Need a way to specify if a key is sensitive or not

RESOLVED FIXED in 4.2

Status

JSS
Library
P1
enhancement
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: Thomas Kwan, Assigned: Wan-Teh Chang)

Tracking

Details

(Whiteboard: [3.7])

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

12 years ago
Wan-Teh,

Turned out that I need to be able to specify if a key is sensitive or not. Can you take a look of the following patch and integrate it into JSS 3.7?
(Reporter)

Comment 1

12 years ago
Created attachment 202193 [details] [diff] [review]
expose sensitiveKeyPairs function
(Assignee)

Comment 2

12 years ago
Created attachment 202326 [details] [diff] [review]
expose sensitiveKeyPairs function v2

I made the following changes to Thomas's patch.

The default of "sensitive" needs to be chosen carefully
for backward compatibility.  This means the sensitive key/keypair
mode can't be a boolean but needs to be an int so that we can use
the value -1 to mean "unspecified: use the default".

For symmetric keys, the default of "sensitive" is token dependent.
Although PKCS #11 says the default should be insensitive keys,
in practice some tokens require all keys to be sensitive.

For keypairs, unfortunately the default of "sensitive" has to
depend on the temporaryPairs mode for backward compatibility.

Thomas, please review and test this patch.

Glen, please review this patch.
Attachment #202193 - Attachment is obsolete: true
Attachment #202326 - Flags: superreview?(glen.beasley)
Attachment #202326 - Flags: review?(nkwan)
(Assignee)

Updated

12 years ago
Severity: normal → enhancement
Status: NEW → ASSIGNED
Priority: -- → P1
(Assignee)

Updated

12 years ago
Attachment #202326 - Flags: review?(rrelyea)
(Reporter)

Updated

12 years ago
Attachment #202326 - Flags: review?(nkwan) → review+
(Reporter)

Comment 3

12 years ago
Tested and it works in my environment. In my application, I tried
calling sensitiveKeys. Luna failed with an error 0x13. 

12905392[b5e7a698]: C_GenerateKey
12905392[b5e7a698]:   hSession = 0xb
12905392[b5e7a698]:   pMechanism = 0xc4db50
12905392[b5e7a698]:   pTemplate = 0xc4db70
12905392[b5e7a698]:   ulCount = 4
12905392[b5e7a698]:   phKey = 0xb5bea95c
12905392[b5e7a698]:     CKA_SENSITIVE = CK_FALSE [1]
12905392[b5e7a698]:     CKA_ENCRYPT = CK_TRUE [1]
12905392[b5e7a698]:     CKA_WRAP = CK_TRUE [1]
12905392[b5e7a698]:     CKA_UNWRAP = CK_TRUE [1]
12905392[b5e7a698]:       mechanism = 0x131
12905392[b5e7a698]:   *phKey = 0x0
12905392[b5e7a698]:   rv = 0x13


If I dont call sensitveKeys, it works:

65862576[b5c4c790]: C_GenerateKey
65862576[b5c4c790]:   hSession = 0xd
65862576[b5c4c790]:   pMechanism = 0x3eceb50
65862576[b5c4c790]:   pTemplate = 0x3eceb70
65862576[b5c4c790]:   ulCount = 3
65862576[b5c4c790]:   phKey = 0xb59ea09c
65862576[b5c4c790]:     CKA_ENCRYPT = CK_TRUE [1]
65862576[b5c4c790]:     CKA_WRAP = CK_TRUE [1]
65862576[b5c4c790]:     CKA_UNWRAP = CK_TRUE [1]
65862576[b5c4c790]:       mechanism = 0x131
13011888[b59cdbc8]:   rv = 0x0

Updated

12 years ago
Attachment #202326 - Flags: superreview?(glen.beasley) → superreview+
(Assignee)

Comment 4

12 years ago
Patch checked in on the JSS_3_X_BRANCH (JSS 3.7) and
the JSS trunk (JSS 4.2).
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Whiteboard: [3.7][4.2]
(Assignee)

Updated

12 years ago
Whiteboard: [3.7][4.2] → [3.7]
Target Milestone: --- → 4.2

Updated

12 years ago
Attachment #202326 - Flags: review?(rrelyea) → review+
You need to log in before you can comment on or make changes to this bug.