Update ThalesSoloPlus results with ECC

PeculiarVentures / graphene

A simple layer for interacting with PKCS #11 / PKCS11 / CryptoKI for Node in TypeScript. (Keywords: Javascript, PKCS#11, Crypto, Smart Card, HSM)

MIT License

169 stars 34 forks source link

Update ThalesSoloPlus results with ECC #59

Open rmhrisk opened 8 years ago

rmhrisk commented 8 years ago

@nickrmc83 I noticed that https://github.com/PeculiarVentures/graphene/blob/master/capabilities/ThalesNShieldSoloPlus.md doesn't have ECC sign results in it would you mind updating the results?

nickrmc83 commented 8 years ago

No problem. I'll do it as a separate pull request.

Nuck

On 27 Sep 2016 3:27 a.m., "Ryan Hurst" notifications@github.com wrote:

@nickrmc83 https://github.com/nickrmc83 I noticed that https://github.com/PeculiarVentures/graphene/blob/master/capabilities/ ThalesNShieldSoloPlus.md doesn't have ECC sign results in it would you mind updating the results?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/graphene/issues/59, or mute the thread https://github.com/notifications/unsubscribe-auth/ABhXUALg-7dlevCKJ4JJNns1W4a-g5xAks5quH7zgaJpZM4KHMUC .

nickrmc83 commented 8 years ago

@rmhrisk the reason that EC results are missing is because the console tests use CKM_ECDSA_KEY_PAIR_GEN which was deprecated PKCS#11 2.11. The Thales NShield HSMs use the newer CKM_EC_KEY_PAIR_GEN mechanism which will provide the same functionality. Is this something you guys want to change or would you like me to do it?

rmhrisk commented 8 years ago

Would you mind?

rmhrisk commented 8 years ago

So from https://opensource.apple.com/source/SmartCardServices/SmartCardServices-31/src/PKCS11/pkcs11t.h

We see:

/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
 * CKM_EC_KEY_PAIR_GEN is preferred */
#define CKM_ECDSA_KEY_PAIR_GEN         0x00001040
#define CKM_EC_KEY_PAIR_GEN            0x00001040

You can see we have the same statement in pkcs11js: https://github.com/PeculiarVentures/pkcs11js/blob/00dd3a3f5cf4144375cfa6f5632465b693b13c7f/includes/pkcs11/pkcs11t.h#L849

We also use the newer constant name in Graphene - https://github.com/PeculiarVentures/graphene/blob/master/src/mech_enum.ts#L234

Do you know what the right value is? Right now it seems it is just a copy of another.

Anyway if you could take a stab at fixing it would be great.

nickrmc83 commented 8 years ago

No that's fine. Probably look at getting something late next week.

On 28 Sep 2016 6:04 p.m., "Ryan Hurst" notifications@github.com wrote:

Would you mind?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/graphene/issues/59#issuecomment-250230867, or mute the thread https://github.com/notifications/unsubscribe-auth/ABhXUHpEkgaHeLlbE83a9PY5W01j9Z8wks5qup42gaJpZM4KHMUC .