pkey: add more support for 'generic' pkey types #329
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rhenium
changed the title
rhenium
force-pushed
the
ky/pkey-generic-operations
branch
3 times, most recently
from
51cdf50 to
d6c469b
Compare
The EVP interface cannot tell whether if a pkey contains the private components or not. Assume it does if it does not respond to #private?. This fixes the NoMethodError on calling #sign on a generic PKey.
rhenium
force-pushed
the
ky/pkey-generic-operations
branch
from
d6c469b to
ad38263
Compare
Add two methods to create a PKey using the generic EVP interface. This is useful for the PKey types we don't have a dedicated class.
Use EVP_DigestSign*() and EVP_DigestVerify*() interface instead of the old EVP_Sign*() and EVP_Verify*() functions. They were added in OpenSSL 1.0.0. Also, allow the digest to be specified as nil, as certain EVP_PKEY types don't expect a digest algorithm.
OpenSSL 1.1.1 added EVP_DigestSign() and EVP_DigestVerify() functions to the interface. Some EVP_PKEY methods such as PureEdDSA algorithms do not support the streaming mechanism and require us to use them.
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive(). This is useful for pkey types that we don't have dedicated classes, such as X25519.
Use the new OpenSSL::PKey::PKey#derive instead of the raw
{EC,}DH_compute_key(), mainly to reduce amount of the C code.
rhenium
force-pushed
the
ky/pkey-generic-operations
branch
from
ad38263 to
28edf6b
Compare
|
@rhenium thank you for your work on this 🙇 I tried using this in cedarcode/cose-ruby#55 but only having PKCS8 for getting raw private/public keys in and out is painful. I'm not very familiar with the OpenSSL API but it seems using the COSE WG example data would be a lot easier if we had access to:
https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_new.html |
|
It sounds like a reasonable thing to have. A pull request is welcome! |
4 tasks
santiagorodriguez96
added a commit
to cedarcode/openssl-signature_algorithm
that referenced
this pull request
Aug 10, 2020
This commit attempts to close #2. Used the gem RubyCrypto/ed25519 as we still require ruby/openssl to expose the required OpenSSL APIs in Ruby, expected to be released as 3.0 – See ruby/openssl#329. Once OpenSSL Ruby v3.0 is released, we could change the implementation in a way that users that use this gem alongside that version of OpenSSL will use the API provided by OpenSSL, but users with an older version of OpenSSL will still be provided with Ed25519 support with the use of RubyCrypto/ed25519
grzuy
pushed a commit
to cedarcode/openssl-signature_algorithm
that referenced
this pull request
Feb 10, 2021
This commit attempts to close #2. Used the gem RubyCrypto/ed25519 as we still require ruby/openssl to expose the required OpenSSL APIs in Ruby, expected to be released as 3.0 – See ruby/openssl#329. Once OpenSSL Ruby v3.0 is released, we could change the implementation in a way that users that use this gem alongside that version of OpenSSL will use the API provided by OpenSSL, but users with an older version of OpenSSL will still be provided with Ed25519 support with the use of RubyCrypto/ed25519
grzuy
pushed a commit
to cedarcode/openssl-signature_algorithm
that referenced
this pull request
Feb 10, 2021
This commit attempts to close #2. Used the gem RubyCrypto/ed25519 as we still require ruby/openssl to expose the required OpenSSL APIs in Ruby, expected to be released as 3.0 – See ruby/openssl#329. Once OpenSSL Ruby v3.0 is released, we could change the implementation in a way that users that use this gem alongside that version of OpenSSL will use the API provided by OpenSSL, but users with an older version of OpenSSL will still be provided with Ed25519 support with the use of RubyCrypto/ed25519
grzuy
pushed a commit
to cedarcode/openssl-signature_algorithm
that referenced
this pull request
Feb 10, 2021
This commit attempts to close #2. Used the gem RubyCrypto/ed25519 as we still require ruby/openssl to expose the required OpenSSL APIs in Ruby, expected to be released as 3.0 – See ruby/openssl#329. Once OpenSSL Ruby v3.0 is released, we could change the implementation in a way that users that use this gem alongside that version of OpenSSL will use the API provided by OpenSSL, but users with an older version of OpenSSL will still be provided with Ed25519 support with the use of RubyCrypto/ed25519
grzuy
pushed a commit
to cedarcode/openssl-signature_algorithm
that referenced
this pull request
Feb 10, 2021
This commit attempts to close #2. Used the gem RubyCrypto/ed25519 as we still require ruby/openssl to expose the required OpenSSL APIs in Ruby, expected to be released as 3.0 – See ruby/openssl#329. Once OpenSSL Ruby v3.0 is released, we could change the implementation in a way that users that use this gem alongside that version of OpenSSL will use the API provided by OpenSSL, but users with an older version of OpenSSL will still be provided with Ed25519 support with the use of RubyCrypto/ed25519
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is split from #119. This Pull Request implements more 'generic' operations using the EVP API.
PKCS #8 formats support has been already merged by #297. The code cleanup parts are in #328.
This probably should be merged after the v2.2.0 release.
This resolves #117 (X25519 support).