Add support for Fortanix DSM signer #469
Conversation
|
Mind rebasing? We just cut a new release and can start looking at this |
mzohreva
force-pushed
the
mz/support-dsm
branch
2 times, most recently
from
cf06381
to
f47e62e
Compare
|
@tony-iqlusion any progress on reviewing this? Let me know if you need more information about Fortanix DSM. |
mzohreva
force-pushed
the
mz/support-dsm
branch
from
f47e62e
to
ec212f6
Compare
|
@mzohreva it looks like the checks didn't run. Can you try doing a quick |
mzohreva
force-pushed
the
mz/support-dsm
branch
from
ec212f6
to
6eb17e2
Compare
|
@tony-iqlusion just did what you asked, I see no change. In the Checks tab I see this: |
|
@mzohreva I have a button on my side now, which I just hit, and the workflow is running |
|
Seems like |
mzohreva
force-pushed
the
mz/support-dsm
branch
from
6eb17e2
to
adc099d
Compare
|
Looks like a clippy failure |
mzohreva
force-pushed
the
mz/support-dsm
branch
from
adc099d
to
feb06a2
Compare
|
@tony-iqlusion just addressed the clippy issues. |
mzohreva
force-pushed
the
mz/support-dsm
branch
from
feb06a2
to
690c190
Compare
|
Thanks! The build is finally green. Will take a more in-depth look tomorrow. |
| } | ||
|
|
||
| // See RFC 8410 section 3 | ||
| const ED_25519_OID: ObjectIdentifier = ObjectIdentifier::new("1.3.101.112"); |
There was a problem hiding this comment.
This is available as ed25519::pkcs8::ALGORITHM_OID.
Not a blocker for merging though, I can fix it up afterward (ed25519 is currently only a transitive dependency).
| struct Ed25519PublicKey(Ed25519); | ||
|
|
||
| impl DecodePublicKey for Ed25519PublicKey {} | ||
|
|
||
| impl<'a> TryFrom<SubjectPublicKeyInfo<'a>> for Ed25519PublicKey { | ||
| type Error = SpkiError; | ||
|
|
||
| fn try_from(spki: SubjectPublicKeyInfo<'_>) -> Result<Self, Self::Error> { | ||
| spki.algorithm.assert_algorithm_oid(ED_25519_OID)?; | ||
|
|
||
| if spki.algorithm.parameters != None { | ||
| // TODO: once/if https://github.com/RustCrypto/formats/issues/354 is addressed we should use that error variant. | ||
| return Err(SpkiError::KeyMalformed); | ||
| } | ||
|
|
||
| Ed25519::from_bytes(spki.subject_public_key) | ||
| .map_err(|_| SpkiError::KeyMalformed) | ||
| .map(Ed25519PublicKey) | ||
| } | ||
| } |
There was a problem hiding this comment.
Likewise most of this is available as ed25519::pkcs8::PublicKeyBytes
|
A few nits re: PKCS#8/SPKI, but I'm going to go ahead and merge anyway as I'd like to get this in both to have it and to unblock other work. If you'd like to follow up with using the |
I'll need to update documentation to reflect the new signing provider, but wanted to get some early feedback first.