piv: implement algorithm discovery

[ericchiang]

Different smart cards can implement different algorithm sets. See if YubiKey's PIV implementation supports algorithm discovery:

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf#page=61

[nickray]

To the best of my knowledge, there is no "interoperable way" to do this, nor a direct Yubico-specific one. Close misses:

• If you parse the "card issuer's data" out of the ATR when you open the reader (bottom of https://developers.yubico.com/PIV/Introduction/Yubico_extensions.html, we'd likely set this to SoloKeys), you could have a lookup table for known tokens (but this means a closed universe).
• I assume for Yubico specifically algorithms are a function of the vendor command GetVersion; maybe it's even constant?
• If you have a known empty key ("slot", but this terminology is overloaded), you can GENERATE ASYMMETRIC KEY and check for failure (0x6a80) to exclude algorithms, but this will silently overwrite keys and it's inefficient. It's also not necessarily true that all "slots" support the same algorithm set.
• Yubico-specific GetMetadata command (again https://developers.yubico.com/PIV/Introduction/Yubico_extensions.html) tells you the algorithm of existing keys
• In a more standards-compliant way, the administrator of keys is supposed to generate a certificate, which would include the algorithm

Your reference above points to this last method, in a world where every key is expected to have an associated certificate. I understand this is the originally PIV-intended way. Moreover, it lives in the very small universe of SP 800-78-4 algorithms, something like Ed25519 is immediately non-standard.

There isn't even a standard way, if there is no certificate, to tell if there's a key (in a "slot"), except trying to do cryptographic operations with GENERAL AUTHENTICATE and recording 0x6a86 failures (for Yubico you can use GetMetadata). I assume the card administrator is assumed to know the support in the cards they're deploying...

As I intend for the SoloKeys PIV implementation to have additional/variable algorithms, it would make a lot of sense to have a command with parameter key ID (9a etc.) and response "list of supported algorithms". This would be a SoloKeys extension though (unless I can find anything resembling a standard way).

[arekinath]

So, Yubico don't currently do this, but in the application property template (response-to-select data), applets can list the algorithm IDs which they support (under tag AC). This is currently only compulsory if you support the PIV SM suites (27 or 2E), but the standard seems to imply that cards which support only a subset of the specified algorithms should advertise their subset in the APT. It might be nice to try to encourage newer implementations to make use of this? If it's worth anything, my PivApplet implementation for JavaCard-compatible devices does advertise its full list of supported algorithms here.