As part of the project to add support for Elliptical Curve Cryptography to OpenSC, the need to support the PKCS#11C_DeriveKey is required. C_DeriveKey returns the derived key in a PKCS#11 Secret Key Object and the key value can be obtained from the CKA_VALUE of the Secret Key Object.
Many types of keys can be used to derive other keys: ECC and GOST but not RSA. Thus OpenSC which has been RSA only for so long, never implemented C_DeriveKey. ECC keys can not be used directly for encryption, but can be used to derive secret keys that are then used for encryption. Depending on the card, a derivation operation would be done on the card, and either the derived key would remain on the card, or the derived key would be returned as part of the derivation operation. A derived key left on the card could may be extractable, or could be use with a crypto operation on the card. The PIV cards of which one implementation is based on the Oberthur ID-ONE card can support ECDH on the card and return the key as part of the derivation operation. CKM_ECDH1_COFACTOR_DERIVE and CKM_ECDH1_DERIVE mechanisms are supported as the ECC curves used with the PIV produce the same results. Only CKK_GENERIC_SECRET keys are supported. Only the ecdh parms kdf = CKD_NULL is supported. As you can see there are a lot of other options that could be added is some card was available that supported them. OpenSC has supported on card cryptography only, and these attached mods continue to do just that. They add support for Secret Key objects, as PKCS#11 session based objects, but don't add any Secret Key mechanisms. The only Secret Key operations allowed are the creation and destruction of a session based object, and the extraction of the CKA_VALUE. The C_DeriveKey will creates the Secret Key object. OpenSC code has not supported PKCS#11 session based objects, i.e. CKA_TOKEN=FALSE at all, and made the assumption that CKA_TOKEN=TRUE for every object. These mods assume all Secret Key objects are session objects. But it there are some PKCS#15 cards that can support secret key crypto on the card then this would have to change. I have created a GitHub repository forked from git://github.com/martinpaljak/OpenSC.git See: https://github.com/dengert/OpenSC The ecdh branch has two commits, because I start this a few months ago, and have gotten back to this this last two weeks ago. They are based off of Martin's git repository, on the proposed branch as of yesterday. The also apply cleanly to opensc-0.12.2. There are still some issues, as the secret key is not destroyed and many of the parameters are not checked. pkcs11-tool.c was also modified to allow for testing of ECDH. Two cards with different keys will produce the same secret, given the other card's public key. I got back to this work because David Cooper from NIST asked that OpenSC support ECDH. David has been adding ECDH code to Thunderbird, and we have been working together to get these working with OpenSC and the PIV cards. See David's submissions: https://bugzilla.mozilla.org/show_bug.cgi?id=591640 https://bugzilla.mozilla.org/show_bug.cgi?id=676100 https://bugzilla.mozilla.org/show_bug.cgi?id=676108 https://bugzilla.mozilla.org/show_bug.cgi?id=676114 https://bugzilla.mozilla.org/show_bug.cgi?id=676118 I am in the process of updating the Mozilla patched submitted last year for ECDSA with OpenSC as these are also needed to use signed encrypted e-mail. Mozilla bugs: 357025, 613496, 613507 So I would like to have these included. I can provide them in some other format if needed, and will continue to make additional changes. -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
