[Opensc-devel] implementing secret key support for opensc

[Timo T. <tim...@ik...>]

Hi all,

I'm currently looking into implementing proper symmetric secret key
support in opensc on pkcs#15 level.

There seems to have been some attempts on it before [1], but that did
not really progress. I've been now analyzing how I'd like to approach
the issue, and would like to check if the overall plan is acceptable.

I would like to:

- Simplify the handling of pkcs15_object EXPLICIT tagging see [2] for
  preliminary work, which needs still work as commented in [3]

- Now large parts of the abstraction for generating and uploading the
  secret key's could be shared with the private key path. I would
  therefore like to merge 'struct sc_pkcs15_skey_info' and 'struct
  sc_pkcs15_prkey_info'. Would this sound acceptable change?

- It might make sense to rename SC_PKCS15_PRKEY_* to SC_PKCS15_KEY_*
  as they are shared for all-key types everywhere.

- I plan to implement AES key support. According to ISO specification
  this should be encoded as 'algIndependentKey' and indicate the key
  type via CommonKeyAttributes.algReference that links to
  CardInfo.supportedAlgorithms entry which describes the algorithm.

  * Should we introduce SC_PKCS15_TYPE_SKEY_* ID for each symmetric key
    type? Or should that be mapped to the pkcs#15 object type, and
    either resolve the key type runtime, or add a separate
    key_algorithm if needed in addition to existing fields?

Some guidance on these matters would get me started, I may get
additional questions later. And I hope to submit code for review earlier
than later.

Any other thoughts, or comments? All feedback at this point would be
appreciated. Thanks.

Thanks,
Timo

[1] https://github.com/OpenSC/OpenSC/issues/627
[2] https://github.com/fabled/OpenSC/commit/79ad7b7456d6c16adbcb45e0d8bc7a6fad7fb545
[3] https://github.com/OpenSC/OpenSC/pull/919