Skip to content

Commit e370ee1

Browse files
hhardessieukrem
hhardes
authored and
sieukrem
committed
feat: add support for Ed25519
Signed-off-by: Hubert Hardes <[email protected]>
1 parent 20921a0 commit e370ee1

File tree

3 files changed

+59
-15
lines changed

3 files changed

+59
-15
lines changed

src/module.cpp

Lines changed: 28 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ static std::string mechanismToString(CK_MECHANISM_TYPE mechanism)
5151
return "CKM_ECDSA_SHA384";
5252
case CKM_ECDSA_SHA512:
5353
return "CKM_ECDSA_SHA512";
54+
case CKM_EDDSA:
55+
return "CKM_EDDSA";
5456
default:
5557
debug("Unknown mechanism type: %#lx", mechanism);
5658
return std::string("CKM_AS_VALUE_") + std::to_string(mechanism);
@@ -578,6 +580,9 @@ static CK_RV extractKeyAttributeValue(
578580
case EVP_PKEY_EC:
579581
key_type = CKK_ECDSA;
580582
break;
583+
case EVP_PKEY_ED25519:
584+
key_type = CKK_EC_EDWARDS;
585+
break;
581586
default:
582587
return CKR_ATTRIBUTE_TYPE_INVALID;
583588
}
@@ -613,7 +618,7 @@ static CK_RV extractKeyAttributeValue(
613618
if (pkey == nullptr) {
614619
return CKR_FUNCTION_FAILED;
615620
}
616-
if (EVP_PKEY_base_id(pkey.get()) != EVP_PKEY_EC) {
621+
if (auto id = EVP_PKEY_base_id(pkey.get()); id != EVP_PKEY_EC && id != EVP_PKEY_ED25519) {
617622
return CKR_ATTRIBUTE_TYPE_INVALID;
618623
}
619624

@@ -639,23 +644,31 @@ static CK_RV extractKeyAttributeValue(
639644
if (pkey == nullptr) {
640645
return CKR_FUNCTION_FAILED;
641646
}
642-
if (EVP_PKEY_base_id(pkey.get()) != EVP_PKEY_EC) {
643-
return CKR_ATTRIBUTE_TYPE_INVALID;
644-
}
647+
auto id = EVP_PKEY_base_id(pkey.get());
648+
if (id == EVP_PKEY_EC) {
649+
char group_name[256];
650+
size_t group_name_len = sizeof(group_name);
651+
if (!EVP_PKEY_get_utf8_string_param(
652+
pkey.get(), OSSL_PKEY_PARAM_GROUP_NAME, group_name, sizeof(group_name), &group_name_len)) {
653+
return CKR_FUNCTION_FAILED;
654+
}
645655

646-
char group_name[256];
647-
size_t group_name_len = sizeof(group_name);
648-
if (!EVP_PKEY_get_utf8_string_param(
649-
pkey.get(), OSSL_PKEY_PARAM_GROUP_NAME, group_name, sizeof(group_name), &group_name_len)) {
650-
return CKR_FUNCTION_FAILED;
651-
}
656+
auto group = std::shared_ptr<EC_GROUP>(EC_GROUP_new_by_curve_name(OBJ_txt2nid(group_name)), EC_GROUP_free);
657+
if (!group) {
658+
return CKR_FUNCTION_FAILED;
659+
}
652660

653-
auto group = std::shared_ptr<EC_GROUP>(EC_GROUP_new_by_curve_name(OBJ_txt2nid(group_name)), EC_GROUP_free);
654-
if (!group) {
655-
return CKR_FUNCTION_FAILED;
656-
}
661+
return read_safe(i2d_ECPKParameters, group.get(), pValueDest, pValueDestLen);
662+
} else if (id == EVP_PKEY_ED25519) {
663+
auto ed25519_oid = std::shared_ptr<ASN1_OBJECT>(OBJ_nid2obj(EVP_PKEY_ED25519), ASN1_OBJECT_free);
664+
if (!ed25519_oid) {
665+
return CKR_FUNCTION_FAILED;
666+
}
657667

658-
return read_safe(i2d_ECPKParameters, group.get(), pValueDest, pValueDestLen);
668+
return read_safe(i2d_ASN1_OBJECT, ed25519_oid.get(), pValueDest, pValueDestLen);
669+
} else {
670+
return CKR_ATTRIBUTE_TYPE_INVALID;
671+
}
659672
}
660673
default:
661674
return extractCommonAttributeValue(session, attr, pValueDest, pValueDestLen);

tests/common.sh

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,12 @@ generate_keys() {
2727
export TEST_EC_KEY="$TEST_KEY_DIR/ec.key"
2828
export TEST_EC_CERT="$TEST_KEY_DIR/ec.pem"
2929

30+
echo "Generating ED25519 key and certificate..."
31+
openssl genpkey -algorithm ED25519 -out "$TEST_KEY_DIR/ed25519.key"
32+
openssl req -new -x509 -key "$TEST_KEY_DIR/ed25519.key" -out "$TEST_KEY_DIR/ed25519.pem" -days 3650 -subj "/CN=Test ED25519 Key"
33+
export TEST_ED25519_KEY="$TEST_KEY_DIR/ed25519.key"
34+
export TEST_ED25519_CERT="$TEST_KEY_DIR/ed25519.pem"
35+
3036
echo "Generating RSA key and certificate..."
3137
openssl genpkey -algorithm RSA -out "$TEST_KEY_DIR/rsa.key" -pkeyopt rsa_keygen_bits:2048
3238
openssl req -new -x509 -key "$TEST_KEY_DIR/rsa.key" -out "$TEST_KEY_DIR/rsa.pem" -days 3650 -subj "/CN=Test RSA Key"

tests/test_pkcs11-tool_export_ed25519_public_key.sh

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#!/bin/bash
2+
#
3+
# SPDX-License-Identifier: MIT
4+
# SPDX-FileCopyrightText: (C) 2025 Siemens
5+
#
6+
# Authors:
7+
# Hubert Hardes <[email protected]>
8+
#
9+
#
10+
11+
set -e
12+
13+
source "$(dirname "${BASH_SOURCE[0]}")/common.sh"
14+
15+
TOKEN_LABEL="pkcs11-to-cmd-0"
16+
PUBLIC_KEY_FILE="$TEST_WORK_DIR/$SCRIPT_NAME-public_key"
17+
18+
export P2C_SLOT_CERT_0="$TEST_KEY_DIR/ed25519.pem"
19+
20+
# Export public key from our PKCS#11 provider (if implemented)
21+
pkcs11-tool --module "$PKCS11_MODULE" -r --type pubkey --slot 0 --label "$TOKEN_LABEL" -o "$PUBLIC_KEY_FILE.pem"
22+
23+
openssl x509 -in "$P2C_SLOT_CERT_0" -pubkey -noout > "$PUBLIC_KEY_FILE.original.pem"
24+
25+
diff "$PUBLIC_KEY_FILE.original.pem" "$PUBLIC_KEY_FILE.pem"

0 commit comments

Comments
 (0)