Domain Parameter for ECC Keys

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Domain Parameter for ECC Keys

Andreas Schwier (ML)
Dear all,

we've come across a strange behaviour of the pkcs15-lib in OpenSC when
we generate an EC key pair:

After generating an fresh EC key pair, our code returns a
sc_pkcs15_pubkey containing the EC public key and DER encoded domain
parameter. The public key is then encoded in sc_pkcs15init_generate_key
and added to the DF in the framework when it's immediately decoded again.

During this encode / decode step the domain parameter are lost.

I'm wondering why this encode / decode step is done ?

If it is required for some reason, then I would rather encode the public
key in SubjectPublicKey structure that would also preserve the domain
parameter in AlgorithmIdentifier.

Andreas

--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 171 8334920
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Domain Parameter for ECC Keys

Frank Morgner
Hi!

I cannot answer the question *why* encoding/decoding is done in
particular.

But some time ago OpenSC's ASN.1 implementation had the limitation
to tags on one byte (ec public key is 7f49, I think). So, in a more
general note, ASN.1 support in OpenSC could be extended. Or stop
reimplementig everything and use something like asn1c, OpenSSL or
whatever. For the nPA, I used the latter for encoding ASN.1/TLV.

Greets, Frank.


On Thursday, September 20 at 01:11AM, Andreas Schwier (ML) wrote:

>
> Dear all,
>
> we've come across a strange behaviour of the pkcs15-lib in OpenSC when
> we generate an EC key pair:
>
> After generating an fresh EC key pair, our code returns a
> sc_pkcs15_pubkey containing the EC public key and DER encoded domain
> parameter. The public key is then encoded in sc_pkcs15init_generate_key
> and added to the DF in the framework when it's immediately decoded again.
>
> During this encode / decode step the domain parameter are lost.
>
> I'm wondering why this encode / decode step is done ?
>
> If it is required for some reason, then I would rather encode the public
> key in SubjectPublicKey structure that would also preserve the domain
> parameter in AlgorithmIdentifier.
>
> Andreas
>
> --
>
>     ---------    CardContact Software & System Consulting
>    |.##> <##.|   Andreas Schwier
>    |#       #|   Schülerweg 38
>    |#       #|   32429 Minden, Germany
>    |'##> <##'|   Phone +49 171 8334920
>     ---------    http://www.cardcontact.de
>                  http://www.tscons.de
>                  http://www.openscdp.org
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

attachment0 (501 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Domain Parameter for ECC Keys

Douglas E. Engert
In reply to this post by Andreas Schwier (ML)


On 9/19/2012 6:11 PM, Andreas Schwier (ML) wrote:

> Dear all,
>
> we've come across a strange behaviour of the pkcs15-lib in OpenSC when
> we generate an EC key pair:
>
> After generating an fresh EC key pair, our code returns a
> sc_pkcs15_pubkey containing the EC public key and DER encoded domain
> parameter. The public key is then encoded in sc_pkcs15init_generate_key
> and added to the DF in the framework when it's immediately decoded again.
>
> During this encode / decode step the domain parameter are lost.

Looked at PKCS#15 v1.1 section 6.4.3 The value is a EC_PubKeyChoice, that
can be a raw ECPoint or a spki SubjectPublicKeyInfo.

It looks like the sc_pkcs15_encode_pubkey_ec is just returning the
ECPoint.

sc_pkcs15_decode_pubkey_ec is also assuming the ECPoint.

It looks like that code has never been fully tested, and the
above code should be modified to use the spki SubjectPublicKeyInfo
if there are domain parameters.

With the EC work I have done in OpenSC including writing the above two
routines, I have not looked at the pkcs15init code at all, as the PIV
card is not a PKCS#15 card but rather the PKCS#15 is emulated, and the
emulation layer is base on the decoded entries. The PIV  does not use the
pkcs15init code at all, but rather a special pivtool can be used for test
cards to generate a key. It also turns out that the PIV card does not store
a pubkey object at all, but derives the pubkey from the certificate.

>
> I'm wondering why this encode / decode step is done ?

No one has a PKCS#15 cards that support EC to test this part of the code.

>
> If it is required for some reason, then I would rather encode the public
> key in SubjectPublicKey structure that would also preserve the domain
> parameter in AlgorithmIdentifier.

Can you come up with a patch?

>
> Andreas
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Domain Parameter for ECC Keys

Andreas Schwier
Hi Douglas,

see below.

Andreas


Am 20.09.2012 17:12, schrieb Douglas E. Engert:

>
> On 9/19/2012 6:11 PM, Andreas Schwier (ML) wrote:
>> Dear all,
>>
>> we've come across a strange behaviour of the pkcs15-lib in OpenSC when
>> we generate an EC key pair:
>>
>> After generating an fresh EC key pair, our code returns a
>> sc_pkcs15_pubkey containing the EC public key and DER encoded domain
>> parameter. The public key is then encoded in sc_pkcs15init_generate_key
>> and added to the DF in the framework when it's immediately decoded again.
>>
>> During this encode / decode step the domain parameter are lost.
> Looked at PKCS#15 v1.1 section 6.4.3 The value is a EC_PubKeyChoice, that
> can be a raw ECPoint or a spki SubjectPublicKeyInfo.
>
> It looks like the sc_pkcs15_encode_pubkey_ec is just returning the
> ECPoint.
>
> sc_pkcs15_decode_pubkey_ec is also assuming the ECPoint.
>
> It looks like that code has never been fully tested, and the
> above code should be modified to use the spki SubjectPublicKeyInfo
> if there are domain parameters.
>
> With the EC work I have done in OpenSC including writing the above two
> routines, I have not looked at the pkcs15init code at all, as the PIV
> card is not a PKCS#15 card but rather the PKCS#15 is emulated, and the
> emulation layer is base on the decoded entries. The PIV  does not use the
> pkcs15init code at all, but rather a special pivtool can be used for test
> cards to generate a key. It also turns out that the PIV card does not store
> a pubkey object at all, but derives the pubkey from the certificate.
>
>> I'm wondering why this encode / decode step is done ?
> No one has a PKCS#15 cards that support EC to test this part of the code.
We do have a card that supports EC ;-)
>
>> If it is required for some reason, then I would rather encode the public
>> key in SubjectPublicKey structure that would also preserve the domain
>> parameter in AlgorithmIdentifier.
> Can you come up with a patch?
Yes, we can certainly do that. I just wanted to make sure that I
understand the rational behind the current implementation.
>
>> Andreas
>>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel