feat: add ES512 algorithm support using P-521 elliptic curve#478
feat: add ES512 algorithm support using P-521 elliptic curve#478arsenin-kitsoft wants to merge 6 commits intoKeats:masterfrom
Conversation
arsenin-kitsoft
changed the title
arsenin-kitsoft
changed the title
|
I didn't see that PR. Can you rebase? |
- Add p521 dependency to Cargo.toml (version 0.13.0 with ecdsa feature) - Add ES512 to Algorithm enum and AlgorithmFamily mappings - Implement ES512 signer and verifier using P521 elliptic curve - Register Es512Signer and Es512Verifier in CryptoProvider factory - Add ES512 to KeyAlgorithm enum for JWK support - Custom macros for P521 due to API differences (no from_pkcs8_der, no sign_recoverable) - Manual PKCS8 extraction for 66-byte P521 private key - Add comprehensive ES512 tests (3 new test functions) - Create ES512 test keys in both PEM and PKCS8 formats - Gate ES512 tests behind use_pem feature flag
arsenin-kitsoft
force-pushed
the
master
branch
from
1fce73b to
fd96c1c
Compare
|
Couldn't rebase, but reapplied changes manually instead. Passes tests with green. |
|
@Keats can you please take another look at this PR? |
|
Ci is failing |
…ackends - Add 'pkcs8' feature to p521 dependency so SigningKey521 implements DecodePrivateKey - Replace broken manual DER parser with from_pkcs8_der in Es512Signer::new - Replace manual DER parser in extract_ec_public_key_coordinates ES512 arm (mod.rs) - Add Es512Signer / Es512Verifier to aws_lc_rs backend using ECDSA_P521_SHA512_FIXED - Wire Algorithm::ES512 into aws_lc new_signer / new_verifier match arms
|
@Keats Fixed CI issues that I could replicate locally. Please verify. |
| p384 = { version = "0.13.0", optional = true, features = ["ecdsa"] } | ||
| p256 = { version = "0.13.2", optional = true, features = ["ecdsa", "pkcs8"] } | ||
| p384 = { version = "0.13.0", optional = true, features = ["ecdsa", "pkcs8"] } | ||
| p521 = { version = "0.13.0", optional = true, features = ["ecdsa", "pkcs8"] } |
There was a problem hiding this comment.
There is a 0.14-rc8 published recently on crates.io, 0.13 is 2 years old. I think the new version might make the rust-crypto code easier?
There was a problem hiding this comment.
0.14 is in heavy development for the last half year, based on rc history. Are you sure you want an rc dep in your crate?
There was a problem hiding this comment.
p256 and p384 are the same story. I've tried to update them all to latest rc and tests were not failing, but I don't think this should be in scope for this particular PR.
There was a problem hiding this comment.
@Keats plz confirm if you want to update all p* crates (same maintainer) to rc version or we could skip it for now.
3 participants
Suggested changes for !250