Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RFC] ecdsa: Add support for ECDH1-DERIVE method #70

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

doanac
Copy link

@doanac doanac commented Jun 26, 2020

Thanks for the excellent library. It was pretty easy for me to get go's httpclient to use this and softhsm for TLS.

Now I'm trying something slightly more complex. I'm working with something that does symmetric encryption using EC keys based on ecies. The library I'm using assumes access to the private key:

https://github.com/ethereum/go-ethereum/blob/master/crypto/ecies/ecies.go#L120-L138

However, the operation done in that function is the equivalent of ECDH1-DERIVE. This PR is a proof-of-concept that allows me to do ecies decryption. I'm hoping you might be open to this change or something like it.

@solcates solcates self-assigned this Jun 26, 2020
@solcates
Copy link
Contributor

Thank you @doanac I'll review this early next week and do a bit of testing on some physical HSMs.

Copy link
Contributor

@nickrmc83 nickrmc83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to add new tests to ecdsa_test.go to cover this new method.

ecdsa.go Outdated

// Perform CKM_ECDH1_DERIVE function with the given public key
func (c *Context) ECDH1Derive(pk Signer, pubkey *ecdsa.PublicKey) ([]byte, error) {
ecpk := pk.(*pkcs11PrivateKeyECDSA)
Copy link
Contributor

@nickrmc83 nickrmc83 Jul 8, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a checking type assertion here and if pk is not an instance of *pkcs11PrivateKeyECDSA return an appropriate error. It would be preferable not to panic.

Also can you move this function above pkcs11PrivateKeyECDSA Sign to keep Context functions together.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've done a force push to address these comments.

ecdsa.go Outdated
@@ -300,3 +300,44 @@ func (c *Context) GenerateECDSAKeyPairWithAttributes(public, private AttributeSe
func (signer *pkcs11PrivateKeyECDSA) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
return signer.context.dsaGeneric(signer.handle, pkcs11.CKM_ECDSA, digest)
}

// Perform CKM_ECDH1_DERIVE function with the given public key
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add some extra commentary here to help the user understand this function does not provide support for ANSI X9.63 ECDH derivation.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i apologize - this is getting to a level of cryptography I'm not sure I can explain correctly. Maybe you can help me explain this nuance as I'm not sure I understand how it differs?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure if it helps, but I used this logic as my guide:
https://github.com/OpenSC/OpenSC/blob/master/src/tools/pkcs11-tool.c#L3693
and

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you look at https://www.cryptsoft.com/pkcs11doc/STANDARD/pkcs-11v2-20.pdf section 12.3.8 the specification allows for 2 different KDF-defining parameters; CKD_NULL as used here and CKD_ SHA1_KDF which can be used to derive keys inline with the ANSI X9.63 spec. The comment simply needs to reflect that this function makes no provision to support ANSI X9.63 key derivation

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the help! i've force pushed a new version with an updated comment

doanac added a commit to doanac/fioconfig that referenced this pull request Jul 16, 2020
This is a temporary work-around while the PR gets sorted out:

 ThalesGroup/crypto11#70

Signed-off-by: Andy Doan <andy@foundries.io>
ricardosalveti pushed a commit to foundriesio/fioconfig that referenced this pull request Jul 16, 2020
This is a temporary work-around while the PR gets sorted out:

 ThalesGroup/crypto11#70

Signed-off-by: Andy Doan <andy@foundries.io>
This method can be used to help do ecies encryption.

Signed-off-by: Andy Doan <andy@foundries.io>
@nickrmc83
Copy link
Contributor

nickrmc83 commented Jul 21, 2020

It would be nice to add new tests to ecdsa_test.go to cover this new method.

@doanac do you think you could add a test that performs the key derivation, does some operation with the key such as encrypt a random byte slice then use the go crypto libraries (or other) that does the reverse operation and verifies the decrypted byte slice matches?

@doanac
Copy link
Author

doanac commented Jul 21, 2020

I'd be happy to add a test. I'm a little swamped today, but can probably get it done tomorrow.

Signed-off-by: Andy Doan <andy@foundries.io>
@doanac
Copy link
Author

doanac commented Jul 21, 2020

@nickrmc83 - I've added a test that creates a known private key. I can then do ECDHDerive logic with the two keys to assert they both produce the same answer. While doing this I noticed that pkcs11.NewAttribute(pkcs11.CKA_DERIVE, true), is needed for the EC private key.

@nickrmc83
Copy link
Contributor

@doanac Once the CI passes this is good to go.

@nickrmc83
Copy link
Contributor

@doanac can you take a look at the CI failure? You should be able to recreate it locally using softhsm2 to debug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants