[Cryptech Core] dnssec signer

Павел Шатов meisterpaul1 at yandex.ru
Wed Jul 15 20:23:39 UTC 2015


On 15.07.2015 15:50, Rob Austein wrote:
> At Wed, 15 Jul 2015 13:57:01 +0200, Jakob Schlyter wrote:
>>
>> On 14 jul 2015, at 05:21, Paul Selkirk <paul at psgd.org> wrote:
>>>
>>> Except we don't have the last part. The install ends with libpkcs11.so.
>>> AIUI, we need the opendnssec signer working over this pkcs11, or we need
>>> to quickly implement increment hashing, so we can use the bind9 signer
>>> (see ticket #39).
>>
>> How hard is it do add increment hashing?
>
> Need ability to save and restore hash core state, because breaking
> hashing up into multiple PKCS #11 API calls means that we're releasing
> the lock between hash updates, thus have no control over what else
> might also be trying to use the same hash core.
>
> Other than that, it's trivial, or at least straightforward.
>

Do I get it right, that for SHA-256 internal state is defined by eight 
32-bit words (h0..h7)? Saving state implies reading current digest value 
and saving it somewhere (not in FPGA), while restoring state means 
initializing h0..h7 registers with some arbitrary values, right?

I've actually taken a look at core/hash/sha256, I think it is possible 
to add state restore functionality, if I understand it correctly. If Rob 
and Paul can help me compile and test modified sha256.v in hardware, I 
will try to fix it on Friday.

Pavel

>> And is it only BIND9 that uses it?
>
> I doubt it.  The incremental hashing API in PKCS #11 more closely
> resembles what all the library APIs do.  All-at-once is just an API
> optimization over the incremental API.
>
>> OpenDNSSEC hashes outside of PKCS#11, I though (wrongly?) that BIND9
>> did that as well.
>
> BIND 9.10 in native PKCS #11 mode (ie, without OpenSSL, its engine
> API, and one of the several flaky engine-to-PKCS #11 shims) uses PKCS
> #11 for all cryptographic operations.
>
> Improbable though it may seem, they're trying to reduce the amount of
> code in BIND 9.  The stated goal is to get rid of OpenSSL completely
> some day.  Haven't finished the job yet, in part because so few HSMs
> provide all the necessary functions.
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core
>



More information about the Core mailing list