Expose extra Signer functions #341
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
trevor-crypto
force-pushed
the
sgxs-sigstruct
branch
from
03a8ce5
to
514626c
Compare
Also allow getting hash from EnclaveHash
trevor-crypto
force-pushed
the
sgxs-sigstruct
branch
from
514626c
to
d6ebf7d
Compare
bors bot
added a commit
that referenced
this pull request
Jan 3, 2023
429: sgxs crate changes to enable offline signing r=[Pagten] a=arai-fortanix This change adds new interfaces to the `sgxs` crate to make it possible to sign enclaves separately from creating the sigstructs. This is useful, for example, for performing signing via an HSM. The first two commits in this sequence come from this pull request from ravenac95: #327. I did not include the changes to the command-line sgx-sign tool from that pull request. I think we can have a separate discussion about whether we want to support that model. The library changes should be less controversial. I also included a change to expose the hash bytes from an EnclaveHash object. That comes from #341 from trevor-crypto. This change should be backward-compatible with old code using this crate. New code that wants to use the new `cat_sign()` method and is using a custom key implementation will need to provide the new `SgxRsaPubOps()` trait for calculating the Q1 and Q2 values from a signature, instead of doing this during signing. Co-authored-by: Reuven V. Gonzales <reuven@oasislabs.com> Co-authored-by: Daniel Arai <daniel@fortanix.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Also allow getting hash from EnclaveHash
This is necessary for a custom signer that I'm working on where I need to access the sighash to be signed to distribute to multiple parties. It will help me reduce copy/paste and maintaining a fork, and it should not cause any backward compatibility issues.