Closed Bug 298957 Opened 19 years ago Closed 19 years ago

PK11_TokenKeyGen should add CKA_UNWRAP and CKA_WRAP attributes to object template

Categories

(NSS :: Libraries, enhancement, P2)

3.9.3
enhancement

Tracking

(Not tracked)

RESOLVED FIXED
3.10.2

People

(Reporter: nkwan, Assigned: rrelyea)

Details

Attachments

(9 files)

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 We are working on a project where we want to generate a symmetric key and then use the key to unwrap another key into the hardware token. We would like to add the following to the PK11_TokenKeyGen function: [nkwan@zion pk11wrap]$ cvs diff pk11skey.c Index: pk11skey.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v retrieving revision 1.83 diff -r1.83 pk11skey.c 1457c1457 < CK_ATTRIBUTE genTemplate[6]; --- > CK_ATTRIBUTE genTemplate[8]; 1493a1494,1495 > PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(cktrue)); attrs++; > PK11_SETATTRS(attrs, CKA_UNWRAP, &cktrue, sizeof(cktrue)); attrs++; [nkwan@zion pk11wrap]$ vi pk11skey.c Reproducible: Always
Assignee: wtchang → rrelyea
Status: UNCONFIRMED → NEW
Ever confirmed: true
I am worried that adding the CKA_WRAP and CKA_UNWRAP attributes to the C_GenerateKey call may break some PKCS #11 modules. Secret keys have other attributes, such as CKA_VERIFY. Do we also need to set them?
In our program, we need to use the generated symmetric to unwrap another key into the hardware token. SafeNet's Luna SA does not perform unwrap if the key is not marked with CKA_UNWRAP. Maybe instead of keep adding new attributes to this function, we can write a new function that takes a list of user-defined attributes, similar to PK11_ImportSymKeyWithFlags where flags are user-definied attributes.
This patch adds a new function PK11_TokenKeyGenWithFlags, with has one more parameter (CF_FLAGS flags) than the existing PK11_TokenKeyGen function. PK11_TokenKeyGen is reimplemented to call PK11_TokenKeyGenWithFlags. Thomas, please try calling PK11_TokenKeyGenWithFlags with "flags" equal to CKF_SIGN|CKF_WRAP|CKF_UNWRAP.
Attachment #187534 - Flags: superreview?(nelson)
Attachment #187534 - Flags: review?(rrelyea)
Severity: normal → enhancement
OS: Linux → All
Priority: -- → P2
Target Milestone: --- → 3.11
Version: unspecified → 3.9.3
This patch doesn't require a new function and tries to be backward compatible. Thomas, could you test this patch, too?
Attachment #187537 - Flags: review?(rrelyea)
Comment on attachment 187534 [details] [diff] [review] Add new function PK11_TokenKeyGenWithFlags (checked in) Thomas reported that the new function works for him.
Summary: Need to add CKA_UNWRAP and CKA_WRAP attributes to PK11_TokenKeyGen function → PK11_TokenKeyGen shuld add CKA_UNWRAP and CKA_WRAP attributes to object template
Comment on attachment 187534 [details] [diff] [review] Add new function PK11_TokenKeyGenWithFlags (checked in) Looks right to me.
Attachment #187534 - Flags: superreview?(nelson)
Attachment #187534 - Flags: superreview+
Attachment #187534 - Flags: review?(rrelyea)
Comment on attachment 187537 [details] [diff] [review] Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible I gather that this second patch is intended to be an alternative to the first one. It always adds the two attributes to the new keys. I don't think we want to do that. In particular, I think we do not want to add wrap/unwrap to token keys that are intended for use in signing-only certs. So I think the approach in the first patch is right.
Comment on attachment 187537 [details] [diff] [review] Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible Nelson, you are right. This patch is an alternative to the first patch. We are generating symmetric keys, not public/private key pairs in PK11_TokenKeyGen.
Attachment #187537 - Attachment description: Have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible → Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible
Attachment #187534 - Flags: review?(rrelyea)
Comment on attachment 187534 [details] [diff] [review] Add new function PK11_TokenKeyGenWithFlags (checked in) This is the patch we want. The lack of a 'with flags' in for symkey keygen was a dificiency in the original API. This fixes that deficiency.
Attachment #187534 - Flags: review?(rrelyea) → review+
Comment on attachment 187537 [details] [diff] [review] Alternate patch: have PK11_TokenKeyGen set CKA_WRAP and CKA_UNWRAP whenever possible The previous patch is preferable
Attachment #187537 - Flags: review?(rrelyea) → review-
Comment on attachment 187534 [details] [diff] [review] Add new function PK11_TokenKeyGenWithFlags (checked in) Patch checked in on the NSS trunk for NSS 3.11. The new function now has the NSS_3.11 version. We may need to change it to NSS_3.10.1 because we may need to add this function to the NSS 3.10.1 release. Checking in nss/nss.def; /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.147; previous revision: 1.146 done Checking in pk11wrap/pk11pub.h; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v <-- pk11pub.h new revision: 1.6; previous revision: 1.5 done Checking in pk11wrap/pk11skey.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v <-- pk11skey.c new revision: 1.98; previous revision: 1.97 done
Attachment #187534 - Attachment description: Add new function PK11_TokenKeyGenWithFlags → Add new function PK11_TokenKeyGenWithFlags (checked in)
I found these problems while reviewing pk11skey.c to ensure that MAX_TEMPL_ATTRS (16) is big enough. 1. pk11_FlagsToAttributes should not add an attribute whose type is 0. (Some of the elements in the attrTypes array are 0.) This lowers the maximum number of attributes pk11_FlagsToAttributes may add from 12 to 9. 2. In PK11_DeriveWithFlagsPerm, the size of keyTemplate array doesn't need to be MAX_TEMPL_ATTRS+1 because MAX_TEMPL_ATTRS is big enough.
Attachment #187863 - Flags: review?(rrelyea)
Attachment #187863 - Flags: review?(rrelyea) → review+
Comment on attachment 187863 [details] [diff] [review] Code cleanup patch (checked in) I checked in the code cleanup patch on the NSS trunk for NSS 3.11. Checking in pk11skey.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v <-- pk11skey.c new revision: 1.99; previous revision: 1.98 done Checking in pk11obj.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v <-- pk11obj.c new revision: 1.6; previous revision: 1.5 done
Attachment #187863 - Attachment description: Code cleanup patch → Code cleanup patch (checked in)
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
In this patch, I propose to make the new function PK11_TokenKeyGenWithFlags "legacy free" and move the following code out of it to PK11_TokenKeyGen. 1. The code to set the CKF_ENCRYPT flag by default. 2. The Fortezza hack code. What do you think?
Attachment #188482 - Flags: superreview?(nelson)
Attachment #188482 - Flags: review?(rrelyea)
Comment on attachment 188482 [details] [diff] [review] Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in) yes, I think it's a good idea to keep the fortezza weirdness out of the new function.
Attachment #188482 - Flags: review?(rrelyea) → review+
Comment on attachment 188482 [details] [diff] [review] Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in) I checked in this patch on the NSS trunk for NSS 3.11. Checking in pk11skey.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v <-- pk11skey.c new revision: 1.100; previous revision: 1.99 done
Attachment #188482 - Attachment description: Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags → Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in)
This is the safer version of the patch, for NSS_3_10_BRANCH. It merely adds the new PK11_TokenKeyGenWithFlag function without touching any existing functions. The new function has the version "NSS_3.10.1".
Attachment #190084 - Flags: superreview?(rrelyea)
Attachment #190084 - Flags: review?(nelson)
This patch is for the trunk.
Attachment #190086 - Flags: review?(julien.pierre.bugs)
Attachment #190086 - Flags: review?(julien.pierre.bugs) → review+
