search

RustCrypto / formats

Cryptography-related format encoders/decoders: DER, PEM, PKCS, PKIX
235 stars 125 forks source link

PasswordRecipientInfoBuilder for CMS #1273

Open bkstein opened 9 months ago

bkstein commented 9 months ago

This provides a builder for CMS' PasswordRecipientInfo according to RFC 3211. In contrast to the KeyTransRecipientInfoBuilder the key-encryption algorithm must be provided by the user (who has to provide an implementation of PwriEncryptor). This allows for more flexibility in choosing allgorithms for key derivation and encryption. An example for using the implementation is in the new test.

bkstein commented 9 months ago

@tarcieri Regarding the security alert: I assume, I have to wait for the rsa ct issue to be fixed?

baloo commented 9 months ago

(@bkstein if you rebase, the security audit error should go away. This is not actionable for now and we'll ignore it until RSA 0.10 is released)

bkstein commented 4 months ago

@baloo First, I apologize for the long time beeing absent. We were busy working on our project and we had this PR as a local patch. But I'm interested in making this official and would like to resume. I started by updating to the master branch and experienced problems with the new crate versions. The clippy error is due to incompatible versioning of some Dependencies (digest is referenced by ecdsa with version v0.11.0-pre.8, but I introduced pkdf2, which references digest v0.10.7):

$ cargo tree
...
│   │       [dev-dependencies]
│   │       ├── ecdsa v0.17.0-pre.5 (https://github.com/RustCrypto/signatures#c2f3ee64)
...
│   │       │   ├── digest v0.11.0-pre.8
...
│   │       │   ├── elliptic-curve v0.14.0-pre.5
...
│   │       │   │   ├── digest v0.11.0-pre.8 (*)
...
│   │       │   │   ├── pkcs8 v0.11.0-pre.0 (/home/bkstein/Projects/github.com/RustCrypto/formats/pkcs8)
...
│   │       │   │   │   ├── pkcs5 v0.8.0-pre.0 (/home/bkstein/Projects/github.com/RustCrypto/formats/pkcs5)
...
│   │       │   │   │   │   ├── pbkdf2 v0.12.2
│   │       │   │   │   │   │   ├── digest v0.10.7
...

At the moment, I don't see how to resolve this.

baloo commented 4 months ago

Ha, this is an oversight. I've bumped a bunch of dependencies in the ecosystem to pre-release versions but forgot pkcs5.

See; https://github.com/RustCrypto/formats/pull/1391

(also: no need to apologize, we all have various priorities :))

bkstein commented 1 month ago

@baloo I updated this PR to the latest master and dependencies. As for me, this can be merged.

bkstein commented 1 month ago

@baloo Reverted to draft, because I think, it's better to modify the rng handling. You mentioned above, that 2 rng's are now necessary for the pwri-builder. But it should be possible to get by with one rng, if I pass it from the builder to the encryption method.