ECDH for using P-384 keys for more than signing about piv-go HOT 7 CLOSED

A-ha! Found the difference! decipher is the final argument to _general_authenticate and the code branches based on it:

https://github.com/Yubico/yubico-piv-tool/blob/0b27308560ab4f3df4bc29a179e1c91649ce0629/lib/ykpiv.c#L1048-L1052

https://github.com/Yubico/yubico-piv-tool/blob/0b27308560ab4f3df4bc29a179e1c91649ce0629/lib/ykpiv.c#L1064

from piv-go.

I tried reproducing the 0x81->0x85 difference here

but that just broke with

command failed: smart card error 6a80: incorrect parameter in command data field

Same yubikey, same slot, works with ykpiv. I must be still doing something wrong.

from piv-go.

Ah, signing was silently truncating the input still. Commenting out this line kludges ykSignECDSA into a ECDH function.

from piv-go.

Now, obviously the above is not the right way to do it, just a proof of concept.

How should the real API look like?

I'm not thrilled by the idea of a Decrypt that doesn't really decrypt. Should YubiKey.PrivateKey return value learn an extra optional interface?

type KeyAgreement interface {
    // Perform a Diffie-Hellman key agreement with the peer.
    //
    // Peer's public key must use the same algorithm as
    // the key in this slot, or returns error ErrMismatchingAlgorithms.
    KeyAgreement(peer crypto.PublicKey) ([]byte, error)
}

from piv-go.

I guess that KeyAgreement should take rand io.Reader and opts crypto.SignerOpts too, even if ECDSA doesn't use them?

Any thoughts on the name of the interface, can't -er name it easily. KeyAgreementer. KeyAgreer. Are there good synonyms for the Diffie-Hellman operation? I already intentionally made it not say EC or DH, because I thought both of those were algorithm-specific details.

from piv-go.

I'll have a pull request ready as soon as I figure out how this library is tested.

from piv-go.

First stab is at https://github.com/tv42/piv-go/tree/wip-ecdh, without tests for now.

from piv-go.