Closed Bug 1965329 Opened 10 months ago Closed 6 days ago

Implement PKCS #11 v3.2 PQ functions and KEM mechanisms.

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rrelyea, Assigned: rrelyea)

References

(Blocks 1 open bug)

Details

Attachments

(4 files, 1 obsolete file)

Bug 1965329 Implement PKCS #11 v3.2 functions
48 bytes, text/x-phabricator-request
Details | Review
Bug 1965329 Use PKCS #11 v3.2 KEM mechanisms and functions.
48 bytes, text/x-phabricator-request
Details | Review
WIP: Bug 1965329 Implement PKCS #11 v3.2 PQ functions (use verify signature)
48 bytes, text/x-phabricator-request
Details | Review
Bug 1965329 - add failure checks to pk11_mergeTrust() , r=rrelyea
48 bytes, text/x-phabricator-request
Details | Review

PKCS #11 has defined new functions for verification and key encapsulate. We already have functions for key encapsulate using vendor specific functions and mechanisms. We need to move the the new PKCS #11 versions of these. We Also need to implement the new verification functions used by PQ signature schemes.

Hmmm our milestones don't have any modern versions of NSS?

Assignee: nobody → rrelyea
Blocks: 1954613
Priority: -- → P2
Target Milestone: --- → 3.99

lib/softoken/fipsaudt.c
lib/softoken/softoken.h
lib/softoken/softoknt.h

  • Add new audit functions for encapsulate and decapsulate

lib/softoken/fipstokn.c

  • update pkcs11 3.0 function table to a specific name.
  • add pkcs11 3.2 function table.
  • add FIPS versions of the new Signature, Encaps/Decaps, GetSeesionValidationFlags,
    Async and authenticated key wrap functions.

lib/softoken/kem.c

  • update kem functions to understand the new PKCS #11 version names.
  • add option to disable Kyber to kem functions.
  • update kem functions to get the parameter from the key.
  • implement pkcs #11 C_EncapsulateKey and C_DecapsulateKey with the PKCS #11 argument order.
  • return the old NSS EncapsualteKey and Decapsulate key with it's order for compatibility. The
    old API just calls the new functions, so even the old API will get the new PKCS #11 mechanism.

lib/softoken/pkcs11.c

  • update pkcs11 3.0 function table to be a specific name.
  • add PKCS11 3.2 function table.
  • update NSS_INTERFACE_COUNT to automatically get the correct array size.
  • add the PKCS #11 attribute for ML_KEM
  • add Unsupported Async stubs.
  • add NSC_GetSessionValidationFlags using the already existing nsc_NSSGetFIPSStatus flag.
  • add NSC_VerifySignature* functions. Currently there isn't any algorithms that don't
    work with the old interface, so this functions simply cache the signature and use the old
    inteferface to implement the NSC_VerifySignature* function.
  • CK_NSS_KEM_PARAMETER_SET_TYPE fetching of paremeter set, make it generic since lots of
    algorithms will have a CK_ULONG CKA_PARAMETER_SET value in the keys.
  • add unsupported stubs for WrapKey and UnwrapKey Authenticated.

lib/softoken/pkcs11i.h

  • add signature item for VerifySignature algorithms.
  • add defines for the FIPS_FLAG

lib/softoken/pkcs11u.c

  • add signature item for VerifySignature algorithms.
  • update sftk_CreateValidationObjects to create real PKCS #11 v3.2 validation objects.
Attachment #9493836 - Attachment description: WIP: Bug 1965329 Implement PKCS #11 v3.2 functions → Bug 1965329 Implement PKCS #11 v3.2 functions
  • Use the PKCS #11 v3.2 KEM functions rather than the vendor specific ones.
  • We fall back to the vendor ones if we don't have a PKCS #11 v3.2 function table.
  • We make the Encapsulate/Decapsulate more generic so it can work with KEMs other than ML-DSA.

Use the PKCS #11 v3.2 functions and mechanism to do ML_KEM.

lib/pk11wrap/pk11akey.c

  • use CKA_PARAMETER_SET rather then CKA_NSS_PARAMETER_SET. retry with the former if we fail.
  • accept CKK_ML_KEM as well as the two vendor specific key types.
  • add support for CKA_ENACAPSULATE and CKA_DECAPSULATE when creating keys.
  • if we are using an 3.2 or later function list, use the PKCS #11 C_Encapsulate and C_Decapsulate call.
  • for Encapsulate, use the normal PKCS #11 protocol to get the ciphertext length rather than "Just knowing it".

lib/softoken/kem.c

  • update softoken to accept CKA_PARAMETER_SET as well as CKA_NSS_PARAMETER_SET for the old mechanisms.

lib/softoken/pkcs11.c

  • export the ENCAPSULATE/DECAPSULATE mechanism flags for our KEM mechanisms.
  • add the same support for CKA_ENCAPSULSATE/CKA_DECAPSULATE and CKA_*PARMETER_SET in pkaakey in softoken.

lib/softoken/pkcs11c.c

  • add pairwise consistency check for CKM_ML_KEM_GENERATE_KEY_PAIR. The CKM_NSS version still will skip the pairwise check so ssl can keep using that in FIPS mode (like the special ECC KEY_GEN).

lib/ssl/tls13con.c

  • update tls to use the new mechanism and parameter sets.
  • retry the keygen with more secure keys if the first key gen fails. This happens in FIPS mode (obviously).
  • do the same than for PK11_Encapsulate and PK11_Decapsulate

lib/util/kyber.h

  • Add defines for the max key sizes for ml_kem (will update when mlkem1024 gets added.

tests/ssl/ssl.sh

  • add tests for mlkem to the ssl coverage tests.

Depends on D259697

Attachment #9504734 - Attachment is obsolete: true
Status: NEW → ASSIGNED

lib/cryptohi/secvfy.c

  • if we are using 3.2 function tables, then use the PKCS #11 Signature
    functions. We just need to do this at Context create time and the context
    code will use the context time to determin which PKCS #11 functions to call.
    It uses a new PK11_CreateSignatureContextByPubKey().
    lib/nss/nss.def
    lib/pk11wrap/pk11pub.h
  • add PK11_CreateSignatureContectByPubKey().
    lib/pk11wrap/pk11cxt.c
  • Add PK11_CreateSignatureContextByPubKey() which takes a signature. It's basically the same as PK11_CreateContextByPubKey(), but carries the signature down to context_init where it can be passed to C_VerifySignatureInit(). The the PK11_CreateContextByPubKey just calls PK11_CreateSignatureContextByPubKey() with a NULL
    signature.
  • Add C_VerifySignature to our context. CKA_NSS_VERIFY_SIGNATURE is a new fake Attribute that is used to make VerifySignature Contexts.
    lib/pk11wrap/pk11obj.c
  • add C_VerifySignature to PK11_VerifyWithMechanism.
    lib/softoken/pkcs11c.c
  • fix bugs in NSC_VerifySignatureInit and NSC_VerifySignature. These functions don't require streaming specifically.
    lib/util/pkcs11n.h
  • Define CKA_NSS_VERIFY_SIGNATURE fake attribute.

Bug 1965329 Implement PKCS #11 v3.2 functions changed:

             targetTemplate.type = (targetClass == CKO_TRUST)
                                       ? nssTrustAttrs[i]
                                       : pkcsTrustAttrs[i];
-            targetTemplate.type = (sourceClass == CKO_TRUST)
+            sourceTemplate.type = (sourceClass == CKO_TRUST)
                                       ? nssTrustAttrs[i]
                                       : pkcsTrustAttrs[i];

which changed was a correct fix but needed further changes

Attachment #9519778 - Attachment description: Bug 1965329 - fix sourceTemplate.ulValueLen in pk11_map_trust_entry, r=rrelyea → Bug 1965329 - add failure checks to pk11_mergeTrust() , r=rrelyea

Pushed by rrelyea@redhat.com:
https://hg.mozilla.org/projects/nss/rev/f9b73a4c8e7f
add failure checks to pk11_mergeTrust() , r=rrelyea

Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED

reopenning, the patch has issue in CI..

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Pushed by rrelyea@redhat.com:
https://hg.mozilla.org/projects/nss/rev/07eda95d4c4e
add failure checks to pk11_mergeTrust() , r=rrelyea

Status: REOPENED → RESOLVED
Closed: 4 months ago6 days ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: