Closed Bug 298957 Opened 19 years ago Closed 19 years ago

PK11_TokenKeyGen should add CKA_UNWRAP and CKA_WRAP attributes to object template

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Version:
3.9.3
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.10.2

People

(Reporter: nkwan, Assigned: rrelyea)

Details

Attachments

(9 files)

Thomas Kwan's patch
979 bytes, patch
Details | Diff | Splinter Review
Add new function PK11_TokenKeyGenWithFlags (checked in)
3.34 KB, patch
rrelyea
: review+
nelson
: superreview+
Details | Diff | Splinter Review
Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible
1.63 KB, patch
rrelyea
: review-
Details | Diff | Splinter Review
Code cleanup patch (checked in)
1.39 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in)
2.04 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Patch for NSS_3_10_BRANCH (checked in with changes)
6.31 KB, patch
nelson
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 (checked in)
650 bytes, patch
julien.pierre
: review+
Details | Diff | Splinter Review
Improve comment regarding generating DES2 keys (checked in)
1.08 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Remove the comment "TNH: references the slot?" (checked in)
666 bytes, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

We are working on a project where we want to generate a symmetric key and
then use the key to unwrap another key into the hardware token. 
We would like to add the following to the PK11_TokenKeyGen function:

[nkwan@zion pk11wrap]$ cvs diff pk11skey.c
Index: pk11skey.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v
retrieving revision 1.83
diff -r1.83 pk11skey.c
1457c1457
<     CK_ATTRIBUTE genTemplate[6];
---
>     CK_ATTRIBUTE genTemplate[8];
1493a1494,1495
>     PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(cktrue));  attrs++;
>     PK11_SETATTRS(attrs, CKA_UNWRAP, &cktrue, sizeof(cktrue));  attrs++;
[nkwan@zion pk11wrap]$ vi pk11skey.c




Reproducible: Always
Assignee: wtchang → rrelyea
Status: UNCONFIRMED → NEW
Ever confirmed: true
I am worried that adding the CKA_WRAP and CKA_UNWRAP
attributes to the C_GenerateKey call may break some
PKCS #11 modules.

Secret keys have other attributes, such as CKA_VERIFY.
Do we also need to set them?
In our program, we need to use the generated symmetric to unwrap another key
into the hardware token. SafeNet's Luna SA does not perform unwrap if the key is
not marked with CKA_UNWRAP.

Maybe instead of keep adding new attributes to this function, we can write a new
function that takes a list of user-defined attributes, similar to
PK11_ImportSymKeyWithFlags where flags are user-definied attributes.
This patch adds a new function PK11_TokenKeyGenWithFlags,
with has one more parameter (CF_FLAGS flags) than the
existing PK11_TokenKeyGen function.  PK11_TokenKeyGen
is reimplemented to call PK11_TokenKeyGenWithFlags.

Thomas, please try calling PK11_TokenKeyGenWithFlags with
"flags" equal to CKF_SIGN|CKF_WRAP|CKF_UNWRAP.
Attachment #187534 - Flags: superreview?(nelson)
Attachment #187534 - Flags: review?(rrelyea)
Severity: normal → enhancement
OS: Linux → All
Priority: -- → P2
Target Milestone: --- → 3.11
Version: unspecified → 3.9.3
This patch doesn't require a new function and tries to
be backward compatible.  Thomas, could you test this
patch, too?
Attachment #187537 - Flags: review?(rrelyea)
Comment on attachment 187534 [details] [diff] [review]
Add new function PK11_TokenKeyGenWithFlags (checked in)

Thomas reported that the new function works for him.
Summary: Need to add CKA_UNWRAP and CKA_WRAP attributes to PK11_TokenKeyGen function → PK11_TokenKeyGen shuld add CKA_UNWRAP and CKA_WRAP attributes to object template
Comment on attachment 187534 [details] [diff] [review]
Add new function PK11_TokenKeyGenWithFlags (checked in)

Looks right to me.
Attachment #187534 - Flags: superreview?(nelson)
Attachment #187534 - Flags: superreview+
Attachment #187534 - Flags: review?(rrelyea)
Comment on attachment 187537 [details] [diff] [review]
Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible

I gather that this second patch is intended to be an alternative to the 
first one.  It always adds the two attributes to the new keys.
I don't think we want to do that.  In particular, I think we do not
want to add wrap/unwrap to token keys that are intended for use in
signing-only certs.  So I think the approach in the first patch is right.
Comment on attachment 187537 [details] [diff] [review]
Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible

Nelson, you are right.	This patch is an alternative to
the first patch.

We are generating symmetric keys, not public/private
key pairs in PK11_TokenKeyGen.
Attachment #187537 - Attachment description: Have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible → Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible
Attachment #187534 - Flags: review?(rrelyea)
Comment on attachment 187534 [details] [diff] [review]
Add new function PK11_TokenKeyGenWithFlags (checked in)

This is the patch we want. The lack of a 'with flags' in for symkey keygen was
a dificiency in the original API. This fixes that deficiency.
Attachment #187534 - Flags: review?(rrelyea) → review+
Comment on attachment 187537 [details] [diff] [review]
Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible

The previous patch is preferable
Attachment #187537 - Flags: review?(rrelyea) → review-
Comment on attachment 187534 [details] [diff] [review]
Add new function PK11_TokenKeyGenWithFlags (checked in)

Patch checked in on the NSS trunk for NSS 3.11.

The new function now has the NSS_3.11 version.	We
may need to change it to NSS_3.10.1 because we may
need to add this function to the NSS 3.10.1 release.

Checking in nss/nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v  <--  nss.def
new revision: 1.147; previous revision: 1.146
done
Checking in pk11wrap/pk11pub.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v	<--  pk11pub.h
new revision: 1.6; previous revision: 1.5
done
Checking in pk11wrap/pk11skey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v  <--  pk11skey.c
new revision: 1.98; previous revision: 1.97
done
Attachment #187534 - Attachment description: Add new function PK11_TokenKeyGenWithFlags → Add new function PK11_TokenKeyGenWithFlags (checked in)
I found these problems while reviewing pk11skey.c to
ensure that MAX_TEMPL_ATTRS (16) is big enough.

1. pk11_FlagsToAttributes should not add an attribute
whose type is 0.  (Some of the elements in the attrTypes
array are 0.)  This lowers the maximum number of attributes
pk11_FlagsToAttributes may add from 12 to 9.

2. In PK11_DeriveWithFlagsPerm, the size of keyTemplate
array doesn't need to be MAX_TEMPL_ATTRS+1 because
MAX_TEMPL_ATTRS is big enough.
Attachment #187863 - Flags: review?(rrelyea)
Attachment #187863 - Flags: review?(rrelyea) → review+
Comment on attachment 187863 [details] [diff] [review]
Code cleanup patch (checked in)

I checked in the code cleanup patch on the NSS trunk for NSS 3.11.

Checking in pk11skey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v  <--  pk11skey.c
new revision: 1.99; previous revision: 1.98
done
Checking in pk11obj.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v	<--  pk11obj.c
new revision: 1.6; previous revision: 1.5
done
Attachment #187863 - Attachment description: Code cleanup patch → Code cleanup patch (checked in)
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
In this patch, I propose to make the new function
PK11_TokenKeyGenWithFlags "legacy free" and move
the following code out of it to PK11_TokenKeyGen.

1. The code to set the CKF_ENCRYPT flag by default.
2. The Fortezza hack code.

What do you think?
Attachment #188482 - Flags: superreview?(nelson)
Attachment #188482 - Flags: review?(rrelyea)
Comment on attachment 188482 [details] [diff] [review]
Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in)

yes, I think it's a good idea to keep the fortezza weirdness out of the new
function.
Attachment #188482 - Flags: review?(rrelyea) → review+
Comment on attachment 188482 [details] [diff] [review]
Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in)

I checked in this patch on the NSS trunk for NSS 3.11.

Checking in pk11skey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v  <--  pk11skey.c
new revision: 1.100; previous revision: 1.99
done
Attachment #188482 - Attachment description: Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags → Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in)
This is the safer version of the patch, for NSS_3_10_BRANCH.

It merely adds the new PK11_TokenKeyGenWithFlag function without
touching any existing functions.

The new function has the version "NSS_3.10.1".
Attachment #190084 - Flags: superreview?(rrelyea)
Attachment #190084 - Flags: review?(nelson)
This patch is for the trunk.
Attachment #190086 - Flags: review?(julien.pierre.bugs)
Attachment #190086 - Flags: review?(julien.pierre.bugs) → review+
Comment on attachment 190084 [details] [diff] [review]
Patch for NSS_3_10_BRANCH (checked in with changes)

I didn't give it a thorough review, assuming you cut and pasted the already
approved 3.11. All the parts seem to be there.

at that point it looks ok.
Comment on attachment 190086 [details] [diff] [review]
Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 (checked in)

Checked in on the trunk.

Checking in nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v  <--  nss.def
new revision: 1.151; previous revision: 1.150
done
Attachment #190086 - Attachment description: Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 → Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 (checked in)
Comment on attachment 188482 [details] [diff] [review]
Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in)

Since this patch is already checked in, I will just comment on it and 
not give it r+ or r-.  

There is one aspect of this change that makes the behavior of PK11_TokenKeyGen 
after the patch not the same as before the patch.  It is this change:


>@@ -836,7 +827,7 @@
>     if (symKey == NULL) return NULL;
> 
>     symKey->size = keySize;
>-    symKey->origin = (!weird) ? PK11_OriginGenerated : PK11_OriginFortezzaHack;
>+    symKey->origin = PK11_OriginGenerated;
> 
>     /* Initialize the Key Gen Mechanism */
>     mechanism.mechanism = PK11_GetKeyGenWithSize(type, keySize);

With this patch in place, symKey->origin will never be PK11_OriginFortezzaHack
for fortezza any more.	If it were not for the fact that we're removing
fortezza
support in 3.11, I would have said this is a regression worthy of fixing (r-).  
Note that the approach taken on the 3.10 branch, which does not reimplement 
PK11_TokenKeyGen using PK11_TokenKeyGenWithFlags should not have this issue.

Perhaps it would be best to fix this by removing the fortezza support from 
PK11_TokenKeyGen alltogether.  I think we've agreed to remove fortezza 
support from NSS for 3.11.  I don't think we have to do that all at once.
I think we can begin to remove it where we find it, and continue to do that
until it's all gone.  

So, I invite you to remove the fortezza "hack" from PK11_TokenKeyGen on the
trunk.
Attachment #188482 - Flags: superreview?(nelson)
Comment on attachment 190084 [details] [diff] [review]
Patch for NSS_3_10_BRANCH (checked in with changes)

The old function had this comment:

  * Use the token to Generate a key. keySize must be 'zero' for fixed key
  * length algorithms. NOTE: this means we can never generate a DES2 key
  * from this interface!

I always considered that to be flawed.	This API just doesn't work for
algs that allow variable size keys.  Since we're devising a new API here, 
and have an opportunity to make the necesssary changes to the function 
signature in the new function, shouldn't we take this opportunity 
to fix that limitation?  
If we don't fix it now, won't we have to add Yet Another API down the road?
Summary: PK11_TokenKeyGen shuld add CKA_UNWRAP and CKA_WRAP attributes to object template → PK11_TokenKeyGen should add CKA_UNWRAP and CKA_WRAP attributes to object template
nelson re comment 21

The patch removes support for fortezza hack in the
'PK11_TokenKeyGenWithFlags'(the new function), so that is not a regression. The
old API ('PK11_TokenKeyGen') now calls the 'PK11_TokenKeyGenWithFlags', then
calls 'PK11_SetFortezzaHack(symKey)' if 'weird' is set, so the semantics of the
old version of the function is maintained. I would have rejected the patch if
PK11_TokenKeyGen's semantics had changed.

re comment 22

Sigh, this is weirdness of the PKCS #11 interface. PKCS #11 modules barf if you
specify the CKA_KEY_LENGTH attribute for keys with fixed length. For DES, PKCS
#11 determines whether or not you want a 2des or a 3des key by whether or not
you specify CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN is supplied. The function is
using the value of keysize to determine if it should supply the key length.
Unfortunetly it's also using it to determin if you mean 2des or 3des when you
specify CKM_DES3_CBC as the 'target' mechanism.

It turns out the comment isn't exactly right, as you could specify
CKM_DES2_KEY_GEN as the 'target' mechanism directly. The solutions to this
problem include 1) specifying how could can generate DES2 keys, 2) move the
knowlege of key sizes down into the function itself so that it knows not to set
CKA_KEY_LENGTH for various mechanisms itself without the caller having  to tell it.

In either of these cases, we should develope some DES2 test cases. We don't test
DES2 in a lot of instances (including key import and actually using DES2 keys).

bob
Comment on attachment 190619 [details] [diff] [review]
Improve comment regarding generating DES2 keys (checked in)

r+

R+ still applies if the last sentence says 'currently doesn't work'.

bob
Attachment #190619 - Flags: review?(rrelyea) → review+
Comment on attachment 190084 [details] [diff] [review]
Patch for NSS_3_10_BRANCH (checked in with changes)

Make sure 3.11 has the export in a NSS_3.10.1 stanza (not in a NSS3.11 stanza).

If a 3.10.1 is shipped from the 3.10.1 branch rather than the 3.10 branch, then
be sure to update 3.10.1 to 3.10.2 both here and in the tip.

I wouldn't complain if the DES2 comments were fixed before checkin...;).
Attachment #190084 - Flags: superreview?(rrelyea) → superreview+
Comment on attachment 190619 [details] [diff] [review]
Improve comment regarding generating DES2 keys (checked in)

I checked in the improved comment (with Bob's suggested addition
of "currently") on the NSS trunk.
Attachment #190619 - Attachment description: Improve comment regarding generating DES2 keys → Improve comment regarding generating DES2 keys (checked in)
Comment on attachment 190084 [details] [diff] [review]
Patch for NSS_3_10_BRANCH (checked in with changes)

I checked in this patch on the NSS_3_10_BRANCH (for NSS 3.10.2)
with two changes:
- PK11_TokenKeyGenWithFlags is exported in NSS_3.10.2 instead
  of NSS_3.10.1.
- Improved comment for PK11_TokenKeyGenWithFlags and
  PK11_TokenKeyGen.
Attachment #190084 - Attachment description: Patch for NSS_3_10_BRANCH → Patch for NSS_3_10_BRANCH (checked in with changes)
Comment on attachment 190084 [details] [diff] [review]
Patch for NSS_3_10_BRANCH (checked in with changes)

OK as checked in.  One nit:

>+        bestSlot = PK11_GetBestSlot(type,wincx); /* TNH: references the slot? */
>+        if (bestSlot == NULL) {
>+	    PORT_SetError( SEC_ERROR_NO_MODULE );
>+	    return NULL;
>+	}
>+
>+        symKey = pk11_CreateSymKey(bestSlot, type, !isToken, wincx);
>+
>+        PK11_FreeSlot(bestSlot);

This code snipped was originally written by Terry Hayes in rev 1.4 of 
this file.  I think his comment "references the slot?" was expressing
some doubt about the correctness of the subsequent PK11_FreeSlot call 
that he added.	This patch propagates that comment and its doubt.
We should resolve this question, and remove the comment or fix the 
code, in all places where this comment now appears.
Attachment #190084 - Flags: review?(nelson) → review+
remove the comment. PK11_GetBestSlot does return a reference to the slot.
I verified that PK11_GetBestSlot references the slot, and
pk11_CreateSymKey gets its own reference for the slot, so
it is correct for the code to free the slot reference after
the pk11_CreateSymKey call.

With Bob's comment, I've checked in this patch on the NSS
trunk (3.11) and NSS_3_10_BRANCH (3.10.2).

There is another TNH comment in the file:

    /* TNH: Isn't this redundant, since "handleKey" will set defaults? */
    PK11_SETATTRS(attrs, (!weird)
	? CKA_ENCRYPT : CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); attrs++;

Anyone know what he meant by "handleKey"?
Bob answered my question about the TNH comment on "handleKey"
in bug 299197 comment 10.

The PK11_TokenKeyGenWithFlags function will appear in the NSS
3.10.2 release.  Its prototype has been changed to use the
new PK11AttrFlags type instead of the "PRBool isToken" parameter.
This allows us to specify other PKCS #11 object attributes
such as isSensitive and isPrivate.
Target Milestone: 3.11 → 3.10.2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: