Add support for (X)EdDSA keys in OpenPGP driver #1960
Conversation
|
I am working on interoperability tests with SoftHSM, but for now it looks like they announce wrong limits to mechanism key sizes: softhsm/SoftHSMv2#522 |
|
This pull request introduces 1 alert when merging 0067663 into 8f4a6c7 - view on LGTM.com new alerts:
|
ueno
left a comment
ueno
left a comment
There was a problem hiding this comment.
At first glance, it generally looks good to me. I've added comments but they are mostly cosmetic or questions.
ueno
left a comment
ueno
left a comment
There was a problem hiding this comment.
Looks good to me now (though my review is superficial)
|
I tested this PR with naive key generation attempt but I did not had any luck: Of course, I can provide logs but at first I wanted to know if I am just doing it wrong? |
|
The current version implements only reading and using of existing keys (I used keys generated through gpg tools). The key deletion and generation is not implemented in current code. I will check the rest of comments ruing next days/weeks. |
|
I see, makes sense. Do you need any help in implementing this or do you plan to do so yourself? |
|
I would like to continue working on that, but just now, I have few other things to catch up (and test and review @dengert changes -- I left the token in work so I need to stop there to pick it up in coming days). If you or somebody else would like to follow up on the keygen and missing functions feel free to do the work :) I hope we will be able to move on with review, testing and merging during this week. |
A little heads up: as far as I can see only the slot 1 key is recognized so far. At least this is all I got for a key that got all three slots equipped with keys by GnuPG beforehand. |
|
What do these report: You might need to add |
|
Using `gpg4win (3.1.1) on Windows 10, (command line following the Nitro instructions)to populate the Nitro Pro with 3 keys. |
But this PR is about adding curve25519 which is only support by NK Start/Gnuk devices, isn't it? |
All these only show the PIN slots and the one signature slot I was mentioning before. |
|
@alex-nitrokey Nitro sent me a Nitrokey Pro. The comment was a hint that if I they send me a card, which supports curve25519 I could help debug it too. |
|
I see, did not understand the hint :) |
Jakuje
force-pushed
the
eddsa
branch
2 times, most recently
from
ccefc05 to
eb723f3
Compare
|
I rebased this patch set on top of master. We will probably not get everything in before 0.21.0, but I would like to get in at least the first bunch of fixup commits not directly related to the eddsa support (if preferred, I can submit them in separate PR). |
|
lgtm brought up a simple issue: |
|
This pull request introduces 1 alert when merging 964caae into 0a17188 - view on LGTM.com new alerts:
|
|
Fixed previous comments. Last failing test is now the osx build because missing build signing keys. |
Since 09a594d bringing ECC support to openPGP card, it did not count with GNUK. This adds exception for GNUK to unbreak ECC signatures as GNUK presents BCD version < 3.
…9 keys (with few tweaks) The Ed25519 implementation in SoftHSM is now broken /non-interoperable. After fixing that, the interoperability tests should work with this script: * SoftHSMv2#528: Avoid creating duplicate mechanisms * SoftHSMv2#522: Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification * SoftHSMv2#526: Adjust EDDSA code to return valid EC_PARAMS according to the final PKCS OpenSC#11 3.0 specification
card-opennpgp.c and pkcs15-openpgp.c have a strang way of using sc_object_id_t to store what they call a binary_oid or oid_binary. It is used to convert the EC curve asn1 returned in the cxdata. This code uses asn1_decode_object_id to use sc_object_id_t as used in the rest of the code. The code and ec_curve tabes in card-openpgp.c where not changed. pkcs15-openpgp.c was channge si to can use: algorithm_info = sc_card_find_ec_alg(card, 0, &oid); to retried the key_length to add to the pubkey and prkey entries. The EC and EDDSA needs (i.e. field_length) to run. On branch eddsa Your branch is up to date with 'Jakuje/eddsa'. Changes to be committed: modified: card.c modified: pkcs15-openpgp.c
This is the current interpretation of the specs after talking with several members of PKCS OpenSC#11 TC.
This reverts commit 98beb86.
|
Rebased and tested with Nitrokey Start. There were some conflicts around the things modified recently by @popovec around support for additional EC mechanisms so I would like you to have a look if it makes sense. Here, we have a new keys |
|
The resolved conflicts are looking good from my perspective, but let's wait a bit to see if @popovec has some comments. |
|
I have checked b8266a4, I did not find any problem that would interfere with the functionality of already mentioned modifications for EC mechanisms (ECDSA verify, ECDSA Signatures with hashes). I propose to accept this PR. |
7 participants
Fixes #1854
This patch set implements first batch of PKCS#11 3.0 features, mostly Ed25519 and curve25519 keys and related algorithms in the OpenSC itself and in the OpenPGP driver (as @jans23 provided me with NitroKey Start, which is equipped with GNUK). The card was initialized using
gpgso the card initialization is not in place (yet).There are many changes across the board including the
p11testtestsuite, which worked for me fine, but more testing would be appreciated. This is a transcript ofp11testwith current branch testing sign and derive mechanisms using these new keys:I tested only PKCS#11 module so for future, there will be certainly needed some work for minidriver (if it can use these keys?), maybe for macOS?
Comments welcomed
Checklist