Open dewyatt opened 5 years ago
The plan sounds sane. On the other hand we will need to decide what it should interact with:
@ronaldtse Generally I think nowadays all vendors provide a PKCS#11 API module at least, so they should all be very similar apart from quirks and features. Although it has been a while since I did any dev in this area.
Looking at this more I think it might make sense to go all-in on p11-kit and forego the Botan PKCS#11 wrapper. p11-kit provides some nice arbitration for access by multiple components in the same process, which may make sense in a library.
Revised plan:
C_Initialize
/C_Finalize
in the same process. Maybe botan will use p11-kit in the future.I was able to get RSA decryption offloaded to an HSM in rnp today. It's an awful hack but worked as a proof-of-concept. I did fight a while tracking down this bug: https://github.com/randombit/botan/pull/1979 but overall Botan's PKCS#11 stuff seems nice to work with so far.
@dewyatt thank you for the great news about the working PoC! The revised plan looks reasonable, and the road ahead looks much clearer now.
It looks like this is going to be a relatively large effort that will touch a lot of the codebase. Converting any single portion of rnp's code from using Botan's FFI to using Botan's C++ interface has a bit of a cascading effect requiring other sections to do the same (like if I convert the RSA code, I'll need to do the RNG code, and everything that uses that, etc). Plus I'll need to be cautious about exceptions in order to properly maintain our current error handling scheme.
I have made some progress but I'd like to put this on hold and re-prioritize as follows:
My main reasoning here is that I'm getting concerned about our CI run times approaching the limit of 50 minutes. We typically only reach about 40 minutes on a single job, so we still have some breathing room but that gap is closing with every test we add. Plus, the feedback loop is frustratingly slow for developers.
@ronaldtse Does this sound OK to you?
@dewyatt sorry for the late reply! Yes, it sounds perfectly reasonable. With GitLab we can even shave the setup time using a custom docker container.
Description
This is a discussion issue for planning out HSM support. My initial thoughts are: