Skip to content

PKCS#11 Ed25519#5559

Merged
jforissier merged 1 commit intoOP-TEE:masterfrom
varder:pkcs11_ed25519
Oct 6, 2022
Merged

PKCS#11 Ed25519#5559
jforissier merged 1 commit intoOP-TEE:masterfrom
varder:pkcs11_ed25519

Conversation

@varder
Copy link
Copy Markdown

@varder varder commented Sep 29, 2022

ta: pkcs11: Add Ed25519 support
Add functionality to generate, import keys, sign/verify for
Ed25519, Ed25519ctx and Ed25519ph.

Copy link
Copy Markdown
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the port to pkcs11 TA.
I've pointed the coding style issues, mostly indentation. See also few other comments.
That said, the overall looks good but i'll need another pass.

Comment thread ta/pkcs11/include/pkcs11_ta.h Outdated
PKCS11_CKK_DSA = 0x001,
PKCS11_CKK_DH = 0x002,
PKCS11_CKK_EC = 0x003,
PKCS11_CKK_EC_EDWARDS = 0x040,
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indentation + move below line 1180 following macro values ordering.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/include/pkcs11_ta.h Outdated
PKCS11_CKM_ECDSA_SHA512 = 0x01046,
PKCS11_CKM_ECDH1_DERIVE = 0x01050,
PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN = 0x01055,
PKCS11_CKM_EDDSA = 0x01057,
Copy link
Copy Markdown
Contributor

@etienne-lms etienne-lms Sep 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PKCS11_CKM_EDDSA and PKCS11_CKM_ECDSA can be easy to confuse.
Would you be ok the rename it? Suggestion PKCS11_CKM_EC_EDDSA.
(and for consistency s/PKCS11_CKK_EDDSA/PKCS11_CKK_EC_EDDSA/g)

(indentation)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discard this comment. This naming is driven by the PKCS#11 specs.
Sorry for the noise.

Comment thread ta/pkcs11/src/pkcs11_attributes.c Outdated
case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN:
if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY &&
get_class(temp) != PKCS11_CKO_PRIVATE_KEY) ||
get_key_type(temp) != PKCS11_CKK_EC_EDWARDS) {
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indentation:

		if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY &&
		     get_class(temp) != PKCS11_CKO_PRIVATE_KEY) ||
		    get_key_type(temp) != PKCS11_CKK_EC_EDWARDS) {
			rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
			goto out;
		}

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/src/pkcs11_attributes.c Outdated
if (key_type != PKCS11_CKK_EC_EDWARDS) {
EMSG("Invalid key %s for mechanism %s",
id2str_type(key_type, key_class),
id2str_proc(proc_id));
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

 			EMSG("Invalid key %s for mechanism %s",
-				id2str_type(key_type, key_class),
-				id2str_proc(proc_id));
+			     id2str_type(key_type, key_class),
+			     id2str_proc(proc_id));

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/src/pkcs11_attributes.c Outdated
if (key_class != PKCS11_CKO_PUBLIC_KEY &&
key_class != PKCS11_CKO_PRIVATE_KEY) {
EMSG("Invalid key class for mechanism %s",
id2str_proc(proc_id));
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

		EMSG("Invalid key class for mechanism %s",
		     id2str_proc(proc_id));

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/src/processing_ec.c Outdated
return rc;

rc = tee2pkcs_add_attribute(pub_head, PKCS11_CKA_EC_POINT,
tee_obj, TEE_ATTR_ED25519_PUBLIC_VALUE);
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indent for the 3 above

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/src/processing_ec.c Outdated
if (rc)
return rc;

out:
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-	out:
+out:

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/src/processing_ec.c Outdated

proc->extra_ctx = TEE_Malloc(sizeof(struct eddsa_processing_ctx) +
ctx_len,
TEE_USER_MEM_HINT_NO_FILL_ZERO);
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

 	proc->extra_ctx = TEE_Malloc(sizeof(struct eddsa_processing_ctx) +
-								 ctx_len,
-								 TEE_USER_MEM_HINT_NO_FILL_ZERO);
+				      ctx_len, TEE_USER_MEM_HINT_NO_FILL_ZERO);

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed indentation,
Is it Ok?
sizeof(*ctx) + ctx_len,

Comment thread ta/pkcs11/src/token_capabilities.c Outdated
case PKCS11_CKM_ECDSA_SHA384:
case PKCS11_CKM_ECDSA_SHA512:
case PKCS11_CKM_ECDH1_DERIVE:
case PKCS11_CKFM_GENERATE_KEY_PAIR:
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discard this change

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, thanks for pointing out

Comment thread ta/pkcs11/src/processing_ec.c Outdated
struct pkcs11_attribute_head *proc_params)
{
enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
uint32_t flag = 0, ctx_len = 0;
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 variable definition per line

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Copy Markdown
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

few remaining comments on the pkcs11 TA part.

Comment thread ta/pkcs11/include/pkcs11_ta.h Outdated
PKCS11_CKM_ECDSA_SHA512 = 0x01046,
PKCS11_CKM_ECDH1_DERIVE = 0x01050,
PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN = 0x01055,
PKCS11_CKM_EDDSA = 0x01057,
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discard this comment. This naming is driven by the PKCS#11 specs.
Sorry for the noise.

Comment thread ta/pkcs11/src/processing_ec.c Outdated
return PKCS11_CKR_ARGUMENTS_BAD;

proc->extra_ctx = TEE_Malloc(sizeof(*ctx) + ctx_len,
TEE_USER_MEM_HINT_NO_FILL_ZERO);
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indentation

Comment thread ta/pkcs11/src/processing_asymm.c Outdated
out_buf, &out_size);
tee_attrs,
tee_attrs_count,
hash_buf, hash_size,
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discard this change. The original code was good:

			res = TEE_AsymmetricSignDigest(proc->tee_op_handle,
						       tee_attrs,
						       tee_attrs_count,
						       in_buf, in_size,
						       out_buf, &out_size);

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@jforissier
Copy link
Copy Markdown
Contributor

@varder when you address Etienne's comments please also rebase onto master which now has the "proper" Ed25519 implementation, thanks!

Comment thread ta/pkcs11/src/processing_asymm.c Outdated
tee_attrs,
tee_attrs_count,
in_buf, in_size,
out_buf, &out_size);
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

preserve original indentation :)

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Comment thread ta/pkcs11/src/processing_ec.c Outdated
rc = tee2pkcs_add_attribute(priv_head, PKCS11_CKA_VALUE,
tee_obj, TEE_ATTR_ED25519_PRIVATE_VALUE);
if (rc)
return rc;
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

goto out;
ditto lines below

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

break;
case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN:
case PKCS11_CKM_EDDSA:
*min_key_size = 256; /* in bits */
Copy link
Copy Markdown
Contributor

@etienne-lms etienne-lms Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spec mentions 255 while key effective bit size is 256.
Maybe a word here? /* in bits, v3.1 falsly states 255 */

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to rfc8032
https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5
Key Generation
The private key is 32 octets (256 bits, corresponding to b) of
cryptographically secure random data.

I guess it is a typo in Specs,

Comment thread ta/pkcs11/src/processing_ec.c Outdated

static const uint8_t ed25519ph_oid_der[] = {
0x13, 0x0C, 'e', 'd', 'w', 'a', 'r', 'd', 's',
'2', '5', '5', '1', '9',
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing 'p', 'h' ?

Comment thread ta/pkcs11/src/processing_ec.c Outdated
};

static const uint8_t ed25519_name_der[] = {
0x06, 0x03, 0x2B, 0x65, 0x70,
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems 0x06, 0x03, 0x2B, 0x65, 0x70 is the encoding of EdDSA algo while the curve OID's DER encoding is 06 09 2B 06 01 04 01 DA 47 0F 01.
See script ta/pkcs11/scripts/dump_ec_curve_params.sh used to get IDs used by openssl, maybe it can help.

Copy link
Copy Markdown
Author

@varder varder Oct 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the existing algos the struct values
struct supported_ecc_curve
can be generated using dump_ec_curve_params.sh
with the commands:
openssl ecparam -name ${EC_CURVE} -param_enc explicit
But it looks like for Ed25519 with Openssl impossible to get the parameters.
I would like to generate it automatically, but i could't find the way.

I have looked at some existing implementation,
and it looks like, 1.3.101.112 is used in this context
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/crypto/BotanEDPrivateKey.cpp#L54
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-algo.c#L451

@varder varder force-pushed the pkcs11_ed25519 branch 3 times, most recently from 824cea6 to c2cbbbe Compare October 3, 2022 18:50
@varder
Copy link
Copy Markdown
Author

varder commented Oct 4, 2022

@etienne-lms
Can I squash the fixups?

Copy link
Copy Markdown
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> (minor inline comment style issue)

Comment thread ta/pkcs11/src/processing_ec.c Outdated
0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01,
};

/* Edwards curves may be specified in two flavours:
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/*
 * Edwards curves may be specified in two flavours: 

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@etienne-lms
Copy link
Copy Markdown
Contributor

@etienne-lms
Can I squash the fixups?

Ok

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-editor.org/rfc/rfc8420.html
A.1. ASN.1 Object for Ed25519

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
@jforissier jforissier merged commit 03e0743 into OP-TEE:master Oct 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants