Add secret key generation and key wrapping functions #38
Conversation
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
There was a problem hiding this comment.
Looks good, nothing to say! Thanks for the test as well.
Just a general note that we are under a code freeze period until the Parsec release is finalized. That means that we will only be able to merge this PR in a few weeks latest. Would that be ok for you?
About the wrapping feature: I guess that then the key is unwrapped with the RSA private key?
Yep, that's fine with me but if you don't mind I'd still file the unwrap PR later. Or just keep adding commits to this one? (it shouldn't be that big). It's just if I don't create a PR now I'll probably forget about it :)
Yes, I was planning to work on that next and the unwrap test would show what's going on (or I'll just extend the wrap test 🤔). |
Yes sure adding commits to this one is totally fine! We can do the review now and merge it later 👌 |
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
|
I've added the unwrap function and tweaked the integration test to check if the unwrapped key works. This uncovered that I need DES3 key type and a symmetric encryption method. Phew! 😅 |
|
Hmm, I'm wondering if we should consider adding |
| &[1, 2, 3, 4, 5, 6, 7, 8], | ||
| ) | ||
| .unwrap(); | ||
| assert_eq!(encrypted_with_original, encrypted_with_unwrapped); |
Yes, that's a good point... PSA Crypto note it as "strongly deprecated" here 😬 |
|
I'm okay with choosing another good symmetric cipher that's supported by softhsm and some hardware vendor and removing DES3. To be honest I was more interested in the wrap/unwrap and didn't check thoroughly what symmetric ciphers are supported (e.g. Yubikey doesn't list any symmetric algos via (And if Wrap worked with two asymmetric keys I wouldn't bother with symmetric ones but apparently this is not supported in the spec 🤷 ) So... all in all it's good that this PR will take some time as we can iron out the details :) Just give me some time to test it all. For curiosity sake that's what I get for my cards: $ pkcs11-tool --module /usr/lib/libykcs11.so --list-mechanisms # Yubikey
Using slot 0 with a present token (0x0)
Supported mechanisms:
RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, hw, generate_key_pair
RSA-PKCS, keySize={1024,2048}, hw, encrypt, decrypt, sign, verify
RSA-PKCS-PSS, keySize={1024,2048}, hw, sign, verify
RSA-PKCS-OAEP, keySize={1024,2048}, hw, encrypt, decrypt
RSA-X-509, keySize={1024,2048}, hw, encrypt, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={1024,2048}, hw, sign, verify
SHA256-RSA-PKCS, keySize={1024,2048}, hw, sign, verify
SHA384-RSA-PKCS, keySize={1024,2048}, hw, sign, verify
SHA512-RSA-PKCS, keySize={1024,2048}, hw, sign, verify
SHA1-RSA-PKCS-PSS, keySize={1024,2048}, hw, sign, verify
SHA256-RSA-PKCS-PSS, keySize={1024,2048}, hw, sign, verify
SHA384-RSA-PKCS-PSS, keySize={1024,2048}, hw, sign, verify
SHA512-RSA-PKCS-PSS, keySize={1024,2048}, hw, sign, verify
ECDSA-KEY-PAIR-GEN, keySize={256,384}, hw, generate_key_pair
ECDSA, keySize={256,384}, hw, sign, verify
ECDSA-SHA1, keySize={256,384}, hw, sign, verify
ECDSA-SHA224, keySize={256,384}, hw, sign, verify
ECDSA-SHA256, keySize={256,384}, hw, sign, verify
ECDSA-SHA384, keySize={256,384}, hw, sign, verify
ECDH1-DERIVE, keySize={256,384}, hw, derive
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
$ pkcs11-tool --module /usr/lib/libaetpkss.so --list-mechanisms # AET card
Using slot 0 with a present token (0xcd01)
Supported mechanisms:
RSA-PKCS, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
RSA-X-509, keySize={768,1024}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
RSA-PKCS-OAEP, keySize={768,2048}, hw, encrypt, decrypt, wrap, unwrap
MD5-RSA-PKCS, keySize={768,2048}, hw, sign, verify
SHA1-RSA-PKCS, keySize={768,2048}, hw, sign, verify
SHA224-RSA-PKCS, keySize={768,2048}, hw, sign, verify
SHA256-RSA-PKCS, keySize={768,2048}, hw, sign, verify
SHA384-RSA-PKCS, keySize={768,2048}, hw, sign, verify
SHA512-RSA-PKCS, keySize={768,2048}, hw, sign, verify
RIPEMD160-RSA-PKCS, keySize={768,2048}, hw, sign, verify
mechtype-0x80000003, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
mechtype-0x80000004, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
mechtype-0x80000005, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
mechtype-0x80000006, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
mechtype-0x80000007, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
mechtype-0x80000008, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
mechtype-0x80000009, keySize={768,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
SHA1-RSA-PKCS-PSS, keySize={768,2048}, hw, sign, verify
SHA224-RSA-PKCS-PSS, keySize={768,2048}, hw, sign, verify
SHA256-RSA-PKCS-PSS, keySize={768,2048}, hw, sign, verify
SHA384-RSA-PKCS-PSS, keySize={768,2048}, hw, sign, verify
SHA512-RSA-PKCS-PSS, keySize={768,2048}, hw, sign, verify
RSA-PKCS-PSS, keySize={768,2048}, hw, sign, verify
RSA-PKCS-KEY-PAIR-GEN, keySize={768,2048}, hw, generate_key_pair
RC2-KEY-GEN, keySize={8,1024}, generate
RC2-ECB, keySize={1,1024}, encrypt, decrypt, wrap, unwrap
RC2-CBC, keySize={1,1024}, encrypt, decrypt, wrap, unwrap
RC2-CBC-PAD, keySize={1,1024}, encrypt, decrypt, wrap, unwrap
RC4-KEY-GEN, keySize={8,2048}, generate
RC4, keySize={8,2048}, encrypt, decrypt, wrap, unwrap
DES-KEY-GEN, generate
DES2-KEY-GEN, generate
DES3-KEY-GEN, generate
DES-ECB, encrypt, decrypt, wrap, unwrap
DES-CBC, encrypt, decrypt, wrap, unwrap
DES3-ECB, encrypt, decrypt, wrap, unwrap
DES3-CBC, encrypt, decrypt, wrap, unwrap
DES-CBC-PAD, encrypt, decrypt, wrap, unwrap
DES3-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
MD5, digest
SHA-1, digest
SHA224, digest
SHA256, digest
SHA384, digest
SHA512, digest
RIPEMD160, digest |
|
Oh, I was by no means implying we shouldn't support it - the more of the spec we cover the better! It was mostly a note because I remembered we did that in AES would be the usual go-to cipher, but if your tokens don't support it then we can stick with DES. If someone requires AES they can raise an issue or submit a PR. |
|
Understood! 👍 How about I extend the docs for DES and point the document referenced by @hug-dev? (Maybe it's just me but I like to keep everything close to the code). And then I guess this PR is complete (and ready for the next "merge window" ;) ). |
Yes I think that would be good! Maybe another "official" document would be good instead of the PSA Crypto one. Maybe this NIST document? |
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
Hi folks 👋
If you don't mind I'll add the wrap/unwrap feature. The end goal is to securely transfer private keys between tokens or between airgapped machine and a token.
I start modestly with wrapper for
C_WrapKey. Apparently during work it seems like wrapping private keys with private keys is not possible but among the combinations allowed with the spec is wrapping secret keys with private keys so I also addedC_GenerateKeyfor secret (symmetric) 3DES keys and some tests.Suggestions welcome!