Skip to content

Add support for larger ECC curves (P521) in the PKCS11 implementation #591

New issue
New issue
Open
Open
Add support for larger ECC curves (P521) in the PKCS11 implementation#591
Labels
CRT/IoTfeature-requestA feature should be added or improved.p2This is a standard priority issue
@gregbreen

Description

@gregbreen
gregbreen
opened on Aug 16, 2023

Describe the feature

In attempting to use P521 with PKCS (SoftHSM), I encounter the AWS_ERROR_PKCS11_ENCODING_ERROR here:

aws-c-io/source/pkcs11_lib.c

Line 1173 in c4b661f

return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
. It seems to be the case that the buffer is too small for P521. P256 and P384 are fine.

Use Case

AWS IoT Core recently added ECDSA-P521 as a supported key type: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-iot-core-new-certificate-signing-key-generation-algorithms/. The SDK should support all key algorithms supported by IoT Core.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Metadata

Metadata

Assignees

No one assigned

    Labels

    CRT/IoTfeature-requestA feature should be added or improved.p2This is a standard priority issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions