libp11 & engine_pkcs11 support for ECDSA keys

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

libp11 & engine_pkcs11 support for ECDSA keys

Felipe Blauth
Hello.

I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys.

Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@.../msg07785.html.

Was that ever incorporated? I couldn't find in the latest snapshots.

Thank you very much.

--
Felipe Menegola Blauth

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Douglas E. Engert
No it has not been incorporated because it requires an OpenSSL
internal header file ecs_locl.h, thus making it impractical to
compile in to any package.

This is a known bug:

http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest

It also appeared on the OpenSSL mailing list.

The patch should still work. Please try it, and you can
also add comments to the OpenSSL bug report.


On 8/12/2011 2:12 PM, Felipe Blauth wrote:

> Hello.
>
> I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys.
>
> Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@.../msg07785.html.
>
> Was that ever incorporated? I couldn't find in the latest snapshots.
>
> Thank you very much.
>
> --
> Felipe Menegola Blauth
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Felipe Blauth
Thank you, I'll check it out.

2011/8/12 Douglas E. Engert <[hidden email]>
No it has not been incorporated because it requires an OpenSSL
internal header file ecs_locl.h, thus making it impractical to
compile in to any package.

This is a known bug:

http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest

It also appeared on the OpenSSL mailing list.

The patch should still work. Please try it, and you can
also add comments to the OpenSSL bug report.


On 8/12/2011 2:12 PM, Felipe Blauth wrote:
> Hello.
>
> I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys.
>
> Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@.../msg07785.html.
>
> Was that ever incorporated? I couldn't find in the latest snapshots.
>
> Thank you very much.
>
> --
> Felipe Menegola Blauth
>
>
>
> _______________________________________________
> opensc-devel mailing list
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444">(630) 252-5444
_______________________________________________
opensc-devel mailing list
http://www.opensc-project.org/mailman/listinfo/opensc-devel



--
Felipe Menegola Blauth

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Felipe Blauth
I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It seems that I can load the private key and sign, but the public key is not loaded.

I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that.

OpenSSL error is the following, after loading the key:
error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding

Regards,

2011/8/13 Felipe Blauth <[hidden email]>
Thank you, I'll check it out.

2011/8/12 Douglas E. Engert <[hidden email]>

No it has not been incorporated because it requires an OpenSSL
internal header file ecs_locl.h, thus making it impractical to
compile in to any package.

This is a known bug:

http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest

It also appeared on the OpenSSL mailing list.

The patch should still work. Please try it, and you can
also add comments to the OpenSSL bug report.


On 8/12/2011 2:12 PM, Felipe Blauth wrote:
> Hello.
>
> I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys.
>
> Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@.../msg07785.html.
>
> Was that ever incorporated? I couldn't find in the latest snapshots.
>
> Thank you very much.
>
> --
> Felipe Menegola Blauth
>
>
>
> _______________________________________________
> opensc-devel mailing list
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444
_______________________________________________
opensc-devel mailing list
http://www.opensc-project.org/mailman/listinfo/opensc-devel



--
Felipe Menegola Blauth



--
Felipe Menegola Blauth

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Douglas E. Engert


On 9/6/2011 4:53 PM, Felipe Blauth wrote:
> I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It
> seems that I can load the private key and sign, but the public key is not loaded.
>
> I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that.

It is not clear where the error could be, it could be in the actual
encoding of the public key, or the ASN1 decoding or in in some size limit.
All the other keys are a multiple of 8 bits. The 521 is not,
and thus the asn1 octet would need an extra byte. Look at the
libp11 src/p11_ec.c and pkcs11_get_ec_private() and the ec_pointlen
variable.

Do you have a dump of the public key?

If you are using OpenSC's PKCS#11, you could turn on the OpenSC debug,
by adding to the opensc.conf someting like:
  debug = 7;
  debug_file = /tmp/opensc-debug.log;

You could use the OpenSC pkcs11-spy.so to trace the PKCS#11 calls,
that should show the public key being transfered. This can
work with any PKCS#11 module including the opensc-pkcs11.so

Set the environment variables:

  export PKCS11SPY=/path/to/your/pkcs11.module.so
  export PKCS11SPY_OUTPUT=/tmp/tb.spy.txt

>
> OpenSSL error is the following, after loading the key:
> error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding
>
> Regards,
>
> 2011/8/13 Felipe Blauth <[hidden email] <mailto:[hidden email]>>
>
>     Thank you, I'll check it out.
>
>     2011/8/12 Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>
>         No it has not been incorporated because it requires an OpenSSL
>         internal header file ecs_locl.h, thus making it impractical to
>         compile in to any package.
>
>         This is a known bug:
>
>         http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>
>
>         It also appeared on the OpenSSL mailing list.
>
>         The patch should still work. Please try it, and you can
>         also add comments to the OpenSSL bug report.
>
>
>         On 8/12/2011 2:12 PM, Felipe Blauth wrote:
>          > Hello.
>          >
>          > I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize
>         ECDSA keys.
>          >
>          > Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@.../msg07785.html.
>          >
>          > Was that ever incorporated? I couldn't find in the latest snapshots.
>          >
>          > Thank you very much.
>          >
>          > --
>          > Felipe Menegola Blauth
>          >
>          >
>          >
>          > _______________________________________________
>          > opensc-devel mailing list
>          > [hidden email] <mailto:[hidden email]>
>          > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>         --
>
>           Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>           Argonne National Laboratory
>           9700 South Cass Avenue
>           Argonne, Illinois  60439
>         (630) 252-5444 <tel:%28630%29%20252-5444>
>         _______________________________________________
>         opensc-devel mailing list
>         [hidden email] <mailto:[hidden email]>
>         http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>
>     --
>     Felipe Menegola Blauth
>
>
>
>
> --
> Felipe Menegola Blauth

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Felipe Blauth
I've found where the problem is coming from. It is from OpenSSL's function o2i_ECPublicKey, that is used to convert the  asn1 octet string from PKCS#11 CKA_EC_POINT attribute to internal OpenSSL stuff. This function is called, like you said, at the file src/p11_ec.c from function pkcs11_get_ec_private().

I've used pkcs11-spy, and it ouputs the following when calling C_GetAttributeValue with CKA_EC_POINT parameter from the public key object:

84: C_GetAttributeValue
[in] hSession = 0x10002
[in] hObject = 0x3
[in] pTemplate[1]: 
    CKA_EC_POINT          requested with 136 buffer
[out] pTemplate[1]: 
    CKA_EC_POINT          [size : 0x88 (136)]
    04818504 017C713A 5A1ECAB3 0F7B0C54 35099B53 9AC9740A ED157D70 577D9AA3
    3BB11767 95F02C07 9683AEA0 2C32422D DC9C7C9E 3BB9952B 7D692047 2F8B75D0
    A23BB5EF CC3E01BE 240FFAFD 64A2F090 D2E8556F C108D251 4C9AD53C 270BE2AD
    CA829853 57D26AF3 A65806FD 82CE2011 58C02629 B8E90961 4C00887E DD4184C7
    37CE192C 2AB5ED47
Returned:  0 CKR_OK

ec_pointlen variable is, therefore, set to 136 bytes. After calling o2i_ECPublicKey OpenSSL puts the following error in its stack:
error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding

So we have some encoding problem. By the way, why we should increment the pointer by 2 before calling o2i_ECPublicKey? Like you did in the following:
...
/* PKCS#11 returns ASN1 octstring*/
const unsigned char * a;
/* TODO we have asn1 octet string, need to strip off 04 len */
a = ec_point + 2;
o2i_ECPublicKey(&ec, &a, ec_pointlen-2);
...

2011/9/7 Douglas E. Engert <[hidden email]>


On 9/6/2011 4:53 PM, Felipe Blauth wrote:
I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It
seems that I can load the private key and sign, but the public key is not loaded.

I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that.

It is not clear where the error could be, it could be in the actual
encoding of the public key, or the ASN1 decoding or in in some size limit.
All the other keys are a multiple of 8 bits. The 521 is not,
and thus the asn1 octet would need an extra byte. Look at the
libp11 src/p11_ec.c and pkcs11_get_ec_private() and the ec_pointlen
variable.

