-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOFT: Import (C_CreateObject) ECC public key failed. #634
Comments
I gave it a quick try on my test system (fedora 37). I had to use the --token-label parm to identify the softtoken:
So this worked ok. Same for private key. Can you retry with --token-label too? If it doesn't work, please turn on the opencryptoki trace: |
Hello @jschmidb, There is an ERROR: Not a valid EC Point: data too large in the below tracing.
btw, I have tried the same commands with SoftHSMv2. I am able to insert the public key to SoftHSMv2 successfully. |
Interesting ... first I retried on a Ubuntu 18.04.6 LTS (which in fact has an OpenSSL 1.1.1 11 Sep 2018) with opencryptoki from the Ubuntu package:
So this again worked ok. Then I installed opencryptoki from upstream and can now reproduce your error:
We will get back to you when we know more ... |
Hello @jschmidb, I tried the Ubuntu package, and it works. I think the package is supporting OpenCryptoki 3.9.0. However, I need the some mechanism listed in 3.19.0. I will wait for your response. Really appreciate your help. |
It seems that the EC Point that is passed in via CKA_EC_POINT attribute in the public key template is not DER encoded. Joergs tracing shows that it is instead a a 'raw' EC-Point that is passed in. Please note that the only place where an EC public key is accepted as raw EC-point is via pPublicData within the CK_ECDH1_DERIVE_PARAMS structure of a ECDH mechanism parameter. There, the PKCS#11 standard states: pPublicData - pointer to other party’s EC public key value. A token MUST be able to accept this value encoded as a raw octet string (as per section A.5.2 of [ANSI X9.62]). A token MAY, in addition, support accepting this value as a DER-encoded ECPoint (as per section E.6 of [ANSI X9.62]) i.e. the same as a CKA_EC_POINT encoding. The calling application is responsible for converting the offered public key to the compressed or uncompressed forms of these encodings if the token does not support the offered form. Please note that this note does NOT apply for importing EC public keys! CKA_EC_POINT attributes must always contain the DER encoded EC-point. So I guess that the bug is in the pkcs11-tool not supplying a DER-encoded EC-point in CKA_EC_POINT. Note that the |
Given that Joerg tried it on Fedora 37 and it worked, I assume that the pkcs11-tool fixed this problem aready some time ago. Fedora 37 probably has a newer opensc package (that includes the fix) than Ubuntu 18.04 (which does not include the fix)..... |
@ifranzki @jschmidb // Given a EVP_PKEY, ecpubkey
EC_KEY* ecc_key = EVP_PKEY_get1_EC_KEY(ecpubkey);
// Read the EC params.
int num_bytes = i2d_ECParameters(ecc_key, nullptr);
std::vector<uint8_t> ec_params(num_bytes);
unsigned char* ec_params_bytes = ec_params.data();
i2d_ECParameters(ecc_key, &ec_params_bytes);
// Read the EC Point.
num_bytes = i2o_ECPublicKey(ecc_key, nullptr);
std::vector<uint8_t> ec_Qvalue(num_bytes);
unsigned char* ec_Qvalue_bytes = ec_Qvalue.data();
i2o_ECPublicKey(ecc_key, &ec_Qvalue_bytes);
CK_RV rv;
CK_OBJECT_CLASS ecc_key_class = CKO_PUBLIC_KEY;
CK_KEY_TYPE key_type = CKK_EC;
CK_ATTRIBUTE ecc_tmpl[] = {
{CKA_KEY_TYPE, &key_type, sizeof(key_type)},
{CKA_CLASS, &ecc_key_class, sizeof(ecc_key_class)},
{CKA_TOKEN, &true_val, sizeof(CK_BBOOL)},
{CKA_PRIVATE, &false_val, sizeof(CK_BBOOL)},
{CKA_VERIFY, &true_val, sizeof(CK_BBOOL)},
{CKA_EC_PARAMS, ec_params.data(), ec_params.size()},
{CKA_EC_POINT, ec_Qvalue.data(), ec_Qvalue.size()}
};
rv = funcs->C_CreateObject(session, ecc_tmpl, sizeof(ecc_tmpl) / sizeof(CK_ATTRIBUTE), &key_handle); I have also double checked the content of ec_Qvalue_bytes are 65 bytes. And the value is the same as the last 65 bytes in my DER encoded public key.
Please correct me if I did anything wrong. Btw, I have also tried the above code on AWS CloudHSM and it works. |
The 65 bytes is the raw EC-Point. But CKA_EC_POINT needs to hold the DER encoded (OCTET STRING) enclosed EC-Point:
Well, then AWS CloudHSM is not conforming to the PKCS#11 standard. The PKCS#11 standard clearly states that CKA_EC_POINT must contain the DER-encoding of ANSI X9.62 ECPoint value Q, and ANSI X9.62 defines |
This was fixed with OpenSC issue OpenSC/OpenSC#1286 and commit OpenSC/OpenSC@ea4baf5 |
@ifranzki |
Hi there,
I was trying to import a ECC public key with the soft token.
Neither using the pkcs11-tool nor PKCS#11 API in C works.
(ECC private key however does work)
Here is how I import the public key:
Similarly, if I use the PKCS#11 C API to C_CreateObject the EC public key and private key. I can create private key successfully but fail on public key.
The text was updated successfully, but these errors were encountered: