Enum cosmian_crypto_core::RsaKeyWrappingAlgorithm

source · 
pub enum RsaKeyWrappingAlgorithm {
    Pkcs1v1_5,
    OaepSha256,
    OaepSha1,
    OaepSha3,
    Aes256Sha256,
    Aes256Sha1,
    Aes256Sha3,
}
Expand description

Supported PKCS#11 compatible key wrapping algorithms for RSA

If in doubt, use the Aes256Sha256 algorithm with a 3072 bits RSA key.

Check the PKCS#11 OASIS specification for more details [https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/pkcs11-curr-v3.0.html]

For Google Cloud KMS compatibility, check: [https://cloud.google.com/kms/docs/key-wrapping?hl=en]

Variants§

§

Pkcs1v1_5

PKCS #1 v1.5 RS following PKCS#11 CKM_RSA_PKCS The maximum possible plaintext length is m = k - 11, where k is the size of the RSA modulus.

§

OaepSha256

PKCS #1 RSA with OAEP block format following PKCS#11 CKM_RSA_PKCS_OAEP The hash function used is SHA256 The maximum possible plaintext length is m = k - 2 * h_len - 2, where k is the size of the RSA modulus and h_len is the size of the hash of the optional label.

§

OaepSha1

PKCS #1 RSA with OAEP block format following PKCS#11 CKM_RSA_PKCS_OAEP The hash function used is SHA1. For that reason this algorithm is not recommended and is only kept here for compatibility with legacy systems. The maximum possible plaintext length is m = k - 2 * h_len

  • 2, where k is the size of the RSA modulus and h_len is the size of the hash of the optional label. This algorithm is compatible with Google Cloud KMS
  • RSA_OAEP_3072_SHA256 with RSA 3072 bits key
  • RSA_OAEP_4096_SHA256 with RSA 4096 bits key
§

OaepSha3

PKCS #1 RSA with OAEP block format following PKCS#11 CKM_RSA_PKCS_OAEP The hash function used is SHA3. and is only kept here for compatibility with legacy systems. The maximum possible plaintext length is m = k - 2 * h_len - 2, where k is the size of the RSA modulus and h_len is the size of the hash of the optional label.

§

Aes256Sha256

Key wrap with AES following PKCS#11 CKM_RSA_AES_KEY_WRAP using an AES key of 256 bits. The hash function used is SHA256. The AES wrapping follows the RFC 5649 which is compatible with PKCS#11 CKM_AES_KEY_WRAP_KWP since there is no limitation on the size of the plaintext; the recommended plaintext format for an EC Private key is PKCS#8. This is the recommended key wrapping algorithm. This algorithm is compatible with Google Cloud KMS

  • RSA_OAEP_3072_SHA256_AES_256 for RSA 3072 bits key
  • RSA_OAEP_4096_SHA256_AES_256 for RSA 4096 bits key
§

Aes256Sha1

Key wrap with AES following PKCS#11 CKM_RSA_AES_KEY_WRAP using an AES key of 256 bits. The hash function used is SHA1. For that reason this algorithm is not recommended and is only kept here for compatibility with legacy systems. The AES wrapping follows the RFC 5649 which is compatible with PKCS#11 CKM_AES_KEY_WRAP_KWP since there is no limitation on the size of the plaintext; the recommended plaintext format for an EC Private key is PKCS#8. This algorithm is compatible with Google Cloud KMS

  • RSA_OAEP_3072_SHA1_AES_256 for RSA 3072 bits key
  • RSA_OAEP_4096_SHA1_AES_256 for RSA 4096 bits key
§

Aes256Sha3

Key wrap with AES following PKCS#11 CKM_RSA_AES_KEY_WRAP using an AES key of 256 bits. The hash function used is SHA3-256 (defined in FIPS 202). The AES wrapping follows the RFC 5649 which is compatible with PKCS#11 CKM_AES_KEY_WRAP_KWP since there is no limitation on the size of the plaintext; the recommended plaintext format for an EC Private key is PKCS#8.

Trait Implementations§

source§

impl Clone for RsaKeyWrappingAlgorithm

source§

fn clone(&self) -> RsaKeyWrappingAlgorithm

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for RsaKeyWrappingAlgorithm

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl PartialEq for RsaKeyWrappingAlgorithm

source§

fn eq(&self, other: &RsaKeyWrappingAlgorithm) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Copy for RsaKeyWrappingAlgorithm

source§

impl Eq for RsaKeyWrappingAlgorithm

source§

impl StructuralPartialEq for RsaKeyWrappingAlgorithm

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V