Do you have a dump of the public key?

If you are using OpenSC's PKCS#11, you could turn on the OpenSC debug,
by adding to the opensc.conf someting like:
 debug = 7;
 debug_file = /tmp/opensc-debug.log;

You could use the OpenSC pkcs11-spy.so to trace the PKCS#11 calls,
that should show the public key being transfered. This can
work with any PKCS#11 module including the opensc-pkcs11.so

Set the environment variables:

 export PKCS11SPY=/path/to/your/pkcs11.module.so
 export PKCS11SPY_OUTPUT=/tmp/tb.spy.txt


OpenSSL error is the following, after loading the key:
error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding

Regards,

2011/8/13 Felipe Blauth <[hidden email] <mailto:[hidden email]>>


   Thank you, I'll check it out.

   2011/8/12 Douglas E. Engert <[hidden email] <mailto:[hidden email]>>


       No it has not been incorporated because it requires an OpenSSL
       internal header file ecs_locl.h, thus making it impractical to
       compile in to any package.

       This is a known bug:

       http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>


       It also appeared on the OpenSSL mailing list.

       The patch should still work. Please try it, and you can
       also add comments to the OpenSSL bug report.


       On 8/12/2011 2:12 PM, Felipe Blauth wrote:
        > Hello.
        >
        > I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize
       ECDSA keys.
        >
        > Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@...-project.org/msg07785.html.
        >
        > Was that ever incorporated? I couldn't find in the latest snapshots.
        >
        > Thank you very much.
        >
        > --
        > Felipe Menegola Blauth
        >
        >
        >
        > _______________________________________________
        > opensc-devel mailing list
        > [hidden email] <mailto:[hidden email]>          Douglas E. Engert <[hidden email] <mailto:[hidden email]>>

         Argonne National Laboratory
         9700 South Cass Avenue
         Argonne, Illinois  60439
       <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444 <tel:%28630%29%20252-5444>
       _______________________________________________
       opensc-devel mailing list
       [hidden email] <mailto:[hidden email]>

       http://www.opensc-project.org/mailman/listinfo/opensc-devel




   --
   Felipe Menegola Blauth




--
Felipe Menegola Blauth

--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444



--
Felipe Menegola Blauth

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Douglas E. Engert
Yes the problem is

128                                /* TODO we have asn1 octet string, need to strip off 04 len */
129
130                                 a = ec_point + 2;
131                                 o2i_ECPublicKey(&ec, &a, ec_pointlen-2);

It is assuming the ASN1 is an octet string, with a single length byte
But with a p - 521 the length is 2 bytes.

04 Octet string
81 the length is more then 127, and there is one more length byte
85 the length of the octet string.

I can get you a possible patch later today.



On 9/8/2011 11:48 AM, Felipe Blauth wrote:

> I've found where the problem is coming from. It is from OpenSSL's function *o2i_ECPublicKey*, that is used to convert the  asn1 octet string from PKCS#11 *CKA_EC_POINT* attribute to internal OpenSSL
> stuff. This function is called, like you said, at the file src/p11_ec.c from function *pkcs11_get_ec_private*().
>
> I've used *pkcs11-spy*, and it ouputs the following when calling *C_GetAttributeValue* with *CKA_EC_POINT* parameter from the public key object:
>
> 84: C_GetAttributeValue
> [in] hSession = 0x10002
> [in] hObject = 0x3
> [in] pTemplate[1]:
>      CKA_EC_POINT          requested with 136 buffer
> [out] pTemplate[1]:
>      CKA_EC_POINT          [size : 0x88 (136)]
>      04818504 017C713A 5A1ECAB3 0F7B0C54 35099B53 9AC9740A ED157D70 577D9AA3
>      3BB11767 95F02C07 9683AEA0 2C32422D DC9C7C9E 3BB9952B 7D692047 2F8B75D0
>      A23BB5EF CC3E01BE 240FFAFD 64A2F090 D2E8556F C108D251 4C9AD53C 270BE2AD
>      CA829853 57D26AF3 A65806FD 82CE2011 58C02629 B8E90961 4C00887E DD4184C7
>      37CE192C 2AB5ED47
> Returned:  0 CKR_OK
>
> *ec_pointlen* variable is, therefore, set to 136 bytes. After calling *o2i_ECPublicKey* OpenSSL puts the following error in its stack:
> *error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding*
>
> So we have some encoding problem. By the way, why we should increment the pointer by 2 before calling *o2i_ECPublicKey**? *Like you did in the following:
> ...
> /* PKCS#11 returns ASN1 octstring*/
> const unsigned char * a;
> /* TODO we have asn1 octet string, need to strip off 04 len */
> a = ec_point + 2;
> o2i_ECPublicKey(&ec, &a, ec_pointlen-2);
> ...
>
> 2011/9/7 Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>
>
>
>     On 9/6/2011 4:53 PM, Felipe Blauth wrote:
>
>         I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It
>         seems that I can load the private key and sign, but the public key is not loaded.
>
>         I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that.
>
>
>     It is not clear where the error could be, it could be in the actual
>     encoding of the public key, or the ASN1 decoding or in in some size limit.
>     All the other keys are a multiple of 8 bits. The 521 is not,
>     and thus the asn1 octet would need an extra byte. Look at the
>     libp11 src/p11_ec.c and pkcs11_get_ec_private() and the ec_pointlen
>     variable.
>
>     Do you have a dump of the public key?
>
>     If you are using OpenSC's PKCS#11, you could turn on the OpenSC debug,
>     by adding to the opensc.conf someting like:
>       debug = 7;
>       debug_file = /tmp/opensc-debug.log;
>
>     You could use the OpenSC pkcs11-spy.so to trace the PKCS#11 calls,
>     that should show the public key being transfered. This can
>     work with any PKCS#11 module including the opensc-pkcs11.so
>
>     Set the environment variables:
>
>       export PKCS11SPY=/path/to/your/pkcs11__.module.so <http://pkcs11.module.so>
>       export PKCS11SPY_OUTPUT=/tmp/tb.spy.__txt
>
>
>         OpenSSL error is the following, after loading the key:
>         error:10067066:elliptic curve routines:ec_GFp_simple___oct2point:invalid encoding
>
>         Regards,
>
>         2011/8/13 Felipe Blauth <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>
>             Thank you, I'll check it out.
>
>             2011/8/12 Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>
>                 No it has not been incorporated because it requires an OpenSSL
>                 internal header file ecs_locl.h, thus making it impractical to
>                 compile in to any package.
>
>                 This is a known bug:
>
>         http://rt.openssl.org/Ticket/__Display.html?id=2459&user=__guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>
>         <http://rt.openssl.org/Ticket/__Display.html?id=2459&user=__guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>>
>
>
>                 It also appeared on the OpenSSL mailing list.
>
>                 The patch should still work. Please try it, and you can
>                 also add comments to the OpenSSL bug report.
>
>
>                 On 8/12/2011 2:12 PM, Felipe Blauth wrote:
>          > Hello.
>          >
>          > I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize
>                 ECDSA keys.
>          >
>          > Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/__opensc-devel@.../msg07785.html
>         <http://www.mail-archive.com/opensc-devel@.../msg07785.html>.
>          >
>          > Was that ever incorporated? I couldn't find in the latest snapshots.
>          >
>          > Thank you very much.
>          >
>          > --
>          > Felipe Menegola Blauth
>          >
>          >
>          >
>          > _________________________________________________
>          > opensc-devel mailing list
>          > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>
>          > http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>
>
>                 --
>
>                   Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>                   Argonne National Laboratory
>                   9700 South Cass Avenue
>                   Argonne, Illinois  60439
>         (630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444>
>                 _________________________________________________
>                 opensc-devel mailing list
>         [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>
>         http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>
>
>
>
>
>             --
>             Felipe Menegola Blauth
>
>
>
>
>         --
>         Felipe Menegola Blauth
>
>
>     --
>
>       Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>       Argonne National Laboratory
>       9700 South Cass Avenue
>       Argonne, Illinois  60439
>     (630) 252-5444 <tel:%28630%29%20252-5444>
>
>
>
>
> --
> Felipe Menegola Blauth

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Douglas E. Engert
In reply to this post by Felipe Blauth
Try the attached patch. It compiles, but I have not tested it.

On 9/8/2011 11:48 AM, Felipe Blauth wrote:

> I've found where the problem is coming from. It is from OpenSSL's function *o2i_ECPublicKey*, that is used to convert the  asn1 octet string from PKCS#11 *CKA_EC_POINT* attribute to internal OpenSSL
> stuff. This function is called, like you said, at the file src/p11_ec.c from function *pkcs11_get_ec_private*().
>
> I've used *pkcs11-spy*, and it ouputs the following when calling *C_GetAttributeValue* with *CKA_EC_POINT* parameter from the public key object:
>
> 84: C_GetAttributeValue
> [in] hSession = 0x10002
> [in] hObject = 0x3
> [in] pTemplate[1]:
>      CKA_EC_POINT          requested with 136 buffer
> [out] pTemplate[1]:
>      CKA_EC_POINT          [size : 0x88 (136)]
>      04818504 017C713A 5A1ECAB3 0F7B0C54 35099B53 9AC9740A ED157D70 577D9AA3
>      3BB11767 95F02C07 9683AEA0 2C32422D DC9C7C9E 3BB9952B 7D692047 2F8B75D0
>      A23BB5EF CC3E01BE 240FFAFD 64A2F090 D2E8556F C108D251 4C9AD53C 270BE2AD
>      CA829853 57D26AF3 A65806FD 82CE2011 58C02629 B8E90961 4C00887E DD4184C7
>      37CE192C 2AB5ED47
> Returned:  0 CKR_OK
>
> *ec_pointlen* variable is, therefore, set to 136 bytes. After calling *o2i_ECPublicKey* OpenSSL puts the following error in its stack:
> *error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding*
>
> So we have some encoding problem. By the way, why we should increment the pointer by 2 before calling *o2i_ECPublicKey**? *Like you did in the following:
> ...
Because the PKCS#11 returns the point as an octet_string, but OpenSSL does not want the octet_string
for the o2i_ECPublicKey. All my testing was done with named cureves of 256, or 384,
and the ans1 header was always 2 bytes. The TODO comment was to come back in fix this.
Hopfuly the patch will.

