Modifications to PR #262 made during review. #344
Conversation
| try!(em.read_byte()) != 1 { | ||
| return Err(error::Unspecified); | ||
| } | ||
| let em = m; | ||
|
|
There was a problem hiding this comment.
:sigh: All of these changes are just supposed to be un-indenting and re-wrapping the code.
| let em_bits = mod_bits - 1; | ||
| let em_len = (em_bits + 7) / 8; | ||
| let top_byte_mask = 0xffu8 >> ((8 * em_len) - em_bits); | ||
| // RSASSA-PSS-VERIFY Step 2(c). The `m` this function is given is the |
There was a problem hiding this comment.
Ditto. I'll verify that I didn't actually change the code in any significant way other than reformatting it.
|
Changes Unknown when pulling 1fa60373cab9636811ee4fffffc52228712ef211 on padding into * on master*. |
| return Err(error::Unspecified); | ||
| } | ||
| if try!(em.read_byte()) != 0 || | ||
| try!(em.read_byte()) != 1 { |
There was a problem hiding this comment.
This condition fits fine on one line.
There was a problem hiding this comment.
I've now split it into two conditions so that the code coverage can see whether we're testing both checks.
| // the out buffer, and then XOR the value of db. | ||
|
|
||
| // Step 9. First output the mask into the out buffer. | ||
| let (mut masked_db, mut digest_terminator) = |
There was a problem hiding this comment.
Space missing from start of the line.
There was a problem hiding this comment.
(Next line would need an additional space as well)
|
|
||
| let digest_alg = self.digest_alg; | ||
| let decoded_digest = | ||
| try!(em.skip_and_get_input(digest_alg.output_len)); |
There was a problem hiding this comment.
This also fits in one 80-char line now.
| let em_bits = mod_bits - 1; | ||
| let em_len = (em_bits + 7) / 8; | ||
| let leading_zero_bits = (8 * em_len) - em_bits; | ||
| assert!(leading_zero_bits < 8); |
There was a problem hiding this comment.
Out of curiosity: why assert over debug_assert or returning an error?
There was a problem hiding this comment.
I changed it to a debug_assert!.
| // Step 8. | ||
| for i in 1..db.len() { | ||
| db[i] ^= try!(masked_bytes.read_byte()); | ||
| } |
There was a problem hiding this comment.
Since you've added iter in untrusted 0.3.2, is it worth updating this code to use that instead, similarly to how you've written the equivalent code in encode?
There was a problem hiding this comment.
Yes, that's exactly what I want to happen.
| return Err(error::Unspecified); | ||
| } | ||
|
|
||
| try!(padding_alg.encode(msg, signature)); | ||
| try!(padding_alg.encode(msg, signature, mod_len*8, rng)); |
There was a problem hiding this comment.
Spaces around the operator: mod_len * 8?
|
|
||
|
|
||
| // Maximum RSA modulus size supported for signature verification (in bits). | ||
| const PUBLIC_MODULUS_MAX_LEN: usize = 8192; |
There was a problem hiding this comment.
As you commented in the other thread, PUBLIC_MODULUS_MAX_BITS is a better name for this.
| @@ -0,0 +1,60 @@ | |||
| # Test vectors for RSA-PSS padding for variable public modulus lengths | |||
There was a problem hiding this comment.
Outstanding tasks for this file:
- Rename to
rsa_pss_verify_padding_tests.txt. - Add failing cases.
- Cover more digest types.
Would it be simpler to add these cases to the existing rsa_pss_verify_tests.txt file instead? The only reason I could see that these should have independent tests is if the padding functions were made public.
There was a problem hiding this comment.
I can make a start on adding failing cases.
| params.padding_alg.verify(msg, untrusted::Input::from(decoded)) | ||
| untrusted::Input::from(decoded).read_all( | ||
| error::Unspecified, | ||
| |m| params.padding_alg.verify(msg, m, n.length_in_bits())) |
There was a problem hiding this comment.
Should the closing bracket be on the line below, at the same indentation level as line 127?
| @@ -1,5 +1,8 @@ | |||
| # NIST Test Vectors | |||
|
|
|||
| [CAVP](CAVP) contains a number of test cases from the [NIST Individual Component | |||
There was a problem hiding this comment.
These lines can be deleted since we not longer store the NIST tests here.
|
@samscott89 Please check out the new commits I appended to this series to address your concerns. Let me know if you want me to squash them into the prior commits before or after you review them. Pay special attention to the change I made to the PSS encoding, passing in the actual bit length of the public modulus instead of Also, do you want to take over the remaining tasks? I definitely don't want to steal this from you. |
|
Changes Unknown when pulling 5f139ea on padding into * on master*. |
1 similar comment
|
Changes Unknown when pulling 5f139ea on padding into * on master*. |
| use error; | ||
|
|
||
| #[derive(Clone, Copy, Eq, PartialEq)] | ||
| pub struct BitLength { |
There was a problem hiding this comment.
Should this be called just Length since it will presumably always be used as bits::Length vs bits::BitLength?
Also, is this not practically the canonical example for using newtypes?
There was a problem hiding this comment.
I agree it's weird to have bits::BitLength but I also think bits::Length or bit::Length is too clever. I found out that these names that only make sense with module prefixes don't work well in rustdoc (see error::Unspecified which rustdoc presents as just Unspecified, which is confusing).
I think we probably should create a "prelude" of common types that are used internally in ring and use those types (only) unprefixed. I think BitLength is a prime candidate for that.
There was a problem hiding this comment.
Regarding newtypes, see #350. The problem is that we have to constructors: from bits, and from bytes. A newtype would make the from-bits constructor implicit, but I'd rather have the constructors be used explicitly. However, we may want to switch to newtype style if it helps work around the lack of const fn.
|
Yup, all looks good to me. The
I'm more than happy to, and allow you to move onto something else. I think you've given me enough help at this point for me to get it across the finish line. I'm not worried about it being 'stolen' from me though, I'm just looking to learn/help as much as I can. If you could squash it down to a reasonable number of commits (perhaps original commit + review or something?), that would be great. I'll then pull the |
|
Changes Unknown when pulling 5f139ea on padding into * on master*. |
1 similar comment
|
Changes Unknown when pulling 5f139ea on padding into * on master*. |
I filed #350 for this.
I think we should just assume all non-BitLength lengths are in bytes. Otherwise we'd have to move ByteLength (at least) to untrusted.
Will do. |
|
I squashed and landed all these changes onto master. See discussion in #262. |
@samscott89 Could you please take a look at these changes I am proposing for your PR?