Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pull Request for the wrapper class of Team TechShield (USB-Dongles) #8

Merged
merged 93 commits into from
Jun 20, 2024
Merged

Pull Request for the wrapper class of Team TechShield (USB-Dongles) #8

merged 93 commits into from
Jun 20, 2024

Conversation

yenkkes
Copy link
Contributor

@yenkkes yenkkes commented Jun 3, 2024

All functions should work in this branch, the code is ready to be pentested.

yenkkes and others added 30 commits May 27, 2024 16:46
@yenkkes
unseren code eingefügt
e58c6c8
@yenkkes @Eisberch
Zwischenpush
3b8a79d 
Co-authored-by: Eisberch <Eisberch@users.noreply.github.com>
@yenkkes @Eisberch
push für test
6c69b2b 
Co-authored-by: Eisberch <Eisberch@users.noreply.github.com>
@yenkkes
ich checke nicht warum es kaputt ist
b723c9f
@yenkkes
idk, genug für heute
a8c2a1f
cfg hinzugefuegt
c1ebb93
slot_id angepasst
7234dd0
key_id angepasst
8c22ee0
@yenkkes @Eisberch
zwischenpush
830e41e 
Co-authored-by: Eisberch <Eisberch@users.noreply.github.com>
@yenkkes
zwischenpush
469434f
@yenkkes @Eisberch
Zwischenpush, mega viele Änderungen, sind noch weit entfernt vom MS3
77f4c18 
Co-authored-by: Eisberch <Eisberch@users.noreply.github.com>
@yenkkes
zwischenpush
b3bf84c
@yenkkes
zwischenpush
be6baed
Zwischenpush
df6e6c9
Common in Tests geloescht, wird nicht gebraucht
67bc9c7
Edit
6dc8613
provider agepasst, hoffentlich ohne fehler?
86b5c83
provider angepasst
29bc15a
prover.rs ohne fehler.
ead2460
provider.rs sollte so jetzt passen
1dafd24
key_handle ohne Fehler
6d433ea
ueberarbeitet
58a489b
mod rs angepasst
466c5ad
Bugfixen der vorhandenen tests
01b85bc
Test create Rsa, Ecc funktioniert. Test Load Rsa funktioniert
32578d1
Tests load key funktionieren
e8a13a0
Tests laufen, alles supi
68eb935
ecdsa zu ecc geaendert
81f6ce1
create_key verkuerzt
72372a1
algorithmen in key_handle hinzugefuegt
66db791
sebastian and others added 19 commits June 6, 2024 12:22
unnoetigen code entfernt
6fecc37
key_id in tests erstellt
25cf29e
decrypt gefixed
2c228ac
encrypt und decrypt test hinzugefuegt rsa
51b5b88
Co-authored-by: yenkkes <yenkkes@users.noreply.github.com>
43676fe 
main, bzw. Demo-App - unfertig
@Eisberch
Ausgabe der Meldungen ermöglicht
85277c2
@Eisberch
Schlüssel generieren in der Demo App hinzugefügt
91b81eb
@Eisberch
KeyUsage aus dem Code entfernt. Nicht relevant
738d409
@Eisberch
KeyUsage auch aus Demo App entfernt
1e977d0
@Eisberch
Ausgaben ins Englische übersetzt
cfb2136
Zwisachenpush, encrypt angefagnen und unnoetige kommentare geloescht
2fa0cd1
@yenkkes
Delete src/main.rs
35295a9
@yenkkes
Merge branch 'main' into main
1482904
@yenkkes
small adjustments, deleted printlns
ba75801
Fehler beim loeschen der println!, daher auf Stand vorher zuruckgesetzt
d13c245
println! entfernt
2e6cef3
Provider initialize module nochmals angepasst
92f5fd6
Unnoetigen Import entfernt
a9c393a
provider mit prints erneut angepasst
1731587
studentfeedbackuser
studentfeedbackuser suggested changes Jun 14, 2024
View reviewed changes
Cargo.toml
std = []
tpm = []
win = ["tpm", "windows"]
yubi = ["hsm", "yubikey"]

[dependencies]
yubikey = { version = "0.8.0", optional = true, features = ["untested"] }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please be aware that yubikey 0.8.0 depends ons rsa 0.9.6:

Crate: rsa
Version: 0.9.6
Title: Marvin Attack: potential key recovery through timing sidechannels
Date: 2023-11-22
ID: RUSTSEC-2023-0071
URL: https://rustsec.org/advisories/RUSTSEC-2023-0071
Severity: 5.9 (medium)
Solution: No fixed upgrade is available!

I don't see any update available for RSA to address this yet. In security, when you cannot update a vulnerability, then you need to perform a risk assessment, and propose mitigations, where possible. See RustCrypto/RSA#19 (comment). Are there any steps users can take to protect themselves against this? If so, please document your recommendations - perhaps in your readme.

src/hsm/yubikey/key_handle.rs Outdated
match key_algo {
AsymmetricEncryption::Rsa(KeyBits::Bits1024) => {
algorithm_id = AlgorithmId::Rsa1024;
vec_data = apply_pkcs1v15_padding(&vec_data, 128);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace magic values with constants.

src/hsm/yubikey/key_handle.rs Outdated
}
AsymmetricEncryption::Rsa(KeyBits::Bits2048) => {
algorithm_id = AlgorithmId::Rsa2048;
vec_data = apply_pkcs1v15_padding(&vec_data, 256);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace magic values with constants.

src/hsm/yubikey/provider.rs
}
}
// Hier muesste die Pin Eingabe und die Managementkey Eingabe implementiert werden. Ist aktuell hardcoded.
self.pin = "123456".to_string();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoded pins should be avoided. Please see if you can find a more elegant way to manage the pin.

@ngussek ngussek merged commit 505824f into nmshd:main Jun 20, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@studentfeedbackuser studentfeedbackuser studentfeedbackuser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@yenkkes @studentfeedbackuser @ngussek @markus-gruppe-e @OnkelDe @Eisberch