X25519 improvements 2 in PKCS11-tool, PKCS15 routines and tools and openpgp

doc/tools/pkcs15-init.1.xml

@@ -139,7 +139,13 @@
 				where <replaceable>keyspec</replaceable> describes the algorithm and the parameters
 				of the key to be created. For example, <literal>rsa:2048</literal> generates a RSA key
 				with 2048-bit modulus. If you are generating an EC key, the curve designation must
-				be specified, for example <literal>ec:prime256v1</literal>. For symmetric key,
+				be specified, for example <literal>ec:prime256v1</literal>.
+				The following curves do not need parameters:
+				Edwards 25519 curves use one of these equivalent names: Ed25519(preferred), ed25519 or edwards25519
+				and for the 448 curve use: Ed448.
+				For Montgomery 25519 curves use one of these equivalent names: X25519(preferred), cv25519 or curve25519
+				and for the 448 curve use: X448.
+				For symmetric key,
 				the length of key is specified in bytes, for example  <literal>AES:32</literal>
 				or <literal>DES3:24</literal>.
 			</para>

doc/tools/tools.html

@@ -1989,7 +1989,13 @@
 				where <em class="replaceable"><code>keyspec</code></em> describes the algorithm and the parameters
 				of the key to be created. For example, <code class="literal">rsa:2048</code> generates a RSA key
 				with 2048-bit modulus. If you are generating an EC key, the curve designation must
-				be specified, for example <code class="literal">ec:prime256v1</code>. For symmetric key,
+				be specified, for example <code class="literal">ec:prime256v1</code>.
+				The following curves do not need parameters:
+				Edwards 25519 curves use one of these equivalent names: Ed25519(preferred), ed25519 or edwards25519
+				and for the 448 curve use: Ed448.
+				For Montgomery 25519 curves use one of these equivalent names: X25519(preferred), cv25519 or curve25519
+				and for the 448 curve use: X448.
+				For symmetric key,
 				the length of key is specified in bytes, for example  <code class="literal">AES:32</code>
 				or <code class="literal">DES3:24</code>.
 			</p><p>

src/libopensc/card-openpgp.h

@@ -163,8 +163,16 @@ typedef struct pgp_blob {
 typedef struct _pgp_ec_curves {
 	struct sc_object_id oid;
 	size_t size;
+	unsigned int key_type;
 } pgp_ec_curves_t;
 
+#ifdef ENABLE_OPENSSL
+typedef struct _pgp_ec_curves_alt {
+	struct sc_object_id oid;
+	struct sc_object_id oid_alt; /* RFC8410 OIDs to be mapped to oid */
+	size_t size;
+} pgp_ec_curves_alt_t;
+#endif /* ENABLE_OPENSSL */
 
 #define DRVDATA(card)        ((struct pgp_priv_data *) ((card)->drv_data))
 

src/libopensc/card.c

@@ -163,11 +163,10 @@ static void sc_card_free(sc_card_t *card)
 		int i;
 		for (i=0; i<card->algorithm_count; i++)   {
 			struct sc_algorithm_info *info = (card->algorithms + i);
-			if (info->algorithm == SC_ALGORITHM_EC) {
-				struct sc_ec_parameters ep = info->u._ec.params;
-
-				free(ep.named_curve);
-				free(ep.der.value);
+			if (info->algorithm == SC_ALGORITHM_EC ||
+					info->algorithm == SC_ALGORITHM_EDDSA ||
+					info->algorithm == SC_ALGORITHM_XEDDSA) {
+				sc_clear_ec_params(&info->u._ec.params);
 			}
 		}
 		free(card->algorithms);
@@ -1167,6 +1166,7 @@ _sc_card_add_ec_alg_int(sc_card_t *card, size_t key_length,
 			int algorithm)
 {
 	sc_algorithm_info_t info;
+	int r;
 
 	memset(&info, 0, sizeof(info));
 	sc_init_oid(&info.u._ec.params.id);
@@ -1176,10 +1176,19 @@ _sc_card_add_ec_alg_int(sc_card_t *card, size_t key_length,
 	info.flags = flags;
 
 	info.u._ec.ext_flags = ext_flags;
-	if (curve_oid)
+	if (curve_oid) {
 		info.u._ec.params.id = *curve_oid;
+		r = sc_encode_oid(card->ctx, &info.u._ec.params.id, &info.u._ec.params.der.value, &info.u._ec.params.der.len);
+		LOG_TEST_GOTO_ERR(card->ctx, r, "sc_encode_oid failed");
+		r = sc_pkcs15_fix_ec_parameters(card->ctx, &info.u._ec.params);
+		LOG_TEST_GOTO_ERR(card->ctx, r, "sc_pkcs15_fix_ec_parameters failed");
+	}
 
-	return _sc_card_add_algorithm(card, &info);
+	r = _sc_card_add_algorithm(card, &info);
+	return r;
+err:
+	sc_clear_ec_params(&info.u._ec.params);
+	return r;
 }
 
 int  _sc_card_add_ec_alg(sc_card_t *card, size_t key_length,
@@ -1216,13 +1225,13 @@ sc_algorithm_info_t *sc_card_find_alg(sc_card_t *card,
 	for (i = 0; i < card->algorithm_count; i++) {
 		sc_algorithm_info_t *info = &card->algorithms[i];
 
-		if (info->algorithm != algorithm)
-			continue;
 		if (param && (info->algorithm == SC_ALGORITHM_EC ||
 			info->algorithm == SC_ALGORITHM_EDDSA ||
 			info->algorithm == SC_ALGORITHM_XEDDSA)) {
 			if (sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id))
 				return info;
+		} else if (info->algorithm != algorithm) {
+			continue;
 		} else if (info->key_length == key_length)
 			return info;
 	}
@@ -1507,6 +1516,17 @@ void sc_print_cache(struct sc_card *card)
 		       sc_print_path(&card->cache.current_df->path));
 }
 
+void
+sc_clear_ec_params(struct sc_ec_parameters *ecp)
+{
+	if (ecp) {
+		free(ecp->named_curve);
+		free(ecp->der.value);
+		memset(ecp, 0, sizeof(struct sc_ec_parameters));
+	}
+	return;
+}
+
 int sc_copy_ec_params(struct sc_ec_parameters *dst, struct sc_ec_parameters *src)
 {
 	if (!dst || !src)
@@ -1528,8 +1548,9 @@ int sc_copy_ec_params(struct sc_ec_parameters *dst, struct sc_ec_parameters *src
 		memcpy(dst->der.value, src->der.value, src->der.len);
 		dst->der.len = src->der.len;
 	}
-	src->type = dst->type;
-	src->field_length = dst->field_length;
+	dst->type = src->type;
+	dst->field_length = src->field_length;
+	dst->key_type = src->key_type;
 
 	return SC_SUCCESS;
 }

src/libopensc/cardctl.h

@@ -882,6 +882,7 @@ typedef struct sc_cardctl_piv_genkey_info_st {
 typedef struct sc_cardctl_openpgp_keygen_info {
 	u8 key_id;		/* SC_OPENPGP_KEY_... */
 	u8 algorithm;		/* SC_OPENPGP_KEYALGO_... */
+	unsigned long key_type;	/* SC_ALGORITHM_... */
 	union {
 		struct {
 			u8 keyformat;		/* SC_OPENPGP_KEYFORMAT_RSA_... */

src/libopensc/libopensc.exports

@@ -64,6 +64,7 @@ sc_cancel
 sc_card_ctl
 sc_change_reference_data
 sc_check_sw
+sc_clear_ec_params
 sc_compare_oid
 sc_compare_path
 sc_compare_path_prefix

src/libopensc/opensc.h

@@ -280,14 +280,20 @@ struct sc_pbes2_params {
 };
 
 /*
+ * PKCS11 2.3 Elliptic Curve lists mechanisms that use CKA_ECPARMS
+ * which implies the type of key and size needed in the OID
  * The ecParameters can be presented as
  * - name of curve;
  * - OID of named curve;
  * - implicit parameters.
+ * - printable string for non standard OIDS - added in pkcs11 3.0
  *
  * type - type(choice) of 'EC domain parameters' as it present in CKA_EC_PARAMS (PKCS#11).
-          Recommended value '1' -- namedCurve.
+ *	Recommended value '1' -- namedCurve.
  * field_length - EC key size in bits.
+ * key_type - 0 implies SC_ALGORITHM_EC, SC_ALGORITHM_EDDSA or SC_ALGORITHM_XEDDSA
+ *	Not actually part of CKA_EC_PARAMS - used in OpenSC to differentiate key types that use ec_params
+ *	will be set by, sc_pkcs15_fix_ec_parameters
  */
 struct sc_ec_parameters {
 	char *named_curve;
@@ -296,6 +302,7 @@ struct sc_ec_parameters {
 
 	int type;
 	size_t field_length;
+	unsigned int key_type;
 };
 
 typedef struct sc_algorithm_info {
@@ -1646,6 +1653,11 @@ const u8 *sc_compacttlv_find_tag(const u8 *buf, size_t len, u8 tag, size_t *outl
  */
 void sc_remote_data_init(struct sc_remote_data *rdata);
 
+/**
+ * Clear ec_params
+ * @ecp
+ */
+void sc_clear_ec_params(struct sc_ec_parameters *);
 
