Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkcs11-tool: Edwards curve show_key OID issue #2973

Closed
dlegaultbbry opened this issue Jan 5, 2024 · 5 comments
Closed

pkcs11-tool: Edwards curve show_key OID issue #2973

dlegaultbbry opened this issue Jan 5, 2024 · 5 comments

Comments

@dlegaultbbry
Copy link
Contributor

Problem Description

The show_key assumes the EC PARAMS are in OID form but pkcs11-tool uses the named curve EC params.

Proposed Resolution

Code should check whether EC_PARAMS matches the named curve and skip the OID decode part (or show the curve name instead).

Steps to reproduce

See logs below.

Logs

# pkcs11-tool --module=<module> --keypairgen --key-type EC:edwards25519 --usage-sign --label ed25519 --id 2
Using slot 0 with a present token (0x0)
Key pair generated:
Private Key Object; EC_EDWARDS
  label:      ed25519
  ID:         02
  Usage:      sign
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC_EDWARDS  EC_POINT 255 bits
  EC_POINT:   24b4904c2c3e55597143ee61f9e541e9b5e0aea23f22be20e956b1a6d91c4dc2
  EC_PARAMS:  130c656477617264733235353139 (OID 2.21.100.119.97.114.100.115.50.53.53.49.57)
  label:      ed25519
  ID:         02
  Usage:      verify
  Access:     local

Extra

I can provide a patch once I figure out a proper resolution as I'd like to add support for 448 in there too (#2952)

I'd also like to be able to import Ed/X keys which is currently unsupported. I can log some of that work/fixes under 2952 if desired.

Maybe we should also be able to simply skip the "EC:" part when generating keys and be able to specify --key-type (can leave it as backwards compat)

  • ed25519
  • ed448
  • x25519
  • x448

I also noticed that the OID used are not the RFC defined ones, but the openpgp ones created before official OIDs existed. So perhaps we should also amend the table to add both rows for ed25519/448. There's also a typo in the ed25519 OID value there 1159 -> 11591
@dengert
Copy link
Member

dengert commented Jan 5, 2024

Also see #2952

and additional changes to simplify the code at.
and https://github.com/dengert/OpenSC/tree/X25519-improvements

@dengert
Copy link
Member

dengert commented Jan 7, 2024

Disregard the https://github.com/dengert/OpenSC/tree/X25519-improvements branch
I should have said https://github.com/dengert/OpenSC/tree/X25519-improvements-2
It is reorganized, but not complete. It needs to write the old OIDs to the cards rather then the new OIDs.

@Jakuje
Copy link
Member

Jakuje commented Jan 8, 2024

I think the printing was fixed with #2960 couple of weeks back.

@dlegaultbbry
Copy link
Contributor Author

Yes you are right, I missed it. I'll close this and either log improvements in other tickets or re-use @dengert #2952 if he doesn't mind.

@dengert
Copy link
Member

dengert commented Jan 8, 2024

@dlegaultbbry I don't mind. Please add comments to #2952

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dengert @Jakuje @dlegaultbbry