[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Simon Josefsson
simon at josefsson.org
Tue Oct 13 08:13:31 AEDT 2015
> For supporting Ed25519 in ssh-agent through PKCS#11, it should be
> possible using the same path as my ECDSA patch. The current
> implementation for PKCS#11 uses OpenSSL as scaffolding and
> essentially overloads the signing method with its own.
>
> Now the question becomes how should Ed25519 on PKCS#11. I hadn't
> subscribed to the mailing list so I missed a few mails.
>
> The key type CKK_ECDSA has been renamed CKK_EC and
> CKA_ECDSA_PARAMS is now CKA_EC_PARAMS, which I take is a signal from
> the PKCS#11 TC to say that if you can fit into this framework, you are
> encouraged
> to do so. For CKA_EC_PARAMS, using named curves is definitely the
> preferred way to do it.
>
> For the mechanism I can not pretend to be well versed in EdDSA, but
> signature
> seems to return a (R,s) tuple. So application could possibly be using
> CKM_ECDSA to minimize the number of execution paths (and distinguish
> with CKA_EC_PARAMS if necessary). A technical problem might come up,
> or it might be judged by the PKCS#11 TC to be too confusing, so a
> switch to CKM_EDDSA (or CKM_EC_EDDSA).
>
> As a first step and while the RFCs and TCs are assigning new magic
> values, I would suggest:
> - CKA_KEY_TYPE: CKK_EC
> - CKA_EC_PARAMS: 1.3.6.1.4.1.11591.15.1
> - CKA_ALLOWED_MECHANISMS: [ CKM_ECDSA ]
>
> If adding Ed25559 support in PKCS#11 is in the work for the (OpenSC or
> otherwise), I could help adding the support to ssh-agent.
Maybe someone could try to implement Ed25519 support in a "soft"
PKCS#11 provider (SoftHSMv2?) for simpler experimentation?
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20151012/82d04e61/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list