Comments (3)
So if I understood that correctly, to summarize
- There are multiple combinations of parameters (curve + algorithm), some of which are safe and some of which aren't
- Right now the safe combinations are enumerated as ECDSA_* etc, along with usage method (fixed, asn1)
- Private keys only contain part of the parameters (curve) so the additional information is required to be supplied when deserializing (in this case the full set of parameters)
- The full parameters and private key data are stored together in the keypair so there's no chance of mix ups
So far that sounds reasonable to me.
The issues caused by pairing up the curve + algorithm are:
- The same key may be used with multiple algorithms which currently isn't straightforwardly possible due to the pairing
- Responsibilities are often split where the user loads the key and passes it to a library that uses the key, but in order to load the key the user needs to know what algorithm the library expects to use.
The idea proposed here is (roughly)
- Keep the enumerated combinations
- When parsing, the user presents a set of combinations. This could, for instance, be a default set like
default_signing()
or something? - Based on the curve in the key, the subset of presented combinations are stored with the key
- When the key is used, an algorithm is presented, and that's checked against the stored list of combinations
You also mentioned splitting them, I assume like:
- When parsing, no extra input. Curve is read and stored in key
- When signing, the algorithm is presented and checked to see if it could be safely used with the curve
The disadvantage to this approach is that it's implicit in accepting combinations, there's no difference between using a FIPS compliant combination vs a non-compliant legacy combination, but the latter must still be supported due to existing uses.
The proposed solution seems smart to me (from my very outside view). My only concern is I wonder how much information a user needs in order to deserialize key pairs. If a default algorithm set could be used that's fine, but if they need to know more about how the key will be eventually used by a library in order to deserialize it it leaks library implementation details.
I think the pattern of "user gets pem, needs to deserialize it, then pass it to a library" is common. Right now rustls gets around it by just taking a pem (string?) and doing the deserialization itself, but if the cert needs to be reused it presents a less type safe interface since it pushes you to pass around untyped bytes (are those bytes from a pem? der? pcks8? sec1? etc).
Another option might be to have sign
reject less secure combinations and a sign_allow_legacy
or sign_dangerous
for if you need those? It would shift responsibility to the library, but I'm not sure if that's reasonable in the typical contexts for needing legacy combinations.
from ring.
- There are multiple combinations of parameters (curve + algorithm), some of which are safe and some of which aren't
It isn't necessarily about safe vs. unsafe, but "allowed" vs. "not allowed," depending on which rules one is required to follow. In particular, when one is required to follow NIST/FIPS rules then certain combinations are not allowed for whatever reason.
When parsing, the user presents a set of combinations. This could, for instance, be a default set like default_signing() or something?
We do not provide things that would be like the default_signing()
in ring currently. Basically, we expect the library to decide (probably by offering some configurability) which algorithms to support. Partly, this is to let the user choose the policies they are trying to conform too. Partly, this is a code size optimization, as any algorithms that the user doesn't provide to ring as an "allowed algorithm" will automatically be discarded at link time.
When parsing, no extra input. Curve is read and stored in key
When signing, the algorithm is presented and checked to see if it could be safely used with the curve
Close. When parsing, one would supply what {curve,digest algorithm} combinations are allowed. When signing, ring would verify that the digest algorithm used was one of the ones that were mentioned being allowed at parsing time.
My only concern is I wonder how much information a user needs in order to deserialize key pairs. If a default algorithm set could be used that's fine, but if they need to know more about how the key will be eventually used by a library in order to deserialize it it leaks library implementation details.
In your library, you can maintain this "default algorithm set" yourself within your library, if you don't want the user to have to configure which algorithms are allowed. But usually if you are dealing with things like PKCS#8 you will need to have some user configuration about which algorithms are allowed, because different users have different policies they need to conform to.
from ring.
Ah okay, makes sense. Thanks!
from ring.
Related Issues (20)
- Cranelift struggling with SSE & SSE2 check HOT 2
- Directly support Bazel (and GN) for building instead of Cargo/build.rs
- Unsupported architecture compiling for `aarch64-linux-android` using MacOS SDK 14.2 HOT 2
- evaluation of constant value failed -> assert!(cfg!(target_feature = "sse") && cfg!(target_feature = "sse2")) HOT 1
- Error: dangerous relocation: call8: call target out of range:(xtensa-esp32s3-espidf) HOT 1
- assert!(cfg!(target_feature = "sse") && cfg!(target_feature = "sse2")) panic at build on i386, i586, FreeBSD, or many target_os=none x86 targets. HOT 9
- error: failed to run custom build command for `ring v0.16.20` HOT 1
- Consider using `zeroize` crate for key materials HOT 1
- Build fails on i386: evaluation of constant value failed HOT 1
- failure to verify rsa signature on x509 csr HOT 2
- Fails to build on Linux SPARC HOT 10
- warning: [email protected]: aarch64-fslc-linux-gcc: error: unrecognized command-line option ‘-m64’ HOT 3
- Add riscv64 Support HOT 3
- Disclosure Policy HOT 3
- Attempted to use functionality that requires system randomness!! HOT 1
- warning: [email protected]: Compiler family detection failed due to error: ToolNotFound: Failed to find tool. Is `C:\Program` installed? HOT 2
- Ring compile error when trying to cross compile from windows 10 to x86_64-unknown-linux-gnu HOT 2
- Ring no longer builds with Rust 1.61 due to cc dependency HOT 1
- support for RISCV32 HOT 4
- `less-safe-getrandom-custom-or-rdrand` not working on target `x86_64-fortanix-unknown-sgx` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ring.