pkeyutl: allow peer key to reside on a hardware token (pkcs11) Open ssl 1 0 2 stable

[mouse07410]

Enables pkeyutl.c to derive shared symmetric key (ECDH) with a public key on the PKCS11-accessible hardware token:

$ openssl pkeyutl -engine pkcs11 -peerform engine -derive -inkey t256-ec-priv.pem -peerkey id_03 -hexdump
engine "pkcs11" set.
0000 - 2c 3a cc 09 d0 7c 02 14-55 1e fc fb 86 e9 a4 87   ,:...|..U.......
0010 - 33 c5 77 71 ae d2 f0 ff-f4 24 f6 3c e8 6a 76 fe   3.wq.....$.<.jv.
$ pkcs11-tool -l --slot 1 --module /Library/OpenSC/lib/opensc-pkcs11.so --derive -m ECDH1-COFACTOR-DERIVE -d 03 -i t256-ec-pub.der -o t256-ecdh-shared.bin
Logging in to "PIV_II (PIV Card Holder pin)".
Please enter User PIN:
Using derive algorithm 0x00001051 ECDH1-COFACTOR-DERIVE
$ od -t x1 t256-ecdh-shared.bin
0000   2c  3a  cc  09  d0  7c  02  14  55  1e  fc  fb  86  e9  a4  87
0020   33  c5  77  71  ae  d2  f0  ff  f4  24  f6  3c  e8  6a  76  fe
0040

The above example demonstrates that the derivation is correct - shared secret derived from ECDH private key in a file and ECDH public key on the card matches the one derived on the card from its ECDH private key and the given public key from a file.

• t256-ec-priv.pem is a file containing ECDH private key (in PEM format).
• t256-ec-pub.der is a file containing ECDH public key (in DER format - need it for OpenSC tools).
• on the card: using slot 9d (KEY MAN key and KEY MAN pubkey) containing ECDH derivation key pair.

Oh, and of course the only commit in this PR that matters is 6fdd762

All the others are already merged (I think), but somehow Github does not show it. :-(

[mouse07410]

pinging @levitte :-)

[mouse07410]

pinging @levitte - is there any reason this doesn't get merged, or at least commented on?

[richsalz]

Perhaps he's busy?

[mouse07410]

Perhaps he's busy?

No doubt. But in the meanwhile I'm afraid that as I'm updating my fork by pulling in the commits applied to master and OpenSSL_1_0_2-stable, it would be more and more complicated to apply this PR. And since I need a working version of OpenSSL, I can't just freeze my fork... :-(

And this really is a small fix, and related to what's already been reviewed...

[mouse07410]

Another illustration of how it works, as a part of my sample/demo script:

$ pkcs11-ec-derive-demo2
Extracting public key from the token to determine what curve it's on...
pkcs15-tool --read-public-key 03 -o /tmp/derive.73978.token.pub.pem
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID
read EC key

Generating ephemeral ECC key pair on prime256v1...
openssl ecparam -name prime256v1 -genkey -out /tmp/derive.73978.priv.pem
openssl ec -in /tmp/derive.73978.priv.pem -pubout -outform DER -out /tmp/derive.73978.pub.der
read EC key
writing EC key

Generating random 250 bytes of Base64-encoded data...
openssl rand -base64 -out /tmp/derive.73978.text 250

Deriving shared key from ephemeral private and token public keys...
openssl pkeyutl -engine pkcs11 -peerform engine -derive -inkey /tmp/derive.73978.priv.pem -peerkey "pkcs11:object=KEY%20MAN%20pubkey;object-type=public" -out /tmp/derive.73978.shared1
engine "pkcs11" set.

Encrypting data file with derived symmetric key in /tmp/derive.73978.shared1 and AES-CFB...
openssl enc -aes-256-cfb -e -a -kfile /tmp/derive.73978.shared1 -in /tmp/derive.73978.text -out /tmp/derive.73978.text.enc

Deriving shared symmetric key on the token, using ephemeral public key...
pkcs11-tool --slot 1 --module /Library/OpenSC/lib/opensc-pkcs11.so -l --derive -m ECDH1-COFACTOR-DERIVE -d 03 -i /tmp/derive.73978.pub.der -o /tmp/derive.73978.shared2
Logging in to "PIV_II (PIV Card Holder pin)".
Please enter User PIN:
Using derive algorithm 0x00001051 ECDH1-COFACTOR-DERIVE

Decrypting data file with derived symmetric key in /tmp/derive.73978.shared2 and AES-CFB...
openssl enc -aes-256-cfb -d -a -kfile /tmp/derive.73978.shared2 -in /tmp/derive.73978.text.enc -out /tmp/derive.73978.text.dec

Derived keys matched: /tmp/derive.73978.shared1 and /tmp/derive.73978.shared2.
Decrypted file matches the original plaintext.

[levitte]

+1 Looking good

[mouse07410]

Thank you! Let's merge?

[richsalz]

+1 from me if you want to merge it Richard

[levitte]

Hmmm... it doesn't rebase cleanly. @mouse07410, would you mind rebasing on top of a fresh pull of OpenSSL_1_0_2-stable, please? And I seriously mean a rebase, we try to avoid merge commits like the plague.

[mouse07410]

Let me consult with those more fluent in Github than I am, and attempt to rebase.

[mouse07410]

@levitte Done!! Please feel free to merge now. :-)

P.S. I've learned a lot doing this exercise, and wouldn't be able to complete it without my colleague who knows more about Git. ;)

[mouse07410]

Adding @richsalz

And I'd really appreciate if this could be merged before we need another rebase. :-)

[levitte]

Awright, pushed! Closing.

[mouse07410]

Thank you! :-)