'Get ECDSA Public Key Attributes from PKCS11 Interop ObjectHandle

I'm trying to create a PKCS10/CSR from Keys stored in a HSM.

It works just fine for RSA, but for ECDSA I'm struggeling to get the public key attributes

for the AsymetricKeyParameter for the BouncyCastle function Pkcs10CertificationRequestDelaySigned.

var certificateSigningRequestDelayed = new Pkcs10CertificationRequestDelaySigned(signatureAlgorithm, new X509Name(subjectDistinguishedName), publicKeyParameters, null);

This is my function:

public static byte[] GenerateCertificateSigningRequest(ISession session, IObjectHandle publicKeyHandle, IObjectHandle privateKeyHandle, string subjectDistinguishedName, string keyType, HashAlgorithm hashAlgorithm)
    {
        AsymmetricKeyParameter publicKeyParameters = null;

        if (keyType == "RSA")
        {
            var pubKeyAttrsToRead = new List<CKA>
            {
                CKA.CKA_KEY_TYPE,
                CKA.CKA_MODULUS,
                CKA.CKA_PUBLIC_EXPONENT
            };

            var publicKeyAttributes = session.GetAttributeValue(publicKeyHandle, pubKeyAttrsToRead);
            //cause nobody wants a small Integer
            var modulus = new BigInteger(1, publicKeyAttributes[1].GetValueAsByteArray());
            var publicExponent = new BigInteger(1, publicKeyAttributes[2].GetValueAsByteArray());
            publicKeyParameters = new RsaKeyParameters(false, modulus, publicExponent);
        }

        if (keyType == "ECDSA")
        {
            var pubKeyAttrsToRead = new List<CKA>
            {
                CKA.CKA_KEY_TYPE,

            };

            var publicKeyAttributes = session.GetAttributeValue(publicKeyHandle, pubKeyAttrsToRead);
            var attrs = new BigInteger(1, publicKeyAttributes[0].GetValueAsByteArray());
            publicKeyParameters = new ECPublicKeyParameters(false, keyParameters);
        }

        IMechanism mechanism = null;
        string signatureAlgorithm = null;

        switch (hashAlgorithm)
        {
            case HashAlgorithm.SHA1:
                mechanism = keyType == "RSA" ? session.Factories.MechanismFactory.Create(CKM.CKM_SHA1_RSA_PKCS) : session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_SHA1);
                signatureAlgorithm = PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id;
                break;
            case HashAlgorithm.SHA256:
                mechanism = keyType == "RSA" ? session.Factories.MechanismFactory.Create(CKM.CKM_SHA256_RSA_PKCS) : session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_SHA256);
                signatureAlgorithm = PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id;
                break;
            case HashAlgorithm.SHA384:
                mechanism = keyType == "RSA" ? session.Factories.MechanismFactory.Create(CKM.CKM_SHA384_RSA_PKCS) : session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_SHA384);
                signatureAlgorithm = PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id;
                break;
            case HashAlgorithm.SHA512:
                mechanism = keyType == "RSA" ? session.Factories.MechanismFactory.Create(CKM.CKM_SHA512_RSA_PKCS) : session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_SHA512);
                signatureAlgorithm = PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id;
                break;
        }

        var certificateSigningRequestDelayed = new Pkcs10CertificationRequestDelaySigned(signatureAlgorithm, new X509Name(subjectDistinguishedName), publicKeyParameters, null);
        var signature = session.Sign(mechanism, privateKeyHandle, certificateSigningRequestDelayed.GetDataToSign());
        certificateSigningRequestDelayed.SignRequest(new DerBitString(signature));
        return certificateSigningRequestDelayed.GetDerEncoded();
    }

This is my working RSA Code:

var pubKeyAttrsToRead = new List<CKA>
            {
                CKA.CKA_KEY_TYPE,
                CKA.CKA_MODULUS,
                CKA.CKA_PUBLIC_EXPONENT
            };

            var publicKeyAttributes = session.GetAttributeValue(publicKeyHandle, pubKeyAttrsToRead);
            //cause nobody wants a small Integer
            var modulus = new BigInteger(1, publicKeyAttributes[1].GetValueAsByteArray());
            var publicExponent = new BigInteger(1, publicKeyAttributes[2].GetValueAsByteArray());
            publicKeyParameters = new RsaKeyParameters(false, modulus, publicExponent);

This is my not working ECDSA Code:

if (keyType == "ECDSA")
        {
            var pubKeyAttrsToRead = new List<CKA>
            {
                CKA.CKA_KEY_TYPE,

            };

            var publicKeyAttributes = session.GetAttributeValue(publicKeyHandle, pubKeyAttrsToRead);
            var attrs = new BigInteger(1, publicKeyAttributes[0].GetValueAsByteArray());
            publicKeyParameters = new ECPublicKeyParameters(false, keyParameters);
        }

Unfortunetly I couldn't find any related or helpful information trough google.

What am I missing? Thanks in advance for your help!

c++sharpbouncycastleecdsahsmpkcs11interop


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions