Trouble decoding key in provider

Bernd Ritter ritter at b1-systems.de
Wed May 22 07:04:04 UTC 2024


Hi there,

I am trying to implement a provider. The decoder successfull decodes the 
key (it is using an ED25519 key with a custom OID -> hence the provider).

Currently I am facing two problems:

1. the PEM decoding is ignored unless I comment out the DER decoding part

The private key is packaged in a pkcs#8 format. This seems to be 
decodable from PEM, but only if I comment out the DER part. This does 
not leave me confident my code is correct.

static const OSSL_ALGORITHM ed25519ph_decoder_dispatch[] = {
      {"ed25519-my:1.2.3.4", "provider=my,input=pem,structure=pkcs8", 
dispatch_decoder_my_ed25519_private_der, PROV_DESCS_ED25519},
      {ed25519-my:1.2.3.4", "provider=my,input=der", , PROV_DESCS_ED25519},
      {NULL, NULL, NULL, NULL}};

Both parts work each. Maybe someone can enlighten me here :-)

2. the DER part works as well. I can extract the exact key I've created 
in the keygen part before. But despite my efforts to find the correct 
export mechanism by trail and error and reading through all the provider 
implementation I've found in the provider corner and in the internet, 
some thing is still missing here. After reading out the key, I does not 
seem to be available:
******************************************************** PROVIDER: 
making public key from example-priv.pem
     0:d=0  hl=2 l=  46 cons: SEQUENCE
     2:d=1  hl=2 l=   1 prim: INTEGER           :00
     5:d=1  hl=2 l=   5 cons: SEQUENCE
     7:d=2  hl=2 l=   3 prim: OBJECT            :1.2.3.4
    12:d=1  hl=2 l=  34 prim: OCTET STRING      [HEX 
DUMP]:0420E2F448C53E58A6233CBFD306D62B2875EE175F3A88C20DCA7C4DF0BE945F192F
ed25519ph provider init...
registered  oids
new  provider context
ed25519ph provider init complete
operating switch: 22 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
/home/rittebe/Entwicklung/ed25519ph-provider/src/ed25519ph_decoder.c - 
Decoder context new 0x5c304c501a50
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c503b60
src/ed25519ph_decoder.c - Decoder decode DER (selection=87) 0x5c304c503b60
PKCS8_pkey_get0
dump with len=34
04 20 e2 f4 48 c5 3e 58 a6 23 3c bf d3 06 d6 2b 28 75 ee 17 5f 3a 88 c2 
0d ca 7c 4d f0 be 94 5f 19 2f
dump done
asn1 octet string. read 34
asn1 octet string len=32
dump with len=32
e2 f4 48 c5 3e 58 a6 23 3c bf d3 06 d6 2b 28 75 ee 17 5f 3a 88 c2 0d ca 
7c 4d f0 be 94 5f 19 2f
dump done
src/ed25519ph_decoder.c - Decoder Export to provider independent params 
format
src/ed25519ph_decoder.c - 32
Private DER decode rc from callback=0, rc=1
src/ed25519ph_decoder.c - Decoder context free 0x5c304c503b60
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c5050c0
operating switch: 21 (10=KEYMGMT, 12=SIG, 20=ENC, 21=DEC, 22=STOR)
src/ed25519ph_decoder.c - Decoder context new 0x5c304c507080
src/ed25519ph_decoder.c - Decoder context free 0x5c304c507080
Could not find private key of key from example-priv.pem
800BD7ED62730000:error:1608010C:STORE 
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
src/ed25519ph_decoder.c - Decoder context free 0x5c304c5050c0
src/ed25519ph_decoder.c - Decoder context free 0x5c304c501a50

The first part is from openssl asn1parse to see if the key matches. 
After it is read correctly I get this "could not find private key of key 
from xxx" error.

At the moment I am "exporting" the key from the decoder like this:

     OSSL_PARAM params[4];
     int object_type = OSSL_OBJECT_PKEY;

     params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, 
&object_type);
     params[1] = 
OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, 
(char*)"privkey", 0);
     params[2] = 
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, (void*)objref, 
objref_sz);
     params[3] = OSSL_PARAM_construct_end();

objref just contains the plain key, which should be usable for import in 
the keymanagement.

Looking for help. Thanks.

Bernd

-- 
Bernd Ritter
Linux Developer
Tel.: +49 175 534 4534
Mail: ritter at b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537


More information about the openssl-users mailing list