Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for CKA_EC_POINT as not DER encoded #483

Merged
merged 2 commits into from
Nov 27, 2024

Conversation

simo5
Copy link
Member

@simo5 simo5 commented Nov 26, 2024

Description

Gracefully decode CKA_EC_POINT (for Edwards curves) whether it is DER encoded or not.

Use Kryoptic compatibility mode only during the setup phase to deal with certtool incompatibility with non-DER encoded CKA_EC_POINTs

Fixes #478

Checklist

  • Code modified for feature
  • [ ] Test suite updated with functionality tests
  • [ ] Test suite updated with negative tests
  • [ ] Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible commit messages
  • Coverity Scan has run if needed (code PR) and no new defects were found

@simo5
Copy link
Member Author

simo5 commented Nov 26, 2024

I test this locally with a kryoptic build that had latchset/kryoptic#119 applied

For CCK_EC_EDWARDS and CKK_EC_MONTGOMERY curves the spec assumes a plain
byte array for CKA_EC_POINT, but many implementations incorrectly use
DER OCTET STRING encoding for this point.

DEtecting this is easy when reading from the token, and hpefully all
tokens will support handling DER encoded input (as backwards
compatibility) when importing objects.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
@simo5 simo5 added the covscan Triggers Coverity Scanner label Nov 26, 2024
@simo5 simo5 requested a review from Jakuje November 26, 2024 22:29
@github-actions github-actions bot removed the covscan Triggers Coverity Scanner label Nov 26, 2024
@simo5 simo5 added the covscan-ok Coverity scan passed label Nov 26, 2024
Copy link
Contributor

@Jakuje Jakuje left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@simo5 simo5 merged commit 755cbc8 into latchset:main Nov 27, 2024
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
covscan-ok Coverity scan passed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for CKA_EC_POINT multiple encodings
2 participants