Recent

Author Topic: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC  (Read 1596 times)

abouchez

  • Full Member
  • ***
  • Posts: 110
    • Synopse
ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« on: December 09, 2023, 07:30:17 pm »
Today, almost all computer security relies on asymmetric cryptography and X.509 certificates as file or hardware modules.
And the RSA algorithm is still used to sign the vast majority of those certificates. Even if there are better options (like ECC-256), RSA-2048 seems the actual standard, at least still allowed for a few years.

We just added pure pascal RSA cryptography and X.509 certificates support in mORMot 2.
Last but not least, we also added Hardware Security Modules support via the PKCS#11 standard.
Until now, we were mostly relying on OpenSSL, but a native embedded solution would be smaller in code size, better for reducing dependencies, and easier to work with (especially for HSM). The main idea is to offer only safe algorithms and methods, so that you can write reliable software, even if you are no cryptographic expert. 8-)

I have seen an attempt to RSA cryptography in FPC FCL trunk (I started from it), but it was far from finished, not OOP oriented, slow, and not following coding best practice required for modern cryptography.
So I rewrote everything from scratch, and added some i386/x86_64 asm for good performance.
Everything has low-level set of classes, but also high-level interfaces with an unique cryptography catalog, so that you can e.g. switch from OpenSSL to mORMot engines just by using the right factory.
AFAIK there was no complete and up-to-date OpenSource X.509 cross-platform support for FPC, including a full PKI with CSR, CRL and PKCS#11 support, including RSA and ECC-256 efficient pure pascal code.

More information in our blog article about this almost unique features set in FPC (and Delphi):
https://blog.synopse.info/?post/2023/12/09/Native-X.509-and-RSA-Support
 ;D
« Last Edit: December 11, 2023, 11:13:21 am by abouchez »

AlexTP

  • Hero Member
  • *****
  • Posts: 2386
    • UVviewsoft
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #1 on: December 09, 2023, 07:39:47 pm »
Great work. I hope someday FPC authors will grab your code.

WayneSherman

  • Full Member
  • ***
  • Posts: 243
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #2 on: December 09, 2023, 09:02:04 pm »
We just added pure pascal RSA cryptography and X.509 certificates support in mORMot 2.
Last but not least, we also added Hardware Security Modules support via the PKCS#11 standard.
Until now, we were mostly relying on OpenSSL, but a native embedded solution would be smaller in code size, better for reducing dependencies, and easier to work with (especially for HSM).

Congratulations on this accomplishment and thank you.

avra

  • Hero Member
  • *****
  • Posts: 2514
    • Additional info
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #3 on: December 10, 2023, 05:58:44 am »
Amazing news. Thank you!  :)
ct2laz - Conversion between Lazarus and CodeTyphon
bithelpers - Bit manipulation for standard types
pasettimino - Siemens S7 PLC lib

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #4 on: December 10, 2023, 11:34:34 am »
Our member Xor-el also did a ative FreePascal software version a couple of years ago. No HSM support, though.
But I will check out the new version of mORMot and test it a couple of times.

Unfortunately our Nigerian friend with the unpronouncable name Ugochukwu Mmaduekwe shows little activity for some time. Code is good, though.
« Last Edit: December 10, 2023, 11:48:26 am by Thaddy »
Specialize a type, not a var.

Zoran

  • Hero Member
  • *****
  • Posts: 1829
    • http://wiki.lazarus.freepascal.org/User:Zoran
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #5 on: December 10, 2023, 01:08:09 pm »
Unfortunately our Nigerian friend with the unpronouncable name Ugochukwu Mmaduekwe shows little activity for some time. Code is good, though.

The well written code does not need any interventions. :)
« Last Edit: December 10, 2023, 01:10:42 pm by Zoran »

abouchez

  • Full Member
  • ***
  • Posts: 110
    • Synopse
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #6 on: December 10, 2023, 02:44:41 pm »
Our member Xor-el also did a ative FreePascal software version a couple of years ago. No HSM support, though.
AFAICT in this library: no RSA support, no X.509 certificate support, no X.509 CSR support, no X.509 CRL support, no PKI support, no HSM support..
So nothing in common with what we just published.  ;)
« Last Edit: December 10, 2023, 07:12:35 pm by abouchez »

abouchez

  • Full Member
  • ***
  • Posts: 110
    • Synopse
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #7 on: December 10, 2023, 02:45:57 pm »
The well written code does not need any interventions. :)
I do not know in which world you are living? O:-)

Zoran

  • Hero Member
  • *****
  • Posts: 1829
    • http://wiki.lazarus.freepascal.org/User:Zoran
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #8 on: December 11, 2023, 07:16:52 pm »
The well written code does not need any interventions. :)
I do not know in which world you are living? O:-)

Isn't it an obvious fact? If the code is written perfectly... ;)

abouchez

  • Full Member
  • ***
  • Posts: 110
    • Synopse
Re: ANN: Native X.509, RSA and HSM Support for mORMot 2 on FPC
« Reply #9 on: December 11, 2023, 08:04:02 pm »
Isn't it an obvious fact? If the code is written perfectly... ;)
This should be a smart phone or an artificial intelligence, then....

 

TinyPortal © 2005-2018