Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support keys other than ECDSA P-256 in HSM signer #581

Open
bestbeforetoday opened this issue Apr 25, 2023 · 0 comments
Open

Support keys other than ECDSA P-256 in HSM signer #581

bestbeforetoday opened this issue Apr 25, 2023 · 0 comments
Labels
client Relates to Fabric Gateway client enhancement New feature or request good first issue Good for newcomers hacktoberfest https://hacktoberfest.com/

Comments

@bestbeforetoday
Copy link
Member

bestbeforetoday commented Apr 25, 2023

As a blockchain developer
I want to be able to use arbitrary key types when signing using a Hardware Security Module (HSM)
So that I can use any key type supported by Fabric

In order to ensure that signatures are in canonical format (with low S values), the current Go and Node HSM signer implementations assume that the signing keys in the HSM are P-256 -- or at least that they are elliptic curve keys with the same curve N order as P-256 keys -- to manipulate the signature returned by the HSM. In theory it is possible for other key sizes, curve types or encryption mechanisms to be used.

A more generic solution might be to allow a mapping function to be (optionally) specified when creating the HSM signer, which would be applied to the signature returned by the HSM. The default mapping function would be to ensure the canonical form of a P-256 ECDSA signature (as the code does today), with the user able to specify an appropriate function for whatever keys they use in their HSM.

An additional consideration for the Node implementation is that an appropriately sized pre-allocated Buffer needs to be passed to the call to C_Sign (or C_SignAsync). This needs to be a suitable size to contain the returned signature so the minimum size is dictated by the type of key used.

@bestbeforetoday bestbeforetoday added enhancement New feature or request good first issue Good for newcomers client Relates to Fabric Gateway client labels Apr 25, 2023
@bestbeforetoday bestbeforetoday added the hacktoberfest https://hacktoberfest.com/ label Oct 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client Relates to Fabric Gateway client enhancement New feature or request good first issue Good for newcomers hacktoberfest https://hacktoberfest.com/
Projects
None yet
Development

No branches or pull requests

1 participant