Closed prakashngit closed 2 years ago
dimakuv
commented
3 years ago I would further request to permit the ECDSA curve choice as a configuration parameter.
What does this mean? Could you provide any link? I'm not familiar with this "ECDSA curve choice".
UPDATE: Do you mean this https://tls.mbed.org/api/ecp_8h.html#af79e530ea8f8416480f805baa20b1a2d?
dimakuv
commented
3 years ago In our application, we use components such as the Microsoft Confidential Consortium Framework (CCF) blockchain, which currently only supports ECDSA based client certs for mTLS.
By the way, why is this the case? Why only ECDSA? Is RSA deprecated?
mkow
commented
3 years ago UPDATE: Do you mean this https://tls.mbed.org/api/ecp_8h.html#af79e530ea8f8416480f805baa20b1a2d?
I think so.
By the way, why is this the case? Why only ECDSA? Is RSA deprecated?
EC crypto has much better performance and smaller keys (when compared at the same security level).
dimakuv
commented
3 years ago I'll leave some of my findings here (I guess I will be the one to implement this feature).
This is where RA-TLS X.509 certificate is created (in particular, this is where the keypair for the cert is created):
We'll need to add a switch statement to generate RSA or ECDSA key here.
Some other places to be augmented with ECDSA:
[x] Update to mbedTLS 2.26 (PR gramineproject/graphene#2278)
crypto submodule, it was embedded in main repo, so we can remove that stuff in our Makefilesconfig.h still contains reasonable values[x] Add a new environment variable to dictate RSA/ECDSA signing algo (PR gramineproject/graphene#2314)
RA_TLS_CERT_SIGNATURE_ALGO, and proposed values are RSA, ECDSA_CURVE25519, ECDSA_CURVE448, ECDSA_SECP256K1. More curves needed @prakashngit?mbedTLS ECDSA info:
Example on how to create an ECDSA keypair:
dimakuv
commented
3 years ago Ok, I learned the hard way that ECDSA cannot be used with some EC curves. In particular, CURVE25519 and CURVE448 and not supported. See e.g. https://stackoverflow.com/questions/2515948/use-of-curve25519-in-ecdsa.
So I'm adding only SECP256K1, SECP256R1, ECDSA_SECP384R1, ECDSA_SECP521R1. See also https://www.johndcook.com/blog/2018/08/21/a-tale-of-two-elliptic-curves/.
At this point I need a security expert...
prakashngit
commented
3 years ago @dimakuv Thank you very much Dmitrii. Those are good for my purposes at least. For instance, CCF supports 256 and 384 curves.
dimakuv
commented
3 years ago Ok, I created gramineproject/graphene#2314. This should be good, @prakashngit ?
prakashngit
commented
3 years ago @dimakuv Thank you very much! Yes, looks good looking at the changes ( i haven't tested, will do soon).
dimakuv
commented
3 years ago This issue can be fixed with PR https://github.com/gramineproject/graphene/pull/2314. At some point, we need to re-create the PR in the new Gramine repo.
This is a feature request to support ECDSA in addition to RSA as the choice of signing algorithm used by RA-TLS. From https://github.com/oscarlab/graphene/blob/master/Pal/src/host/Linux-SGX/tools/ra-tls/ra_tls.h, it appears that currently the certs are forced to be RSA based certs. It would be great if ECDSA based RA-TLS certs can be supported.
I would further request to permit the ECDSA curve choice as a configuration parameter.
In our application, we use components such as the Microsoft Confidential Consortium Framework (CCF) blockchain, which currently only supports ECDSA based client certs for mTLS.
Thanks Prakash
Description of the problem
Steps to reproduce
Expected results
Actual results