feat: add RSA builtin functions for signing (implemented in Haskell) #4932
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR introduces 2 new builtin functions which can be used to sign a message with a RSA private key, and verify the signature with the corresponding RSA public key.
This is best shown as a transcript:
The output is:
The
base
library, before this PR, only contains thecrypto.Ed25519.sign
andcrypto.Ed25519.verify
functions (mentioned in this issue, which is still opened).Implementation notes
The implementation adds two functions to the list of builtin functions, and implements them using:
asn1-encoding
library in order to decode both the private key and the public key as ASN1 data structures from which aPrivateKey
andPublicKey
can be createdcryptonite
library to call the underlyingsign
andverify
functions.Interesting/controversial decisions
Types
The signatures of those 2 functions involve untyped bytestrings but the content of those bytestrings is very specific (see the transcript above). In terms of usage inside a Unison code base it would be nice to provide better types. For example:
crypto.rsa.PublicKey
,crypto.rsa.PrivateKey
,crypto.rsa.Signature
.Signature generation
The
cryptonite
library gives the possibility to create a safer signature by using aBlinder
. However this requires the introduction ofMonadRandom
and I didn't evaluate what would be the necessary changes to support this.Racket implementation
This should be the next step. There is already a Racket backend for the
Ed25519
functions, so we could do something similar for the RSA functions.Test coverage
The test coverage is provided by:
rsa.md
transcript at a high level.Loose ends
The three points mentioned in "Interesting/controversial decisions" could be revisited.