[Cryptech Core] dnssec signer

Leif Johansson leifj at sunet.se
Wed Jul 15 20:25:52 UTC 2015


On 2015-07-15 22:23, Павел Шатов wrote:
> On 15.07.2015 15:50, Rob Austein wrote:
>> At Wed, 15 Jul 2015 13:57:01 +0200, Jakob Schlyter wrote:
>>>
>>> On 14 jul 2015, at 05:21, Paul Selkirk <paul at psgd.org> wrote:
>>>>
>>>> Except we don't have the last part. The install ends with libpkcs11.so.
>>>> AIUI, we need the opendnssec signer working over this pkcs11, or we
>>>> need
>>>> to quickly implement increment hashing, so we can use the bind9 signer
>>>> (see ticket #39).
>>>
>>> How hard is it do add increment hashing?
>>
>> Need ability to save and restore hash core state, because breaking
>> hashing up into multiple PKCS #11 API calls means that we're releasing
>> the lock between hash updates, thus have no control over what else
>> might also be trying to use the same hash core.
>>
>> Other than that, it's trivial, or at least straightforward.
>>
> 
> Do I get it right, that for SHA-256 internal state is defined by eight
> 32-bit words (h0..h7)? Saving state implies reading current digest value
> and saving it somewhere (not in FPGA), while restoring state means
> initializing h0..h7 registers with some arbitrary values, right?
> 
> I've actually taken a look at core/hash/sha256, I think it is possible
> to add state restore functionality, if I understand it correctly. If Rob
> and Paul can help me compile and test modified sha256.v in hardware, I
> will try to fix it on Friday.

This will allow us to do message digesting inside the security boundary
too right?

> 
> Pavel
> 
>>> And is it only BIND9 that uses it?
>>
>> I doubt it.  The incremental hashing API in PKCS #11 more closely
>> resembles what all the library APIs do.  All-at-once is just an API
>> optimization over the incremental API.
>>
>>> OpenDNSSEC hashes outside of PKCS#11, I though (wrongly?) that BIND9
>>> did that as well.
>>
>> BIND 9.10 in native PKCS #11 mode (ie, without OpenSSL, its engine
>> API, and one of the several flaky engine-to-PKCS #11 shims) uses PKCS
>> #11 for all cryptographic operations.
>>
>> Improbable though it may seem, they're trying to reduce the amount of
>> code in BIND 9.  The stated goal is to get rid of OpenSSL completely
>> some day.  Haven't finished the job yet, in part because so few HSMs
>> provide all the necessary functions.
>> _______________________________________________
>> Core mailing list
>> Core at cryptech.is
>> https://lists.cryptech.is/listinfo/core
>>
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core





More information about the Core mailing list