Hi there,
I am trying to implement a provider. The decoder successfull decodes the
key (it is using an ED25519 key with a custom OID -> hence the provider).
Currently I am facing two problems:
1. the PEM decoding is ignored unless I comment out the DER decoding part
The private key is packaged in a pkcs#8 format. This seems to be
decodable from PEM, but only if I comment out the DER part. This does
not leave me confident my code is correct.
static const OSSL_ALGORITHM ed25519ph_decoder_dispatch[] = {
{"ed25519-my:1.2.3.4", "provider=my,input=pem,structure=pkcs8",
dispatch_decoder_my_ed25519_private_der, PROV_DESCS_ED25519},
{ed25519-my:1.2.3.4", "provider=my,input=der", , PROV_DESCS_ED25519},
{NULL, NULL, NULL, NULL}};
Both parts work each. Maybe someone can enlighten me here :-)
2. the DER part works as well. I can extract the exact key I've created
in the keygen part before. But despite my efforts to find the correct
export mechanism by trail and error and reading through all the provider
implementation I've found in the provider corner and in the internet,
some thing is still missing here. After reading out the key, I does not
seem to be available:
******************************************************** PROVIDER:
making public key from example-priv.pem
0:d=0 hl=2 l= 46 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 5 cons: SEQUENCE
7:d=2 hl=2 l= 3 prim: OBJECT :1.2.3.4
12:d=1 hl=2 l= 34 prim: OCTET STRING [HEX
DUMP]:0420E2F448C53E58A6233CBFD306D62B2875EE175F3A88C20DCA7C4DF0BE945F192F
ed25519ph provider init...
registered oids
new provider context
ed25519ph provider init complete
operating switch: 22 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
/home/rittebe/Entwicklung/ed25519ph-provider/src/ed25519ph_decoder.c -
Decoder context new 0x5c304c501a50
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c503b60
src/ed25519ph_decoder.c - Decoder decode DER (selection=87) 0x5c304c503b60
PKCS8_pkey_get0
dump with len=34
04 20 e2 f4 48 c5 3e 58 a6 23 3c bf d3 06 d6 2b 28 75 ee 17 5f 3a 88 c2
0d ca 7c 4d f0 be 94 5f 19 2f
dump done
asn1 octet string. read 34
asn1 octet string len=32
dump with len=32
e2 f4 48 c5 3e 58 a6 23 3c bf d3 06 d6 2b 28 75 ee 17 5f 3a 88 c2 0d ca
7c 4d f0 be 94 5f 19 2f
dump done
src/ed25519ph_decoder.c - Decoder Export to provider independent params
format
src/ed25519ph_decoder.c - 32
Private DER decode rc from callback=0, rc=1
src/ed25519ph_decoder.c - Decoder context free 0x5c304c503b60
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c5050c0
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c507080
src/ed25519ph_decoder.c - Decoder context free 0x5c304c507080
Could not find private key of key from example-priv.pem
800BD7ED62730000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
src/ed25519ph_decoder.c - Decoder context free 0x5c304c5050c0
src/ed25519ph_decoder.c - Decoder context free 0x5c304c501a50
The first part is from openssl asn1parse to see if the key matches.
After it is read correctly I get this "could not find private key of key
from xxx" error.
At the moment I am "exporting" the key from the decoder like this:
OSSL_PARAM params[4];
int object_type = OSSL_OBJECT_PKEY;
params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE,
&object_type);
params[1] =
OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
(char*)"privkey", 0);
params[2] =
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, (void*)objref,
objref_sz);
params[3] = OSSL_PARAM_construct_end();
objref just contains the plain key, which should be usable for import in
the keymanagement.
Looking for help. Thanks.
Bernd
--
Bernd Ritter
Linux Developer
Tel.: +49 175 534 4534
Mail: ritter@xxxxxxxxxxxxx
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537