[Softhsm-develop] CKA_SENSITIVE and CKA_EXTRACTABLE handling

[Petr Spacek]

Hello list,

I'm working on CKM_RSA_PKCS support for C_WrapKey (as I promised earlier).

I have found out that SoftHSM allows me to *wrap* key if and only if this key 
has CKA_SENSITIVE=FALSE and CKA_EXTRACTABLE=TRUE.

Unfortunately, this combination of flags also means that I'm able to get 
plaintext values from the token (using C_GetAttributeValue for CKA_VALUE or so).

I think that SoftHSM should allow key wrapping in case where 
CKA_EXTRACTABLE=TRUE and CKA_SENSITIVE=TRUE. In that case C_GetAttributeValue 
with CKA_VALUE should fail but C_WrapKey should work.

IMHO this is allowed behavior, see [1] page 83:

If the CKA_SENSITIVE attribute is CK_TRUE, or if the CKA_EXTRACTABLE attribute 
is CK_FALSE, then certain attributes of the secret key cannot be revealed in 
plaintext outside the token. Which attributes these are is specified for each 
type of secret key in the attribute table in the section describing that type 
of key.

This text talks only about plain text values, not about key wrapping. I think 
that this is in line with CKA_EXTRACTABLE and CKA_SENSITIVE definitions:

CKA_EXTRACTABLE in [1] on page 79:
CK_TRUE if key is extractable and can be wrapped.

CKA_SENSITIVE in [1] on page 79:
CK_TRUE if key is sensitive


My personal translation to natural language is:
CKA_EXTRACTABLE defines if user is allowed to get "any" values (plaintext or 
wrapped).
CKA_SENSITIVE defines if user is allowed to get plaintext values.


Do you agree? Would you accept patch which will modify attribute handling to 
follow logic explained above?

Thank you for your time!

[1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-30/pkcs-11v2-30b-d6.pdf

-- 
Petr Spacek  @  Red Hat