Add Signing Tool with Verified implementations for RSA as well as ECDSA with P-256 and P-384 #11

keks · 2024-09-23T16:27:18Z

This PR adds a signing tool to the kernel. Depending on the kernel configuration it uses verified implementations for SHA2. SHA3, RSA, ECDSA/P-256 and ECDSA/P-384.

A quick breakdown of the changes:

crypto/asymmetric_keys/: in the PKCS#8 parser, parse the algorithm parameter
crypto/*-generated.c, crypto/*hacl*: Files that exclusively contain code generated/extracted from F*. Some code was removed (specifically the functions that don't do prehashed signing, but contain the hashing), and the #includes were restructured.
crypto/ecdsa.c: Based on the kernel configuration, either calls the unverified functions for signing, verifying and key generation or, if there is a verified implementation, uses the verified one.
crypto/{Makefile,Kconfig}: add kernel build config and update the build system config to respect the settingsq
zeta/signing_tool: The userland code calling the kernel syscalls. This consists of tests and benchmarks, as well as a cli for manually testing the syscalls.

cc @franziskuskiefer @karthikbhargavan

armfazh and others added 30 commits October 16, 2023 16:49

zeta: updating format rule and removing linter rule.

8d981b4

HACL SHA2 code

2e040b6

Add HACL SHA2 to Makefile and config

fe222e6

addressed review comments

ade4975

propagating errors

fec0bdc

Formatting files according to clang-format.

350282d

Updating comment style.

3e1e8d2

Adding CRYPTO_SHA2_HACL module.

d9921ac

hacl sha3

b8d989e

run ci

9065b58

ecdsa sign (unverified)

0b5753a

hacl p256 ecdsa wip

f7ae697

add hacl p256 ecdsa

a9a0412

drop debug prints

edfbb8e

raw rsa first draft

e4969f0

msvc

c7a5b04

bignum

5bbf9c5

hacl rsa compiles

617a78e

config - remove again

b4168a7

ecdsa fix

94e9608

Adding Go tool for measuring RSA from user land. (cloudflareresearch#8)

d21ad90

rsa edits

bef27bb

Benchmark in-kernel verification.

75145cd

rsa from hacl - benchmarked

e2fe005

added separate options for hacl and generic implementation

8fc2d4e

performance improvements

ffa185e

add ecdsa benchmark stub

3ea58d2

add debug session

34c5280

add debug output and make running easier

8e2bdcf

build bin symlinks dynamically

128e82b

keks added 24 commits July 30, 2024 12:42

fix signature generation, add test in go

f2bf364

add sign-and-verify-in-kernel test

c965c84

clean up benchmark

379d480

locking goroutines to os thread fixes permission denied errors

df32c9f

don't always start dmesg

436cade

virtme launch script: don't ignore log levels

2c48fb0

clean up debug prints

2588aab

add code for testing (non-hacl) kernel ecdsa-p384

3cd7d11

add broken ecdsa p-384 benchmark

b9dc949

add test for signing with ecdsa p384

af9c017

add first draft of hacl ecdsa P384

cdb76b1

fixes

997b333

it's noisy (debug output wise) but it works

33d4e1d

add signing tool go library, tests and benchmarks

40584b9

also build go signing tool and install into vm

7509a5b

remove some prints

61625eb

zeta/signing_tool: lock os thread in benchmarks

5752a56

add kernel config for enabling and disabling hacl* for ecdsa

552eabe

add test for userland signature benchmark

5d8cb36

clean up

fea57de

remove helpers in WORK

e91673d

undo fmt

9277191

more fmt undo; rm algorithm-specific benchmarking tools

d7ee443

add cli to signing tool

f38e338

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Signing Tool with Verified implementations for RSA as well as ECDSA with P-256 and P-384 #11

Add Signing Tool with Verified implementations for RSA as well as ECDSA with P-256 and P-384 #11

keks commented Sep 23, 2024

Add Signing Tool with Verified implementations for RSA as well as ECDSA with P-256 and P-384 #11

Are you sure you want to change the base?

Add Signing Tool with Verified implementations for RSA as well as ECDSA with P-256 and P-384 #11

Conversation

keks commented Sep 23, 2024