Skip to content

Replace openssl hash functions with RustCrypto hashes#3

Draft
Fethbita wants to merge 6 commits intomainfrom
feat-rustcrypto
Draft

Replace openssl hash functions with RustCrypto hashes#3
Fethbita wants to merge 6 commits intomainfrom
feat-rustcrypto

Conversation

@Fethbita
Copy link
Copy Markdown
Owner

@Fethbita Fethbita commented Oct 2, 2024

Aim is to remove openssl dependency eventually. See RustCrypto/traits#1683 for more details on where I am stuck right now.

@Fethbita Fethbita self-assigned this Oct 2, 2024
@Fethbita Fethbita marked this pull request as draft October 2, 2024 18:03
Comment thread src/lib.rs
} else if Oid::const_new(&[2, 16, 840, 1, 101, 3, 4, 2, 2]).eq(oid) {
Ok(Box::new(sha2::Sha384::default()))
} else if Oid::const_new(&[2, 16, 840, 1, 101, 3, 4, 2, 1]).eq(oid) {
Ok(Box::new(sha2::Sha256::default()))
Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, thanks for the comment. It seems that with that approach, I would need to use an oid database (der::oid::db::DB). Since oids do not change, I think it's better to have them hardcoded. Even though it looks cleaner, I would rather have very little dependency footprint. Currently, I have quite many dependencies but I plan to reduce them in time.

RustCrypto is missing brainpool curves, so the signature verification is not implemented still

RSA and DSA are also not implemented
@Fethbita
Copy link
Copy Markdown
Owner Author

RustCrypto is missing Brainpool and some other elliptic curve algorithms (RustCrypto/elliptic-curves#114)

Comment thread src/lib.rs
// <https://www.icao.int/publications/Documents/9303_p12_cons_en.pdf>
// > MUST be v3
if cert.tbs_certificate.version.ne(&rasn_pkix::Version::V3) {
error!("DSC TBSCertificate version must be v3");
Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/DSC/certificate

Comment thread src/lib.rs
));
let signature_algorithm = &signer_info.signature_algorithm;
let signature = der::encode(&signer_info.signature).map_err(EmrtdError::RasnEncodeError)?;
// let pub_key = dsc.public_key().map_err(EmrtdError::OpensslErrorStack)?;
Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove commented code

Comment thread src/lib.rs
return Err(EmrtdError::VerifySignatureError(
"Signature verification failure during Master List parsing",
));
// let pub_key = master_list_signer
Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove commented code

Comment thread src/lib.rs
// let chain = Stack::new().map_err(EmrtdError::OpensslErrorStack)?;
// let mut store_bldr =
// X509StoreBuilder::new().map_err(EmrtdError::OpensslErrorStack)?;
// store_bldr
Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove commented code

Comment thread src/lib.rs
// <https://www.icao.int/publications/Documents/9303_p12_cons_en.pdf>
// > Dates through 2049 MUST be in UTCTime UTCTime MUST be represented as YYMMDDHHMMSSZ
rasn_pkix::Time::Utc(date_time) => {
// todo!()
Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

easy todos

@dishmaker
Copy link
Copy Markdown

Looks like only bp512 is missing 😄
https://github.com/RustCrypto/elliptic-curves

@Fethbita
Copy link
Copy Markdown
Owner Author

Fethbita commented May 8, 2025

Looks like only bp512 is missing 😄 https://github.com/RustCrypto/elliptic-curves

Oh, indeed. That one is still needed for the Master List check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants