search

RustCrypto / formats

Cryptography-related format encoders/decoders: DER, PEM, PKCS, PKIX
250 stars 132 forks source link

ECC in CMS support #1544

Open nemynm opened 1 month ago

nemynm commented 1 month ago

Hello,

I believe that the current code base does not support EnvelopedData with Elliptic Curve Cryptography (ECC) for CMS. Would you be interested in a code contribution that would bring partial CMS ECC support as per rfc5753?

I could contribute some code that would essentially implement KeyAgreeRecipientInfoBuilder for KeyAgreeRecipientInfo (Kari).

It would not implement all the KeyAgreement algorithms mentioned in the RFC as I think that RustCrypto does not currently have all the primitive to fully support other KeyAgreement schemes (namely 'Co-factor' ECDH and 1-Pass ECMQV). As such it would mainly focus on EnvelopedData Using (ephemeral-static) ECDH with 'Standard' ECDH

A few initial prerequisite would be:

Thank you and let me know your thoughts,

Best,

tarcieri commented 1 month ago

Sure, sounds great!

Re: OIDs for RFC5753, that should be pretty easy to add: https://github.com/RustCrypto/formats/tree/master/const-oid/oiddbgen

Please open a separate issue and/or PR for that

nemynm commented 1 month ago

Sure, sounds great!

Re: OIDs for RFC5753, that should be pretty easy to add: https://github.com/RustCrypto/formats/tree/master/const-oid/oiddbgen

Please open a separate issue and/or PR for that

Great thanks, I opened https://github.com/RustCrypto/formats/issues/1546 for the OIDs.

I'll prepare a PR for ECC support itself.

Thanks!

nemynm commented 3 weeks ago

Hello, I have a branch almost ready (I need to rebase), Quick question before I open the PR: right now the dependency for the key-derivation function points to the RustCrypto KDFs git repo as the new crate for ansi-x963-kdf is not yet published. Is that acceptable for review or do you want to wait until the new crate is published on crates.io?

tarcieri commented 3 weeks ago

You can add a git dependency, that's fine

nemynm commented 3 weeks ago

here it is, I put things into separate modules for the sake of clarity and limit conflicts as I think some other PR are working on the builder-side too.