[Softhsm-develop] support for CKM_RSA_PKCS key un/wrapping

Petr Spacek pspacek at redhat.com
Fri Jul 18 17:23:04 UTC 2014


On 18.7.2014 10:29, Roland van Rijswijk - Deij wrote:
> Hi Petr,
>
> Petr Spacek wrote:
>> I have opened pull request #83 which adds support for CKM_RSA_PKCS key
>> un/wrapping.
>> https://github.com/opendnssec/SoftHSMv2/pull/83
>>
>> Let's discuss about this code and your requirements :-)
>>
>> Current code uses AsymmetricAlgorithm->encrypt() and decrypt() directly.
>>
>> I wonder if it is really necessary to introduce new AsymmetricAlgorithm
>> interface for wrap() and unwrap(). To me it seems that calling encrypt()
>> and decrypt() with correct AsymMech could be enough...
>>
>> Other alternative would be to add wrap() and unwrap() interface and
>> simply relay calls wrap()->encrypt() etc. It would allow us to filter
>> out some inappropriate mechanism from wrap() call but that is all. (E.g.
>> refusing to do key wrapping if mechanism is CKM_SHA1_RSA_PKCS or
>> something like that.)
>>
>> Is it worth doing so? Thank you for your opinions.
>
> I think it is worthwhile having a separate interface. Not just because
> it looks cleaner, also because you can manage permissions on keys that
> allow or disallow certain operations (such as wrapping/unwrapping). I

Could you be more specific, please? What do you mean with 'permissions'? Do 
you mean PKCS#11 tables which say e.g. that CKM_SHA1_RSA_PKCS cannot be used 
for key wrapping?

Or something else? It seems to me that crypto layer (AsymmetricAlgorithm and 
others) is deep below P11Object so those objects doesn't have any knowledge of 
allowed key usages.

I mean: In cases where PKCS#11 *standard* allows to use given mechanism for 
encryption and wrapping but P11Object says something else (e.g. allows only 
key wrapping) there is no way for AsymmetricAlgorithm to know about this 
limitation.

Please correct me if I'm wrong.


I can certainly write wrap() as a wrapper around encrypt() which will 
implement PKCS#11 'tables'. I imagine that it would be fairly simple:

bool wrap(..., padding) {
	switch (padding) {
		case RSA_PKCS:
			return encrypt(..., padding);
		
		default:
		// includes CKM_SHA1_RSA_PKCS
			return false;
	}
}


Adding knowledge about allowed key usage to AsymmetricAlgorithm would be more 
invasive change.

> also think it is worthwhile having a constructor on AsymmetricKey
> objects that allow a PKCS #8 blob as input, such that a call to unwrap
> using a SymmetricKey can invoke such a constructor. Conversely, there
> should be a function on AsymmetricKey objects that output a suitable
> PKCS #8 blob for an invocation of wrap using a SymmetricKey object.

Do I understand correctly that 'unwrap' method of SymmetricKey object should 
yield new AsymmetricKey object (constructed from PKCS8 blob)?

What method do you propose for distinguishing cases where wrapped blob 
contains symmetric or asymmetric key? (AFAIK it can happen with symmetric 
algorithms.)

Thank you for guidance!

-- 
Petr Spacek  @  Red Hat



More information about the Softhsm-develop mailing list