Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SHA3 support #44

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add SHA3 support #44

wants to merge 3 commits into from

Conversation

jls5177
Copy link
Contributor

@jls5177 jls5177 commented Jun 13, 2019
edited
Loading

This commit adds SHA3 support for use with the RSA PKCS#1 crypto algorithms. This is an odd PR as SoftHSM2 does not yet support SHA3 and Thales HSMs only support PKCS#1 v1.5 (no PSS support).

My company makes hardware devices that will support SHA3 hash algorithms with RSASSA-PSS to be future compatible. This change adds native support for RSASSA-PKCS1-v1_5 since the algorithm IDs are prefixed to the hash before sending to request to the HSM.

However, RSASSA-PSS is a little more involved. The solution I came up with is a hybrid approach where the EMSA-PSS encoding is done in solftware but the encryption/decryption of the encrypted message is performed by the HSM.

I validated this change using SoftHSM and Go 1.12.5 and all of the test cases passed locally.

@dmjones
Copy link
Contributor

dmjones commented Jun 17, 2019

Thanks for the PR. Which HSM/libraries have you tested this with?

@jls5177
Copy link
Contributor Author

jls5177 commented Jun 19, 2019

I tested using SoftHSM2 v2.5 and my company uses the Thales nShield Connect XC HSM in production. We have been running this patchset on our production HSMs for over 8 months now without any issues.

@jls5177 jls5177 changed the base branch from master to with-attributes July 15, 2019 01:22
@jls5177 jls5177 changed the base branch from with-attributes to master July 15, 2019 01:23
@jls5177
Copy link
Contributor Author

jls5177 commented Jul 15, 2019
edited
Loading

Sorry for the out of hand PR. This change is now based ontop of PR #41 to prevent merge conflict. However, there is no local branch so it looks like this change is pulling in additional commits from #41. Please ignore these additional commits and just focus on the following 2 commits:

78da155 feat: add RSA Hybrid solution to support SHA3 hash functions
f8a6ddc feat: add SHA3 hash support to RSA APIs

This will get cleaned up once PR #41 gets merged.

I created a local PR that will show just the 2 commits in my forked repo:
https://github.com/jls5177/crypto11/pull/1/files

@jls5177 jls5177 force-pushed the add-sha3 branch 3 times, most recently from 334d6e4 to 9393ba1 Compare July 15, 2019 02:50
@dmjones
Copy link
Contributor

dmjones commented Aug 6, 2019

I created a local PR that will show just the 2 commits in my forked repo:
https://github.com/jls5177/crypto11/pull/1/files

That's helpful. I will add some comments there.

@jls5177
feat: add SHA3 hash support to RSA APIs
2ab9741
@jls5177
feat: add RSA Hybrid solution to support SHA3 hash functions
8a90959 
SHA3 is not yet supported by most HSM solutions and probably wont
be for a few more years. This change adds a hybrid solution that
performs the EMSA-PSS and RSAES-OAEP encoding/decoding schemes in
software and uses the HSM for raw encryption/decryption support.
This allows the keys to continue to be protected by the HSM but
still have access to newer hash algorithms.
@jls5177
fix: native RSA unit test
1727244 
Native RSA currently does not support SHA3 hash algorithms. This
change skips the SHA3 tests when performing the native unit tests.
@jls5177 jls5177 mentioned this pull request Feb 24, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jls5177 @dmjones