Fixing inconsistent crypto consts #190
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JosePisco
changed the base branch from
develop
to
186-accurate-cryptographicusagemask-for-kmip-creation-of-rsa-keys
ThibsG
approved these changes
Feb 21, 2024
Manuthor
reviewed
Feb 27, 2024
| @@ -10,13 +10,16 @@ use crate::error::KmipError; | |||
| #[cfg(feature = "fips")] | |||
| use crate::kmip_bail; | |||
|
|
|||
| /// Minimum random salt size in bytes to use when deriving keys. | |||
| const FIPS_MIN_SALT_SIZE: usize = 16; | |||
There was a problem hiding this comment.
size in bytes and size in bits are a bit confusing. Does it make sense to uniformize them in the same unity ? Could we adopt a naming variable convention to make it clear that those constants are in bytes or in bits. Also, I see XXX_KLEN, XXX_HLEN, XXX_SIZE, XXX_SIZE_BITS and XXX_LENGTH. Should we use a unique suffix to those variables (_SIZE for example?)
Manuthor
merged commit 4a2b9ca
into
186-accurate-cryptographicusagemask-for-kmip-creation-of-rsa-keys
23 checks passed
Manuthor
pushed a commit
that referenced
this pull request
Mar 1, 2024
…189) * feat: dynamic cryptographic usage mask set and check * feat: code enhancement * feat: style + load provider in fips tests * feat: load fips provider on rsa tests * fix: inconsistent crypto consts (#190) * feat: harmonising crypto consts in bits * feat: style + load provider in fips tests * feat: load fips provider on rsa tests * fix: better const naming for passwd derivation
Manuthor
pushed a commit
that referenced
this pull request
Mar 1, 2024
…ic curves and RSA (#187 and #189) * Move crypto subcrate into kmip and dispatch other elements * Remove unused feature curve25519 * Set openssl as wanted feature for kmip deps in pyo3 * Update patched iana-time-zone to a non yanked version * feat: better crypto const organization * feat: better zeroization * feat: finalize zeroization * revert type in kmip operation back to vec<u8> * fix build * revert commit reverting zeroizing + modification attempt at serializer * Temporarily ignore rustsec from pqc-kyber * feat: code enhancement deserialize * feat: dynamic cryptographic algorithm and usage for creation. Tests fail * feat: dynami mask and cryptographic algorithm for ecc key creation * fix: loose comparison * feat: tests + refacto dynamic mask and algo for ecc key creation * fix: fix compile from bad merge * fix lint * feat: distinguish private and public key masks * fix: remove redundant refrence * feat: code enhancement * fix: unused variable in non-fips mode * feat: style + load provider in fips tests * fix: remove P-192 from fips mask construction * feat: accurate CryptographicUsageMask for KMIP creation of RSA keys (#189) * feat: dynamic cryptographic usage mask set and check * feat: code enhancement * feat: style + load provider in fips tests * feat: load fips provider on rsa tests * fix: inconsistent crypto consts (#190) * feat: harmonising crypto consts in bits * feat: style + load provider in fips tests * feat: load fips provider on rsa tests * fix: better const naming for passwd derivation --------- Co-authored-by: ThibsG <thibsg@pm.me>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Declared crypto consts were describing sizes in both bits and bytes resulting in inconsistent comparisons and harder to read code.