Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for wrapping EC keys + RSA wrapping fixes/comments/questions #5

Merged
merged 8 commits into from
Mar 1, 2024
Merged

Support for wrapping EC keys + RSA wrapping fixes/comments/questions #5

merged 8 commits into from
Mar 1, 2024

Conversation

Jakuje
Copy link
Contributor

@Jakuje Jakuje commented Feb 28, 2024

Fixes also unwrapping for RSA keys, but we might need better solution.

I think the DerEncBigUint ensures the BN is unsigned and starts with zero byte, which is something we do not want when we import the BN as a modulus as you are using the modulus size to enforce the buffer size. Without stripping the null byte from the modulus, the operation requires 257 B buffer for signature and verification of this signature does not work.

The RSA wrapping is also using the RSAPrivateKey ASN1 directly, but from my reading of the PKCS#11 specification, we should use PrivateKeyInfo. This not obvious for RSA keys as everything needed is in the inner object, but EC keys needs the privateKeyAlgorithm field to learn what curve is used, if I read it right.

Keeping it as a draft as there is more quesitons to resolve before merging.

@Jakuje Jakuje requested a review from simo5 February 28, 2024 15:56
simo5
simo5 reviewed Feb 28, 2024
View reviewed changes
Copy link
Member

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left some suggestions/comments, the general changes look good to me.

src/rsa.rs Outdated Show resolved Hide resolved
src/ecc.rs Outdated Show resolved Hide resolved
src/ecc.rs Outdated Show resolved Hide resolved
src/rsa.rs Outdated Show resolved Hide resolved
simo5
simo5 requested changes Feb 29, 2024
View reviewed changes
Copy link
Member

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks most of the work looks really nice.

There are a few things I think would be beneficial to do slightly differently though.

src/kasn1.rs Show resolved Hide resolved
src/kasn1.rs Outdated Show resolved Hide resolved
src/kasn1.rs Show resolved Hide resolved
src/rsa.rs Show resolved Hide resolved
src/rsa.rs Outdated Show resolved Hide resolved
src/rsa.rs Outdated Show resolved Hide resolved
@Jakuje Jakuje force-pushed the ecc-wrap branch 2 times, most recently from c738707 to 2982d52 Compare March 1, 2024 14:32
@simo5 simo5 changed the title Draft: Support for wrapping EC keys + RSA wrapping fixes/comments/questions Support for wrapping EC keys + RSA wrapping fixes/comments/questions Mar 1, 2024
Jakuje added 8 commits March 1, 2024 17:42
@Jakuje
README: Fix command formatting
4d465e4 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
kasn1: Avoid hardcoding tag for DerEncBigUint
2a590ce 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
rsa: Avoid leading zeroes in modulus when unwrapping keys
837a7b7 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
tests: Verify the unwrapped RSA key can be used for signature operation
b443175 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
Support EC key Wrapping and Unwrapping
31cf442 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
test: Verify functionality of EC keys Wrapping and unwrapping
8ab074f 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
rsa: Use PrivateKeyInfo for wrapping/unwrapping keys
032fbc4 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje
ecc: Use const OIDs to avoid parsing and converting them over and over
e997f56 
Signed-off-by: Jakub Jelen <[email protected]>
@Jakuje Jakuje mentioned this pull request Mar 1, 2024
Closed
@Jakuje Jakuje merged commit f02ec95 into latchset:main Mar 1, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simo5 simo5 simo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jakuje @simo5