Implement C_CreateObject for EC keys #2420
Conversation
|
What card did you use to test the functionality? |
|
A somewhat modified version of IsoApplet, but I think it should work with the stock one too... |
|
We have already couple of tests with isoapplet in https://github.com/OpenSC/OpenSC/blob/master/.github/test-isoapplet.sh#L59 using pkcs15-tool. Can you extend it with the test for ec key generation through pkcs11 tool if it will work? |
|
Sure, will do, both for key generation via the C_GenerateKeyPair() and key "import" via the C_CreateObject() (altough I think the key import in IsoApplet is disabled by default)? |
|
I've tried to prepare some tests with the IsoApplet. There are several issues:
|
|
Do you have a debug log for point 1 "recognized as one of the SC-HSM cards"? 3B80800101 is the simplest contactless card, i.e. ISO 14443 Type B and card-sc-hsm.c tries to select the SC-SC_HSM AID to verify it is a SC-HSM card. https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-sc-hsm.c#L250-L258 test for https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-sc-hsm.c#L70 Other drivers may also look at this. So it is not clear without a debug log where a read only bit might have been set. |
|
With regard to point 4 "Stock IsoApplet does not support raw CKM_ECDSA signing, only CKM_ECDSA_SHA256" https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-isoApplet.c#L237-L238 You may want to try replacing these 2 lines with If isoApplet is modified to support ECDSA with hash done in software, then add |
Well, It almost certainly is set in the function I can certainly attach a debug log, but it will show nothing. Both of the logs are identical apart from the line We are getting slightly off-topic here, as this PR is about the |
Sorry, my mistake. Yes, it only supports ECDSA_SHA1, not ECDSA_SHA256 (and also not plain ECDSA). IsoApplet was written for Javacard 2.2.2 which supports ALG_ECDSA_SHA only. So hashing has to be done on-card, which severly limits the size of the data that can be signed. Furthermore I belive there is a bug in card-isoApplet.c, which currently breaks isoApplet ECDSA signing: I will make a separate PR for this... |
|
You said: "but I couldn't find a simple way to verify the raw signature that is produced with the pkcs11-tool --sign." Have you looked at option: "--signature-format Format for ECDSA signature : 'rs' (default), 'sequence', 'openssl' One of my tests uses: |
I think this change was not rejected but implemented by Frankn in a more systematic way. Would using the
Yeah, we compile the isoapplet as part of the ci so modification of this is fine for testing.
Hmm ... this is stupid. I thought we had this workaround only for reading of the ec keys, but apparently also for writing. it would be great if this could be handled somehow without recompiling. Either with some command-line switch or better with some compat flags. I can think of CKF_VENDOR_DEFINED flag in the
I think this is certainly better than nothing. I think the So if this would work, it would be great. If some non-trivial amount of work would be needed to get through some hops, I am happy to accept the change as it is now. |
I am actually not sure what is the specification for this in the PKCS#15 layer. The PKCS#11 says:
so if isoapplet applet requires stripped value, it can actually be handled inside of the isoapplet driver, keeping the PKCS#11 specification intact, isn't it? |
|
An example of converting from EC signature read from card in a driver: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-piv.c#L2411-L2461 |
Thanks for the tip. |
Hmm, |
I'll have to check how the card-piv code does it (from dengert's comment above), as at first sight I don't see any public key handling code in IsoApplet driver. |
|
I've added 3 more commits to this PR, so the ECDSA key import, signing and verification could be added to PKCS#11 IsoApplet test suite. |
|
It looks like d46a539 is trying to replace a compile option with a command line option. Do you have a specific card that has a problem with EC keys? It looks like the `#ifndef EC_POINT_NO_ASN1_OCTET_STRING // workaround for non-compliant cards not expecting DER encoding" was added when parse_ec_pkey was added by copying parts of parse_gost_key by 4441efa then ea4baf5 changed "#ifndef" to "#ifdef" it does not look like it should ever been added at all. PKCS11 3.0 says for GOST pubkeys: PKCS11 3.0 says for EC pubkeys: I am questioning if "EC_POINT_NO_ASN1_OCTET_STRING" was really ever needed, as only GOST keys do not use the ANS1 encoding. In any case, pkcs11-tool is not the place to fix this, it should be fixed in card driver or pkcs11 module. |
|
In addition, PKCS11 3.0 says "Edwards Elliptic curve public key objects": So the format of EC keys depends on the type of key, and parse_ec_pkey should be expanded to handle this. or each type of key should have its own parse routine. |
You are right, I was misled by the mere existance of |
Most of the code was already there, only a little glue code was needed...
Cards that support CKM_ECDSA_SHAx only don't do the hashing in C_VerifyUpdate(). All the processing is done in the final C_VerifyFinal() call instead.
and include some more ECDSA tests in IsoApplet test suite
frankmorgner
left a comment
frankmorgner
left a comment
There was a problem hiding this comment.
I think it looks good now
@philipWendland, do you want to have a look?
| || mech->mechanism == CKM_ECDSA_SHA224 | ||
| || mech->mechanism == CKM_ECDSA_SHA256 | ||
| || mech->mechanism == CKM_ECDSA_SHA384 | ||
| || mech->mechanism == CKM_ECDSA_SHA512)) { |
There was a problem hiding this comment.
I stumbled across this, because the indenting looks bad. I think the conditions need to be moved one block to the right. Also, else if (...) { looks coherent, but since you've added a longer comment this now looks broken. I suggest you add additional {} paranthesis around the else block even though it is not strictly needed.
There was a problem hiding this comment.
We still do not have finalized the coding style in #2017 so I still consider this a minor issue. Currently, I think we are aiming for tab alignment to the start of the block and space alignment to the opening brace, keeping the || on the end of the last line so I think it should look like the following, if I am right (if it would be simple if condition):
if (md == NULL && (mech->mechanism == CKM_ECDSA ||
mech->mechanism == CKM_ECDSA_SHA1 ||
mech->mechanism == CKM_ECDSA_SHA224 ||
mech->mechanism == CKM_ECDSA_SHA256 ||
mech->mechanism == CKM_ECDSA_SHA384 ||
mech->mechanism == CKM_ECDSA_SHA512)) {
Given that this is else/if condition, I would keep the comment on separate line before the } else .. line and drop one of the tabs in the indentation of the condition lines.
There was a problem hiding this comment.
So, do I change formatting or not, and how? Altough it would look odd to change just the formatting of the new code and leave the existing code (even in the same function) the same...
There was a problem hiding this comment.
I am fine with it as it is. We are still counting with some mass change of formatting in case we will settle down on one format ;)
4 participants
Most of the code was already there, only a little glue code was needed...
Checklist