes256-gcm
ok 701 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:aes128-cbc
ok 705 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:aes192-cbc
ok 709 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:aes256-cbc
ok 713 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:tripledes-cbc
ok 717 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:aes128-gcm
ok 721 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:aes192-gcm
ok 725 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha384 Data Method:aes256-gcm
ok 729 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:aes128-cbc
ok 733 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:aes192-cbc
ok 737 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:aes256-cbc
ok 741 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:tripledes-cbc
ok 745 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:aes128-gcm
ok 749 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:aes192-gcm
ok 753 - Successful Encrypted: Key Method:rsa-oaep MGF:mgf1sha512, param:sha512 Data Method:aes256-gcm

timlegge added a commit to timlegge/perl-CryptX that referenced this pull request Mar 12, 2023
timlegge added a commit to timlegge/perl-CryptX that referenced this pull request Mar 12, 2023
timlegge added a commit to timlegge/perl-CryptX that referenced this pull request Mar 12, 2023
@timlegge
Copy link

@sjaeckel @karel-m anything else you need from me?

timlegge added a commit to timlegge/perl-CryptX that referenced this pull request Mar 18, 2023
@sjaeckel
Copy link
Member Author

@sjaeckel @karel-m anything else you need from me?

no, nothing required from your side.

I've to think about whether we should break the API or add a new API function with this extended functionality... and if we add a new one, how we call it ...

@timlegge
Copy link

timlegge commented Jul 2, 2023

@sjaeckel any update/progress?

@sjaeckel
Copy link
Member Author

sjaeckel commented Aug 7, 2023

@sjaeckel any update/progress?

not really ... at least I've rebased on current develop.

@karel-m any comments or suggestions how we could handle the API break a bit better?

@timlegge
Copy link

timlegge commented Aug 7, 2023 via email

timlegge added a commit to timlegge/perl-CryptX that referenced this pull request Aug 9, 2023
@sjaeckel
Copy link
Member Author

sjaeckel commented Oct 8, 2023

@karel-m could you please have a look at this PR as well?

@karel-m
Copy link
Member

karel-m commented Oct 9, 2023

1/ I do not like the variable name lparam_hash_ as it is hard to read/understand; I would prefer lparam_hash_final or something like that.

2/ We are breaking compatibility of rsa_encrypt_key_ex + rsa_decrypt_key_ex but I can live with that.

Otherwise looks good.

@karel-m
Copy link
Member

karel-m commented Oct 9, 2023

@sjaeckel could you please rebase rsaaes_oaep_hashes on top of the current develop? (so that I can test it with my CryptX module)

karel-m pushed a commit to DCIT/perl-CryptX that referenced this pull request Oct 9, 2023
The hash algorithms used in the MGF and to create the hash of the Label
must not forcibly be the same. This change allows to use different
algorithms.

Unfortunately this breaks the API if you use one of:
* `rsa_decrypt_key_ex()`
* `rsa_encrypt_key_ex()`
* `pkcs_1_oaep_decode()`
* `pkcs_1_oaep_encode()`

The `rsa_decrypt_key()` and `rsa_encrypt_key()` macros are still the same.

Signed-off-by: Steffen Jaeckel <[email protected]>
@sjaeckel
Copy link
Member Author

sjaeckel commented Oct 9, 2023

2/ We are breaking compatibility of rsa_encrypt_key_ex + rsa_decrypt_key_ex but I can live with that.

and pkcs_1_oaep_encode + pkcs_1_oaep_decode

Copy link
Member

@karel-m karel-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I am for merging.

@sjaeckel sjaeckel merged commit 7e863d2 into develop Oct 9, 2023
75 checks passed
@sjaeckel sjaeckel deleted the rsaaes_oaep_hashes branch October 9, 2023 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants