Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Embed the private key with public key attributes. #293

Merged
merged 2 commits into from
Sep 29, 2023
Merged

Embed the private key with public key attributes. #293

merged 2 commits into from
Sep 29, 2023

Conversation

sahanaprasad07
Copy link
Contributor

After generating a key pair via p11prov_GenerateKeyPair() in p11prov_common_gen(), embed the private key with public key attributes through this new function p11prov_merge_pub_attrs_into_priv().
This would be useful to reconstruct the public key from the private key.
Further, attributes like CKA_P11PROV_PUB_KEY_X and CKA_P11PROV_PUB_KEY_Y can be extracted directly from EC private keys.

The following attributes are copied-
For RSA: CKA_MODULUS, CKA_PUBLIC_EXPONENT
For EC: CKA_EC_POINT, CKA_EC_PARAMS, CKA_P11PROV_PUB_KEY

Fixes #282

@sahanaprasad07
Copy link
Contributor Author

Hi @fabled, could you confirm if this fix works for you when you have time? Thank you!

simo5
simo5 requested changes Sep 29, 2023
View reviewed changes
Copy link
Member

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One issue, but otherwise LGTM

src/keymgmt.c Show resolved Hide resolved
@sahanaprasad07
Embed the private key with public key attributes.
8c703a3 
For RSA: CKA_MODULUS, CKA_PUBLIC_EXPONENT
For EC: CKA_EC_POINT, CKA_EC_PARAMS, CKA_P11PROV_PUB_KEY

Fixes: latchset#282
Signed-off-by: Sahana Prasad <sahana@redhat.com>
@sahanaprasad07
Tests to check gen keys through check_rsa_key() and check_ec_key()
5b74a63 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
@simo5
Copy link
Member

simo5 commented Sep 29, 2023

LGTM and tests pass!

@simo5 simo5 merged commit f9b04f9 into latchset:main Sep 29, 2023
19 checks passed
manu0x0 pushed a commit to isc-projects/bind9 that referenced this pull request Jan 25, 2024
@matje
No longer need to get generated key from label
750536f 
The pkcs11-provider did not yet support getting X/Y coordinates
on newly generated EC PKEY keys, thus we attempted to get the
key from the label after it was generated in the keystore.

This has been fixed in:

  latchset/pkcs11-provider#293

Thus now we should be able to use the generated key structure
immediately.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simo5 simo5 simo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Newly generated EC PKEY does not support getting X/Y coordinates
2 participants
@sahanaprasad07 @simo5