search

aws / aws-lc-rs

aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations. The library strives to be API-compatible with the popular Rust library named ring.
Other
252 stars 42 forks source link

Support for P521 curve with SHA256/SHA384 hash algorithms. #457

Closed samin-cf closed 2 days ago

samin-cf commented 1 week ago

Problem:

I have a use case where I need to rely on rustls-webpki (with aws-lc-rs as the crypto provider). When the CA is signed with ecdsa-with-SHA512 algorithm and the server certificate is signed with ecdsa-with-sha256/ecdsa-with-sha384, rustls-webpki fails to verify the server certificate.

I opened https://github.com/rustls/webpki/issues/267 for this issue, and ultimately, it looks like support for P521 curve with SHA256/SHA384 hash algorithms needs to be added in both rustls-webpki and aws-lc-rs.

Is this something aws-lc-rs has considered or is willing to?

justsmth commented 1 week ago

Thanks for the request!

ECDSA's are fairly easy for us to add to our logic. (Here's the PR where we originally added ECDSA P521.) The hardest part might be collecting appropriate test vectors.

Let me check with the team to see what concerns might exist for this ECDSA.