-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove libcrypto (use tutasdk RSA impl for iOS/Android) #7344
Conversation
7898bf1
to
a95edf8
Compare
c3a0d6a
to
746ccf4
Compare
027ee99
to
c8c3b27
Compare
A couple comments after quickly looking over all of this:
|
f7a35fb
to
3fb9b6b
Compare
let prime_p = Zeroizing::new(prime_p); | ||
let prime_q = Zeroizing::new(prime_q); | ||
|
||
let modulus = Zeroizing::new(BASE64_STANDARD.decode(modulus).map_err(|_| RSAError::InvalidKey { reason: "modulus is not valid base64".to_owned() })?); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like all the base64 should be done outside but also this is how RSA keys always are so maybe it's fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It probably shouldn't be in base64 to begin with. I'm fairly certain we don't store it as base64, and it is just an intermediate format on the TypeScript side.
We could move the base64 decoding to the TypeScript side, but since this method will anyway be invoked from TypeScript, it doesn't really change anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assumed we store them like this but turns out it's really us??
function _arrayToPrivateKey(privateKey: BigInteger[]): RsaPrivateKey { |
whyyy
we should get rid of it at some point
87aff17
to
1570c6a
Compare
1570c6a
to
c1a87eb
Compare
fbc3b43
to
9801633
Compare
9801633
to
6a7b8e7
Compare
6a7b8e7
to
d0458e5
Compare
Our usage of libcrypto (OpenSSL) had a lot of issues. For example, it was compiled a long time ago and the only Macs it ran on were x86 Macs. As such, we were unable to run tests on newer ARM-based Macs. We had a recompiled version made a long time ago that worked on new Mac, but it was postponed, and now that it is months out of date and uses the old build system (xcodeproj instead of xcodegen), it is way less work to just switch to using the SDK. We do this with Kyber anyway... Closes #6603
We no longer use libcrypto in builds, so we are not beholden to an x86 dependency for simulator. Bumping xcode version also fixes PinsStorage issue from earlier.
This brings it in line with the earlier iOS change. It also means we can test encryption results, since seeds are accepted.
d0458e5
to
e2c9eee
Compare
Closes #6603