adds a signature::Signer interface

[baloo]

This brings an implementation of a signature::Signer for keys stored on the TPM.

This is intend to make for easier re-use of this crate and to allow to:

• Create certificates https://docs.rs/x509-cert/latest/x509_cert/builder/struct.CertificateBuilder.html
• Create CSRs https://docs.rs/x509-cert/latest/x509_cert/builder/struct.RequestBuilder.html
• Sign documents with S/MIME https://docs.rs/cms/latest/cms/builder/index.html

Here is an implementation of an SSH agent making use of that infrastructure: wiktor-k/ssh-agent-lib#87

[Superhepper]

Sorry for reviewing a WIP though I found it a little bit interesting so I couldn't help my self. Feel free to disregard anything I have commented on.

[baloo]

Sorry for reviewing a WIP though I found it a little bit interesting so I couldn't help my self. Feel free to disregard anything I have commented on.

Oh, no, thanks for reviewing it!
I sent it a bit early as this is work I've been putting off for almost a year now. I'm doing it mostly to get a sense whether this is a direction the project could go or not.

[ionut-arm]

Thank you for bringing the patch! The overall design looks good to me.

[ionut-arm]

The fields of RsaSignature are private, so we can extend it to capture this detail as well. It's a deviation from the TPM spec, but I don't necessarily see a problem with it. Thoughts?

cc @Superhepper

[Superhepper]

No it is not really a problem as long as it does not causes any ambiguities in the conversions between TPMS_SIGNATURE_RSA and RsaSignature.

[baloo]

I think it's fine like that, the comment was more for a future self why we would not have such a TryFrom

[ionut-arm]

(I know this is a draft: ) Would be good to have some docs on these structs to make it clear what they're meant for.

[baloo]

I tried to add some, and add a code sample in the doc as well.

[ionut-arm]

I'm a bit mystified by the purpose of this function. Also by the use of "this curve" in the doc for it, given that Ecdsa is presumably not the description of a curve (?)

[baloo]

C describes the curve (could be NistP256, NistP384, NistP521, ...) those are all supported here. When using the signer (through the Ecdsa struct) you would specify which curve you're using.

This would pick the correct parameters to specify to the TPM when signing, the size of the object that comes back from signature, how to verify them, ...

This function just creates the TPM parameters related to this curve and the selected digest.

[ionut-arm]

Sure, I think I was mostly confused by the existence of two nearly-identical methods before, and that the struct they're tacked to doesn't represent (just) a specific curve.

[baloo]

The key_params_default just use the "default" hashing mechanism for a given curve (P256 would use sha256, P384 would use sha384, etc).

The hashing methods needs to line up otherwise the curve has a higher "security score" than the hashing mechanism it uses and it's a waste of space.

[wiktor-k]

Hmm... how does this work if I don't see the feature declared in Cargo.toml? 🤔

[baloo]

yeaaah, I learned this one recently too lol.
https://doc.rust-lang.org/cargo/reference/features.html#optional-dependencies

By default, this optional dependency implicitly defines a feature that looks like this:

[features]
gif = ["dep:gif"]

I'm abusing that mechanism here.

I actually need to split the features in the Cargo.toml to look more like:

rustcrypto = ["ecdsa", "elliptic-curve", "signature", "x509-cert"]
rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"]

That way you can bring in rustcrypto + "p256" + "sha2" if you only care about those.

While I'm at it: I don't know how to name that feature, is rustcrypto good enough?

[wiktor-k]

rustcrypto and rustcrypto-full are fine for me.

Would you be so kind to adjust all of these to use the rustcrypto-full feature name? (maybe this stuff only bothers me 😅

[rucoder]

@baloo why EcSigner depends on TransientKeyContext? The only method is used there is sign(). Besides TransientKeyContext is limited to RSA key as a primary. it would be better IMO either

1. to have a constructor that that accepts Context and KeyHandle in TransientKeyContext/Builder. Currently fields are private
2. Or maybe turn (partially) TransientKeyContext into a trait since EcSigner uses its methods (actually only sign() so far).

I should probably explain the use case: I'm loading a key that is stored on TPM as Persistent and currently there is no way to use EcSigner with such keys. TransientTpmContext is transient for reasons but then it limits usage of EcSigner

Sure, I can implement my own signer but if we can make EcSigner more versatile it would be very cool

[baloo]

This is a good point. I think I like the idea of making a trait but I'm not sure how to do it yet, TransientKeyContext and Context::sign are pretty dissimilar.

[baloo]

I have a rough follow-up PR for the trait option: baloo#1

[baloo]

It was also missing the implementation for an RSA signer: baloo#2

[ionut-arm]

Looks pretty good overall!

Are you intending to add signing support for RSA too?

[ionut-arm]

Ah, one thing that I keep forgetting - could you please document the new feature (in the README)?

[wiktor-k]

I think this looks good. While I'm no expert in rust crypto I'm of the opinion that this is ready to be shipped to folks to try out in the wild.

[wiktor-k]

rustcrypto and rustcrypto-full are fine for me.

Would you be so kind to adjust all of these to use the rustcrypto-full feature name? (maybe this stuff only bothers me 😅

[wiktor-k]

Why do we need $curve if it's not used anywhere? (also the allow(unused) lint)