Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

piv: implement algorithm discovery #1

Open
ericchiang opened this issue Jan 7, 2020 · 2 comments
Open

piv: implement algorithm discovery #1

ericchiang opened this issue Jan 7, 2020 · 2 comments

Comments

@ericchiang
Copy link
Collaborator

Different smart cards can implement different algorithm sets. See if YubiKey's PIV implementation supports algorithm discovery:

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf#page=61
@nickray
Copy link
Contributor

nickray commented May 19, 2020

To the best of my knowledge, there is no "interoperable way" to do this, nor a direct Yubico-specific one. Close misses:

  • If you parse the "card issuer's data" out of the ATR when you open the reader (bottom of https://developers.yubico.com/PIV/Introduction/Yubico_extensions.html, we'd likely set this to SoloKeys), you could have a lookup table for known tokens (but this means a closed universe).
  • I assume for Yubico specifically algorithms are a function of the vendor command GetVersion; maybe it's even constant?
  • If you have a known empty key ("slot", but this terminology is overloaded), you can GENERATE ASYMMETRIC KEY and check for failure (0x6a80) to exclude algorithms, but this will silently overwrite keys and it's inefficient. It's also not necessarily true that all "slots" support the same algorithm set.
  • Yubico-specific GetMetadata command (again https://developers.yubico.com/PIV/Introduction/Yubico_extensions.html) tells you the algorithm of existing keys
  • In a more standards-compliant way, the administrator of keys is supposed to generate a certificate, which would include the algorithm

Your reference above points to this last method, in a world where every key is expected to have an associated certificate. I understand this is the originally PIV-intended way. Moreover, it lives in the very small universe of SP 800-78-4 algorithms, something like Ed25519 is immediately non-standard.

There isn't even a standard way, if there is no certificate, to tell if there's a key (in a "slot"), except trying to do cryptographic operations with GENERAL AUTHENTICATE and recording 0x6a86 failures (for Yubico you can use GetMetadata). I assume the card administrator is assumed to know the support in the cards they're deploying...

As I intend for the SoloKeys PIV implementation to have additional/variable algorithms, it would make a lot of sense to have a command with parameter key ID (9a etc.) and response "list of supported algorithms". This would be a SoloKeys extension though (unless I can find anything resembling a standard way).

@arekinath
Copy link

So, Yubico don't currently do this, but in the application property template (response-to-select data), applets can list the algorithm IDs which they support (under tag AC). This is currently only compulsory if you support the PIV SM suites (27 or 2E), but the standard seems to imply that cards which support only a subset of the specified algorithms should advertise their subset in the APT. It might be nice to try to encourage newer implementations to make use of this? If it's worth anything, my PivApplet implementation for JavaCard-compatible devices does advertise its full list of supported algorithms here.

@nickray nickray mentioned this issue Jun 27, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arekinath @nickray @ericchiang