Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some improvements #24

Merged
merged 3 commits into from
Dec 18, 2023
Merged

Some improvements #24

merged 3 commits into from
Dec 18, 2023

Conversation

Taowyoo
Copy link
Collaborator

@Taowyoo Taowyoo commented Dec 15, 2023

  • Expose more type to public to enable user to create custom cipher suite
  • Bump version of rustls-mbedtls-provider-utils
  • Add some utility functions for MbedTlsPkSigningKey
  • Expose some utility functions

@Taowyoo
Some implements
1ddf1a1 
- Expose more type to public to enable user to create custom cipher suite
- Bump version of rustls-mbedtls-provider-utils
- Add some utility functions for MbedTlsPkSigningKey
- Expose some utility functions
@Taowyoo Taowyoo added the enhancement New feature or request label Dec 15, 2023
@Taowyoo Taowyoo requested a review from s-arash December 15, 2023 22:48
@Taowyoo Taowyoo self-assigned this Dec 15, 2023
@Taowyoo Taowyoo changed the title Some implements Some improvements Dec 15, 2023
s-arash
s-arash reviewed Dec 15, 2023
View reviewed changes
rustls-mbedtls-provider-utils/src/pk.rs Outdated Show resolved Hide resolved
rustls-mbedcrypto-provider/src/sign.rs Outdated Show resolved Hide resolved
s-arash
s-arash reviewed Dec 15, 2023
View reviewed changes
rustls-mbedcrypto-provider/src/sign.rs Outdated Show resolved Hide resolved
rustls-mbedcrypto-provider/src/sign.rs Outdated Show resolved Hide resolved
rustls-mbedcrypto-provider/src/sign.rs Outdated Show resolved Hide resolved
@codecov Codecov
Copy link

codecov bot commented Dec 15, 2023
edited
Loading

Codecov Report

Attention: 6 lines in your changes are missing coverage. Please review.

Comparison is base (08cae7a) 93.40% compared to head (9c434d4) 93.31%.

❗ Current head 9c434d4 differs from pull request most recent head b092184. Consider uploading reports for the commit b092184 to get more accurate results

Files Patch % Lines
rustls-mbedcrypto-provider/src/sign.rs 91.17% 3 Missing ⚠️
rustls-mbedtls-provider-utils/src/pk.rs 88.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #24      +/-   ##
==========================================
- Coverage   93.40%   93.31%   -0.09%     
==========================================
  Files          16       16              
  Lines        1956     1975      +19     
==========================================
+ Hits         1827     1843      +16     
- Misses        129      132       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Taowyoo Taowyoo requested a review from s-arash December 15, 2023 23:43
@Taowyoo Taowyoo force-pushed the yx/some-improvements branch from 9c434d4 to b092184 Compare December 18, 2023 17:08
@Taowyoo Taowyoo added this pull request to the merge queue Dec 18, 2023
Merged via the queue into master with commit 98a438e Dec 18, 2023
24 of 26 checks passed
@Taowyoo Taowyoo deleted the yx/some-improvements branch December 18, 2023 18:14
github-merge-queue bot pushed a commit that referenced this pull request Dec 20, 2023
@s-arash @Taowyoo
Rebase FFDHE branch (#26)
c42f0d9 
* Some improvements (#24)

* Some implements

- Expose more type to public to enable user to create custom cipher suite
- Bump version of rustls-mbedtls-provider-utils
- Add some utility functions for MbedTlsPkSigningKey
- Expose some utility functions

* better pk_type_to_signature_algo

* Move get_signature_schema_from_offered to utils crate with better rustdoc

* Implement FFDHE support in mbedcrypto-provider (#23)

* Implement FFDHE support in mbedcrypto-provider

* Add test for bad FFDHE public keys

* Address review comments

* Update rustls dependency to one based on 0.22.1 in Cargo.lock

---------

Co-authored-by: Arash Sahebolamri <[email protected]>

---------

Co-authored-by: YX Cao <[email protected]>
Co-authored-by: Arash Sahebolamri <[email protected]>
Taowyoo added a commit that referenced this pull request Mar 13, 2024
@Taowyoo
Some improvements (#24)
1ff92c9 
* Some implements

- Expose more type to public to enable user to create custom cipher suite
- Bump version of rustls-mbedtls-provider-utils
- Add some utility functions for MbedTlsPkSigningKey
- Expose some utility functions

