Skip to content

Add RSA-PSS support for handshake #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
May 16, 2024
Merged

Add RSA-PSS support for handshake #60

merged 16 commits into from
May 16, 2024

Conversation

gowthamsk-arm
Copy link
Collaborator

Signed-off-by: Gowtham Suresh Kumar gowtham.sureshkumar@arm.com

@tgonzalezorlandoarm tgonzalezorlandoarm changed the base branch from main to gsk/handshake_parsec May 15, 2024 16:59
tgonzalezorlandoarm
tgonzalezorlandoarm requested changes May 15, 2024
View reviewed changes
Copy link
Member

@tgonzalezorlandoarm tgonzalezorlandoarm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments

parsec-openssl-provider/src/keymgmt/mod.rs Outdated
pub unsafe extern "C" fn parsec_provider_kmgmt_gettable_params(
_provctx: VOID_PTR,
) -> *const OSSL_PARAM {
println!("In func parsec_provider_kmgmt_GETTABLE_params");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please remove this print?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dropped it now.

parsec-openssl-provider/src/keymgmt/mod.rs
.map_err(|_| "OSSL_PKEY_PARAM_RSA_E not found".to_string())?;

let mut exp = slice::from_raw_parts(exp_param.data as *const u8, exp_param.data_size).to_vec();
//ToDo: endianess
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto with the todo

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will fix it.

parsec-openssl-provider/src/keymgmt/mod.rs
}
} else {
Ok(OPENSSL_SUCCESS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: "keys"

parsec-openssl-provider/src/keymgmt/mod.rs Outdated
PARSEC_PROVIDER_DESCRIPTION_ECDSA
),
pub const PARSEC_PROVIDER_KEYMGMT: [OSSL_ALGORITHM; 2] = [
// ossl_algorithm!(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it necessary to comment it out?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will drop this.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushed a new commit as I had removed some const in another commit.

@tgonzalezorlandoarm tgonzalezorlandoarm changed the base branch from gsk/handshake_parsec to main May 15, 2024 17:56
@gowthamsk-arm gowthamsk-arm force-pushed the gsk/rsapss_key branch 3 times, most recently from 5930bf6 to 420b819 Compare May 15, 2024 18:45
@gowthamsk-arm gowthamsk-arm changed the base branch from main to gsk/handshake_parsec May 15, 2024 18:45
Base automatically changed from gsk/handshake_parsec to main May 15, 2024 20:12
@gowthamsk-arm
openssl2: Add locate_and_set_int_param() function
6d09384 
This patch adds a openssl support function which finds the desired
param from the param array and sets it withe provided value.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Use get_key_name() in has function
5fddf47 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Disable ECDSA key table
e8d330a 
This is a temporary change. ECDSA support will be added in the
follow-up PRs.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Add RSA QueryOperationName support
28c9f6d 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Update import types to support RSA public key params
086f94a 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Add RSA key to key object
5fb7900 
The RSA component will store the modulus and exponent parts of the
RSA public key in the Provider key object.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Update import function to support loading public keys
776f071 
The RSA key from x509 certificates will be loaded using the public
params modulus and exponent. The import function now is capable of
loading RSA public keys.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Add gettable and get params
ef5f206 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
kmgmt: Update match to compare the public parts of the key
4de85f9 
The private key and public can only be compared using the public
parts of the RSA key. Only if the match succeeds we can consider
that a public key is related to the corresponding private key.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
sign: Drop sign_init support
e8feec5 
We need digest_sign_init() as we need to calculate the digest and
then sign the data. So drop sign_init() in this patch.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
sign: Convert sign() to digest_sign()
7703967 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
sign: Add support for digest_sign_init()
94d3973 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm
sign: Add support for set() and settable()
64dc394 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@gowthamsk-arm @tgonzalezorlandoarm
kmgmt: Re-enable ECDSA algorithm table
e4eac5b 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
@tgonzalezorlandoarm
Fix formatting erros
f60162a 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
@tgonzalezorlandoarm
keymgmt: Modify match function and unit tests
8a3be2a 
Before, keymgmt match was testing for key names. This does not apply
as what should be compared is the public key content in the TLS
handshake.

Remove that comparison and the corresponding tests.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
@gowthamsk-arm gowthamsk-arm merged commit cef5a43 into main May 16, 2024
@tgonzalezorlandoarm tgonzalezorlandoarm deleted the gsk/rsapss_key branch May 20, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgonzalezorlandoarm tgonzalezorlandoarm tgonzalezorlandoarm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gowthamsk-arm @tgonzalezorlandoarm