[gnutls-devel] GnuTLS | Unable to use Ed25519 keys from PKCS#11 (#946)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Feb 28 16:24:06 CET 2020



Jakub Jelen created an issue: https://gitlab.com/gnutls/gnutls/issues/946



## Description of problem:
Trying to list CK_EC_EDWARDS public key from PCKCS#11 module fails.

The GnuTLS I am using is behaving like it would not know this key type (see the logs below).

## Version of gnutls used:
`gnutls-3.6.11-1.fc31.x86_64`

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora

## How reproducible:
deterministic

Steps to Reproduce:

 * Build OpenSC with EdDSA support (or have different PKCS#11 module supporting ED keys -- softhsm)
 * Generate Ed25519 key pair in module (I used Nitrokey with GNUK applet and softhsm)
 * Try to list objects in the pkcs11 module


## Actual results:
```
$ PKCS11SPY=`realpath src/pkcs11/.libs/opensc-pkcs11.so` p11tool -d9999 --list-all --provider `realpath src/pkcs11/.libs/pkcs11-spy.so` "pkcs11:model=PKCS%2315%20emulated;manufacturer=OpenPGP%20project;serial=fffe43245521;token=OpenPGP%20card%20%28User%20PIN%29"
...
29: C_GetAttributeValue
2020-02-26 09:54:01.479
[in] hSession = 0x558b896d8650
[in] hObject = 0x558b896d79f0
[in] pTemplate[1]: 
    CKA_KEY_TYPE          00007ffd64a23988 / 8
[out] pTemplate[1]: 
    CKA_KEY_TYPE          CKK_EC_EDWARDS     
Returned:  0 CKR_OK
|<2>| requested reading public key of unsupported type 64
|<3>| ASSERT: pkcs11.c[pkcs11_read_pubkey]:1902
|<3>| ASSERT: pkcs11.c[pkcs11_obj_import_pubkey]:1942
|<3>| ASSERT: pkcs11.c[pkcs11_import_object]:2165
```

## Expected results:
The EdDSA keys should be listed  as objects.

If I see right, this functionality should be in since b2d81349 (~1 year ago), while my release is just 2 month old, but it does not look like working with softhsm2 nor with OpenSC (https://github.com/OpenSC/OpenSC/pull/1960).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/946
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200228/a456dc0b/attachment.html>


More information about the Gnutls-devel mailing list