 /**
  * Copy and allocate if needed EC parameters data

src/libopensc/pkcs15-algo.c

@@ -347,116 +347,136 @@ asn1_free_ec_params(void *params)
 	}
 }
 
-
 static struct sc_asn1_pkcs15_algorithm_info algorithm_table[] = {
 #ifdef SC_ALGORITHM_SHA1
 	/* hmacWithSHA1 */
-	{ SC_ALGORITHM_SHA1, {{ 1, 2, 840, 113549, 2, 7, -1}}, NULL, NULL, NULL },
-	{ SC_ALGORITHM_SHA1, {{ 1, 3, 6, 1, 5, 5, 8, 1, 2, -1}}, NULL, NULL, NULL },
-	/* SHA1 */
-	{ SC_ALGORITHM_SHA1, {{ 1, 3, 14, 3, 2, 26, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_SHA1, {{1, 2, 840, 113549, 2, 7, -1}}, NULL, NULL, NULL},
+		{SC_ALGORITHM_SHA1, {{1, 3, 6, 1, 5, 5, 8, 1, 2, -1}}, NULL, NULL, NULL},
+ /* SHA1 */
+		{SC_ALGORITHM_SHA1, {{1, 3, 14, 3, 2, 26, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_MD5
-	{ SC_ALGORITHM_MD5, {{ 1, 2, 840, 113549, 2, 5, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_MD5, {{1, 2, 840, 113549, 2, 5, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_RSA /* really rsaEncryption */
-	{ SC_ALGORITHM_RSA, {{ 1, 2, 840, 113549, 1, 1, 1, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_RSA, {{1, 2, 840, 113549, 1, 1, 1, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_DH
-	{ SC_ALGORITHM_DH, {{ 1, 2, 840, 10046, 2, 1, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_DH, {{1, 2, 840, 10046, 2, 1, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_RC2_WRAP /* from CMS */
-	{ SC_ALGORITHM_RC2_WRAP,  {{ 1, 2, 840, 113549, 1, 9, 16, 3, 7, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_RC2_WRAP, {{1, 2, 840, 113549, 1, 9, 16, 3, 7, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_RC2 /* CBC mode */
-	{ SC_ALGORITHM_RC2, {{ 1, 2, 840, 113549, 3, 2, -1}},
+		{SC_ALGORITHM_RC2, {{1, 2, 840, 113549, 3, 2, -1}},
 			asn1_decode_rc2_params,
-			asn1_encode_rc2_params },
+			asn1_encode_rc2_params},
 #endif
 #ifdef SC_ALGORITHM_DES /* CBC mode */
-	{ SC_ALGORITHM_DES, {{ 1, 3, 14, 3, 2, 7, -1}},
+		{SC_ALGORITHM_DES, {{1, 3, 14, 3, 2, 7, -1}},
 			asn1_decode_des_params,
 			asn1_encode_des_params,
-			free },
+			free},
 #endif
 #ifdef SC_ALGORITHM_3DES_WRAP /* from CMS */
-	{ SC_ALGORITHM_3DES_WRAP, {{ 1, 2, 840, 113549, 1, 9, 16, 3, 6, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_3DES_WRAP, {{1, 2, 840, 113549, 1, 9, 16, 3, 6, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_3DES /* EDE CBC mode */
-	{ SC_ALGORITHM_3DES, {{ 1, 2, 840, 113549, 3, 7, -1}},
+		{SC_ALGORITHM_3DES, {{1, 2, 840, 113549, 3, 7, -1}},
 			asn1_decode_des_params,
 			asn1_encode_des_params,
-			free },
+			free},
 #endif
 #ifdef SC_ALGORITHM_GOST /* EDE CBC mode */
-	{ SC_ALGORITHM_GOST, {{ 1, 2, 4434, 66565, 3, 7, -1}}, NULL, NULL, NULL },
+		{SC_ALGORITHM_GOST, {{1, 2, 4434, 66565, 3, 7, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_GOSTR3410
-	{ SC_ALGORITHM_GOSTR3410, {{ 1, 2, 643, 2, 2, 19, -1}},
+		{SC_ALGORITHM_GOSTR3410, {{1, 2, 643, 2, 2, 19, -1}},
 			asn1_decode_gostr3410_params,
 			asn1_encode_gostr3410_params,
-			NULL },
+			NULL},
 #endif
 /* We do not support PBES1 because the encryption is weak */
 #ifdef SC_ALGORITHM_PBKDF2
-	{ SC_ALGORITHM_PBKDF2, {{ 1, 2, 840, 113549, 1, 5, 12, -1}},
+		{SC_ALGORITHM_PBKDF2, {{1, 2, 840, 113549, 1, 5, 12, -1}},
 			asn1_decode_pbkdf2_params,
 			asn1_encode_pbkdf2_params,
-			free },
+			free},
 #endif
 #ifdef SC_ALGORITHM_PBES2
-	{ SC_ALGORITHM_PBES2, {{ 1, 2, 840, 113549, 1, 5, 13, -1}},
+		{SC_ALGORITHM_PBES2, {{1, 2, 840, 113549, 1, 5, 13, -1}},
 			asn1_decode_pbes2_params,
 			asn1_encode_pbes2_params,
-			asn1_free_pbes2_params },
+			asn1_free_pbes2_params},
 #endif
 #ifdef SC_ALGORITHM_EC
-	{ SC_ALGORITHM_EC, {{ 1, 2, 840, 10045, 2, 1, -1}},
+		{SC_ALGORITHM_EC, {{1, 2, 840, 10045, 2, 1, -1}},
 			asn1_decode_ec_params,
 			asn1_encode_ec_params,
-			asn1_free_ec_params },
+			asn1_free_ec_params},
 #endif
-/* TODO: -DEE Not clear if we need the next five or not */
 #ifdef SC_ALGORITHM_ECDSA_SHA1
 	/* Note RFC 3279 says no ecParameters */
-	{ SC_ALGORITHM_ECDSA_SHA1, {{ 1, 2, 840, 10045, 4, 1, -1}}, NULL, NULL, NULL},
+		{SC_ALGORITHM_ECDSA_SHA1, {{1, 2, 840, 10045, 4, 1, -1}}, NULL, NULL, NULL},
 #endif
 #ifdef SC_ALGORITHM_ECDSA_SHA224
-/* These next 4 are defined in RFC 5758 */
-	{ SC_ALGORITHM_ECDSA_SHA224, {{ 1, 2, 840, 10045, 4, 3, 1, -1}},
+	/* These next 4 are defined in RFC 5758 */
+		{SC_ALGORITHM_ECDSA_SHA224, {{1, 2, 840, 10045, 4, 3, 1, -1}},
 			asn1_decode_ec_params,
 			asn1_encode_ec_params,
-			asn1_free_ec_params },
+			asn1_free_ec_params},
 #endif
 #ifdef SC_ALGORITHM_ECDSA_SHA256
-	{ SC_ALGORITHM_ECDSA_SHA256, {{ 1, 2, 840, 10045, 4, 3, 2, -1}},
+		{SC_ALGORITHM_ECDSA_SHA256, {{1, 2, 840, 10045, 4, 3, 2, -1}},
 			asn1_decode_ec_params,
 			asn1_encode_ec_params,
-			asn1_free_ec_params },
+			asn1_free_ec_params},
 #endif
 #ifdef SC_ALGORITHM_ECDSA_SHA384
-	{ SC_ALGORITHM_ECDSA_SHA384, {{ 1, 2, 840, 10045, 4, 3, 3, -1}},
+		{SC_ALGORITHM_ECDSA_SHA384, {{1, 2, 840, 10045, 4, 3, 3, -1}},
 			asn1_decode_ec_params,
 			asn1_encode_ec_params,
-			asn1_free_ec_params },
+			asn1_free_ec_params},
 #endif
 #ifdef SC_ALGORITHM_ECDSA_SHA512
-	{ SC_ALGORITHM_ECDSA_SHA512, {{ 1, 2, 840, 10045, 4, 3, 4, -1}},
+		{SC_ALGORITHM_ECDSA_SHA512, {{1, 2, 840, 10045, 4, 3, 4, -1}},
 			asn1_decode_ec_params,
 			asn1_encode_ec_params,
-			asn1_free_ec_params },
+			asn1_free_ec_params},
 #endif
 #ifdef SC_ALGORITHM_EDDSA
 	/* aka Ed25519 */
-	/* RFC 8410, needed to parse/create X509 certs/pubkeys */
-	{ SC_ALGORITHM_EDDSA, {{1, 3, 101, 112, -1}}, NULL, NULL, NULL },
+	/* RFC 8410, needed to parse/create X509 certs/pubkeys  */
+		{SC_ALGORITHM_EDDSA, {{1, 3, 101, 112, -1}},
+			asn1_decode_ec_params,
+			asn1_encode_ec_params,
+			asn1_free_ec_params}, /* Ed25119 */
+		{SC_ALGORITHM_EDDSA, {{1, 3, 6, 1, 4, 1, 11591, 15, 1, -1}},
+			asn1_decode_ec_params,
+			asn1_encode_ec_params,
+			asn1_free_ec_params}, /* Ed25519 OID used by OpenPGP */
+		{SC_ALGORITHM_EDDSA, {{1, 3, 101, 113, -1}},
+			asn1_decode_ec_params,
+			asn1_encode_ec_params,
+			asn1_free_ec_params}, /* Ed448 */
 #endif
 #ifdef SC_ALGORITHM_XEDDSA
 	/* aka curve25519 */
-	/* RFC 8410, needed to parse/create X509 certs/pubkeys */
-	{ SC_ALGORITHM_XEDDSA, {{1, 3, 101, 110, -1}}, NULL, NULL, NULL },
+	/* RFC 8410, needed to parse/create X509 certs/pubkeys  ec_parms*/
+		{SC_ALGORITHM_XEDDSA, {{1, 3, 101, 110, -1}},
+			asn1_decode_ec_params,
+			asn1_encode_ec_params,
+			asn1_free_ec_params}, /* X25519 */
+		{SC_ALGORITHM_XEDDSA, {{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1 - 1}},
+			asn1_decode_ec_params,
+			asn1_encode_ec_params,
+			asn1_free_ec_params}, /* X25519 OID used by OpenPGP */
+		{SC_ALGORITHM_XEDDSA, {{1, 3, 101, 111, -1}},
+			asn1_decode_ec_params,
+			asn1_encode_ec_params,
+			asn1_free_ec_params}, /* X448 */
 #endif
-	{ -1, {{ -1 }}, NULL, NULL, NULL }
+		{-1, {{-1}}, NULL, NULL, NULL}
 };
 
 
@@ -554,6 +574,7 @@ sc_asn1_encode_algorithm_id(struct sc_context *ctx, u8 **buf, size_t *len,
 	/* no parameters, write NULL tag */
 	/* If it's EDDSA/XEDDSA, according to RFC8410, params
 	 * MUST be absent */
+	/* PKCS11 3.0 list them under ec_params */
 	if (id->algorithm != SC_ALGORITHM_EDDSA &&
 	    id->algorithm != SC_ALGORITHM_XEDDSA &&
 	    (!id->params || !alg_info->encode))