Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
Categories
(NSS :: Libraries, enhancement, P1)
Tracking
(Not tracked)
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
(Whiteboard: [nss-nofx])
Attachments
(1 file)
FIPS requires that we supply a hash and sign interface for our supported
signing algorithms to be validated. We already have those interfaces in
softoken for RSA PKCS1, DSA, and ECDSA. However, we don't test those
interfaces, now do we supply a way for an application to access those
interfaces (usually applications use the VFY_ and SGN_ interfaces which
handles the hashing an verify/sign operations).
We need to add the hash/sign and hash/verify operations for RSA PSS.
We also need to add tests for the hash/sign and hash/verify code for our existing hash/verify mechanism.
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 1•4 years ago
|
||
FIPS requires that we supply a hash and sign interface for our supported
signing algorithms to be validated. We already have those interfaces in
softoken for RSA PKCS1, DSA, and ECDSA. However, we don't test those
interfaces, now do we supply a way for an application to access those
interfaces (usually applications use the VFY_ and SGN_ interfaces which
handles the hashing an verify/sign operations).
We also have a generic pk11_signature_tests class in pk11_gtest, but only ecdsa
and some rsa pss tests uses it.
This patch rectifies all of these deficiencies:
lib/softokn
- Hash and sign/verify mechanisms have been added to softoken to support PSS
hash and sign. - The rsa, dsa, and ecdsa hash and sign algorithms were also cleaned up by
creating a fake CKM_SHA1 which matches CKM_SHA_1 so that we can fully use the
same macros for all the hash types.
1&2 was sufficient to provide the goals of this task, however we wanted to be
able to add tests for this functionality..
lib/pk11wrap
3) Two new functions were added: PK11_CreateContextByPubKey and
PK11_CreateContextByPrivKey. These allow you to create multipart contexts with
Public and Private keys. This is a requirement to support hash and sign, as
they are multi-part operations (rather then just signing a hash, which is a
single part operation). With these functions, you can now use the PK11_DigestOp
and PK11_DigestFinal to complete a signature or verify optiation.
gtests/pk11_gtest
4) Add hash and sign/hash and verify support to the generic
pk11_signature_tests.h.
5) pk11_dsa_unittest.cc, pk11_rsa_unittest.cc, and the remainder of
pk11_rsapss_unittest.cc (Wycheproof tests) were moved to use the
pk11_signature_tests common implementation rather then their own.
6) pk11_ecdsa_unittest.cc was updated to support the hash&sign/verify combo
mechanism.
7) With multiple functions using pk11_signature_tests.h, The large functions
are moved to pk11_signature_tests.cpp.
8) The test vectors themselves were not changes, now just test against the
traditional hash first then verify interfaces and the hash and verify
interfaces.
|
||
Comment 2•4 years ago
|
||
Thanks Bob, I'll review asap.
FYI, I intend to update freebl with a formally verified implementation of RSA_PSS in H1, if possible.
|
|
Assignee | |
Comment 3•4 years ago
|
||
That shouldn't be a problem for this patch, It's all above the freebl layer. It might be an issue for the CPS clearing patch if the formal verification doesn't include clearing security sensitive components required for FIPS. It just means We'll need to review it.
|
|
||
Comment 4•4 years ago
|
||
Description
•