[16917] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #9112] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Mar 18 21:20:27 2024

From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: 
Message-ID: <rt-4.4.3-2-2090772-1710811220-1287.9112-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9112":;
Date: Mon, 18 Mar 2024 21:20:20 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Mon Mar 18 21:20:20 2024: Request 9112 was acted upon.
 Transaction: Ticket created by ghudson@mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson@mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9112 >



Support PKCS11 EC client certs in PKINIT

Move the digest computation and DigestInfo encoding from
cms_signeddata_create() to pkinit_sign_data_pkcs11(), and
conditionalize the DigestInfo encoding on the key type.  Use CKM_ECDSA
instead of CKM_RSA_PKCS for EC keys, and convert the resulting
signature from the PKS11 encoding to the ASN.1 encoding required by
CMS.

Regenerate the test certificates with an additional EC client cert.
Add test cases for EC client certs with and without PKCS11.

https://github.com/krb5/krb5/commit/f745c9a9bd6c0c73b944182173f1ac305d03dc3a
Author: Greg Hudson <ghudson@mit.edu>
Commit: f745c9a9bd6c0c73b944182173f1ac305d03dc3a
Branch: master
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 319 +++++++++++++--------
 src/tests/pkinit-certs/ca.pem                      |  32 +--
 src/tests/pkinit-certs/eckey.pem                   |   5 +
 src/tests/pkinit-certs/ecuser.pem                  |  24 ++
 src/tests/pkinit-certs/generic.p12                 | Bin 2469 -> 2560 bytes
 src/tests/pkinit-certs/generic.pem                 |  38 +--
 src/tests/pkinit-certs/kdc.pem                     |  32 +--
 src/tests/pkinit-certs/make-certs.sh               |  11 +-
 src/tests/pkinit-certs/privkey-enc.pem             |  60 ++--
 src/tests/pkinit-certs/privkey.pem                 |  55 ++--
 src/tests/pkinit-certs/user-enc.p12                | Bin 2829 -> 2920 bytes
 src/tests/pkinit-certs/user-upn.p12                | Bin 2821 -> 2912 bytes
 src/tests/pkinit-certs/user-upn.pem                |  32 +--
 src/tests/pkinit-certs/user-upn2.p12               | Bin 2805 -> 2896 bytes
 src/tests/pkinit-certs/user-upn2.pem               |  34 +--
 src/tests/pkinit-certs/user-upn3.p12               | Bin 2821 -> 2912 bytes
 src/tests/pkinit-certs/user-upn3.pem               |  32 +--
 src/tests/pkinit-certs/user.p12                    | Bin 2829 -> 2920 bytes
 src/tests/pkinit-certs/user.pem                    |  30 +-
 src/tests/t_pkinit.py                              |  20 ++
 20 files changed, 437 insertions(+), 287 deletions(-)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16917] in Kerberos-V5-bugs

[krbdev.mit.edu #9112] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)Mon Mar 18 21:20:27 2024

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Mar 18 21:20:27 2024