RSAOAEP: Add support for passing labels #27

gdams · 2024-12-23T22:21:22Z

fixes: #22

qmuntal · 2024-12-24T07:21:23Z

xcrypto/rsa.go

+		if len(plaintext) < len(labelHash) {
+			return nil, errors.New("invalid ciphertext: missing label hash")
+		}
+		// Extract and verify the label hash
+		if !bytes.Equal(plaintext[:len(labelHash)], labelHash) {
+			return nil, errors.New("invalid label hash")
+		}


(Almost) never use bytes.Equal in crypto code, as it is vulnerable to oracle side channel attacks. Use suble.ConstantTimeCompare. Also, don't short-circuit if the length are not equal, for the same reason.

qmuntal · 2024-12-24T07:24:31Z

xcrypto/rsa_test.go

 	}
 }

 func TestRSAEncryptDecryptOAEP(t *testing.T) {


Test that upstream crypto/rsa can decrypt ciphertexts (with labels) generated by us and vice-versa.

RSAOAEP: Add support for passing labels

a4c2b05

gdams requested a review from qmuntal December 23, 2024 22:21

karianna approved these changes Dec 23, 2024

View reviewed changes

gdams marked this pull request as draft December 23, 2024 22:36

qmuntal requested changes Dec 24, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RSAOAEP: Add support for passing labels #27

RSAOAEP: Add support for passing labels #27

Uh oh!

gdams commented Dec 23, 2024

Uh oh!

qmuntal Dec 24, 2024

Uh oh!

qmuntal Dec 24, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

RSAOAEP: Add support for passing labels #27

Are you sure you want to change the base?

RSAOAEP: Add support for passing labels #27

Uh oh!

Conversation

gdams commented Dec 23, 2024

Uh oh!

qmuntal Dec 24, 2024

Choose a reason for hiding this comment

Uh oh!

qmuntal Dec 24, 2024

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants