diff --git a/Cargo.lock b/Cargo.lock index 7ccfc9ad..8c58741c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -135,8 +135,8 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.7.0-pre.0" -source = "git+https://github.com/RustCrypto/crypto-bigint.git#2734f1852d9a713dc92183bb6e2d4b987f1e38f1" +version = "0.7.0-pre.1" +source = "git+https://github.com/RustCrypto/crypto-bigint.git#cd2ccf3878739ecf9f2eb0b035587987c5f4dc47" dependencies = [ "num-traits", "rand_core 0.9.3", diff --git a/src/algorithms/rsa.rs b/src/algorithms/rsa.rs index 5bea4db2..64e86224 100644 --- a/src/algorithms/rsa.rs +++ b/src/algorithms/rsa.rs @@ -3,7 +3,7 @@ use core::cmp::Ordering; use crypto_bigint::modular::{BoxedMontyForm, BoxedMontyParams}; -use crypto_bigint::{BoxedUint, Gcd, NonZero, Odd, RandomMod, Wrapping}; +use crypto_bigint::{BoxedUint, Gcd, NonZero, Odd, RandomMod, Resize}; use rand_core::TryCryptoRng; use zeroize::Zeroize; @@ -39,6 +39,10 @@ pub fn rsa_decrypt( let n = priv_key.n(); let d = priv_key.d(); + if c.bits_precision() != n.as_ref().bits_precision() { + return Err(Error::Decryption); + } + if c >= n.as_ref() { return Err(Error::Decryption); } @@ -51,9 +55,9 @@ pub fn rsa_decrypt( let c = if let Some(rng) = rng { let (blinded, unblinder) = blind(rng, priv_key, c, n_params)?; ir = Some(unblinder); - blinded.widen(bits) + blinded.try_resize(bits).ok_or(Error::Internal)? } else { - c.widen(bits) + c.try_resize(bits).ok_or(Error::Internal)? }; let is_multiprime = priv_key.primes().len() > 2; @@ -68,32 +72,54 @@ pub fn rsa_decrypt( (Some(dp), Some(dq), Some(qinv), Some(p_params), Some(q_params)) if !is_multiprime => { // We have the precalculated values needed for the CRT. - let _p = &priv_key.primes()[0]; + let p = &priv_key.primes()[0]; let q = &priv_key.primes()[1]; // precomputed: dP = (1/e) mod (p-1) = d mod (p-1) // precomputed: dQ = (1/e) mod (q-1) = d mod (q-1) + // TODO: it may be faster to convert to and from Montgomery with prepared parameters + // (modulo `p` and `q`) rather than calculating the remainder directly. + // m1 = c^dP mod p - let cp = BoxedMontyForm::new(c.clone(), p_params.clone()); + let p_wide = p_params.modulus().resize_unchecked(c.bits_precision()); + let c_mod_dp = (&c % p_wide.as_nz_ref()).resize_unchecked(dp.bits_precision()); + let cp = BoxedMontyForm::new(c_mod_dp, p_params.clone()); let mut m1 = cp.pow(dp); // m2 = c^dQ mod q - let cq = BoxedMontyForm::new(c, q_params.clone()); + let q_wide = q_params.modulus().resize_unchecked(c.bits_precision()); + let c_mod_dq = (&c % q_wide.as_nz_ref()).resize_unchecked(dq.bits_precision()); + let cq = BoxedMontyForm::new(c_mod_dq, q_params.clone()); let m2 = cq.pow(dq).retrieve(); + // Note that since `p` and `q` may have different `bits_precision`, + // it may be different for `m1` and `m2` as well. + // (m1 - m2) mod p = (m1 mod p) - (m2 mod p) mod p - let m2r = BoxedMontyForm::new(m2.clone(), p_params.clone()); + let m2_mod_p = match p_params.bits_precision().cmp(&q_params.bits_precision()) { + Ordering::Less => { + let p_wide = NonZero::new(p.clone()) + .expect("`p` is non-zero") + .resize_unchecked(q_params.bits_precision()); + (&m2 % p_wide).resize_unchecked(p_params.bits_precision()) + } + Ordering::Greater => (&m2).resize_unchecked(p_params.bits_precision()), + Ordering::Equal => m2.clone(), + }; + let m2r = BoxedMontyForm::new(m2_mod_p, p_params.clone()); m1 -= &m2r; // precomputed: qInv = (1/q) mod p // h = qInv.