Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add C example #4

Open
paulhowardarm opened this issue May 4, 2022 · 2 comments
Open

Add C example #4

paulhowardarm opened this issue May 4, 2022 · 2 comments
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@paulhowardarm
Copy link
Contributor

Summary

Add a simple C example to the "Hello, Parsec" demo suite.

Details

A C example would need to look slightly different from the other examples, all of which use a named key to perform RSA decryption of an input string. This pattern cannot be replicated in C, because there is no C interface to Parsec that understands Parsec's notion of named keys. It is therefore not possible to write a C Parsec program that uses a named key that was provisioned in advance using something like the parsec-tool, which is the general pattern of this demo. A C example would need to provision and use its own key and then delete it again at the end. A good starting point would be to copy/paste code from the test suite of the Parsec SE driver here: https://github.com/parallaxsecond/parsec-se-driver/tree/main/ci/c-tests - although this example actually performs an ECC signature, it could trivially be reworked to do the same kind of RSA workflow that the other demos are doing.

@paulhowardarm paulhowardarm added enhancement New feature or request good first issue Good for newcomers labels May 4, 2022
@ionut-arm
Copy link
Member

It is therefore not possible to write a C Parsec program that uses a named key that was provisioned in advance using something like the parsec-tool, which is the general pattern of this demo.

There could be a way, but it depends on authentication mechanism. If the service is using Unix Domain Socket Peer Credentials, then you can just use the Parsec tool to generate a key with the "appropriate" name, and have the C application use it directly. I've not tried this, I think - it won't work if Mbed Crypto stores some of its own metadata for the key when creating/importing it.

@paulhowardarm
Copy link
Contributor Author

It is therefore not possible to write a C Parsec program that uses a named key that was provisioned in advance using something like the parsec-tool, which is the general pattern of this demo.

There could be a way, but it depends on authentication mechanism. If the service is using Unix Domain Socket Peer Credentials, then you can just use the Parsec tool to generate a key with the "appropriate" name, and have the C application use it directly. I've not tried this, I think - it won't work if Mbed Crypto stores some of its own metadata for the key when creating/importing it.

Yes, that's possible, but it relies on an undocumented mapping that is essentially an implementation detail of the Parsec SE driver. This isn't something I would want to showcase in example/demo code, unless we were to take the decision to formalise and document this mapping, and perhaps also make it configurable. I think there might be some discussions in Slack on this topic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

2 participants