On Thu, Sep 23, 2021 at 4:21 PM Arne Schwabe <a...@rfc2549.org> wrote:
> Am 22.09.21 um 23:12 schrieb selva.n...@gmail.com: > > From: Selva Nair <selva.n...@gmail.com> > > > > The following series of patches implement a built-in > > provider for interfacing OpenSSL 3.0 when external > > keys are in use. > > > > Essentially, to intercept the sign operation, the SSL_CTX > > object has to be created with properties string set to > > prioritize our provider. In the provider we implement > > only keymgmt and signature operations and specify the > > property string as optional. That allows all operations > > we do not provide to be used from the default provider. > > > > This patch set stops at interfacing the provider with > > management-external-key. For pkcs11-helper, only some glue > > code is needed and is in the works. Same with cryptoapicert > > aka CNG, but I want to cleanup the old code a bit before > > hooking to the provider. > > I did a quick test with my Android client to see if it works and RSA > keys look good so far. I am getting a request like: > > > NC9t8IkYrjAQcCzc85zN0H5TvwfAUDwYkR4j2ga6fGw=,RSA_PKCS1_PSS_PADDING,hashalg=SHA256,saltlen=digest > > from the management interface. But I haven't found the right Signature > method from java yet to actually sign it correctly: > > sig = Signature.getInstance(SHA256withRSA/PSS); > sig.setParameter(new PSSParameterSpec("SHA-256", "MGF1", > MGF1ParameterSpec.SHA256, 32, 1)); > sig.initSign(privkey); > sig.update(data); > signed_bytes = sig.sign(); > I'm not sure, but can upload my implementation of pkcs11 including PSS though it wont work yet with pkcs11-helper.. It needs my CK_MECHANISM patch that Alon has merged, but not released. It may give you some clue as to what could be wrong. > > is what I expected to be the correct signature but the server complains > with OpenSSL: error:0407E068:rsa routines:RSA_verify_PKCS1_PSS_mgf1:bad > signature > > I will have to figure out where this goes wrong. > > With an EC key somewhere in that stack, EC/RSA gets confuse as there is > rsa_keymgmt_import/rsa_keymgmt_name in the stack and then later > ec_keymgmt_name. I haven't digged into that as it is getting late here. > Yes, there is a bug in ec_keymgmt_name -- we should return the name for the op (passed as id), so when id == OSSL_OP_SIGNATURE we should return "ECDSA", not "EC". My mistake -- I testd EC key only just now. As we do not support any other ops like ECDH key exchange we can just always return "ECDSA" in that function. I will do it v2, later. Unfortunately none of this is documented it seems. Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel