[gnutls-devel] GnuTLS | Unable to use Ed25519 keys from PKCS#11 (#946)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Feb 28 16:24:06 CET 2020
Jakub Jelen created an issue: https://gitlab.com/gnutls/gnutls/issues/946
## Description of problem:
Trying to list CK_EC_EDWARDS public key from PCKCS#11 module fails.
The GnuTLS I am using is behaving like it would not know this key type (see the logs below).
## Version of gnutls used:
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
## How reproducible:
Steps to Reproduce:
* Build OpenSC with EdDSA support (or have different PKCS#11 module supporting ED keys -- softhsm)
* Generate Ed25519 key pair in module (I used Nitrokey with GNUK applet and softhsm)
* Try to list objects in the pkcs11 module
## Actual results:
$ PKCS11SPY=`realpath src/pkcs11/.libs/opensc-pkcs11.so` p11tool -d9999 --list-all --provider `realpath src/pkcs11/.libs/pkcs11-spy.so` "pkcs11:model=PKCS%2315%20emulated;manufacturer=OpenPGP%20project;serial=fffe43245521;token=OpenPGP%20card%20%28User%20PIN%29"
[in] hSession = 0x558b896d8650
[in] hObject = 0x558b896d79f0
CKA_KEY_TYPE 00007ffd64a23988 / 8
Returned: 0 CKR_OK
|<2>| requested reading public key of unsupported type 64
|<3>| ASSERT: pkcs11.c[pkcs11_read_pubkey]:1902
|<3>| ASSERT: pkcs11.c[pkcs11_obj_import_pubkey]:1942
|<3>| ASSERT: pkcs11.c[pkcs11_import_object]:2165
## Expected results:
The EdDSA keys should be listed as objects.
If I see right, this functionality should be in since b2d81349 (~1 year ago), while my release is just 2 month old, but it does not look like working with softhsm2 nor with OpenSC (https://github.com/OpenSC/OpenSC/pull/1960).
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/946
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel