Support for EC keys, fix Attributes processing

[ya-mouse]

This change adds proper handling for EC keys (addressing #303) as well as proper RSA parameters calculation.

NOTE: For instance, openssl expects that EC params (curve OID) and points are in specific uncompressed and padded format. In Go encoding EC_POINTS be like:

case C.CKA_EC_POINT:
    encodedPoint, err := encodeECPoint(key.Curve, key.X, key.Y)
    ...
    setValue(attr, unsafe.Pointer(&encodedPoint[0]), C.CK_ULONG(len(encodedPoint)))

func encodeECPoint(curve elliptic.Curve, x, y *big.Int) ([]byte, error) {
        fieldSize := (curve.Params().BitSize + 7) / 8
        xPadded := make([]byte, fieldSize)
        yPadded := make([]byte, fieldSize)
        copy(xPadded[fieldSize-len(x.Bytes()):], x.Bytes())
        copy(yPadded[fieldSize-len(y.Bytes()):], y.Bytes())

        ecPoint := append([]byte{0x04}, append(xPadded, yPadded...)...)

        return asn1.Marshal(asn1.RawValue{
                Tag:   asn1.TagOctetString,
                Bytes: ecPoint,
        })
}

I faced this issue when implementing fake custom backend using regular PEM/DER files or passing signature produced by AWS KMS.
Perhaps, as later improvement we can try to instantiate specific signature from DER bytes and then repack params into expected format. Now this is offloaded to the backend.

The changes were checked with my custom backend using RSA2048 and ECC NIST-P256 keys via OpenSSL.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[ya-mouse]

we should skip unknown attributes otherwise a tool that handles pkcs11 calls silently tries to interpret random values from the template: pkcs11-tool and p11-kit produces weird values for attributes when inspecting with pkcs11-spy.

[brandonweeks]

Can you please split the bug fix for attribute parsing into a separate PR?

[ya-mouse]

#389
#390

[ya-mouse]

Gently ping :)

[ya-mouse]

was small to fit ECC P-256 digest value

[ya-mouse]

Added some missed attributes with default values that pkcs11-tool/p11-kit tools complains about.

[brandonweeks]

Apologies for the churn but can you also make this change in a separate PR? I'm working on adding integration tests for pkcs11-tool output I would like to use to validate this change.

[brandonweeks]

Thank you for the PR! Just to set expectations, I probably won't have an opportunity to review and test until the new year.

[brandonweeks]

spki.algorithm.parameters_oid().unwrap().to_der().unwrap() seems to do the same thing.

[brandonweeks]

spki.subject_public_key.to_der().unwrap() also seems like an easier way to get the key as DER encoded unless I'm missing something.

[brandonweeks]

RsaPublicKey::from_der(spki.subject_public_key.as_bytes()?).ok()? works as well.

[brandonweeks]

Nit: return a usize from the method and do the type casting further down.

[brandonweeks]

Nit: call rsa_pubkey.modulus.as_bytes().to_vec() in the struct constructor instead of assigning to a variable.