New issue
Advanced search Search tips

Issue 916023 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature

Blocking:
issue 917955



Sign in to add a comment

Isolate the crypto related helper function in chaps and attestationd

Project Member Reported by menghuan@chromium.org, Dec 18

Issue description

In chaps (SessionImpl) and attestationd, we have several helper functions which transform the format between
a. TPM defined struct (TPM 1.2 and TPM 2.0 have different struct and serialize/unserialize funcs) 
b. Openssl internal object
c. PKCS#11 format
d. DER-coded string/SecureBlob of public/private key
   d-a. RSA: PKCS#1 and PKCS#8
   d-b. ECC: RFC 5915 and PKCS#8

Currently, we always put the helper function as a member function of the implementation class, even it doesn't need any information in the class.

We have some option to improve that depends on how many codes are duplicate and shared,
a. create/merge to a shared library to reuse these code across the daemon
b. create a utility library to reuse these code in a daemon (ex. chaps_utility)
c. move these function as a static function

 
Owner: menghuan@chromium.org
Add note, consider to use BIO and EAP of OpenSSL.
Blocking: 917955
Description: Show this description
attestationd: common/crypto_utility.h
chaps: in chaps_utility and  session_impl.cc
Status: Assigned (was: Available)
there is also some OpenSSL <-> PKCS11 in p11_replay.cc
cryptohome: cryptolib.cc
Project Member

Comment 7 by bugdroid1@chromium.org, Jan 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/f9882fb5622d8207e50c749c614b6bf8c8f33fb1

commit f9882fb5622d8207e50c749c614b6bf8c8f33fb1
Author: Meng-Huan Yu <menghuan@chromium.org>
Date: Wed Jan 16 03:50:15 2019

chaps: Move OpenSSL helpers to chaps_utility

Move some helpers to daemon level, so that can be used in the other
file.

BUG=chromium:916023
TEST=passed unit test

Change-Id: If43c71893d77ab0562f624d46b51190d4e4eef94
Reviewed-on: https://chromium-review.googlesource.com/1406114
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Meng-Huan Yu <menghuan@chromium.org>

[modify] https://crrev.com/f9882fb5622d8207e50c749c614b6bf8c8f33fb1/chaps/tpm_utility_test.cc
[modify] https://crrev.com/f9882fb5622d8207e50c749c614b6bf8c8f33fb1/chaps/session_impl.cc
[modify] https://crrev.com/f9882fb5622d8207e50c749c614b6bf8c8f33fb1/chaps/chaps_utility.cc
[modify] https://crrev.com/f9882fb5622d8207e50c749c614b6bf8c8f33fb1/chaps/chaps_utility.h

Sign in to add a comment