New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge engine_pkcs11 into libp11 #50
Comments
Douglas E. Engert DEEngert@gmail.com |
I agree too. And if you could incorporate the engine_pkcs11 fixes for PIN-less access to public keys, and access to ECC keys - it would be outstanding. Needless to say, I'm standing by, ready to test on PIV tokens. ;-) |
That's a nice idea. However note that the license of both projects is different. That shouldn't be a problem in merging them - but should be a problem if engine_pkcs11 is to be included in openssl. |
Re-licensing engine_pkcs11 is indeed an important aspect of this change. Including engine_pkcs11 without including libp11 would bring very little or no benefit to OpenSSL. I don't think the OpenSSL project has ever intended to include engine_pkcs11. They already have too much code to deal with rather than too little. 8-) |
Hi, I use libp11 in a project of mine, but I don't use engine_pkcs11. |
What would be the benefit of adding a ./configure option to disable building engine_pkcs11? |
It would reduce the build time, but maybe building the engine doesn't really takes that long at all. :) |
My point exactly... |
Currently out of four tests one fails and three succeed:
But frankly, it concerns me less that the fact that ECDH is only half-done. |
Update
It appears that here the code is attempting to perform a Verify operation (that requires public key) on the token itself. All the tokens I'm aware of implement/support only two operations: (a) sign, and (b) decrypt or derive (with the private key). Nothing else is supported. So here it seems that the code is trying to make the token to perform Verify, which the token (quite correctly) refuses. Something similar appears to be happening with ECDH: before the patches the code was trying to extract the key form the token, which succeeded only for the public key. After @dengert patches, it seems to try to perform all the operations on the token, which succeeds only for the private key. Does the above make sense to you? |
That could be a problem. The engine_pkcs11 would get this correct, because the only key methods that are replaced are for private key oprations. OpenSSL will do everything else in software. I have not looked at the tests, but if they are expecting libp11 to do all the public and private key operations that could the issue. Is libp11 assuming that if the token can do a sign or derive, it can do a verify (CKF_VERIFY) In regards to what a token can actually do, PKCS#11 has the CKF_HW attribute for mechanisms: "True if the mechanism is performed by the device; false if the mechanism is performed in software." OpenSC PKCS#11 is fairly good about this, but depends on the card driver settings. Does libp11 look for CKF_HW? What does it do if the mechanism is not HW, or not available? |
We should not override the rsa_verify method. This is what other OpenSSL engines do. |
It does not make sense to implement public key operations on the engine.
But somehow this doesn't seem to happen with EC DERIVE (with the patches that make private key-based on-the-token derivation enabled and working). @dengert, your help here would be appreciated. |
Re. 4e35780. operation still fails, with a different error report.
|
I checked pkcs11_rsa_verify() against the OpenSSL source back to version 0.9.7. Most of this function is just a hack to fix the problem created by introducing this function in the first place. pkcs11_rsa_verify() also fails unless the RSA_FLAG_SIGN_VER flag is set, which apparently causes the problem reported by @mouse07410. I have no idea why it could possibly be useful. Maybe (unlikely) it made sense with even more obsolete versions of OpenSSL, but it doesn't seem to make sense nowadays. I simply removed the code: 4e35780 |
@mouse07410 Most likely you need opendnssec/SoftHSMv2#184 |
Bingo!
Now we can again concentrate on why ECDH-DERIVE doesn't work with both private and public keys. ;) |
ECDH-DERIVE is always a private key operation. But It also takes as a parameter the public key (the EC_POINT) of the other party. So both parties do an ECDH-DERIVE using their private key, with the input of the other parties EC_POINT. The application may be creating an ephemeral ECDH key in software, so only one the private keys is on a token. NIST 800-56A goes in to all the possible ways to use ECDH. Much of this is also done by the openssl cms command. |
@dengert, you're absolutely correct (as usually :). The issue is whether the private key in question is on the token, or in a file (aka software-loadable). An application (or a user) may want to: a. Derive ECDH key on the token - which did not work until you fixed it, thanks! or b. Derive ECDH key from the ephemeral private key it received or generated and the public key on the token. Here's the example of (a) (which I'm very grateful for fixing!):
Here's the example of (b) (which got broken, probably because currently the code can't distinguish between where the private key for this operation is):
The problem is - once the token gets involved/mentioned, the code automatically assumes that that's where the private key is going to be. Or at least tries to perform the operation as if that's where the private key was. With RSA, it does not make this mistake: when Decrypt is requested it goes to the token, but I can request Encrypt - in which case it just takes the public key from the token and uses it in software. @dengert, what is your opinion regarding how to address the above? Do we need two DERIVE methods instead of one? Do we need to do something different within the method if it's |
086c06b concludes this issue. |
@mtrojnar there are a few questions related to this merge that I can't figure the answer to.
Comments please? |
Douglas E. Engert DEEngert@gmail.com |
Ad 1. At least not until libp11 0.4.0 is released (in a few weeks). The old https://github.com/OpenSC/engine_pkcs11 repository is still useful with the https://github.com/OpenSC/libp11/tree/libp11-0_3_x branch. Ad 2. I have already answered this question in the proper thread: #49 (comment) Ad 3. I still haven't decided about the the details. I'm working on a solution right now. I am fully aware of the licensing issues. Either including or requiring the original header (or parts of it) are not the only ways to achieve binary compatibility with an existing data structure. |
OK, according to #49 you are going to integrate ECDH-DERIVE (after you finish the cleanup). Great, thanks!
Below is the copyright statement from
If that was their intention - they did not state it in writing. Perhaps they did not intend for somebody to actually have a working ECDH with a token? :) |
I hereby propose libp11 build to produce both libp11 and engine_pkcs11 libraries. If needed, building engine_pkcs11 could be made optional with a ./configure parameter.
The relationship between libp11 and engine_pkcs11 is similar to the relationship between libcrypto and libssl in OpenSSL. libp11 is usable without engine_pkcs11 (but not the other way around) just like libcrypto is usable without libssl (but not the other way around).
Merging engine_pkcs11 into libp11 would provide the following advantages:
I highly appreciate any comments, including any disadvantages I may have missed.
The text was updated successfully, but these errors were encountered: