formats icon indicating copy to clipboard operation
formats copied to clipboard
verified publisher icon RustCrypto

ECC in CMS support

Open nemynm opened this issue 1 year ago • 5 comments

Hello,

I believe that the current code base does not support EnvelopedData with Elliptic Curve Cryptography (ECC) for CMS. Would you be interested in a code contribution that would bring partial CMS ECC support as per rfc5753?

I could contribute some code that would essentially implement KeyAgreeRecipientInfoBuilder for KeyAgreeRecipientInfo (Kari).

It would not implement all the KeyAgreement algorithms mentioned in the RFC as I think that RustCrypto does not currently have all the primitive to fully support other KeyAgreement schemes (namely 'Co-factor' ECDH and 1-Pass ECMQV). As such it would mainly focus on EnvelopedData Using (ephemeral-static) ECDH with 'Standard' ECDH

A few initial prerequisite would be:

  • ANSI-X9.63-KDF support - (~~Pending - I already opened a PR in KDFs~~ Done in https://github.com/RustCrypto/KDFs/issues/101)
  • Missing OIDs from rfc5753 - ~~I can open another issue here if there is interest~~ (~~Pending~~ Done in https://github.com/RustCrypto/formats/issues/1546).

Thank you and let me know your thoughts,

Best,

nemynm avatar Oct 06 '24 18:10 nemynm

Sure, sounds great!

Re: OIDs for RFC5753, that should be pretty easy to add: https://github.com/RustCrypto/formats/tree/master/const-oid/oiddbgen

Please open a separate issue and/or PR for that

tarcieri avatar Oct 06 '24 23:10 tarcieri

Sure, sounds great!

Re: OIDs for RFC5753, that should be pretty easy to add: https://github.com/RustCrypto/formats/tree/master/const-oid/oiddbgen

Please open a separate issue and/or PR for that

Great thanks, I opened https://github.com/RustCrypto/formats/issues/1546 for the OIDs.

I'll prepare a PR for ECC support itself.

Thanks!

nemynm avatar Oct 07 '24 12:10 nemynm

Hello, I have a branch almost ready (I need to rebase), Quick question before I open the PR: right now the dependency for the key-derivation function points to the RustCrypto KDFs git repo as the new crate for ansi-x963-kdf is not yet published. Is that acceptable for review or do you want to wait until the new crate is published on crates.io?

nemynm avatar Oct 20 '24 13:10 nemynm

You can add a git dependency, that's fine

tarcieri avatar Oct 20 '24 13:10 tarcieri

here it is, I put things into separate modules for the sake of clarity and limit conflicts as I think some other PR are working on the builder-side too.

nemynm avatar Oct 20 '24 16:10 nemynm