Add RSA support on encodeString

[Inder00]

Fixes #2097
This pull request adds RSA Support.

generateKeyPair

string, string generateKeyPair( string algorithm, table options, [ function callback ])

Available algorithms: rsa
Return strings representing private and public key

RSA on encode/decodeString

string encodeString( "rsa", string, { key = publicKey })
string decodeString( "rsa", string, { key = privateKey})

Resource for testing: rsatest.zip
Thank you.

[Inder00]

Changed enum name because of #2016 (comment)

[Pirulax]

I think the returned key should be in hex for consistency with other stuff we already have (like md5) What do others think?

React with emojis.

[AlexTMjugador]

I think that representing keys with hexadecimal characters in this PR would go against the precedents set by the encodeString and teaEncode functions to treat encryption keys as binary strings. Therefore, in my opinion, treating keys as binary strings in this PR minimizes Lua API perplexity.

However, I agree that hash functions should continue to return hexadecimal strings for their results.

[Pirulax]

LGTM if the test resource passes.

[sbx320]

Some minor things.

Also we need some nicer way of handling async callbacks... too much duplicaiton here. I'll have a look for getting a generalized solution for it going. Doesn't matter for this PR though.

[Inder00]

@sbx320 review

[Inder00]

To the moon 🚀

[Inder00]

To the moon 🚀 (review)

[AlexTMjugador]

This is better exception handling than just ignoring it and returning false. However, I'm not sure if we want to expose scripts to the implementation-defined messages of CryptoPP. According to the docs, it should be feasible to get an error type and control what string is logged ourselves.

[Inder00]

That was @Pirulax idea to expose exception cause

[AlexTMjugador]

I agree with exposing the exception cause somehow. But I'm not sure if we want to potentially make backwards compatibility more complicated just because some script decided to rely on some precise warning text. This is a pretty minor and far-fetched concern, though, and I'd be happy with this merged as-is.

[AlexTMjugador]

About the removed tests, I think @sbx320 was not pointing that they were unnecessary and should be removed, but that they were not that useful either because they just tested the entire encryption-decryption cycle, and as such a trivial identity function implementation would also satisfy those tests.

I think that tests are useful for this PR and belong to it, as long as they test encryption and decryption separately: at least one test should test that encryption of a known plaintext with a known key-pair and cipher parameters yields the expected ciphertext, and at least other test should check that decryption of another ciphertext is able to yield back the plaintext.

[Inder00]

About the removed tests, I think @sbx320 was not pointing that they were unnecessary and should be removed, but that they were not that useful either because they just tested the entire encryption-decryption cycle, and as such a trivial identity function implementation would also satisfy those tests.

I think that tests are useful for this PR and belong to it, as long as they test encryption and decryption separately: at least one test should test that encryption of a known plaintext with a known key-pair and cipher parameters yields the expected ciphertext, and at least other test should check that decryption of another ciphertext is able to yield back the plaintext.

Test has been applied:

• Encryption: encrypts data using random keypair (encrypt, decrypt and then compare) - encrypt cannot be compared as static data because used RSA encryption scheme OAEP using SHA outputs different encrypted data each time - have to be decrypted to compare.
• Decryption: decrypts encrypted data in string using private key stored in another string and compare decypted data with expected data.

[AlexTMjugador]

Design-wise this looks fine to me, but I have not tested it, and other people might have some stylistic feedback.

[Inder00]

Design-wise this looks fine to me, but I have not tested it, and other people might have some stylistic feedback.

Thanks for review, a test resource is included in pr 🚀

[Inder00]

Review someone 🔥

[TheNormalnij]

Code looks well now. I think it should be refactored into "strategy" pattern with next added algorithm.

Github bug? I don't see unresolved thread

[sbx320]

@TheNormalnij not a bug.

Github keeps it as "Changes Requested" regardless of unresolved threads, as there may be changes requested in a top level comment.