Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ThalesSoloPlus results with ECC #59

Open
rmhrisk opened this issue Sep 27, 2016 · 5 comments
Open

Update ThalesSoloPlus results with ECC #59

rmhrisk opened this issue Sep 27, 2016 · 5 comments
Labels
enhancement

Comments

@rmhrisk
Copy link
Contributor

rmhrisk commented Sep 27, 2016

@nickrmc83 I noticed that https://github.com/PeculiarVentures/graphene/blob/master/capabilities/ThalesNShieldSoloPlus.md doesn't have ECC sign results in it would you mind updating the results?
@nickrmc83
Copy link
Contributor

No problem. I'll do it as a separate pull request.

Nuck

On 27 Sep 2016 3:27 a.m., "Ryan Hurst" [email protected] wrote:

@nickrmc83 https://github.com/nickrmc83 I noticed that
https://github.com/PeculiarVentures/graphene/blob/master/capabilities/
ThalesNShieldSoloPlus.md doesn't have ECC sign results in it would you
mind updating the results?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#59, or mute the
thread
https://github.com/notifications/unsubscribe-auth/ABhXUALg-7dlevCKJ4JJNns1W4a-g5xAks5quH7zgaJpZM4KHMUC
.

@nickrmc83
Copy link
Contributor

@rmhrisk the reason that EC results are missing is because the console tests use CKM_ECDSA_KEY_PAIR_GEN which was deprecated PKCS#11 2.11. The Thales NShield HSMs use the newer CKM_EC_KEY_PAIR_GEN mechanism which will provide the same functionality. Is this something you guys want to change or would you like me to do it?

@rmhrisk
Copy link
Contributor Author

rmhrisk commented Sep 28, 2016

Would you mind?

@rmhrisk
Copy link
Contributor Author

rmhrisk commented Sep 28, 2016
edited
Loading

So from https://opensource.apple.com/source/SmartCardServices/SmartCardServices-31/src/PKCS11/pkcs11t.h

We see:

/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
 * CKM_EC_KEY_PAIR_GEN is preferred */
#define CKM_ECDSA_KEY_PAIR_GEN         0x00001040
#define CKM_EC_KEY_PAIR_GEN            0x00001040

You can see we have the same statement in pkcs11js:
https://github.com/PeculiarVentures/pkcs11js/blob/00dd3a3f5cf4144375cfa6f5632465b693b13c7f/includes/pkcs11/pkcs11t.h#L849

We also use the newer constant name in Graphene - https://github.com/PeculiarVentures/graphene/blob/master/src/mech_enum.ts#L234

Do you know what the right value is? Right now it seems it is just a copy of another.

Anyway if you could take a stab at fixing it would be great.

@nickrmc83
Copy link
Contributor

No that's fine. Probably look at getting something late next week.

On 28 Sep 2016 6:04 p.m., "Ryan Hurst" [email protected] wrote:

Would you mind?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#59 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABhXUHpEkgaHeLlbE83a9PY5W01j9Z8wks5qup42gaJpZM4KHMUC
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickrmc83 @rmhrisk