* better pk_type_to_signature_algo

* Move get_signature_schema_from_offered to utils crate with better rustdoc

Return `VerifyError` in a better way (#25)

* special fix: return cert validity check result first

* return verify_error in a better way

* add set function

* add some unit tests

* add some more unit tests

Fix rustls dependency with `tag = "ffdhe-r1"` (#29)

use unmerged updated rustls

update to use new rustls with tag

export hash types

Export types enable user to create customized cipher suites.

better comments

Fix leading zeros bug in FFDHE kx

+ Update rustls dep to `ffdhe-r3`

Add self_tests module, and include KDF tests (helps with FIPS compliance)

    - Apply suggestions from code review
    - Co-authored-by: YX Cao <[email protected]>
    - Signed-off-by: Arash Sahebolamri <[email protected]>

Update KDF self test to better reflect extended master secret extraction (#38)

Co-authored-by: Arash Sahebolamri <[email protected]>

upgrade rustls to tag `ffdhe-r4`

Upgrade rustls to add support of new config option
for requiring peer support of extended master secret
extension.

Chore(deps): bump the crates-io group with 1 update (#33)

Bumps the crates-io group with 1 update: [rustls](https://github.com/rustls/rustls).

Updates `rustls` from 0.22.1 to 0.22.2
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.22.1...v/0.22.2)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Add self_tests module, and include KDF tests (helps with FIPS compliance) (#35)

- Apply suggestions from code review
- Co-authored-by: YX Cao <[email protected]>
- Signed-off-by: Arash Sahebolamri <[email protected]>

Co-authored-by: Arash Sahebolamri <[email protected]>

Update KDF self test to better reflect extended master secret extraction (#37)

Co-authored-by: Arash Sahebolamri <[email protected]>

Chore(deps): bump the crates-io group with 3 updates (#41)

Bumps the crates-io group with 3 updates: [env_logger](https://github.com/rust-cli/env_logger), [mbedtls](https://github.com/fortanix/rust-mbedtls) and [chrono](https://github.com/chronotope/chrono).

Updates `env_logger` from 0.10.1 to 0.10.2
- [Release notes](https://github.com/rust-cli/env_logger/releases)
- [Changelog](https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md)
- [Commits](rust-cli/env_logger@v0.10.1...v0.10.2)

Updates `mbedtls` from 0.12.1 to 0.12.2
- [Release notes](https://github.com/fortanix/rust-mbedtls/releases)
- [Commits](fortanix/rust-mbedtls@mbedtls_v0.12.1...mbedtls_v0.12.2)

Updates `chrono` from 0.4.31 to 0.4.33
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](chronotope/chrono@v0.4.31...v0.4.33)

---
updated-dependencies:
- dependency-name: env_logger
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
- dependency-name: mbedtls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crates-io
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

add Cryptographic Algorithm Self Test

- Add a Known answer Cryptographic Algorithm Self Test for FFDHE cipher suites.

Add FFDHE FIPS checks (#48)

This PR adds necessary FIPS checks in FFDHE key exchange:

- Add a Known answer Cryptographic Algorithm Self Test for FFDHE cipher suites.
- Add FFC Pairwise Consistency Test described in [FIPS 140-3 IG] section 10.3.A.
- Add FFC Full Public-Key Validation Routine defined in section 5.6.2.3.3 of [NIST SP 800-56A Rev. 3].

[FIPS 140-3 IG]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements
[NIST SP 800-56A Rev. 3]: https://csrc.nist.gov/pubs/sp/800/56/a/r3/final

Back port ecdh fips checks (#50)

* Add ECDHE FIPS checks (#46)

* build: add feature `fips`

Add feature `fips` for "rustls-mbedcrypto-provider".

* feat: add fips EC public key check

- Add ECC Full Public-Key Validation during EC key exchange.
- Add tests for check functions and new `FipsCheckError`.
- Add tests to CI.

* Add ECC Pairwise Consistency Test for FIPS

* refactor: better naming & code style & code order

* refactor: improve EC fips checks

* test: add tests for fips pct check

* update tests

* fix ci

* cargo fmt

refactor fips code

change fips test logging level to debug
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s-arash s-arash s-arash approved these changes

Assignees

@Taowyoo Taowyoo

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Taowyoo @s-arash