Comment on attachment 190084 [details] [diff] [review] Patch for NSS_3_10_BRANCH (checked in with changes) I didn't give it a thorough review, assuming you cut and pasted the already approved 3.11. All the parts seem to be there. at that point it looks ok.
Comment on attachment 190086 [details] [diff] [review] Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 (checked in) Checked in on the trunk. Checking in nss.def; /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.151; previous revision: 1.150 done
Attachment #190086 - Attachment description: Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 → Export PK11_TokenKeyGenWithFlags in NSS 3.10.1 instead of 3.11 (checked in)
Comment on attachment 188482 [details] [diff] [review] Move CKF_ENCRYPT and Fortezza hack code out of PK11_TokenKeyGenWithFlags (checked in) Since this patch is already checked in, I will just comment on it and not give it r+ or r-. There is one aspect of this change that makes the behavior of PK11_TokenKeyGen after the patch not the same as before the patch. It is this change: >@@ -836,7 +827,7 @@ > if (symKey == NULL) return NULL; > > symKey->size = keySize; >- symKey->origin = (!weird) ? PK11_OriginGenerated : PK11_OriginFortezzaHack; >+ symKey->origin = PK11_OriginGenerated; > > /* Initialize the Key Gen Mechanism */ > mechanism.mechanism = PK11_GetKeyGenWithSize(type, keySize); With this patch in place, symKey->origin will never be PK11_OriginFortezzaHack for fortezza any more. If it were not for the fact that we're removing fortezza support in 3.11, I would have said this is a regression worthy of fixing (r-). Note that the approach taken on the 3.10 branch, which does not reimplement PK11_TokenKeyGen using PK11_TokenKeyGenWithFlags should not have this issue. Perhaps it would be best to fix this by removing the fortezza support from PK11_TokenKeyGen alltogether. I think we've agreed to remove fortezza support from NSS for 3.11. I don't think we have to do that all at once. I think we can begin to remove it where we find it, and continue to do that until it's all gone. So, I invite you to remove the fortezza "hack" from PK11_TokenKeyGen on the trunk.
Attachment #188482 - Flags: superreview?(nelson)
Comment on attachment 190084 [details] [diff] [review] Patch for NSS_3_10_BRANCH (checked in with changes) The old function had this comment: * Use the token to Generate a key. keySize must be 'zero' for fixed key * length algorithms. NOTE: this means we can never generate a DES2 key * from this interface! I always considered that to be flawed. This API just doesn't work for algs that allow variable size keys. Since we're devising a new API here, and have an opportunity to make the necesssary changes to the function signature in the new function, shouldn't we take this opportunity to fix that limitation? If we don't fix it now, won't we have to add Yet Another API down the road?
Summary: PK11_TokenKeyGen shuld add CKA_UNWRAP and CKA_WRAP attributes to object template → PK11_TokenKeyGen should add CKA_UNWRAP and CKA_WRAP attributes to object template
nelson re comment 21 The patch removes support for fortezza hack in the 'PK11_TokenKeyGenWithFlags'(the new function), so that is not a regression. The old API ('PK11_TokenKeyGen') now calls the 'PK11_TokenKeyGenWithFlags', then calls 'PK11_SetFortezzaHack(symKey)' if 'weird' is set, so the semantics of the old version of the function is maintained. I would have rejected the patch if PK11_TokenKeyGen's semantics had changed. re comment 22 Sigh, this is weirdness of the PKCS #11 interface. PKCS #11 modules barf if you specify the CKA_KEY_LENGTH attribute for keys with fixed length. For DES, PKCS #11 determines whether or not you want a 2des or a 3des key by whether or not you specify CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN is supplied. The function is using the value of keysize to determine if it should supply the key length. Unfortunetly it's also using it to determin if you mean 2des or 3des when you specify CKM_DES3_CBC as the 'target' mechanism. It turns out the comment isn't exactly right, as you could specify CKM_DES2_KEY_GEN as the 'target' mechanism directly. The solutions to this problem include 1) specifying how could can generate DES2 keys, 2) move the knowlege of key sizes down into the function itself so that it knows not to set CKA_KEY_LENGTH for various mechanisms itself without the caller having to tell it. In either of these cases, we should develope some DES2 test cases. We don't test DES2 in a lot of instances (including key import and actually using DES2 keys). bob
