On Thu, Sep 23, 2021 at 4:21 PM Arne Schwabe <a...@rfc2549.org> wrote:
> Am 22.09.21 um 23:12 schrieb selva.n...@gmail.com:
> > From: Selva Nair <selva.n...@gmail.com>
> >
> > The following series of patches implement a built-in
> > provider for interfacing OpenSSL 3.0 when external
> > keys are in use.
> >
> > Essentially, to intercept the sign operation, the SSL_CTX
> > object has to be created with properties string set to
> > prioritize our provider. In the provider we implement
> > only keymgmt and signature operations and specify the
> > property string as optional. That allows all operations
> > we do not provide to be used from the default provider.
> >
> > This patch set stops at interfacing the provider with
> > management-external-key. For pkcs11-helper, only some glue
> > code is needed and is in the works. Same with cryptoapicert
> > aka CNG, but I want to cleanup the old code a bit before
> > hooking to the provider.
>
> I did a quick test with my Android client to see if it works and RSA
> keys look good so far. I am getting a request like:
>
>
> NC9t8IkYrjAQcCzc85zN0H5TvwfAUDwYkR4j2ga6fGw=,RSA_PKCS1_PSS_PADDING,hashalg=SHA256,saltlen=digest
>
> from the management interface. But I haven't found the right Signature
> method from java yet to actually sign it correctly:
>
> sig = Signature.getInstance(SHA256withRSA/PSS);
> sig.setParameter(new PSSParameterSpec("SHA-256", "MGF1",
> MGF1ParameterSpec.SHA256, 32, 1));
> sig.initSign(privkey);
> sig.update(data);
> signed_bytes = sig.sign();
>
I'm not sure, but can upload my implementation of pkcs11 including PSS
though it wont work yet with pkcs11-helper.. It needs my CK_MECHANISM patch
that Alon has merged, but not released.
It may give you some clue as to what could be wrong.
>
> is what I expected to be the correct signature but the server complains
> with OpenSSL: error:0407E068:rsa routines:RSA_verify_PKCS1_PSS_mgf1:bad
> signature
>
> I will have to figure out where this goes wrong.
>
> With an EC key somewhere in that stack, EC/RSA gets confuse as there is
> rsa_keymgmt_import/rsa_keymgmt_name in the stack and then later
> ec_keymgmt_name. I haven't digged into that as it is getting late here.
>
Yes, there is a bug in ec_keymgmt_name -- we should return the name for the
op (passed as id), so when id == OSSL_OP_SIGNATURE we should return
"ECDSA", not "EC". My mistake -- I testd EC key only just now.
As we do not support any other ops like ECDH key exchange we can just
always return "ECDSA" in that function. I will do it v2, later.
Unfortunately none of this is documented it seems.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
