Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove direct YubiHSM support; replace with generic HSM support #110

Closed
spoonincode opened this issue Apr 17, 2022 · 1 comment
Closed
Assignees

Comments

@spoonincode
Copy link
Member

spoonincode commented Apr 17, 2022

Direct YubiHSM support was integrated in to keosd by way of integrating libyubihsm in EOSIO 1.7. While this generally works well enough, it is not without problems:

  • It brings in a number of dependencies (curl, libusb, pkg-config). Originally I shrugged these off as being super common and thus not onerous to depend on. But, we have indeed seen problems like some sort of curl+pkg-config issue in homebrew at one point. Also, libusb is LGPL which may introduce some problems in the future if we simplify our binary releases. Finally, these days, for the most part I’d like to see a reduction in dependencies; I don’t believe YubiHSM support is worth the baggage of more dependencies when there is a reasonable alternative.
    (I experimented with resolving much of the dependency issue in refactor yubihsm: drop curl & pkgconfig build deps; libusb runtime dep EOSIO/eos#9075, but, while clever, I consider it less desirable than my preference of wholesale removal)
  • libyubihsm’s cmake files don’t follow what I’d consider best practices; and if anything they aren’t consistent with the rest of EOSIO’s cmake environment. For example, it uses pkg-config to find OpenSSL instead of cmake’s find_package() as other components in EOSIO do. This can lead to some inconsistencies and makes it impossible to static link OpenSSL, for example. It also is the sole blocker for natively building EOSIO for ARM on macOS.
  • There are no unit tests for YubiHSM support. I haven’t personally tested it in over a year; maybe two.

I propose removing YubiHSM support and replacing it with PKCS#11 support. PKCS#11 support will allow using a wide range of HSMs with keosd. YubiHSMs can continue to work via this interface along with other HSMs like Yubikey 5, TPM, Amazon CloudHSM, Nitro Key, ultra low cost generic Javacards and many more (it’s a wide industry standard).

The one downside is that it will no longer be possible to create keys on the HSM via keosd. (PKCS#11 defines two users each with their own password: one to create keys, one to then use the keys; it’s not clear how to map this pattern to keosd) Most likely how this will end up working is that keosd will always log in as the user which can use keys, and a separate tool will ship with EOSIO, let’s call it eosio-p11tool, that can be used to create keys if seeing the PUB_R1_ format is important at creation time. (there would be no requirement to use eosio-p11tool to create keys, it’s just if creating keys with a generic PKCS#11 tool such as pkcs11-tool it wouldn’t be possible to see the PUB_R1_ format of the created key unless running something like eosio-p11tool --list later)

@spoonincode spoonincode added the seeking feedback Looking for community feedback on this issue label May 4, 2022
@spoonincode spoonincode changed the title RFC: remove direct YubiHSM support; replace with generic HSM support remove direct YubiHSM support; replace with generic HSM support May 6, 2022
@spoonincode spoonincode added 3.2 Candidate and removed seeking feedback Looking for community feedback on this issue labels May 27, 2022
@spoonincode spoonincode self-assigned this Jun 7, 2022
@spoonincode spoonincode removed their assignment Jul 8, 2022
@stephenpdeos stephenpdeos moved this to Todo in ENF Engineering Jul 21, 2022
@stephenpdeos
Copy link
Member

The team has agreed it is okay not to have a 1-to-1 replace at time of removal targeted for 4.0 release. We'll also get a headstart on comms signifying this deprecation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

No branches or pull requests

2 participants