(m1 - m2) mod p - let mut m: Wrapping = Wrapping(qinv.mul(&m1).retrieve()); + let h = (qinv * m1).retrieve(); // m = m2 + h.q - m *= Wrapping(q.clone()); - m += Wrapping(m2); - m.0 + let m2 = m2.try_resize(n.bits_precision()).ok_or(Error::Internal)?; + let hq = (h * q) + .try_resize(n.bits_precision()) + .ok_or(Error::Internal)?; + m2.wrapping_add(&hq) } _ => { // c^d (mod n) @@ -101,8 +127,6 @@ pub fn rsa_decrypt( } }; - // Ensure output precision matches input precision - let m = m.shorten(n_params.bits_precision()); match ir { Some(ref ir) => { // unblind @@ -118,6 +142,8 @@ pub fn rsa_decrypt( /// Returns a plaintext `BoxedUint`. Performs RSA blinding if an `Rng` is passed. This will also /// check for errors in the CRT computation. /// +/// `c` must have the same `bits_precision` as the RSA key modulus. +/// /// # ☢️️ WARNING: HAZARDOUS API ☢️ /// /// Use this function with great care! Raw RSA should never be used without an appropriate padding @@ -209,16 +235,8 @@ fn pow_mod_params(base: &BoxedUint, exp: &BoxedUint, n_params: &BoxedMontyParams } fn reduce_vartime(n: &BoxedUint, p: &BoxedMontyParams) -> BoxedMontyForm { - let bits_precision = p.modulus().bits_precision(); let modulus = p.modulus().as_nz_ref().clone(); - - let n = match n.bits_precision().cmp(&bits_precision) { - Ordering::Less => n.widen(bits_precision), - Ordering::Equal => n.clone(), - Ordering::Greater => n.shorten(bits_precision), - }; - - let n_reduced = n.rem_vartime(&modulus).widen(p.bits_precision()); + let n_reduced = n.rem_vartime(&modulus).resize_unchecked(p.bits_precision()); BoxedMontyForm::new(n_reduced, p.clone()) } @@ -248,19 +266,20 @@ pub fn recover_primes( // 1. Let a = (de – 1) × GCD(n – 1, de – 1). let bits = d.bits_precision() * 2; - let one = BoxedUint::one().widen(bits); - let e = e.widen(bits); - let d = d.widen(bits); - let n = n.as_ref().widen(bits); + let one = BoxedUint::one_with_precision(bits); + let e = e.resize_unchecked(d.bits_precision()); + let d = d.resize_unchecked(d.bits_precision()); + let n = n.resize_unchecked(bits); - let a1 = &d * &e - &one; - let a2 = (&n - &one).gcd(&a1); + let a1 = d * e - &one; + let a2 = (n.as_ref() - &one).gcd(&a1); let a = a1 * a2; - let n = n.widen(a.bits_precision()); + let n = n.resize_unchecked(a.bits_precision()); // 2. Let m = floor(a /n) and r = a – m n, so that a = m n + r and 0 ≤ r < n. - let m = &a / NonZero::new(n.clone()).expect("checked"); - let r = a - &m * &n; + let m = &a / &n; + let r = a - &m * n.as_ref(); + let n = n.get(); // 3. Let b = ( (n – r)/(m + 1) ) + 1; if b is not an integer or b^2 ≤ 4n, then output an error indicator, // and exit without further processing. @@ -292,7 +311,7 @@ pub fn recover_primes( let bits = core::cmp::max(b.bits_precision(), y.bits_precision()); let two = NonZero::new(BoxedUint::from(2u64)) .expect("2 is non zero") - .widen(bits); + .resize_unchecked(bits); let p = (&b + &y) / &two; let q = (b - y) / two; @@ -325,7 +344,7 @@ pub(crate) fn compute_private_exponent_euler_totient( for prime in primes { totient *= prime - &BoxedUint::one(); } - let exp = exp.widen(totient.bits_precision()); + let exp = exp.resize_unchecked(totient.bits_precision()); // NOTE: `mod_inverse` checks if `exp` evenly divides `totient` and returns `None` if so. // This ensures that `exp` is not a factor of any `(prime - 1)`. @@ -356,7 +375,7 @@ pub(crate) fn compute_private_exponent_carmicheal( // LCM inlined let gcd = p1.gcd(&q1); let lcm = p1 / NonZero::new(gcd).expect("gcd is non zero") * &q1; - let exp = exp.widen(lcm.bits_precision()); + let exp = exp.resize_unchecked(lcm.bits_precision()); if let Some(d) = exp.inv_mod(&lcm).into() { Ok(d) } else { @@ -373,11 +392,55 @@ mod tests { fn recover_primes_works() { let bits = 2048; - let n = BoxedUint::from_be_hex("d397b84d98a4c26138ed1b695a8106ead91d553bf06041b62d3fdc50a041e222b8f4529689c1b82c5e71554f5dd69fa2f4b6158cf0dbeb57811a0fc327e1f28e74fe74d3bc166c1eabdc1b8b57b934ca8be5b00b4f29975bcc99acaf415b59bb28a6782bb41a2c3c2976b3c18dbadef62f00c6bb226640095096c0cc60d22fe7ef987d75c6a81b10d96bf292028af110dc7cc1bbc43d22adab379a0cd5d8078cc780ff5cd6209dea34c922cf784f7717e428d75b5aec8ff30e5f0141510766e2e0ab8d473c84e8710b2b98227c3db095337ad3452f19e2b9bfbccdd8148abf6776fa552775e6e75956e45229ae5a9c46949bab1e622f0e48f56524a84ed3483b", bits).unwrap(); + let n = BoxedUint::from_be_hex( + concat!( + "d397b84d98a4c26138ed1b695a8106ead91d553bf06041b62d3fdc50a041e222", + "b8f4529689c1b82c5e71554f5dd69fa2f4b6158cf0dbeb57811a0fc327e1f28e", + "74fe74d3bc166c1eabdc1b8b57b934ca8be5b00b4f29975bcc99acaf415b59bb", + "28a6782bb41a2c3c2976b3c18dbadef62f00c6bb226640095096c0cc60d22fe7", + "ef987d75c6a81b10d96bf292028af110dc7cc1bbc43d22adab379a0cd5d8078c", + "c780ff5cd6209dea34c922cf784f7717e428d75b5aec8ff30e5f0141510766e2", + "e0ab8d473c84e8710b2b98227c3db095337ad3452f19e2b9bfbccdd8148abf67", + "76fa552775e6e75956e45229ae5a9c46949bab1e622f0e48f56524a84ed3483b" + ), + bits, + ) + .unwrap(); let e = BoxedUint::from(65_537u64); - let d = BoxedUint::from_be_hex("c4e70c689162c94c660828191b52b4d8392115df486a9adbe831e458d73958320dc1b755456e93701e9702d76fb0b92f90e01d1fe248153281fe79aa9763a92fae69d8d7ecd144de29fa135bd14f9573e349e45031e3b76982f583003826c552e89a397c1a06bd2163488630d92e8c2bb643d7abef700da95d685c941489a46f54b5316f62b5d2c3a7f1bbd134cb37353a44683fdc9d95d36458de22f6c44057fe74a0a436c4308f73f4da42f35c47ac16a7138d483afc91e41dc3a1127382e0c0f5119b0221b4fc639d6b9c38177a6de9b526ebd88c38d7982c07f98a0efd877d508aae275b946915c02e2e1106d175d74ec6777f5e80d12c053d9c7be1e341", bits).unwrap(); - let p = BoxedUint::from_be_hex("f827bbf3a41877c7cc59aebf42ed4b29c32defcb8ed96863d5b090a05a8930dd624a21c9dcf9838568fdfa0df65b8462a5f2ac913d6c56f975532bd8e78fb07bd405ca99a484bcf59f019bbddcb3933f2bce706300b4f7b110120c5df9018159067c35da3061a56c8635a52b54273b31271b4311f0795df6021e6355e1a42e61", bits / 2).unwrap(); - let q = BoxedUint::from_be_hex("da4817ce0089dd36f2ade6a3ff410c73ec34bf1b4f6bda38431bfede11cef1f7f6efa70e5f8063a3b1f6e17296ffb15feefa0912a0325b8d1fd65a559e717b5b961ec345072e0ec5203d03441d29af4d64054a04507410cf1da78e7b6119d909ec66e6ad625bf995b279a4b3c5be7d895cd7c5b9c4c497fde730916fcdb4e41b", bits / 2).unwrap(); + let d = BoxedUint::from_be_hex( + concat!( + "c4e70c689162c94c660828191b52b4d8392115df486a9adbe831e458d7395832", + "0dc1b755456e93701e9702d76fb0b92f90e01d1fe248153281fe79aa9763a92f", + "ae69d8d7ecd144de29fa135bd14f9573e349e45031e3b76982f583003826c552", + "e89a397c1a06bd2163488630d92e8c2bb643d7abef700da95d685c941489a46f", + "54b5316f62b5d2c3a7f1bbd134cb37353a44683fdc9d95d36458de22f6c44057", + "fe74a0a436c4308f73f4da42f35c47ac16a7138d483afc91e41dc3a1127382e0", + "c0f5119b0221b4fc639d6b9c38177a6de9b526ebd88c38d7982c07f98a0efd87", + "7d508aae275b946915c02e2e1106d175d74ec6777f5e80d12c053d9c7be1e341" + ), + bits, + ) + .unwrap(); + let p = BoxedUint::from_be_hex( + concat!( + "f827bbf3a41877c7cc59aebf42ed4b29c32defcb8ed96863d5b090a05a8930dd", + "624a21c9dcf9838568fdfa0df65b8462a5f2ac913d6c56f975532bd8e78fb07b", + "d405ca99a484bcf59f019bbddcb3933f2bce706300b4f7b110120c5df9018159", + "067c35da3061a56c8635a52b54273b31271b4311f0795df6021e6355e1a42e61" + ), + bits / 2, + ) + .unwrap(); + let q = BoxedUint::from_be_hex( + concat!( + "da4817ce0089dd36f2ade6a3ff410c73ec34bf1b4f6bda38431bfede11cef1f7", + "f6efa70e5f8063a3b1f6e17296ffb15feefa0912a0325b8d1fd65a559e717b5b", + "961ec345072e0ec5203d03441d29af4d64054a04507410cf1da78e7b6119d909", + "ec66e6ad625bf995b279a4b3c5be7d895cd7c5b9c4c497fde730916fcdb4e41b" + ), + bits / 2, + ) + .unwrap(); let (mut p1, mut q1) = recover_primes(&NonZero::new(n).unwrap(), &e, &d).unwrap(); diff --git a/src/encoding.rs b/src/encoding.rs index 9bc1823e..ee99c1a9 100644 --- a/src/encoding.rs +++ b/src/encoding.rs @@ -8,7 +8,7 @@ use crate::{ RsaPrivateKey, RsaPublicKey, }; use core::convert::{TryFrom, TryInto}; -use crypto_bigint::{BoxedUint, NonZero, Odd}; +use crypto_bigint::{BoxedUint, NonZero, Odd, Resize}; use pkcs8::{ der::{asn1::OctetStringRef, Encode}, Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument, @@ -115,13 +115,20 @@ impl EncodePrivateKey for RsaPrivateKey { let bits = self.d().bits_precision(); + debug_assert!(bits >= self.primes[0].bits_vartime()); + debug_assert!(bits >= self.primes[1].bits_vartime()); + let exponent1 = Zeroizing::new( - (self.d() % NonZero::new(&self.primes[0].widen(bits) - &BoxedUint::one()).unwrap()) - .to_be_bytes(), + (self.d() + % NonZero::new((&self.primes[0]).resize_unchecked(bits) - &BoxedUint::one()) + .unwrap()) + .to_be_bytes(), ); let exponent2 = Zeroizing::new( - (self.d() % NonZero::new(&self.primes[1].widen(bits) - &BoxedUint::one()).unwrap()) - .to_be_bytes(), + (self.d() + % NonZero::new((&self.primes[1]).resize_unchecked(bits) - &BoxedUint::one()) + .unwrap()) + .to_be_bytes(), ); let coefficient = Zeroizing::new( self.crt_coefficient() diff --git a/src/key.rs b/src/key.rs index 250ad137..96aa3a69 100644 --- a/src/key.rs +++ b/src/key.rs @@ -1,9 +1,10 @@ use alloc::vec::Vec; +use core::cmp::Ordering; use core::fmt; use core::hash::{Hash, Hasher}; use crypto_bigint::modular::{BoxedMontyForm, BoxedMontyParams}; -use crypto_bigint::{BoxedUint, Integer, NonZero, Odd}; +use crypto_bigint::{BoxedUint, Integer, NonZero, Odd, Resize}; use rand_core::CryptoRng; use zeroize::{Zeroize, ZeroizeOnDrop}; #[cfg(feature = "serde")] @@ -308,6 +309,11 @@ impl RsaPrivateKey { d: BoxedUint, mut primes: Vec, ) -> Result { + // The modulus may come in padded with zeros, shorten it + // to ensure optimal performance of arithmetic operations. + let n_bits = n.bits_vartime(); + let n = n.resize_unchecked(n_bits); + let n_params = BoxedMontyParams::new(n.clone()); let n_c = NonZero::new(n.get()) .into_option() @@ -322,9 +328,25 @@ impl RsaPrivateKey { primes.push(q); } 1 => return Err(Error::NprimesTooSmall), - _ => {} + _ => { + // Check that the product of primes matches the modulus. + // This also ensures that `bit_precision` of each prime is <= that of the modulus, + // and `bit_precision` of their product is >= that of the modulus. + if &primes.iter().fold(BoxedUint::one(), |acc, p| acc * p) != n_c.as_ref() { + return Err(Error::InvalidModulus); + } + } } + // The primes may come in padded with zeros too, so we need to shorten them as well. + let primes = primes + .into_iter() + .map(|p| { + let p_bits = p.bits(); + p.resize_unchecked(p_bits) + }) + .collect(); + let mut k = RsaPrivateKey { pubkey_components: RsaPublicKey { n: n_c, @@ -408,9 +430,8 @@ impl RsaPrivateKey { } let d = &self.d; - let bits = d.bits_precision(); - let p = self.primes[0].widen(bits); - let q = self.primes[1].widen(bits); + let p = self.primes[0].clone(); + let q = self.primes[1].clone(); let p_odd = Odd::new(p.clone()) .into_option() @@ -431,14 +452,29 @@ impl RsaPrivateKey { .ok_or(Error::InvalidPrime)?; let dq = d.rem_vartime(&x); - let qinv = BoxedMontyForm::new(q.clone(), p_params.clone()); - let qinv = qinv.invert().into_option().ok_or(Error::InvalidPrime)?; + // Note that since `p` and `q` may have different `bits_precision`, + // so we have to equalize them to calculate the remainder. + let q_mod_p = match p.bits_precision().cmp(&q.bits_precision()) { + Ordering::Less => (&q + % NonZero::new(p.clone()) + .expect("`p` is non-zero") + .resize_unchecked(q.bits_precision())) + .resize_unchecked(p.bits_precision()), + Ordering::Greater => { + (&q).resize_unchecked(p.bits_precision()) + % &NonZero::new(p.clone()).expect("`p` is non-zero") + } + Ordering::Equal => &q % NonZero::new(p.clone()).expect("`p` is non-zero"), + }; + + let q_mod_p = BoxedMontyForm::new(q_mod_p, p_params.clone()); + let qinv = q_mod_p.invert().into_option().ok_or(Error::InvalidPrime)?; - debug_assert_eq!(dp.bits_precision(), bits); - debug_assert_eq!(dq.bits_precision(), bits); - debug_assert_eq!(qinv.bits_precision(), bits); - debug_assert_eq!(p_params.bits_precision(), bits); - debug_assert_eq!(q_params.bits_precision(), bits); + debug_assert_eq!(dp.bits_precision(), p.bits_precision()); + debug_assert_eq!(dq.bits_precision(), q.bits_precision()); + debug_assert_eq!(qinv.bits_precision(), p.bits_precision()); + debug_assert_eq!(p_params.bits_precision(), p.bits_precision()); + debug_assert_eq!(q_params.bits_precision(), q.bits_precision()); self.precomputed = Some(PrecomputedValues { dp, @@ -488,11 +524,9 @@ impl RsaPrivateKey { // inverse. Therefore e is coprime to lcm(p-1,q-1,r-1,...) = // exponent(ℤ/nℤ). It also implies that a^de ≡ a mod p as a^(p-1) ≡ 1 // mod p. Thus a^de ≡ a mod n for all a coprime to n, as required. - let d = self.d.widen(2 * self.d.bits_precision()); - let de = d.wrapping_mul(&self.pubkey_components.e); + let de = self.d.mul(&self.pubkey_components.e); for prime in &self.primes { - let prime = prime.widen(d.bits_precision()); let x = NonZero::new(prime.wrapping_sub(&BoxedUint::one())).unwrap(); let congruence = de.rem_vartime(&x); if !bool::from(congruence.is_one()) { @@ -742,8 +776,7 @@ mod tests { key_generation!(key_generation_multi_5_64, 5, 64); key_generation!