> /* PKCS#11 returns ASN1 octstring*/
> const unsigned char * a;
> /* TODO we have asn1 octet string, need to strip off 04 len */
> a = ec_point + 2;
> o2i_ECPublicKey(&ec, &a, ec_pointlen-2);
> ...
>
> 2011/9/7 Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>
>
>
>     On 9/6/2011 4:53 PM, Felipe Blauth wrote:
>
>         I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It
>         seems that I can load the private key and sign, but the public key is not loaded.
>
>         I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that.
>
>
>     It is not clear where the error could be, it could be in the actual
>     encoding of the public key, or the ASN1 decoding or in in some size limit.
>     All the other keys are a multiple of 8 bits. The 521 is not,
>     and thus the asn1 octet would need an extra byte. Look at the
>     libp11 src/p11_ec.c and pkcs11_get_ec_private() and the ec_pointlen
>     variable.
>
>     Do you have a dump of the public key?
>
>     If you are using OpenSC's PKCS#11, you could turn on the OpenSC debug,
>     by adding to the opensc.conf someting like:
>       debug = 7;
>       debug_file = /tmp/opensc-debug.log;
>
>     You could use the OpenSC pkcs11-spy.so to trace the PKCS#11 calls,
>     that should show the public key being transfered. This can
>     work with any PKCS#11 module including the opensc-pkcs11.so
>
>     Set the environment variables:
>
>       export PKCS11SPY=/path/to/your/pkcs11__.module.so <http://pkcs11.module.so>
>       export PKCS11SPY_OUTPUT=/tmp/tb.spy.__txt
>
>
>         OpenSSL error is the following, after loading the key:
>         error:10067066:elliptic curve routines:ec_GFp_simple___oct2point:invalid encoding
>
>         Regards,
>
>         2011/8/13 Felipe Blauth <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>
>             Thank you, I'll check it out.
>
>             2011/8/12 Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>
>                 No it has not been incorporated because it requires an OpenSSL
>                 internal header file ecs_locl.h, thus making it impractical to
>                 compile in to any package.
>
>                 This is a known bug:
>
>         http://rt.openssl.org/Ticket/__Display.html?id=2459&user=__guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>
>         <http://rt.openssl.org/Ticket/__Display.html?id=2459&user=__guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>>
>
>
>                 It also appeared on the OpenSSL mailing list.
>
>                 The patch should still work. Please try it, and you can
>                 also add comments to the OpenSSL bug report.
>
>
>                 On 8/12/2011 2:12 PM, Felipe Blauth wrote:
>          > Hello.
>          >
>          > I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize
>                 ECDSA keys.
>          >
>          > Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/__opensc-devel@.../msg07785.html
>         <http://www.mail-archive.com/opensc-devel@.../msg07785.html>.
>          >
>          > Was that ever incorporated? I couldn't find in the latest snapshots.
>          >
>          > Thank you very much.
>          >
>          > --
>          > Felipe Menegola Blauth
>          >
>          >
>          >
>          > _________________________________________________
>          > opensc-devel mailing list
>          > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>
>          > http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>
>
>                 --
>
>                   Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>                   Argonne National Laboratory
>                   9700 South Cass Avenue
>                   Argonne, Illinois  60439
>         (630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444>
>                 _________________________________________________
>                 opensc-devel mailing list
>         [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>
>         http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>
>
>
>
>
>             --
>             Felipe Menegola Blauth
>
>
>
>
>         --
>         Felipe Menegola Blauth
>
>
>     --
>
>       Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>       Argonne National Laboratory
>       9700 South Cass Avenue
>       Argonne, Illinois  60439
>     (630) 252-5444 <tel:%28630%29%20252-5444>
>
>
>
>
> --
> Felipe Menegola Blauth
--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

p11_ec.c.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: libp11 & engine_pkcs11 support for ECDSA keys

Felipe Blauth
It works =). I've tested sign/verify with p-192, p-224, p-256, p-384 and p-521. No problems found.

Thank you for your attention. 

2011/9/8 Douglas E. Engert <[hidden email]>
Try the attached patch. It compiles, but I have not tested it.


On 9/8/2011 11:48 AM, Felipe Blauth wrote:
I've found where the problem is coming from. It is from OpenSSL's function *o2i_ECPublicKey*, that is used to convert the  asn1 octet string from PKCS#11 *CKA_EC_POINT* attribute to internal OpenSSL
stuff. This function is called, like you said, at the file src/p11_ec.c from function *pkcs11_get_ec_private*().

I've used *pkcs11-spy*, and it ouputs the following when calling *C_GetAttributeValue* with *CKA_EC_POINT* parameter from the public key object:

84: C_GetAttributeValue
[in] hSession = 0x10002
[in] hObject = 0x3
[in] pTemplate[1]:
    CKA_EC_POINT          requested with 136 buffer
[out] pTemplate[1]:
    CKA_EC_POINT          [size : 0x88 (136)]
    04818504 017C713A 5A1ECAB3 0F7B0C54 35099B53 9AC9740A ED157D70 577D9AA3
    3BB11767 95F02C07 9683AEA0 2C32422D DC9C7C9E 3BB9952B 7D692047 2F8B75D0
    A23BB5EF CC3E01BE 240FFAFD 64A2F090 D2E8556F C108D251 4C9AD53C 270BE2AD
    CA829853 57D26AF3 A65806FD 82CE2011 58C02629 B8E90961 4C00887E DD4184C7
    37CE192C 2AB5ED47
Returned:  0 CKR_OK

*ec_pointlen* variable is, therefore, set to 136 bytes. After calling *o2i_ECPublicKey* OpenSSL puts the following error in its stack:
*error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding*

So we have some encoding problem. By the way, why we should increment the pointer by 2 before calling *o2i_ECPublicKey**? *Like you did in the following:
...

