Trouble decoding key in provider

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

I am trying to implement a provider. The decoder successfull decodes the key (it is using an ED25519 key with a custom OID -> hence the provider).

Currently I am facing two problems:

1. the PEM decoding is ignored unless I comment out the DER decoding part

The private key is packaged in a pkcs#8 format. This seems to be decodable from PEM, but only if I comment out the DER part. This does not leave me confident my code is correct.

static const OSSL_ALGORITHM ed25519ph_decoder_dispatch[] = {
{"ed25519-my:1.2.3.4", "provider=my,input=pem,structure=pkcs8", dispatch_decoder_my_ed25519_private_der, PROV_DESCS_ED25519},
     {ed25519-my:1.2.3.4", "provider=my,input=der", , PROV_DESCS_ED25519},
     {NULL, NULL, NULL, NULL}};

Both parts work each. Maybe someone can enlighten me here :-)

2. the DER part works as well. I can extract the exact key I've created in the keygen part before. But despite my efforts to find the correct export mechanism by trail and error and reading through all the provider implementation I've found in the provider corner and in the internet, some thing is still missing here. After reading out the key, I does not seem to be available: ******************************************************** PROVIDER: making public key from example-priv.pem
    0:d=0  hl=2 l=  46 cons: SEQUENCE
    2:d=1  hl=2 l=   1 prim: INTEGER           :00
    5:d=1  hl=2 l=   5 cons: SEQUENCE
    7:d=2  hl=2 l=   3 prim: OBJECT            :1.2.3.4
12:d=1 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:0420E2F448C53E58A6233CBFD306D62B2875EE175F3A88C20DCA7C4DF0BE945F192F
ed25519ph provider init...
registered  oids
new  provider context
ed25519ph provider init complete
operating switch: 22 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
/home/rittebe/Entwicklung/ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new 0x5c304c501a50
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c503b60
src/ed25519ph_decoder.c - Decoder decode DER (selection=87) 0x5c304c503b60
PKCS8_pkey_get0
dump with len=34
04 20 e2 f4 48 c5 3e 58 a6 23 3c bf d3 06 d6 2b 28 75 ee 17 5f 3a 88 c2 0d ca 7c 4d f0 be 94 5f 19 2f
dump done
asn1 octet string. read 34
asn1 octet string len=32
dump with len=32
e2 f4 48 c5 3e 58 a6 23 3c bf d3 06 d6 2b 28 75 ee 17 5f 3a 88 c2 0d ca 7c 4d f0 be 94 5f 19 2f
dump done
src/ed25519ph_decoder.c - Decoder Export to provider independent params format
src/ed25519ph_decoder.c - 32
Private DER decode rc from callback=0, rc=1
src/ed25519ph_decoder.c - Decoder context free 0x5c304c503b60
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c5050c0
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c507080
src/ed25519ph_decoder.c - Decoder context free 0x5c304c507080
Could not find private key of key from example-priv.pem
800BD7ED62730000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
src/ed25519ph_decoder.c - Decoder context free 0x5c304c5050c0
src/ed25519ph_decoder.c - Decoder context free 0x5c304c501a50

The first part is from openssl asn1parse to see if the key matches. After it is read correctly I get this "could not find private key of key from xxx" error.

At the moment I am "exporting" the key from the decoder like this:

    OSSL_PARAM params[4];
    int object_type = OSSL_OBJECT_PKEY;

params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, (char*)"privkey", 0); params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, (void*)objref, objref_sz);
    params[3] = OSSL_PARAM_construct_end();

objref just contains the plain key, which should be usable for import in the keymanagement.

Looking for help. Thanks.

Bernd

--
Bernd Ritter
Linux Developer
Tel.: +49 175 534 4534
Mail: ritter@xxxxxxxxxxxxx

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux