Hey Matt,
yeah, that was kind of a duplicate. I've looked up how they did it in
the TPM2 provider and changed it accordingly. It now matches your
description, thank you for that!
I also added two more parameters for the ED25519 key:
OSSL_PKEY_PARAM_BITS and OSSL_PKEY_PARAM_SECURITY_BITS.
Still no change. In the encoder part itself the parameters are all set,
in the digest sign they are not.
I do not understand how the parameter list can change? As my debugging
logs are called, it seems that my get_params is called accordingly.
All the best,
Bernd
Am 12.08.24 um 11:42 schrieb Matt Caswell:
On 12/08/2024 07:24, 'Bernd Ritter' via openssl-users wrote:
Hey Matt,
thanks, that seems to be it! I've set up a params list in
keymanagement with:
static const OSSL_PARAM keymgmt_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, &_ed25519_keysize),
OSSL_PARAM_END
};
This looks slightly odd. You seem to be attempting to pass a variable
(_ed25519_keysize) as part of the *gettable* params. This would normally
be NULL here, e.g.
static const OSSL_PARAM keymgmt_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
OSSL_PARAM_END
};
static const OSSL_PARAM *keymgmt_gettable_params(void *provctx)
{
return keymgmt_params;
}
The purpose of "gettable params" is simply to advertise what parameters
your keymgmt understands. It doesn't actually get the parameters
themselves.
For that you need a separate "get_params" function, e.g.
static int keymgmt_get_params(void *key, OSSL_PARAM params[])
{
OSSL_PARAM *p;
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
&& !OSSL_PARAM_set_int(p, _ed25519_keysize))
return 0;
return 1;
}
And of course both of those need exist in your OSSL_DISPATCH table:
const OSSL_DISPATCH keymgmt_functions[] = {
...otherstuff...
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))keymgmt_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)
(void))keymgmt_gettable_params },
OSSL_DISPATCH_END
};
Note, typically I would expect you to have to support some other params
too such as OSSL_PKEY_PARAM_BITS and OSSL_PKEY_PARAM_SECURITY_BITS.
Matt
static const OSSL_PARAM* keymgmt_gettable_params(ossl_unused void
*provctx)
{
return keymgmt_params;
}
but still the OSSL_FUNC_KEYMGMT_GET_PARAMS only returns two prefilled
params:
* default-digest
* mandatory-digest
but has not the "max-size" param. Why would that be?
All the best,
Bernd
Am 08.08.24 um 10:44 schrieb Matt Caswell:
On Thu, Aug 8, 2024 at 7:34 AM 'Bernd Ritter' via openssl-users
<openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> wrote:
> error:030000A7:digital envelope routines::unknown max size
That error comes from here:
https://github.com/openssl/openssl/blob/
fd39d1c80cd5bd9cb5c64e3fc96102397e5e860f/crypto/evp/p_lib.c#L1811-
L1827 <https://github.com/openssl/openssl/blob/
fd39d1c80cd5bd9cb5c64e3fc96102397e5e860f/crypto/evp/p_lib.c#L1811-L1827>
So something is attempting to determine the size of a pkey and found
it to be invalid.
This value should be returned by the keymgmt get_params function for
the parameter OSSL_PKEY_PARAM_MAX_SIZE
See:
https://docs.openssl.org/master/man7/provider-keymgmt/#common-
information-parameters
<https://docs.openssl.org/master/man7/provider-
keymgmt/#common-information-parameters>
and
https://docs.openssl.org/master/man3/EVP_PKEY_get_size/#description
<https://docs.openssl.org/master/man3/EVP_PKEY_get_size/#description>
Matt
--
Bernd Ritter
Senior Linux Developer
Tel.: +49 175 534 4534
Mail: ritter@xxxxxxxxxxxxx
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/684bdb98-c74f-4cd4-902c-a07478968c41%40b1-systems.de.