Add RSA mechanisms and key serialization format #89
Conversation
sosthene-nitrokey
force-pushed
the
rsa-mechanism
branch
from
8e31548
to
9200a1c
Compare
|
I think we also need some changes to the constants in main...Nitrokey:trussed:main#diff-cba64c21ab992eaad29fce147a08f4560a4769bc14682b8a96081a5fd02dbecd |
|
Yes probably. I'm making the migration to a custom |
sosthene-nitrokey
force-pushed
the
rsa-mechanism
branch
from
9200a1c
to
effa378
Compare
|
This branch works with https://github.com/Nitrokey/trussed-rsa-backend |
|
Looks like the CI has some issues downloading stuff to setup the docker image |
|
I don't really understand why the CI fails |
|
Yeah that's weird, especially those are all urls within Azure that fail, maybe some patience will help here. On a first glance this doesn't look like something we can debug... |
|
There are similar errors with #71 |
|
yup yup, good indication that we should give it like 24h or something |
|
Looks like the CI is fixed |
src/config.rs
Outdated
| // This is due to the fact that KEY_MATERIAL_LENGTH is bigger than MESSAGE_LENGTH for RSA. | ||
| pub const MAX_MESSAGE_LENGTH: usize = 1024; |
There was a problem hiding this comment.
The comment implies that the value changed, but we still use 1024. Which one is correct?
There was a problem hiding this comment.
This was a remnant of the original PRs for RSA. I removed it.
sosthene-nitrokey
force-pushed
the
rsa-mechanism
branch
from
effa378
to
b732ec3
Compare
| /// | ||
| /// Since RSA keys have multiple parts, and that the [`SerializeKey`](crate::api::Reply::SerializeKey) and | ||
| /// [`UnsafeInjectKey`](crate::api::Request::UnsafeInjectKey) have only transfer one byte array, the RSA key is serialized with postcard | ||
| RsaParts, |
There was a problem hiding this comment.
How about calling this Serde or PostcardSerde to make it potentially reusable?
There was a problem hiding this comment.
I want to keep it generic and let the backend decide on the actual data format (for now at least)
There was a problem hiding this comment.
Internal or Private then? You could also re-use Raw if this is an internal implementation detail. The motivation is to keep serialization formats few and stable, as this concerns both the long-term API and the long-term storage of keys.
There was a problem hiding this comment.
and the long-term storage of keys
The serialization format doesn't affect how they're stored.
I don't want to reuse Raw as it feels misleading. Unlike ECC, there is no standard "raw" byte representation of RSA keys.
The "Parts" is in contrast to the PKCS format. The PKCS format is defined, but the "Parts" formats contains each element of a public key separately. The "part" name is more representative than "Internal" or "Private". "Serde" feels out of place. The use of postcard and serde is more of a workaround that the actual goal of the API. If you look at the traits in trussed-rsa-backend, they provide APIs directly over the structures, and hide away the parsing/serializing with postcard and serde (when possible):
fn unsafe_inject_rsa4096<'c>(
&'c mut self,
key_parts: RsaImportFormat,
attributes: StorageAttributes,
) -> ClientResult<'c, reply::UnsafeInjectKey, Self>;
fn deserialize_rsa4096_public_key<'c>(
&'c mut self,
key_parts: RsaPublicParts,
attributes: StorageAttributes,
) -> ClientResult<'c, reply::DeserializeKey, Self>;Ideally I would even merge the RsaImportFormat an RsaPublicParts structures into Trussed proper but I want to be sure we can have something that fits all backends and use-cases first.
Maybe we should have mechanism extensions? That would mean more generics though.
There was a problem hiding this comment.
Yeah I understand. My point is just that Pkcs8Der is an obviously valid general purpose format to upstream, while RsaParts is not. So can I'd like to merge this without this RsaParts. I believe you can use Raw (or we add something generic but general-purpose like Experimental) for your current work, and once it's set in stone, do a follow-up PR?
There was a problem hiding this comment.
Or what about Parts :) That way you have your specific format to use, but unrelated algorithms might find a use too.
There was a problem hiding this comment.
My point is just that
Pkcs8Deris an obviously valid general purpose format to upstream, whileRsaPartsis not
I disagree. Whatever we do we will need a way to access specific parts of RSA keys. Both PIV and OpenPGP need that (OpenPGP needs it for both public and private keys, PIV at least for public keys). Pkcs8Der will also be incompatible with the SE050.
Or what about
Parts:) That way you have your specific format to use, but unrelated algorithms might find a use too.
I'm not a fan of loosing readability for more flexibility when there are no obvious benefits to it. Do you know of any other algorithm that would use this?
We will port the RSA implementation to a custom backend. While backends can have extensions, they can't have custom
MechanismsandSerializationfor the normal APIs. This patch adds them so that they can be implemented by the custom backend.