From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 687D297D46 for ; Wed, 6 Mar 2024 13:36:18 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 511FE16EBE for ; Wed, 6 Mar 2024 13:36:18 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 6 Mar 2024 13:36:17 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 6D0C448855 for ; Wed, 6 Mar 2024 13:36:17 +0100 (CET) From: Stefan Sterz To: pbs-devel@lists.proxmox.com Date: Wed, 6 Mar 2024 13:35:59 +0100 Message-Id: <20240306123609.164021-3-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240306123609.164021-1-s.sterz@proxmox.com> References: <20240306123609.164021-1-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.076 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH proxmox v2 02/12] auth-api: move to Ed25519 signatures X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2024 12:36:18 -0000 previously we used P-256 as the curve of our choice for ec signatures. however, in the meantime Ed25519 has become a lot more wide-spread. this simplifies our ec generation code significantly while keeping the same security level. Ed25519 was also specifically designed and reviewed to avoid implementation errors likely making it a more secure choice note that Ed25519 as a signature scheme always uses sha512, so signing or verifying with a chosen digest is not supported. as this mostly affects newly generated keys, this should not break any existing setups. Signed-off-by: Stefan Sterz --- proxmox-auth-api/src/auth_key.rs | 52 +++++++++++++++++++------------- proxmox-auth-api/src/ticket.rs | 2 +- 2 files changed, 32 insertions(+), 22 deletions(-) diff --git a/proxmox-auth-api/src/auth_key.rs b/proxmox-auth-api/src/auth_key.rs index 32120a3..f7a83bb 100644 --- a/proxmox-auth-api/src/auth_key.rs +++ b/proxmox-auth-api/src/auth_key.rs @@ -1,10 +1,8 @@ //! Auth key handling. use anyhow::{bail, format_err, Error}; -use openssl::ec::{EcGroup, EcKey}; use openssl::hash::MessageDigest; -use openssl::nid::Nid; -use openssl::pkey::{HasPublic, PKey, PKeyRef, Private, Public}; +use openssl::pkey::{HasPublic, Id, PKey, PKeyRef, Private, Public}; use openssl::rsa::Rsa; use openssl::sign::{Signer, Verifier}; @@ -33,14 +31,9 @@ impl PrivateKey { /// Generate a new EC auth key. pub fn generate_ec() -> Result { - let nid = Nid::X9_62_PRIME256V1; - let group = EcGroup::from_curve_name(nid) - .map_err(|err| format_err!("failed to get P-256 group - {err}"))?; - let ec = EcKey::generate(&group) - .map_err(|err| format_err!("failed to generate EC key for testing - {err}"))?; Ok(Self { - key: PKey::from_ec_key(ec) - .map_err(|err| format_err!("failed to get PKey for EC key - {err}"))?, + key: PKey::generate_ed25519() + .map_err(|err| format_err!("failed to generate EC PKey - {err}"))?, }) } @@ -59,9 +52,10 @@ impl PrivateKey { .map_err(|err| format_err!("failed to encode rsa private key as PEM - {err}")); } - if let Ok(ec) = self.key.ec_key() { - return ec - .private_key_to_pem() + if self.key.id() == Id::ED25519 { + return self + .key + .private_key_to_pem_pkcs8() .map_err(|err| format_err!("failed to encode ec private key as PEM - {err}")); } @@ -77,8 +71,9 @@ impl PrivateKey { .map_err(|err| format_err!("failed to encode rsa public key as PEM - {err}")); } - if let Ok(ec) = self.key.ec_key() { - return ec + if self.key.id() == Id::ED25519 { + return self + .key .public_key_to_pem() .map_err(|err| format_err!("failed to encode ec public key as PEM - {err}")); } @@ -92,8 +87,15 @@ impl PrivateKey { } pub(self) fn sign(&self, digest: MessageDigest, data: &[u8]) -> Result, Error> { - Signer::new(digest, &self.key) - .map_err(|e| format_err!("could not create private key signer - {e}"))? + let mut signer = if self.key.id() == Id::ED25519 { + // ed25519 does not support signing with digest + Signer::new_without_digest(&self.key) + } else { + Signer::new(digest, &self.key) + } + .map_err(|e| format_err!("could not create private key signer - {e}"))?; + + signer .sign_oneshot_to_vec(data) .map_err(|e| format_err!("could not sign with private key - {e}")) } @@ -121,8 +123,9 @@ impl PublicKey { .map_err(|err| format_err!("failed to encode rsa public key as PEM - {err}")); } - if let Ok(ec) = self.key.ec_key() { - return ec + if self.key.id() == Id::ED25519 { + return self + .key .public_key_to_pem() .map_err(|err| format_err!("failed to encode ec public key as PEM - {err}")); } @@ -192,8 +195,15 @@ impl Keyring { signature: &[u8], data: &[u8], ) -> Result { - Verifier::new(digest, key) - .map_err(|err| format_err!("failed to create openssl verifier - {err}"))? + let mut verifier = if key.id() == Id::ED25519 { + // ed25519 does not support digests + Verifier::new_without_digest(key) + } else { + Verifier::new(digest, key) + } + .map_err(|err| format_err!("failed to create openssl verifier - {err}"))?; + + verifier .verify_oneshot(signature, data) .map_err(|err| format_err!("openssl error verifying data - {err}")) } diff --git a/proxmox-auth-api/src/ticket.rs b/proxmox-auth-api/src/ticket.rs index 81054f8..c8fc667 100644 --- a/proxmox-auth-api/src/ticket.rs +++ b/proxmox-auth-api/src/ticket.rs @@ -300,7 +300,7 @@ mod test { } #[test] - fn test_tickets_ecdsa() { + fn test_tickets_ed25519() { let keyring = Keyring::generate_new_ec().expect("failed to generate EC key for testing"); simple_test(&keyring, Some("secret aad data"), |_| true); -- 2.39.2