Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Rfc3279 signature format for DSA and EcDSA #1612

Merged
merged 41 commits into from
Mar 18, 2020
Merged

Support Rfc3279 signature format for DSA and EcDSA #1612

merged 41 commits into from
Mar 18, 2020

Conversation

krwq
Copy link
Member

@krwq krwq commented Jan 10, 2020
edited by bartonjs
Loading

Fixes: #31548

Please see the issue for more details.

@krwq krwq requested a review from bartonjs January 10, 2020 18:34
bartonjs
bartonjs reviewed Jan 10, 2020
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Partial review, will resume later.

src/libraries/Common/src/Internal/Cryptography/AsymmetricAlgorithmHelpers.Der.cs Outdated Show resolved Hide resolved
src/libraries/Common/src/Internal/Cryptography/AsymmetricAlgorithmHelpers.Der.cs Outdated Show resolved Hide resolved
src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EcDsa.cs Show resolved Hide resolved
src/libraries/Common/src/System/Security/Cryptography/DSACng.SignVerify.cs Outdated Show resolved Hide resolved
src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs Outdated Show resolved Hide resolved
src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs Outdated Show resolved Hide resolved
src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.SignVerify.cs Outdated Show resolved Hide resolved
src/libraries/System.Security.Cryptography.Algorithms/src/Internal/Cryptography/Helpers.cs Outdated Show resolved Hide resolved
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs Show resolved Hide resolved
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs Outdated Show resolved Hide resolved
bartonjs
bartonjs reviewed Jan 10, 2020
View reviewed changes
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs

protected virtual bool TryCreateSignatureCore(ReadOnlySpan<byte> hash, Span<byte> destination, DSASignatureFormat signatureFormat, out int bytesWritten)
{
// This method is expected to be overriden with better implementation
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we update the docs for this class will we recommend falling back to this implementation for an unknown signature format, since we'd theoretically handle it in ConvertIeeeP1363Signature for them?

Alternatively, do we want to add something so a derived type can report whether or not it directly handles a format, so that we understand when to apply an 1363-to-destination-scheme strategy?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Maybe it's moot since there're only the two, but I like to think ahead)

@krwq krwq added the NO-REVIEW Experimental/testing PR, do NOT review it label Jan 15, 2020
@krwq
Copy link
Member Author

krwq commented Jan 15, 2020
edited
Loading

Marking as NO REVIEW until I figure out all the failures and fix build issues on non-Windows and fix all feedback so far

@bartonjs
Merge remote-tracking branch 'dotnet/master' into ecdsa-signature-format
69ba1fa
@bartonjs
Make the allConfigurations build work again
a322dde
@bartonjs
Improve test determinism
c8ba72b
@bartonjs
Add missing format conversion to TrySignHashCore
65d427d
@bartonjs
Refactor DsaEcDsaSignatureFormatTests and move to Common
2a39f68 
This accounts for:

* macOS not supporting DSA key generation
* macOS not supporting FIPS 186-3 DSA
* DSACryptoServiceProvider not supporting FIPS 186-3 DSA
* Testing the signature format tests on the concrete types, as well as the opaque ones.
@bartonjs
Fix explicit key parameter set to one with a private key
ef1fc70
@bartonjs bartonjs removed the NO-REVIEW Experimental/testing PR, do NOT review it label Feb 24, 2020
GrabYourPitchforks
GrabYourPitchforks approved these changes Mar 16, 2020
View reviewed changes
Copy link
Member

@GrabYourPitchforks GrabYourPitchforks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some questions about edge cases and error handling, but otherwise seems solid. :)

src/libraries/Common/src/Internal/Cryptography/AsymmetricAlgorithmHelpers.Der.cs Show resolved Hide resolved
src/libraries/Common/src/Internal/Cryptography/AsymmetricAlgorithmHelpers.Der.cs Show resolved Hide resolved
src/libraries/Common/src/Internal/Cryptography/Helpers.cs Outdated Show resolved Hide resolved
src/libraries/Common/src/System/Security/Cryptography/DSACng.SignVerify.cs Show resolved Hide resolved
src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.SignVerify.cs Show resolved Hide resolved
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/DSA.cs Outdated Show resolved Hide resolved
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/ECDsa.cs Outdated Show resolved Hide resolved
@bartonjs bartonjs merged commit 960b9a8 into dotnet:master Mar 18, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Dec 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs left review comments

@carlossanlop carlossanlop carlossanlop left review comments

@GrabYourPitchforks GrabYourPitchforks GrabYourPitchforks approved these changes

@stephentoub stephentoub Awaiting requested review from stephentoub

Assignees
No one assigned
Labels
area-System.Security new-api-needs-documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Rfc3279 signature format for DSA and EcDSA
6 participants
@krwq @stephentoub @carlossanlop @GrabYourPitchforks @bartonjs @maryamariyan