Comment on attachment 190619 [details] [diff] [review] Improve comment regarding generating DES2 keys (checked in) r+ R+ still applies if the last sentence says 'currently doesn't work'. bob
Attachment #190619 - Flags: review?(rrelyea) → review+
Comment on attachment 190084 [details] [diff] [review] Patch for NSS_3_10_BRANCH (checked in with changes) Make sure 3.11 has the export in a NSS_3.10.1 stanza (not in a NSS3.11 stanza). If a 3.10.1 is shipped from the 3.10.1 branch rather than the 3.10 branch, then be sure to update 3.10.1 to 3.10.2 both here and in the tip. I wouldn't complain if the DES2 comments were fixed before checkin...;).
Attachment #190084 - Flags: superreview?(rrelyea) → superreview+
Comment on attachment 190619 [details] [diff] [review] Improve comment regarding generating DES2 keys (checked in) I checked in the improved comment (with Bob's suggested addition of "currently") on the NSS trunk.
Attachment #190619 - Attachment description: Improve comment regarding generating DES2 keys → Improve comment regarding generating DES2 keys (checked in)
Comment on attachment 190084 [details] [diff] [review] Patch for NSS_3_10_BRANCH (checked in with changes) I checked in this patch on the NSS_3_10_BRANCH (for NSS 3.10.2) with two changes: - PK11_TokenKeyGenWithFlags is exported in NSS_3.10.2 instead of NSS_3.10.1. - Improved comment for PK11_TokenKeyGenWithFlags and PK11_TokenKeyGen.
Attachment #190084 - Attachment description: Patch for NSS_3_10_BRANCH → Patch for NSS_3_10_BRANCH (checked in with changes)
Comment on attachment 190084 [details] [diff] [review] Patch for NSS_3_10_BRANCH (checked in with changes) OK as checked in. One nit: >+ bestSlot = PK11_GetBestSlot(type,wincx); /* TNH: references the slot? */ >+ if (bestSlot == NULL) { >+ PORT_SetError( SEC_ERROR_NO_MODULE ); >+ return NULL; >+ } >+ >+ symKey = pk11_CreateSymKey(bestSlot, type, !isToken, wincx); >+ >+ PK11_FreeSlot(bestSlot); This code snipped was originally written by Terry Hayes in rev 1.4 of this file. I think his comment "references the slot?" was expressing some doubt about the correctness of the subsequent PK11_FreeSlot call that he added. This patch propagates that comment and its doubt. We should resolve this question, and remove the comment or fix the code, in all places where this comment now appears.
Attachment #190084 - Flags: review?(nelson) → review+
remove the comment. PK11_GetBestSlot does return a reference to the slot.
I verified that PK11_GetBestSlot references the slot, and pk11_CreateSymKey gets its own reference for the slot, so it is correct for the code to free the slot reference after the pk11_CreateSymKey call. With Bob's comment, I've checked in this patch on the NSS trunk (3.11) and NSS_3_10_BRANCH (3.10.2). There is another TNH comment in the file: /* TNH: Isn't this redundant, since "handleKey" will set defaults? */ PK11_SETATTRS(attrs, (!weird) ? CKA_ENCRYPT : CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); attrs++; Anyone know what he meant by "handleKey"?
Bob answered my question about the TNH comment on "handleKey" in bug 299197 comment 10. The PK11_TokenKeyGenWithFlags function will appear in the NSS 3.10.2 release. Its prototype has been changed to use the new PK11AttrFlags type instead of the "PRBool isToken" parameter. This allows us to specify other PKCS #11 object attributes such as isSensitive and isPrivate.
Target Milestone: 3.11 → 3.10.2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: