Implement missing functions in the Cyclone library wrapper
Description
The cyclone library in S2OPC is not fully implemented.The purpose of this ticket is to implement the missing functions.
Detailed description
The following functions should be implemented :
- SOPC_KeyManager_AsymmetricKey_GenRSA
- SOPC_KeyManager_AsymmetricKey_ToPEMFile
- SOPC_KeyManager_Certificate_GetSubjectName
- SOPC_KeyManager_Certificate_GetSanDnsNames
- SOPC_KeyManager_CertificateList_AttachToSerializedArray
- SOPC_KeyManager_CRLList_AttachToSerializedArray
- SOPC_KeyManager_CSR_Create
- SOPC_KeyManager_CSR_ToDER
- SOPC_KeyManager_CSR_Free
Moreover, all tests using the Cyclone Crypto library in S2OPC should be activated to verify that the implemented functionality works correctly.
Code version identification
Security impact
No security impact
Implementation
The function SOPC_KeyManager_AsymmetricKey_GenRSA will call the Cyclone rsaGenerateKeyPair function, which contains a not implemented function on linux (mpiCheckProbablePrime). We can use the folowing code to implement this function directly in the Cyclone library, and apply a patch to the Cyclone Crypto library in the docker :
https://github.com/dananjayavr/cyclone_crypto_rsa_sha_signature/tree/master
Known limitations
With the patch mentioned in the implementation section, on Linux, the function SOPC_KeyManager_AsymmetricKey_GenRSA will be intended for use in CI testing only.
It is not recommended to use this function in a production environment.
SOPC_KeyManager_AsymmetricKey_ToPEMFile does not support the password parameter for private key since Cyclone does not support it.