Unable to use Ed25519 keys from PKCS#11
Description of problem:
Trying to list CK_EC_EDWARDS public key from PCKCS#11 module fails.
The GnuTLS I am using is behaving like it would not know this key type (see the logs below).
Version of gnutls used:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Steps to Reproduce:
- Build OpenSC with EdDSA support (or have different PKCS#11 module supporting ED keys -- softhsm)
- Generate Ed25519 key pair in module (I used Nitrokey with GNUK applet and softhsm)
- Try to list objects in the pkcs11 module
$ PKCS11SPY=`realpath src/pkcs11/.libs/opensc-pkcs11.so` p11tool -d9999 --list-all --provider `realpath src/pkcs11/.libs/pkcs11-spy.so` "pkcs11:model=PKCS%2315%20emulated;manufacturer=OpenPGP%20project;serial=fffe43245521;token=OpenPGP%20card%20%28User%20PIN%29" ... 29: C_GetAttributeValue 2020-02-26 09:54:01.479 [in] hSession = 0x558b896d8650 [in] hObject = 0x558b896d79f0 [in] pTemplate: CKA_KEY_TYPE 00007ffd64a23988 / 8 [out] pTemplate: CKA_KEY_TYPE CKK_EC_EDWARDS Returned: 0 CKR_OK |<2>| requested reading public key of unsupported type 64 |<3>| ASSERT: pkcs11.c[pkcs11_read_pubkey]:1902 |<3>| ASSERT: pkcs11.c[pkcs11_obj_import_pubkey]:1942 |<3>| ASSERT: pkcs11.c[pkcs11_import_object]:2165
The EdDSA keys should be listed as objects.
If I see right, this functionality should be in since b2d81349 (~1 year ago), while my release is just 2 month old, but it does not look like working with softhsm2 nor with OpenSC (https://github.com/OpenSC/OpenSC/pull/1960).