-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: adds a signature::Signer
interface
#537
base: main
Are you sure you want to change the base?
WIP: adds a signature::Signer
interface
#537
Conversation
85783cc
to
6525f15
Compare
336466d
to
8145f8e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for reviewing a WIP though I found it a little bit interesting so I couldn't help my self. Feel free to disregard anything I have commented on.
tss-esapi/tests/integration_tests/abstraction_tests/public_tests.rs
Outdated
Show resolved
Hide resolved
7331b83
to
18ee544
Compare
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
18ee544
to
55ea1cc
Compare
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
dda6694
to
df740fd
Compare
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
df740fd
to
eaf82d5
Compare
Oh, no, thanks for reviewing it! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for bringing the patch! The overall design looks good to me.
// Note: this does not implement `TryFrom<RsaSignature>` because `RsaSignature` does not carry the | ||
// information whether the signatures was generated using PKCS#1v1.5 or PSS. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The fields of RsaSignature
are private, so we can extend it to capture this detail as well. It's a deviation from the TPM spec, but I don't necessarily see a problem with it. Thoughts?
cc @Superhepper
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No it is not really a problem as long as it does not causes any ambiguities in the conversions between TPMS_SIGNATURE_RSA
and RsaSignature
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's fine like that, the comment was more for a future self why we would not have such a TryFrom
use signature::{DigestSigner, Error as SigError, KeypairRef}; | ||
|
||
#[derive(Debug)] | ||
pub struct Ecdsa<'ctx, C> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I know this is a draft: ) Would be good to have some docs on these structs to make it clear what they're meant for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried to add some, and add a code sample in the doc as well.
/// Key parameters for this curve | ||
pub fn key_params<D>() -> KeyParams |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a bit mystified by the purpose of this function. Also by the use of "this curve" in the doc for it, given that Ecdsa
is presumably not the description of a curve (?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
C
describes the curve (could be NistP256
, NistP384
, NistP521
, ...) those are all supported here. When using the signer (through the Ecdsa
struct) you would specify which curve you're using.
This would pick the correct parameters to specify to the TPM when signing, the size of the object that comes back from signature, how to verify them, ...
This function just creates the TPM parameters related to this curve and the selected digest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I think I was mostly confused by the existence of two nearly-identical methods before, and that the struct they're tacked to doesn't represent (just) a specific curve.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did bring back the two nearly-identical methods btw.
fe52b1c
to
fa8ff3a
Compare
7bcbb0c
to
b79e193
Compare
let builder = RequestBuilder::new(subject, &signer).expect("Create certificate request"); | ||
|
||
let cert_req = builder | ||
.build::<p256::ecdsa::DerSignature>() | ||
.expect("Sign a CSR"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added proper examples of what this interface is used for.
// I can't find where in the TPM spec this would be an illegal pair, we'll ignore for now. | ||
#[ignore] | ||
#[test] | ||
fn sign_p256_sha3_256() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is a bit puzzling to me. I can't find where in the spec the the P-256/SHA3-256 pair would be illegal. If anyone has an idea, I'd love to know.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could it be a limitation of the TPM you're using? From the Structures spec, table 8, it seems SHA3-256 is classified as Assigned rather than TCG standard. I assume this might mean that manufacturers are not required to implement it (?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm using swtpm (0.8.2) with libtpms (0.9.6) I expected it to play nicely. I haven't took time to look in libtpms yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, from this it seems libtpms can block SHA3 at compile-time, perhaps that's what is going on here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, turns out it's more complicated than that.
stefanberger/libtpms#206
No sha3 support for now.
b79e193
to
9f760ad
Compare
const TPM_DIGEST: HashingAlgorithm; | ||
} | ||
|
||
#[cfg(feature = "sha1")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm... how does this work if I don't see the feature declared in Cargo.toml? 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeaaah, I learned this one recently too lol.
https://doc.rust-lang.org/cargo/reference/features.html#optional-dependencies
By default, this optional dependency implicitly defines a feature that looks like this:
[features]
gif = ["dep:gif"]
I'm abusing that mechanism here.
I actually need to split the features in the Cargo.toml
to look more like:
rustcrypto = ["ecdsa", "elliptic-curve", "signature", "x509-cert"]
rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]
That way you can bring in rustcrypto + "p256" + "sha2" if you only care about those.
While I'm at it: I don't know how to name that feature, is rustcrypto good enough?
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
9f760ad
to
edf67ed
Compare
This brings an implementation of a
signature::Signer
for keys stored on the TPM.This is intend to make for easier re-use of this crate and to allow to:
Here is an implementation of an SSH agent making use of that infrastructure: wiktor-k/ssh-agent-lib#87