Add ECC functionality to PKCS11 prov #446
Conversation
| @@ -172,7 +172,7 @@ fn convert_curve_to_tpm(key_attributes: Attributes) -> Result<EccCurve> { | |||
| 224 => Ok(EccCurve::NistP224), | |||
| 256 => Ok(EccCurve::NistP256), | |||
| 384 => Ok(EccCurve::NistP384), | |||
| 512 => Ok(EccCurve::NistP521), | |||
| 521 => Ok(EccCurve::NistP521), | |||
There was a problem hiding this comment.
This is (was?) a bug, don't know if it's ok to fix it in this PR.
ionut-arm
force-pushed
the
pkcs11-ecc
branch
4 times, most recently
from
d1a1ac3 to
2eae072
Compare
There was a problem hiding this comment.
Looks good to me! Very nice to see all those tests executing on the PKCS11 provider.
Might be worth to update the operations coverage once this is merged.
|
The Cross-compilation Docker image might need to be updated, as the Rust compiler version used for cross-compilation is throwing an error due to a newly stabilized feature being used in |
This commit adds support for elliptic curves in the PKCS11 provider. Namely, elliptic curve key pairs can be created and used to sign and verify signatures. This covers a subset of elliptic curve families and specific curves within them. Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
| picky-asn1-der = { version = "<=0.2.4", optional = true } | ||
| picky-asn1 = { version = ">=0.3.1, <=0.3.1", optional = true } |
There was a problem hiding this comment.
Yeah, for some reason just using <=0.3.1 didn't work....
There was a problem hiding this comment.
It's the same but maybe =0.3.1 would work
| #[cfg(any( | ||
| feature = "mbed-crypto-provider", | ||
| feature = "tpm-provider", | ||
| feature = "cryptoauthlib-provider" | ||
| ))] |
There was a problem hiding this comment.
So nice that it works on all providers now ⭐
| Ok(ECParameters::NamedCurve(match (ecc_family, bits) { | ||
| // The following "unwrap()" should be ok, as they cover constant conversions | ||
| (EccFamily::SecpR1, 192) => { | ||
| ObjectIdentifierAsn1(String::from("1.2.840.10045.3.1.1").try_into().unwrap()) |
There was a problem hiding this comment.
Isn't there in some of the picky crates, those defined as constants or methods?
There was a problem hiding this comment.
There is - in the ones we can't use because of compiler limitations 😬 I added them recently, so they're in the most recent version only.
There was a problem hiding this comment.
ah right, that was it! No worries then.
This commit adds support for elliptic curves in the PKCS11 provider.
Namely, elliptic curve key pairs can be created and used to sign and
verify signatures. This covers a subset of elliptic curve families and
specific curves within them.
First part of implementing #421