Unable to use Ed25519 keys from PKCS#11
Description of problem:
Trying to list CK_EC_EDWARDS public key from PCKCS#11 module fails.
The GnuTLS I am using is behaving like it would not know this key type (see the logs below).
Version of gnutls used:
gnutls-3.6.11-1.fc31.x86_64
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora
How reproducible:
deterministic
Steps to Reproduce:
- Build OpenSC with EdDSA support (or have different PKCS#11 module supporting ED keys -- softhsm)
- Generate Ed25519 key pair in module (I used Nitrokey with GNUK applet and softhsm)
- Try to list objects in the pkcs11 module
Actual results:
$ PKCS11SPY=`realpath src/pkcs11/.libs/opensc-pkcs11.so` p11tool -d9999 --list-all --provider `realpath src/pkcs11/.libs/pkcs11-spy.so` "pkcs11:model=PKCS%2315%20emulated;manufacturer=OpenPGP%20project;serial=fffe43245521;token=OpenPGP%20card%20%28User%20PIN%29"
...
29: C_GetAttributeValue
2020-02-26 09:54:01.479
[in] hSession = 0x558b896d8650
[in] hObject = 0x558b896d79f0
[in] pTemplate[1]:
CKA_KEY_TYPE 00007ffd64a23988 / 8
[out] pTemplate[1]:
CKA_KEY_TYPE CKK_EC_EDWARDS
Returned: 0 CKR_OK
|<2>| requested reading public key of unsupported type 64
|<3>| ASSERT: pkcs11.c[pkcs11_read_pubkey]:1902
|<3>| ASSERT: pkcs11.c[pkcs11_obj_import_pubkey]:1942
|<3>| ASSERT: pkcs11.c[pkcs11_import_object]:2165Expected results:
The EdDSA keys should be listed as objects.
If I see right, this functionality should be in since b2d81349 (~1 year ago), while my release is just 2 month old, but it does not look like working with softhsm2 nor with OpenSC (https://github.com/OpenSC/OpenSC/pull/1960).