Skip to content

lib: add crypto plugin support#287

Open
mikma wants to merge 3 commits intojow-:masterfrom
mikma:crypto
Open

lib: add crypto plugin support#287
mikma wants to merge 3 commits intojow-:masterfrom
mikma:crypto

Conversation

@mikma
Copy link
Contributor

@mikma mikma commented Mar 22, 2025
edited
Loading

Implement message digest, and RSA and ECDSA signing and verification
in crypto_mbedtls plugin.

Add crypto.uc module as a wrapper that uses one of crypto_mbedtls and
(future) crypto_openssl to provide a cryptographic implementation to
the user.

Test RSA and ECDSA signature verification, and key generation
with message signing and verification.

@mikma mikma force-pushed the crypto branch 3 times, most recently from a15f320 to 5d64614 Compare March 22, 2025 22:24
@mikma mikma force-pushed the crypto branch 6 times, most recently from b35dd93 to 27e7693 Compare April 2, 2025 19:01
@mikma
Copy link
Contributor Author

mikma commented Apr 2, 2025

The image registry.gitlab.com/ynezz/openwrt-ci/native-testing contains an outdated OpenSSL version (1.1.1) which is the reason the OpenSSL plugin can't be built and subsequently the OpenSSL tests fail in "OpenWrt CI pull request testing / Various native checks (pull_request)". The OpenSSL plugin requires OpenSSL version 3.0.0 or later.

I'm using FindMbedTLS.cmake from AVSystem with Apache-2.0 license, let me know if that's a problem. MbedTLS 3.6.0+ provides pkgconfig files that's another option, but then it won't build on Debian older then 13 (trixie) and Ubuntu older than 25.04 (plucky puffin).

@jow-
Copy link
Owner

jow- commented Apr 28, 2025

Thanks for the contribution! I want to move away from @ynezz custom images towards some standard CI runner image but unfortunately lack the time right now to look into it. On the other hand I do not want to merge a PR with known failing tests.

Do you have capacity to look into revamping the native CI tests by any chance? In the end it just requires some standard distro image which is able to install a number of clang and gcc versions in parallel.

@mikma
lib: add crypto mbedtls plugin support
46f11a1 
Implement message digest, and RSA and ECDSA signing
and verification.

Add NIST curve alises in order to support the same curve names
in crypto-mbetls and crypto-openssl:

* P-192
* P-224
* P-256
* P-384
* P-521
* brainpoolP256r1
* brainpoolP384r1
* brainpoolP512r1

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
@mikma
tests: add crypto mbedtls tests
1de5707 
Test RSA, ECDSA, and EdDSA signature verification,
and key generation with message signing and verification.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
@mikma
lib: add crypto.uc
6962961 
The module crypto.uc uses one of crypto_openssl and crypto_mbedtls
to provide a cryptographic implementation to the user. The crypto_openssl
module is preferred since it supports EdDSA in addition to RSA and ECDSA,
which are also supported by crypto_mbedtls.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikma @jow-