Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add compile options to libspdm_gen_x509_csr #2825

Open
rw8896 opened this issue Sep 4, 2024 · 4 comments
Open

Add compile options to libspdm_gen_x509_csr #2825

rw8896 opened this issue Sep 4, 2024 · 4 comments

Comments

@rw8896
Copy link
Contributor

rw8896 commented Sep 4, 2024

libspdm/os_stub/cryptlib_mbedtls/pk/x509.c

Line 1993 in b327ead

bool libspdm_gen_x509_csr(size_t hash_nid, size_t asym_nid,

libspdm/os_stub/cryptlib_openssl/pk/x509.c

Line 2495 in b327ead

bool libspdm_gen_x509_csr(size_t hash_nid, size_t asym_nid,

The implementation could use LIBSPDM_ENABLE_CAPABILITY_CSR_CAP to wrap the whole function.
And it should add crypto options (e.g. LIBSPDM_RSA_SSA_2048_SUPPORT) to wrap around the crypto operation code.
@steven-bellock
Copy link
Contributor

@rw8896 is this to save on code size?

@rw8896
Copy link
Contributor Author

rw8896 commented Sep 9, 2024

Not really. It caused compiler errors as RSA was not enabled in my mbedtls configuration.

After looking into this function further, I think it doesn't allow the caller to specify the pathLen in basic constraints.
If that's the case, maybe pathLen should be added as a input to make this API more general?

@jyao1
Copy link
Member

jyao1 commented Dec 10, 2024

@rw8896 , I am not sure if I understand your problem statement.

Usually, it is more helpful to describe what problem you have meet, than just describe the solution.

May I know what compiler error you have meet?

Based on my understand, if you customize the mbedtls, then you can also customize the cryptolib_mbedtls.

@rw8896
Copy link
Contributor Author

rw8896 commented Dec 10, 2024

The following code calls mbedtls_pk_rsa but mbedtls_pk_rsa is not declared/implemented when MBEDTLS_RSA_C is not defined.

libspdm/os_stub/cryptlib_mbedtls/pk/x509.c

Lines 2034 to 2055 in b327ead

case LIBSPDM_CRYPTO_NID_RSASSA2048:
case LIBSPDM_CRYPTO_NID_RSAPSS2048:
case LIBSPDM_CRYPTO_NID_RSASSA3072:
case LIBSPDM_CRYPTO_NID_RSAPSS3072:
case LIBSPDM_CRYPTO_NID_RSASSA4096:
case LIBSPDM_CRYPTO_NID_RSAPSS4096:
ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (ret != 0) {
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,"failed\n ! mbedtls_pk_setup %d", ret));
goto free_all;
}
ret = mbedtls_rsa_copy(mbedtls_pk_rsa(key), (mbedtls_rsa_context *)context);
if (ret != 0) {
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,"failed\n ! mbedtls_rsa_copy %d", ret));
goto free_all;
}
ret = mbedtls_rsa_complete(mbedtls_pk_rsa(key));
if (ret != 0) {
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,"failed\n ! mbedtls_rsa_complete %d", ret));
goto free_all;
}
break;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@steven-bellock @jyao1 @rw8896