[RFC] RSA lib integration

Cargo.toml

@@ -35,6 +35,7 @@ des = { version = "0.7", optional = true }
 hmac = "0.11"
 sha-1 = { version = "0.9", default-features = false, optional = true }
 sha2 = { version = "0.9", default-features = false }
+rsa = { version = "0.6.0", optional = true }
 
 # ours
 cosey = "0.3"
@@ -90,6 +91,7 @@ default-mechanisms = [
     "tdes",
     "totp",
     "trng",
+    "rsa2k"
 ]
 aes256-cbc = []
 chacha8-poly1305 = []
@@ -104,6 +106,9 @@ sha256 = []
 tdes = ["des"]
 totp = ["sha-1"]
 trng = ["sha-1"]
+rsa2k = ["rsa"]
+rsa3k = ["rsa"]
+rsa4k = ["rsa"]
 
 clients-1 = []
 clients-2 = []

src/client/mechanisms.rs

@@ -245,6 +245,47 @@ pub trait P256: CryptoClient {
     }
 }
 
+#[cfg(feature = "rsa2k")]
+impl<S: Syscall> Rsa2kPkcs for ClientImplementation<S> {}
+
+pub trait Rsa2kPkcs: CryptoClient {
+    fn generate_rsa2kpkcs_private_key(&mut self, persistence: Location)
+        -> ClientResult<'_, reply::GenerateKey, Self>
+    {
+        self.generate_key(Mechanism::Rsa2kPkcs, StorageAttributes::new().set_persistence(persistence))
+    }
+
+    fn derive_rsa2kpkcs_public_key(&mut self, shared_key: KeyId, persistence: Location)
+        -> ClientResult<'_, reply::DeriveKey, Self>
+    {
+        self.derive_key(Mechanism::Rsa2kPkcs, shared_key, None, StorageAttributes::new().set_persistence(persistence))
+    }
+
+    fn serialize_rsa2kpkcs_key(&mut self, key: KeyId, format: KeySerialization)
+        -> ClientResult<'_, reply::SerializeKey, Self>
+    {
+        self.serialize_key(Mechanism::Rsa2kPkcs, key, format)
+    }
+
+    fn deserialize_rsa2kpkcs_key<'c>(&'c mut self, serialized_key: &[u8], format: KeySerialization, attributes: StorageAttributes)
+        -> ClientResult<'c, reply::DeserializeKey, Self>
+    {
+        self.deserialize_key(Mechanism::Rsa2kPkcs, serialized_key, format, attributes)
+    }
+
+    fn sign_rsa2kpkcs<'c>(&'c mut self, key: KeyId, message: &[u8])
+    -> ClientResult<'c, reply::Sign, Self>
+    {
+        self.sign(Mechanism::Rsa2kPkcs, key, message, SignatureSerialization::Raw)
+    }
+
+    fn verify_rsa2kpkcs<'c>(&'c mut self, key: KeyId, message: &[u8], signature: &[u8])
+        -> ClientResult<'c, reply::Verify, Self>
+    {
+        self.verify(Mechanism::Rsa2kPkcs, key, message, signature, SignatureSerialization::Raw)
+    }
+}
+
 #[cfg(feature = "sha256")]
 impl<S: Syscall> Sha256 for ClientImplementation<S> {}
 

src/config.rs

@@ -8,14 +8,13 @@ use littlefs2::consts;
 
 pub type MAX_APPLICATION_NAME_LENGTH = consts::U256;
 pub const MAX_LONG_DATA_LENGTH: usize = 1024;
-pub const MAX_MESSAGE_LENGTH: usize = 1024;
 pub type MAX_OBJECT_HANDLES = consts::U16;
 pub type MAX_LABEL_LENGTH = consts::U256;
 pub const MAX_MEDIUM_DATA_LENGTH: usize = 256;
 pub type MAX_PATH_LENGTH = consts::U256;
-pub const MAX_KEY_MATERIAL_LENGTH: usize = 128;
+//pub const MAX_KEY_MATERIAL_LENGTH: usize = 128;
 // must be above + 4
-pub const MAX_SERIALIZED_KEY_LENGTH: usize = 132;
+//pub const MAX_SERIALIZED_KEY_LENGTH: usize = 132;
 cfg_if::cfg_if! {
 	if #[cfg(feature = "clients-12")] {
 		pub type MAX_SERVICE_CLIENTS = consts::U12;
@@ -44,8 +43,28 @@ cfg_if::cfg_if! {
 	}
 }
 pub const MAX_SHORT_DATA_LENGTH: usize = 128;
+
+#[cfg(any(feature = "rsa2k", feature = "rsa3k", feature = "rsa4k"))]
+pub const MAX_SIGNATURE_LENGTH: usize = 512;
+#[cfg(any(feature = "rsa2k", feature = "rsa3k", feature = "rsa4k"))]
+// TODO: We use PKCS#8 DER format, this value was found empirically for 2K keys. Need to generalize.
+pub const MAX_KEY_MATERIAL_LENGTH: usize = 1217;
+#[cfg(any(feature = "rsa2k", feature = "rsa3k", feature = "rsa4k"))]
+// This is due to the fact that KEY_MATERIAL_LENGTH is bigger than MESSAGE_LENGTH for RSA.
+pub const MAX_MESSAGE_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH;
+
+
+#[cfg(not(any(feature = "rsa2k", feature = "rsa3k", feature = "rsa4k")))]
 pub const MAX_SIGNATURE_LENGTH: usize = 72;
+#[cfg(not(any(feature = "rsa2k", feature = "rsa3k", feature = "rsa4k")))]
+pub const MAX_KEY_MATERIAL_LENGTH: usize = 128;
+#[cfg(not(any(feature = "rsa2k", feature = "rsa3k", feature = "rsa4k")))]
+pub const MAX_MESSAGE_LENGTH: usize = 1024;
+
+// must be MAX_KEY_MATERIAL_LENGTH + 4
+pub const MAX_SERIALIZED_KEY_LENGTH: usize = MAX_KEY_MATERIAL_LENGTH + 4;
 pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256;
 
+
 pub const USER_ATTRIBUTE_NUMBER: u8 = 37;
 

src/key.rs

@@ -63,6 +63,7 @@ pub enum Kind {
     Ed255,
     P256,
     X255,
+    Rsa2k,
 }
 
 bitflags::bitflags! {
@@ -136,6 +137,9 @@ impl Kind {
             Kind::Ed255 => 4,
             Kind::P256 => 5,
             Kind::X255 => 6,
+            Kind::Rsa2k => 0x7,
+            //Kind::Rsa3k => 0xE0,
+            //Kind::Rsa4k => 0xE1,
         }
     }
 
@@ -147,6 +151,11 @@ impl Kind {
             4 => Self::Ed255,
             5 => Self::P256,
             6 => Self::X255,
+
+            0x7 => Self::Rsa2k,
+            //0xE0 => Kind::Rsa3k,
+            //0xE1 => Kind::Rsa4k,
+
             _ => return Err(Error::InvalidSerializedKey),
         })
     }

src/mechanisms.rs

@@ -46,6 +46,10 @@ pub struct P256 {}
 pub struct P256Prehashed {}
 mod p256;
 
+pub struct Rsa2kPkcs {}
+// Later on we'll add: "pub struct Rsa2kPss {}" and so on
+mod rsa2k;
+
 pub struct Sha256 {}
 mod sha256;