Because the PKCS#11 returns the point as an octet_string, but OpenSSL does not want the octet_string
for the o2i_ECPublicKey. All my testing was done with named cureves of 256, or 384,
and the ans1 header was always 2 bytes. The TODO comment was to come back in fix this.
Hopfuly the patch will.

/* PKCS#11 returns ASN1 octstring*/
const unsigned char * a;
/* TODO we have asn1 octet string, need to strip off 04 len */
a = ec_point + 2;
o2i_ECPublicKey(&ec, &a, ec_pointlen-2);
...

2011/9/7 Douglas E. Engert <[hidden email] <mailto:[hidden email]>>




   On 9/6/2011 4:53 PM, Felipe Blauth wrote:

       I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It
       seems that I can load the private key and sign, but the public key is not loaded.

       I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that.


   It is not clear where the error could be, it could be in the actual
   encoding of the public key, or the ASN1 decoding or in in some size limit.
   All the other keys are a multiple of 8 bits. The 521 is not,
   and thus the asn1 octet would need an extra byte. Look at the
   libp11 src/p11_ec.c and pkcs11_get_ec_private() and the ec_pointlen
   variable.

   Do you have a dump of the public key?

   If you are using OpenSC's PKCS#11, you could turn on the OpenSC debug,
   by adding to the opensc.conf someting like:
     debug = 7;
     debug_file = /tmp/opensc-debug.log;

   You could use the OpenSC pkcs11-spy.so to trace the PKCS#11 calls,
   that should show the public key being transfered. This can
   work with any PKCS#11 module including the opensc-pkcs11.so

   Set the environment variables:

     export PKCS11SPY=/path/to/your/pkcs11__.module.so <http://pkcs11.module.so>

     export PKCS11SPY_OUTPUT=/tmp/tb.spy.__txt


       OpenSSL error is the following, after loading the key:
       error:10067066:elliptic curve routines:ec_GFp_simple___oct2point:invalid encoding

       Regards,

       2011/8/13 Felipe Blauth <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>



           Thank you, I'll check it out.

           2011/8/12 Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>



               No it has not been incorporated because it requires an OpenSSL
               internal header file ecs_locl.h, thus making it impractical to
               compile in to any package.

               This is a known bug:

       http://rt.openssl.org/Ticket/__Display.html?id=2459&user=__guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>
       <http://rt.openssl.org/Ticket/__Display.html?id=2459&user=__guest&pass=guest <http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest>>


               It also appeared on the OpenSSL mailing list.

               The patch should still work. Please try it, and you can
               also add comments to the OpenSSL bug report.


               On 8/12/2011 2:12 PM, Felipe Blauth wrote:
        > Hello.
        >
        > I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well with RSA keys, but it doesn't recognize
               ECDSA keys.
        >
        > Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/__opensc-devel@...-__project.org/msg07785.html
       <http://www.mail-archive.com/opensc-devel@...-project.org/msg07785.html>.
        >
        > Was that ever incorporated? I couldn't find in the latest snapshots.
        >
        > Thank you very much.
        >
        > --
        > Felipe Menegola Blauth
        >
        >
        >
        > _________________________________________________
        > opensc-devel mailing list
        > [hidden email] <mailto:[hidden email]> <mailto:[hidden email]__opensc-project.org <mailto:[hidden email]>>

        > http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>

               --

                 Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>


                 Argonne National Laboratory
                 9700 South Cass Avenue
                 Argonne, Illinois  60439
       <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444>
               _________________________________________________
               opensc-devel mailing list
       [hidden email] <mailto:[hidden email]> <mailto:[hidden email]__opensc-project.org <mailto:[hidden email]>>

       http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>





           --
           Felipe Menegola Blauth




       --
       Felipe Menegola Blauth


   --

     Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
     Argonne National Laboratory
     9700 South Cass Avenue
     Argonne, Illinois  60439
   <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444 <tel:%28630%29%20252-5444>




--
Felipe Menegola Blauth

--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444



--
Felipe Menegola Blauth

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel