Merge pull request OpenSC#3090 from dengert/X25519-improvements-2

X25519 improvements 2 in PKCS11-tool, PKCS15 routines, tools, OpenPGP and PIV

Author: frankmorgner

doc/tools/pkcs11-tool.1.xml

@@ -147,7 +147,7 @@
 						<option>--key-type</option> <replaceable>specification</replaceable>
 					</term>
 					<listitem><para>Specify the type and (not always compulsory) flavour (byte-wise symmetric key length, bit-wise asymmetric key length,
-					elliptic curve identifier, etc.) of the key to create, for example RSA:2048, EC:prime256v1, GOSTR3410-2012-256:B,
+					elliptic curve identifier, etc.) of the key to create, for example RSA:2048, EC:prime256v1, EC:ED25519, EC:X448, GOSTR3410-2012-256:B,
 					DES:8, DES3:24, AES:16, AES: or GENERIC:64. If the key type was incompletely specified, possible values are listed.</para></listitem>
 				</varlistentry>
 
@@ -332,6 +332,16 @@
 					the <option>--login</option> option.</para></listitem>
 				</varlistentry>
 
+				<varlistentry>
+					<term>
+						<option>--public-key-info</option>
+					</term>
+					<listitem><para>Read public key from the module using "CKA_PUBLIC_KEY_INFO"
+					(use with <option>--read-object --type public</option>).
+					The output is a "SubjectPublicKeyInfo" i.e. as used in certificates
+					and openssl.</para></listitem>
+				</varlistentry>
+
 				<varlistentry>
 					<term>
 						<option>--puk</option> <replaceable>puk</replaceable>

doc/tools/pkcs15-init.1.xml

@@ -138,8 +138,14 @@
 			<para>
 				where <replaceable>keyspec</replaceable> describes the algorithm and the parameters
 				of the key to be created. For example, <literal>rsa:2048</literal> generates a RSA key
-				with 2048-bit modulus. If you are generating an EC key, the curve designation must
-				be specified, for example <literal>ec:prime256v1</literal>. For symmetric key,
+				with 2048-bit modulus, default is 3072. If you are generating an EC key, the curve designation must
+				be specified, for example <literal>ec:prime256v1</literal>.
+				The following curves do not need parameters:
+				Edwards 25519 curves use one of these equivalent names: Ed25519(preferred), ed25519 or edwards25519
+				and for the 448 curve use: Ed448.
+				For Montgomery 25519 curves use one of these equivalent names: X25519(preferred), cv25519 or curve25519
+				and for the 448 curve use: X448.
+				For symmetric key,
 				the length of key is specified in bytes, for example  <literal>AES:32</literal>
 				or <literal>DES3:24</literal>.
 			</para>

doc/tools/tools.html

@@ -1490,7 +1490,7 @@
 					</span></dt><dd><p>Generate a new key.</p></dd><dt><span class="term">
 						<code class="option">--key-type</code> <em class="replaceable"><code>specification</code></em>
 					</span></dt><dd><p>Specify the type and (not always compulsory) flavour (byte-wise symmetric key length, bit-wise asymmetric key length,
-					elliptic curve identifier, etc.) of the key to create, for example RSA:2048, EC:prime256v1, GOSTR3410-2012-256:B,
+					elliptic curve identifier, etc.) of the key to create, for example RSA:2048, EC:prime256v1, EC:ED25519, EC:X448, GOSTR3410-2012-256:B,
 					DES:8, DES3:24, AES:16, AES: or GENERIC:64. If the key type was incompletely specified, possible values are listed.</p></dd><dt><span class="term">
 						<code class="option">--usage-sign</code>
 					</span></dt><dd><p>Specify 'sign' key usage flag (sets SIGN in privkey, sets VERIFY in pubkey).</p></dd><dt><span class="term">
@@ -1571,6 +1571,11 @@
 					environment variable <em class="replaceable"><code>VARIABLE</code></em> is
 					used.</p><p>This option will also set
 					the <code class="option">--login</code> option.</p></dd><dt><span class="term">
+						<code class="option">--public-key-info</code>
+					</span></dt><dd><p>Read public key from the module using "CKA_PUBLIC_KEY_INFO"
+					(use with <code class="option">--read-object --type public</code>).
+					The output is a "SubjectPublicKeyInfo" i.e. as used in certificates
+					and openssl.</p></dd><dt><span class="term">
 						<code class="option">--puk</code> <em class="replaceable"><code>puk</code></em>
 					</span></dt><dd><p>Supply User PUK on the command line.</p></dd><dt><span class="term">
 						<code class="option">--new-pin</code> <em class="replaceable"><code>pin</code></em>
@@ -2004,8 +2009,14 @@
 			</p><p>
 				where <em class="replaceable"><code>keyspec</code></em> describes the algorithm and the parameters
 				of the key to be created. For example, <code class="literal">rsa:2048</code> generates a RSA key
-				with 2048-bit modulus. If you are generating an EC key, the curve designation must
-				be specified, for example <code class="literal">ec:prime256v1</code>. For symmetric key,
+				with 2048-bit modulus, default is 3072. If you are generating an EC key, the curve designation must
+				be specified, for example <code class="literal">ec:prime256v1</code>.
+				The following curves do not need parameters:
+				Edwards 25519 curves use one of these equivalent names: Ed25519(preferred), ed25519 or edwards25519
+				and for the 448 curve use: Ed448.
+				For Montgomery 25519 curves use one of these equivalent names: X25519(preferred), cv25519 or curve25519
+				and for the 448 curve use: X448.
+				For symmetric key,
 				the length of key is specified in bytes, for example  <code class="literal">AES:32</code>
 				or <code class="literal">DES3:24</code>.
 			</p><p>

src/common/libpkcs11.h

@@ -20,6 +20,7 @@
 
 #ifndef __LIBPKCS11_H
 #define __LIBPKCS11_H
+#include "pkcs11/pkcs11.h"
 void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
 CK_RV C_UnloadModule(void *module);
 #endif