CORE & EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better#10647
CORE & EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better#10647levitte wants to merge 5 commits intoopenssl:masterfrom
Conversation
levitte
added
branch: master
|
This is an alternative to #10636, which implements kind of the same thing, but the other way around. Instead of asking the operation implementations what key types they support, we ask the KEYMGMT for the key what operations it supports and by what name. This should fit better with the way OpenSSL works with EVP_PKEY_CTX, where the key type governs what is being done. |
romen
left a comment
romen
left a comment
There was a problem hiding this comment.
Just a nit for now, but I will have to wait until later today for testing.
|
@levitte do you already have ideas of what could happen when we will have a The SM2 key type is serialized exactly like any other EC key type and differs only by the specific curve OID used inside the ASN1 structure, so both the EC and the SM2 keymgmt should intercept deserialization requests. Do you think it would be possible to establish some priority order that works within a provider and across providers? Ideally such a mechanism could allow to try to deserialize in the following scenario:
This order should be configurable by the user/system administrator and not coded inside the providers or libcrypto |
|
I see two ways to handle EC vs SM2:
The second choice makes me think that we might want to support recursive providers, i.e implementations that do their own fetching. Oh boy... |
|
In the end, we need to look at PKCS#8 when looking at what types we face... |
|
Unfortunately, SM2 keys use the same OID as EC keys. For example if a user wants to load a provider to enable her shiny hw crypto accelerator (that only supports P-256) we don't want (unless configured otherwise) to lose the ability to handle other curves through the default provider or SM2, etc. |
|
Oh, one thing that I'm forgetting here is that we currently don't have any provided deserializers. They will normally be used via the OSSL_STORE "file:" backend, and my plan is to do exactly what I think you request, to loop through all available deserializers until one successfully returns an unpacked object. |
|
Same problem would arise if we carry on the plans to have national-based crypto in separate providers. Let's say the brainpool curves are not in the default provider anymore but in a German specific provider, or the binary curves are moved to the legacy provider. We really don't won't to repeat the mistake of having ENGINE/providers have to hijack the whole EC module for that! |
|
It dawned on me that we're not as dependent on pkcs#8 as I was thinking, so we can choose to make SM2 keys a distinct key type for keymgmt, and teach our deserializers to check for specific parameters to decide if the payload is acceptable or not. |
Agreed. So I think that between the two choices in #10647 (comment), the first choice provides the possibility for distinct and less monolithic providers. |
levitte
force-pushed
the
separate-keymgmt-type-take2
branch
from
50b17a9 to
134cbaa
Compare
|
Rebased for better Travis results |
|
Minus the nit mentioned in the previous review, the testing done so far in #10631 (comment) suggests everything seems to work fine in this PR. |
levitte
force-pushed
the
separate-keymgmt-type-take2
branch
from
424e12a to
4332ef7
Compare
|
Fixed, and rebased |
slontis
left a comment
slontis
left a comment
There was a problem hiding this comment.
Apart from a small NIT it LGTM
This will allow keymgmt implementation for key types that need it to specify the names of the diverse operation algorithms it can be used with. Currently, only one name per key type and operation is allowed.
The adaptation is to handle the case when key types and operations that use these keys have different names. For example, EC keys can be used for ECDSA and ECDH.
This is very simply to allow the common case, where the KEYMGMT is fetched first, and all names are needed at that time to secure that they are found.
levitte
force-pushed
the
separate-keymgmt-type-take2
branch
from
ee6b58f to
918e21e
Compare
slontis
removed
the
approval: review pending
slontis
added
the
approval: done
t8m
added
approval: ready to merge
This will allow keymgmt implementation for key types that need it to specify the names of the diverse operation algorithms it can be used with. Currently, only one name per key type and operation is allowed. Reviewed-by: Shane Lontis <[email protected]> (Merged from #10647)
The adaptation is to handle the case when key types and operations that use these keys have different names. For example, EC keys can be used for ECDSA and ECDH. Reviewed-by: Shane Lontis <[email protected]> (Merged from #10647)
This is very simply to allow the common case, where the KEYMGMT is fetched first, and all names are needed at that time to secure that they are found. Reviewed-by: Shane Lontis <[email protected]> (Merged from #10647)
4 participants
The adaptation is to handle the case when key types and operations
that use these keys have different names. For example, EC keys can be
used for ECDSA and ECDH.
This also involves specifying OP_query_operation_name() for KEYMGMT
This will allow keymgmt implementation for key types that need it to
specify the names of the diverse operation algorithms it can be used
with. Currently, only one name per key type and operation is allowed.