git.bitcoin.ninja Git - dnssec-prover/commit

author	Matt Corallo <git@bluematt.me>
	Sun, 3 Mar 2024 14:23:39 +0000 (14:23 +0000)
committer	Matt Corallo <git@bluematt.me>
	Wed, 3 Apr 2024 09:14:24 +0000 (09:14 +0000)
commit	9bfff3609162efcca02310d4d9231054b6d824fd
tree	be6c872a02823f6a8e3960eaafba2c4514cf97c5	tree \| snapshot
parent	377d3b0f56a82cc2167f5d00d127f161a87f3d2a	commit \| diff

Add a relatively simple mostly-const-fn bigint math implementation

While `ring` is great, it struggles with platform support and has a
fairly involved dependency tree due to its reliance on C backends.

Further, while the `RustCrypto` org tries to stick to Rust, in
doing so it takes on more (unnecessary) dependencies and has a
particularly unusable MSRV policy. Finally, its contributor base
has historically not been particularly friendly.

Thus, sadly, there's not really a good option for doing RSA
validation using a third-party crate.

Instead, in the next commit we'll go our own way and add an
in-crate RSA validator. This takes the first step, adding a bigint
implementation that works up to 4096 bits (the longest allowed RSA
keys in the DNS).

Sadly, once we get to EC math we'll really want most of our math
operations to be const fns, which provides some additional limits.
Absent a better way to do subslicing on rustc 1.63, this commit
introduces a dependency on the `const_slice_from_raw_parts`
feature, which appears to work fine on 1.63 with
`RUSTC_BOOTSTRAP=1` set, and was stabilized in 1.64.

Cargo.toml		diff \| blob \| history
fuzz/Cargo.toml		diff \| blob \| history
fuzz/src/bigint_math.rs	[new file with mode: 0644]	blob
src/crypto/bigint.rs	[new file with mode: 0644]	blob
src/crypto/mod.rs		diff \| blob \| history
src/http.rs		diff \| blob \| history
src/lib.rs		diff \| blob \| history
test.sh		diff \| blob \| history