zpcprovider for sign/verify (ecdsa/eddsa)#41
Conversation
|
Are you looking at the Travis build failures? You might need to build OpenSSL from source to have a 3.5.0 version to build against. |
|
Yes, a fix for the travis is in progress. It looks like travis only provides 3.0 out of the box. So I'll build my own. At least 3.5, better 4.0. |
holger-dengler
force-pushed
the
provider-sign
branch
2 times, most recently
from
7c72889 to
1659e06
Compare
|
The update contains:
|
holger-dengler
force-pushed
the
provider-sign
branch
from
9258c6f to
6d1b3d8
Compare
|
Another update (force push) to remove the merge conflicts and add a fix for travis. |
|
I would suggest to also add tests that utilize the openssl application to use protected key origins. For example, creating/signing a certificate with a protected key origin specified via URI or PEM using |
I plan to rework the test. |
|
I would move the provider sources into a subdirectory, e.g. |
|
I would postpone the source code restructuring until the provider transition is done (symmetric cipher, secure-key origins etc). There will be eventually also some removal of no longer used code. |
holger-dengler
force-pushed
the
provider-sign
branch
from
6d1b3d8 to
690f619
Compare
Add a module build target for the zpcprovider. Other than shared objects, the provider module has no so-name and also no API versioning. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
The provider-specific key object structure is shared between the provider components and references to the internal zpc-key structure(s). Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
A hbkzpc-URI references a hardware-backed key origin. The parser destructs the URI into key-value pairs. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Add internal object build target for uri. The internal object can be shared between targets. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
The mapping helpers provide mappings between e.g. algorithm strings and algorithm-related values. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Introduce a store-loader for hbkzpc-URI based keys. The store-loader creates a provider-specific key object and adds relevant information from the URI. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Introduce a asymmetric key management to map the provider-specific key object to a intern zpc-key. Not supported: - key generation - key import Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Add helpers to generate DER-encoded algorithm-ids based on key and digest information. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Add signature algorithms for sign/verify with ECDSA and EDDSA keys. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Add the supported TLS properties for the zpcprovider. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
The ASN.1 module provides DER en-/decoding for hbkzpc-URIs. These functions are required for the decoder/encoder support. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Add internal object build target for ASN.1 module. The internal object can be shared between targets. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Add decoders for PEM and DER to support hbkzpc-URI files. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
To use the zpc functionality via the OpenSSL API, the zpcprovider has to be defined in the OpenSSL configuration. The build configures the template and creates a `openssl.cnf` file, which can be used for test purposes. The configuration file will be created in the build output folder. The build also configures a second template and creates a configuration drop-in file `zpcprovider.cnf`. This file can be included in existing OpenSSL configuration files. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
The scripts set breakpoints for to all zpcprovider functions, which are called by the OpenSSL provider API (dispatch functions). Each zpcprovider component has its own gdb-script. Sourcing multiple scripts is possible. Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
holger-dengler
force-pushed
the
provider-sign
branch
from
996860e to
be9e7a9
Compare
|
New PR versions:
The review of hbkzpcprovider.conf.5 is still pending. |
| static const OSSL_DISPATCH ed448_functions[] = { | ||
| DISPATCH_DEFN(SIGNATURE, NEWCTX, ed448_newctx), | ||
| DISPATCH_DEFN(SIGNATURE, FREECTX, sig_freectx), | ||
| DISPATCH_DEFN(SIGNATURE, DUPCTX, sig_dupctx), |
There was a problem hiding this comment.
Is DUPCTX intentionally only added here (for Ed448), but not for Ed25519 and ECDSA above?
There was a problem hiding this comment.
Good catch. Fixed.
|
|
||
| DISPATCH_END, | ||
| }; | ||
|
|
There was a problem hiding this comment.
You might also want to implement the query_key_types function for all 3 signature methods.
This function should just return an NULL terminated array of strings with one element "EC", "ED25519" and "ED448" respectively. See default provider implementation.
Not sure how important this is, but evp_pkey_signature_init() does call it if its available.
There was a problem hiding this comment.
It looks like the dispatch function has been introduced with openssl 3.4. I'll look into it.
| OPENSSL_free(sctx); | ||
| } | ||
|
|
||
| #if OPENSSL_VERSION_NUMBER < 0x30100000L |
There was a problem hiding this comment.
Better use #if OPENSSL_VERSION_PREREQ(3, 1) this is easier to read.
There was a problem hiding this comment.
Ok, but I have to invert the check. Version >= v3.1 provides already the MD_CTX_dup() function.
There was a problem hiding this comment.
yea, use #if !OPENSSL_VERSION_PREREQ(3, 1) then :-)
|
|
||
| /* protected key compare */ | ||
| if (ec_key1->key_set && ec_key2->key_set && | ||
| memcmp(ec_key1->prot.protkey, ec_key2->prot.protkey, |
There was a problem hiding this comment.
Bob recommends to use memcmp_consttime() here and also above for comparing the public key to not leak any timing... Not sure if its that critical, since both the public key and a protected key can't really leak any sensitive information. Nevertheless, if its that easy to just use memcmp_consttime() then maybe its better to do it.
There was a problem hiding this comment.
Hm, I'm not aware of memcmp_consttime(). It seems not to be part of glibc. But I can use CRYPTO_memcmp() from OpenSSL instead.
There was a problem hiding this comment.
Its part of the libzpc source code. libzpc uses it at several places.
See:
Line 28 in dcdc591
There was a problem hiding this comment.
Seems to be implemented in https://github.com/opencryptoki/libzpc/blob/main/src/misc_asm.S
There was a problem hiding this comment.
Oh, I missed that implementation.
2 participants
This PR requires PR #40.
This PR adds OpenSSL provider support for libzpc. This first version covers the main functionality for store, keymgmt, sign/verify and decoder support.
As the series add a lot of new code, it is split into many commits to make the review (hopefully) a bit easier.
ToDo:
Restriction:
tprovider.c.