From 5ca7d8a69a14fe3ee0bb46a32402118831287eca Mon Sep 17 00:00:00 2001
From: Aveen Ismail <aveen.ismail@yubico.com>
Date: Fri, 23 Aug 2024 11:16:33 +0200
Subject: [PATCH] YKCS11: Return CKA_EC_POINT for ED keys

---
 ykcs11/objects.c               | 4 ++--
 ykcs11/openssl_utils.c         | 6 ++++++
 ykcs11/tests/ykcs11_edx_test.c | 8 ++++++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ykcs11/objects.c b/ykcs11/objects.c
index d173fd65..da653c3a 100644
--- a/ykcs11/objects.c
+++ b/ykcs11/objects.c
@@ -723,7 +723,7 @@ static CK_RV get_proa(ykcs11_slot_t *s, piv_obj_id_t obj, CK_ATTRIBUTE_PTR templ
     ul_tmp = do_get_key_type(s->pkeys[piv_objects[obj].sub_id]); // Getting the info from the pubk
     if (ul_tmp == CKK_VENDOR_DEFINED)
       return CKR_FUNCTION_FAILED;
-    if (ul_tmp != CKK_EC)
+    if (ul_tmp == CKK_RSA)
       return CKR_ATTRIBUTE_TYPE_INVALID;
 
     if ((rv = do_get_public_key(s->pkeys[piv_objects[obj].sub_id], b_tmp, &len)) != CKR_OK)
@@ -1030,7 +1030,7 @@ static CK_RV get_puoa(ykcs11_slot_t *s, piv_obj_id_t obj, CK_ATTRIBUTE_PTR templ
     ul_tmp = do_get_key_type(s->pkeys[piv_objects[obj].sub_id]); // Getting the info from the pubk
     if (ul_tmp == CKK_VENDOR_DEFINED)
       return CKR_FUNCTION_FAILED;
-    if (ul_tmp != CKK_EC)
+    if (ul_tmp == CKK_RSA)
       return CKR_ATTRIBUTE_TYPE_INVALID;
 
     if ((rv = do_get_public_key(s->pkeys[piv_objects[obj].sub_id], b_tmp, &len)) != CKR_OK)
diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c
index 8d97bf51..0cd9cab0 100644
--- a/ykcs11/openssl_utils.c
+++ b/ykcs11/openssl_utils.c
@@ -694,6 +694,12 @@ CK_RV do_get_public_key(ykcs11_pkey_t *key, CK_BYTE_PTR data, CK_ULONG_PTR len)
     *len += 2;
 
     break;
+  case EVP_PKEY_ED25519:
+  case EVP_PKEY_X25519:
+    if(EVP_PKEY_get_raw_public_key(key, data, len) != 1) {
+      return CKR_FUNCTION_FAILED;
+    }
+    break;
 
   default:
     return CKR_FUNCTION_FAILED;
diff --git a/ykcs11/tests/ykcs11_edx_test.c b/ykcs11/tests/ykcs11_edx_test.c
index 4cf4757d..6dcb7847 100644
--- a/ykcs11/tests/ykcs11_edx_test.c
+++ b/ykcs11/tests/ykcs11_edx_test.c
@@ -261,12 +261,14 @@ static void test_xkey_attributes() {
   CK_BBOOL obj_token;
   CK_BBOOL obj_private;
   CK_ULONG obj_key_type;
+  CK_BYTE obj_point[64] = {0};
 
   CK_ATTRIBUTE template[] = {
       {CKA_CLASS,    &obj_class,    sizeof(CK_ULONG)},
       {CKA_TOKEN,    &obj_token,    sizeof(CK_BBOOL)},
       {CKA_PRIVATE,  &obj_private,  sizeof(CK_BBOOL)},
       {CKA_KEY_TYPE, &obj_key_type, sizeof(CK_ULONG)},
+      {CKA_EC_POINT, obj_point, sizeof(obj_point)}
   };
 
   init_connection();
@@ -274,17 +276,19 @@ static void test_xkey_attributes() {
 
   generate_ex_key(funcs, session, &pubkey, &privkey);
 
-  asrt(funcs->C_GetAttributeValue(session, pubkey, template, 4), CKR_OK, "GET BASIC ATTRIBUTES");
+  asrt(funcs->C_GetAttributeValue(session, pubkey, template, 5), CKR_OK, "GET BASIC ATTRIBUTES");
   asrt(obj_class, CKO_PUBLIC_KEY, "CLASS");
   asrt(obj_token, CK_TRUE, "TOKEN");
   asrt(obj_private, CK_FALSE, "PRIVATE");
   asrt(obj_key_type, CKK_EC_MONTGOMERY, "KEY_TYPE");
+  asrt(template[4].ulValueLen, 32, "EC_POINT LEN");
 
-  asrt(funcs->C_GetAttributeValue(session, privkey, template, 4), CKR_OK, "GET BASIC ATTRIBUTES");
+  asrt(funcs->C_GetAttributeValue(session, privkey, template, 5), CKR_OK, "GET BASIC ATTRIBUTES");
   asrt(obj_class, CKO_PRIVATE_KEY, "CLASS");
   asrt(obj_token, CK_TRUE, "TOKEN");
   asrt(obj_private, CK_TRUE, "PRIVATE");
   asrt(obj_key_type, CKK_EC_MONTGOMERY, "KEY_TYPE");
+  asrt(template[4].ulValueLen, 32, "EC_POINT LEN");
 
   destroy_test_objects(funcs, session, &privkey, 1);
   asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession");