Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(session): support Signer trait through a Session #158

Closed
wants to merge 1 commit into from
Closed

feat(session): support Signer trait through a Session #158

wants to merge 1 commit into from

Conversation

RaitoBezarius
Copy link

signature is a widely used "standard" trait, offering high level APIs to manipulate signers and verifier.

This implements a Signer trait on a returned SignatureRequest through Session which is a prepared "signature request" with filled mechanism and key.

This makes it possible to wire cryptoki further with other APIs of the Rust ecosystem.

I made it a default feature for now, let me know if you prefer to remove this.

@RaitoBezarius
feat(session): support Signer trait through a Session
507f574 
`signature` is a widely used "standard" trait offering high level APIs to manipulate
signers and verifiers.

This implements a `Signer` trait on a returned `SignatureRequest` through `Session` which is
a prepared "signature request" with filled mechanism and key.

This makes it possible to wire cryptoki further with other APIs of the Rust ecosystem.
@baloo
Copy link
Contributor

baloo commented Jul 9, 2023

I think that works, but we'll also need to expose ObjectHandle as a Keypair. This is used by the various object builders of the rust-crypto ecosystem (x509 cert, pkcs7, ...) because this is used to pull the public key of the key doing the signing in various places.

@RaitoBezarius
Copy link
Author

I think that works, but we'll also need to expose ObjectHandle as a Keypair. This is used by the various object builders of the rust-crypto ecosystem (x509 cert, pkcs7, ...) because this is used to pull the public key of the key doing the signing in various places.

Alas, you need a Session to fetch attributes of an object handle, so I'm not sure Keypair on ObjectHandle is the best idea.

We probably need to do Keypair on the SignatureRequest rather than the ObjectHandle.

@baloo
Copy link
Contributor

baloo commented Jul 14, 2023

and it would require some abstraction as to expose an abstract of ecdsa/rsa keys. They expose different attributes in the PKCS#11 world.

@RaitoBezarius
Copy link
Author

and it would require some abstraction as to expose an abstract of ecdsa/rsa keys. They expose different attributes in the PKCS#11 world.

Yeah, right now, I am asking myself a basic question like: given an ObjectHandle of a private key, how can you find the public key's ObjectHandle?

@baloo
Copy link
Contributor

baloo commented Jul 14, 2023
edited
Loading

Get the KeyType with get_attributes,

For RSA you then need to fetch PublicExponent and Modulus
For ECDSA, grab the EcPoint and EcParams. Params defines the curve (nist-p256, ...), the point being the "public key".

There is half a ton of things that need to be done correctly, not least of which verifying the EcPoint is on the specified curve.

Note: you can fetch all of those in a single call.

@baloo baloo mentioned this pull request Nov 23, 2023
Open
@RaitoBezarius
Copy link
Author

Closing in favor of #192.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RaitoBezarius @baloo