(key_generation_multi_8_576, 8, 576); - // TODO: reenable, currently slow - // key_generation!(key_generation_multi_16_1024, 16, 1024); + key_generation!(key_generation_multi_16_1024, 16, 1024); #[test] fn test_negative_decryption_value() { @@ -768,8 +801,8 @@ mod tests { ) .unwrap(), vec![ - BoxedUint::from_le_slice(&[105, 101, 60, 173, 19, 153, 3, 192], bits).unwrap(), - BoxedUint::from_le_slice(&[235, 65, 160, 134, 32, 136, 6, 241], bits).unwrap(), + BoxedUint::from_le_slice(&[105, 101, 60, 173, 19, 153, 3, 192], bits / 2).unwrap(), + BoxedUint::from_le_slice(&[235, 65, 160, 134, 32, 136, 6, 241], bits / 2).unwrap(), ], ) .unwrap(); @@ -789,14 +822,14 @@ mod tests { let priv_key = RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); let priv_tokens = [Token::Str(concat!( - "3054020100300d06092a864886f70d01010105000440303e020100020900a", - "ecdb5fae1b092570203010001020869bf9ae9d6712899020500d2aaa72502", - "0500d46b68cb020500887e253902047b4e3a4f02040991164c" + "3056020100300d06092a864886f70d010101050004423040020100020900a", + "b240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf302", + "0500d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f" ))]; assert_tokens(&priv_key.clone().readable(), &priv_tokens); let priv_tokens = [Token::Str( - "3024300d06092a864886f70d01010105000313003010020900aecdb5fae1b092570203010001", + "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", )]; assert_tokens( &RsaPublicKey::from(priv_key.clone()).readable(), diff --git a/src/oaep/decrypting_key.rs b/src/oaep/decrypting_key.rs index 4009734b..70d759bf 100644 --- a/src/oaep/decrypting_key.rs +++ b/src/oaep/decrypting_key.rs @@ -117,9 +117,9 @@ mod tests { }, Token::Str("inner"), Token::Str(concat!( - "3054020100300d06092a864886f70d01010105000440303e020100020900ae", - "cdb5fae1b092570203010001020869bf9ae9d6712899020500d2aaa7250205", - "00d46b68cb020500887e253902047b4e3a4f02040991164c", + "3056020100300d06092a864886f70d010101050004423040020100020900ab", + "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205", + "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f" )), Token::Str("label"), Token::None, diff --git a/src/oaep/encrypting_key.rs b/src/oaep/encrypting_key.rs index 4a0cbd71..60524a21 100644 --- a/src/oaep/encrypting_key.rs +++ b/src/oaep/encrypting_key.rs @@ -90,7 +90,7 @@ mod tests { }, Token::Str("inner"), Token::Str( - "3024300d06092a864886f70d01010105000313003010020900aecdb5fae1b092570203010001", + "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", ), Token::Str("label"), Token::None, diff --git a/src/pkcs1v15/decrypting_key.rs b/src/pkcs1v15/decrypting_key.rs index c641f787..f5c36922 100644 --- a/src/pkcs1v15/decrypting_key.rs +++ b/src/pkcs1v15/decrypting_key.rs @@ -73,9 +73,9 @@ mod tests { }, Token::Str("inner"), Token::Str(concat!( - "3054020100300d06092a864886f70d01010105000440303e020100020900ae", - "cdb5fae1b092570203010001020869bf9ae9d6712899020500d2aaa7250205", - "00d46b68cb020500887e253902047b4e3a4f02040991164c" + "3056020100300d06092a864886f70d010101050004423040020100020900ab", + "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205", + "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f" )), Token::StructEnd, ]; diff --git a/src/pkcs1v15/encrypting_key.rs b/src/pkcs1v15/encrypting_key.rs index aaefbafb..0999f88b 100644 --- a/src/pkcs1v15/encrypting_key.rs +++ b/src/pkcs1v15/encrypting_key.rs @@ -47,7 +47,7 @@ mod tests { }, Token::Str("inner"), Token::Str( - "3024300d06092a864886f70d01010105000313003010020900aecdb5fae1b092570203010001", + "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", ), Token::StructEnd, ]; diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs index badef88b..04c0d30f 100644 --- a/src/pkcs1v15/signing_key.rs +++ b/src/pkcs1v15/signing_key.rs @@ -309,9 +309,9 @@ mod tests { let signing_key = SigningKey::::new(priv_key); let tokens = [Token::Str(concat!( - "3054020100300d06092a864886f70d01010105000440303e020100020900aecdb5", - "fae1b092570203010001020869bf9ae9d6712899020500d2aaa725020500d46b68", - "cb020500887e253902047b4e3a4f02040991164c" + "3056020100300d06092a864886f70d010101050004423040020100020900ab240c", + "3361d02e370203010001020811e54a15259d22f9020500ceff5cf3020500d3a7aa", + "ad020500ccaddf17020500cb529d3d020500bb526d6f", ))]; assert_tokens(&signing_key.readable(), &tokens); diff --git a/src/pkcs1v15/verifying_key.rs b/src/pkcs1v15/verifying_key.rs index ed58fa6e..e5121e9b 100644 --- a/src/pkcs1v15/verifying_key.rs +++ b/src/pkcs1v15/verifying_key.rs @@ -256,7 +256,7 @@ mod tests { let verifying_key = VerifyingKey::::new(pub_key); let tokens = [Token::Str( - "3024300d06092a864886f70d01010105000313003010020900aecdb5fae1b092570203010001", + "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", )]; assert_tokens(&verifying_key.readable(), &tokens); diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs index bf498a61..6de1cf16 100644 --- a/src/pss/blinded_signing_key.rs +++ b/src/pss/blinded_signing_key.rs @@ -267,9 +267,9 @@ mod tests { ); let tokens = [Token::Str(concat!( - "3054020100300d06092a864886f70d01010105000440303e020100020900aecdb5", - "fae1b092570203010001020869bf9ae9d6712899020500d2aaa725020500d46b68", - "cb020500887e253902047b4e3a4f02040991164c", + "3056020100300d06092a864886f70d010101050004423040020100020900ab240c", + "3361d02e370203010001020811e54a15259d22f9020500ceff5cf3020500d3a7aa", + "ad020500ccaddf17020500cb529d3d020500bb526d6f" ))]; assert_tokens(&signing_key.readable(), &tokens); } diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs index eaddec2e..17c46a8e 100644 --- a/src/pss/signing_key.rs +++ b/src/pss/signing_key.rs @@ -291,9 +291,9 @@ mod tests { let signing_key = SigningKey::::new(priv_key); let tokens = [Token::Str(concat!( - "3054020100300d06092a864886f70d01010105000440303e020100020900aecdb5", - "fae1b092570203010001020869bf9ae9d6712899020500d2aaa725020500d46b68", - "cb020500887e253902047b4e3a4f02040991164c", + "3056020100300d06092a864886f70d010101050004423040020100020900ab240c", + "3361d02e370203010001020811e54a15259d22f9020500ceff5cf3020500d3a7aa", + "ad020500ccaddf17020500cb529d3d020500bb526d6f" ))]; assert_tokens(&signing_key.readable(), &tokens); diff --git a/src/pss/verifying_key.rs b/src/pss/verifying_key.rs index 75bb6809..1aebd635 100644 --- a/src/pss/verifying_key.rs +++ b/src/pss/verifying_key.rs @@ -233,7 +233,7 @@ mod tests { let verifying_key = VerifyingKey::::new(pub_key); let tokens = [Token::Str( - "3024300d06092a864886f70d01010105000313003010020900aecdb5fae1b092570203010001", + "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", )]; assert_tokens(&verifying_key.readable(), &tokens);