Remove RSA PKCS #1 encryption (RSAES-PKCS1-v1_5)

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

https://www.trustedfirmware.org/projects/mbed-tls/

Other

5.21k stars 2.55k forks source link

Remove RSA PKCS #1 encryption (RSAES-PKCS1-v1_5) #8459

Open daverodgman opened 10 months ago

daverodgman commented 10 months ago

Prerequisite: https://github.com/Mbed-TLS/mbedtls/issues/8170

mschulz-at-hilscher commented 1 month ago

We still require PKCS #1.5 for supporting OPCUA https://reference.opcfoundation.org/Core/Part7/v104/docs/6.6.165.

yanesca commented 1 month ago

The title is indeed a bit ambiguous, but I believe we are considering removing RSAES-PKCS1-v1_5 (RSA encryption v1.5).

Looking at the OPCUA table, it requires RSAES-OAEP (RSA encryption v2.1) and RSASSA-PKCS1-v1_5 (RSA signature 1.5), both of which we intend to keep.

@mschulz-at-hilscher can you confirm that you don't need RSAES-PKCS1-v1_5?

mschulz-at-hilscher commented 1 month ago

@mschulz-at-hilscher can you confirm that you don't need RSAES-PKCS1-v1_5?

correct, we do not need RSAES-PKCS1-v1_5

gilles-peskine-arm commented 1 month ago

Architectural decision: given that we are removing TLS key exchanges that use RSAES-PKCS1-v1_5, we don't have another reason to keep RSAES-PKCS1-v1_5 around. So we are removing PSA_ALG_RSA_PKCS1V15_CRYPT and the underlying code in the RSA module (PKCS#1v1.5 encryption). (To be clear, we're keeping PKCS#1v1.5 signature, PSS, and OAEP.)