oaep: support non-string labels #467

baloo · 2025-01-30T06:04:20Z

This rework oaep to support non-string labels.
One use-case is encryption of secrets in TPM.

https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=297
Section B.4 RSAES_OAEP

For RSA keys protecting a secret value (such as, an encryption key or a session secret), the L parameter
is a byte stream, the last byte of which must be zero, indicating the intended use of the encrypted value.

That would look like:

    let encrypted_seed = {
        let padding = Oaep::new_with_label::<EkHash, _>(b"IDENTITY\0".to_vec());
        let enc_data = ek_public
            .encrypt(&mut rng, padding, &random_seed[..])
            .expect("failed to encrypt");
        enc_data
    };

baloo · 2025-01-30T06:14:10Z

I'm pulling this PR in parallaxsecond/rust-tss-esapi#563

tarcieri · 2025-02-13T16:01:27Z

@baloo can you rebase?

oaep: support non-string labels

dd0b96f

baloo force-pushed the baloo/oaep/non-string-label branch from b265411 to dd0b96f Compare February 13, 2025 17:12

tarcieri approved these changes Feb 13, 2025

View reviewed changes

tarcieri requested a review from dignifiedquire February 13, 2025 17:43

dignifiedquire approved these changes Feb 13, 2025

View reviewed changes

tarcieri merged commit 8e8bd6a into RustCrypto:master Feb 13, 2025
11 checks passed

baloo deleted the baloo/oaep/non-string-label branch February 13, 2025 22:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

oaep: support non-string labels #467

oaep: support non-string labels #467

baloo commented Jan 30, 2025

baloo commented Jan 30, 2025

tarcieri commented Feb 13, 2025

oaep: support non-string labels #467

oaep: support non-string labels #467

Conversation

baloo commented Jan 30, 2025

baloo commented Jan 30, 2025

tarcieri commented Feb 13, 2025