Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Circl's signature schemes #1123

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for Circl's signature schemes #1123

wants to merge 1 commit into from

Conversation

bwesterb
Copy link
Member

@bwesterb bwesterb commented Aug 19, 2020
edited
Loading

This PR adds support for the signature schemes from Cloudflare's Circl library, such as the hybrid scheme Ed25519-Dilithium3. This is preparation to set up a secondary experimental post-quantum secure CA within Cloudflare. (See Jira ticket RTG-49 for internal context.)

cfssl relies on Go's internal crypto/x509, which makes it impossible to add new signature schemes which are not supported by Go itself. Thus we have created a fork of Go that adds support for the signature schemes in Circl to crypto/x509 and crypto/tls. If cfssl is built with vanilla Go, then nothing changes. If cfssl is built using our Go fork, then it will include support for the additional signature schemes. (This is controlled by the cfgo build-tag.)

This PR does not yet update cfscan as it does not support TLS 1.3 (yet). We'll add that later.

@codecov-commenter
Copy link

codecov-commenter commented Sep 2, 2020
edited
Loading

Codecov Report

Merging #1123 into master will decrease coverage by 0.36%.
The diff coverage is 10.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1123      +/-   ##
==========================================
- Coverage   56.27%   55.90%   -0.37%     
==========================================
  Files          77       77              
  Lines        7309     7364      +55     
==========================================
+ Hits         4113     4117       +4     
- Misses       2727     2777      +50     
- Partials      469      470       +1
Impacted Files Coverage Δ
bundler/bundle.go 78.40% <0.00%> (-6.78%) ⬇️
bundler/bundler.go 77.80% <0.00%> (-1.43%) ⬇️
cli/config.go 89.39% <ø> (ø)
helpers/derhelpers/derhelpers.go 0.00% <0.00%> (ø)
helpers/helpers.go 72.33% <0.00%> (-0.85%) ⬇️
initca/initca.go 58.69% <0.00%> (-3.14%) ⬇️
scan/tls_handshake.go 0.00% <0.00%> (ø)
signer/signer.go 22.81% <0.00%> (-0.23%) ⬇️
transport/kp/key_provider.go 31.42% <0.00%> (-2.53%) ⬇️
csr/csr.go 82.50% <57.89%> (-2.59%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2916a1f...4a1be97. Read the comment docs.

@bwesterb
Copy link
Member Author

bwesterb commented Sep 2, 2020

@claucece

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@armfazh armfazh Awaiting requested review from armfazh

@lgarofalo lgarofalo Awaiting requested review from lgarofalo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bwesterb @codecov-commenter