1159216 - Support PKCS8 import for private (EC)DH keys without a public key

Status: RESOLVED DUPLICATE of bug 1915792

(NSS :: Libraries, enhancement, P5)

Description

[Tim Taubert [:ttaubert] (inactive)]

RFC 5915 (ECDH) and RFC 5208 (others) state that a public key SHOULD be provided with the PKCS8 structure but isn't required. We can simply compute the public key from the given params and private key but NSS's PK11_ API doesn't seem to expose anything for that currently. A somewhat high-level function that allows to pass in a private key and returns a public key should be sufficient.

Comment 1

[Tim Taubert [:ttaubert] (inactive)]

So I found EC_NewKeyFromSeed(), which seems great for reconstructing a public key from private one. But it unfortunately is only available via freebl. The same for EC_ValidatePublicKey() which we really should use instead of the other troublesome function we currently use in WebCrypto.

I managed to expose both functions via freebl, softoken, and then PKCS#11. I wondered, is there an easier way to do this or is that the way we have to go?

Dana, you know a lot about this. Any suggestions? :)

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler]]

From a policy standpoint, it's my understanding that exposing freebl directly isn't something that's done. I'm sure this decision could be revisited (it would be something to bring up on the nss-dev mailing list or at the weekly meeting). In the absence of that, though, freebl -> softoken -> PK11_* is probably the way to go. (To be clear, adding to the PK11_ API it totally fine (I'm fairly sure), and if doing so would improve the WebCrypto implementation, we should do it.)

Comment 3

[Tim Taubert [:ttaubert] (inactive)]

Thanks Dana! I'll try the freebl -> softoken -> PK11_ way to get those exposed.