[Softhsm-develop] support for CKM_RSA_PKCS key un/wrapping

Petr Spacek pspacek at redhat.com
Mon Jul 21 14:59:31 UTC 2014

On 18.7.2014 19:23, Petr Spacek wrote:
> On 18.7.2014 10:29, Roland van Rijswijk - Deij wrote:
>> Hi Petr,
>> Petr Spacek wrote:
>>> I have opened pull request #83 which adds support for CKM_RSA_PKCS key
>>> un/wrapping.
>>> https://github.com/opendnssec/SoftHSMv2/pull/83
>>> Let's discuss about this code and your requirements :-)
>>> Current code uses AsymmetricAlgorithm->encrypt() and decrypt() directly.
>>> I wonder if it is really necessary to introduce new AsymmetricAlgorithm
>>> interface for wrap() and unwrap(). To me it seems that calling encrypt()
>>> and decrypt() with correct AsymMech could be enough...
>>> Other alternative would be to add wrap() and unwrap() interface and
>>> simply relay calls wrap()->encrypt() etc. It would allow us to filter
>>> out some inappropriate mechanism from wrap() call but that is all. (E.g.
>>> refusing to do key wrapping if mechanism is CKM_SHA1_RSA_PKCS or
>>> something like that.)
>>> Is it worth doing so? Thank you for your opinions.
>> I think it is worthwhile having a separate interface. Not just because
>> it looks cleaner, also because you can manage permissions on keys that
>> allow or disallow certain operations (such as wrapping/unwrapping). I
> Could you be more specific, please? What do you mean with 'permissions'? Do
> you mean PKCS#11 tables which say e.g. that CKM_SHA1_RSA_PKCS cannot be used
> for key wrapping?
> Or something else? It seems to me that crypto layer (AsymmetricAlgorithm and
> others) is deep below P11Object so those objects doesn't have any knowledge of
> allowed key usages.
> I mean: In cases where PKCS#11 *standard* allows to use given mechanism for
> encryption and wrapping but P11Object says something else (e.g. allows only
> key wrapping) there is no way for AsymmetricAlgorithm to know about this
> limitation.
> Please correct me if I'm wrong.
> I can certainly write wrap() as a wrapper around encrypt() which will
> implement PKCS#11 'tables'. I imagine that it would be fairly simple:
> bool wrap(..., padding) {
>      switch (padding) {
>          case RSA_PKCS:
>              return encrypt(..., padding);
>          default:
>          // includes CKM_SHA1_RSA_PKCS
>              return false;
>      }
> }
> Adding knowledge about allowed key usage to AsymmetricAlgorithm would be more
> invasive change.
>> also think it is worthwhile having a constructor on AsymmetricKey
>> objects that allow a PKCS #8 blob as input, such that a call to unwrap
>> using a SymmetricKey can invoke such a constructor. Conversely, there
>> should be a function on AsymmetricKey objects that output a suitable
>> PKCS #8 blob for an invocation of wrap using a SymmetricKey object.
> Do I understand correctly that 'unwrap' method of SymmetricKey object should
> yield new AsymmetricKey object (constructed from PKCS8 blob)?
> What method do you propose for distinguishing cases where wrapped blob
> contains symmetric or asymmetric key? (AFAIK it can happen with symmetric
> algorithms.)
> Thank you for guidance!

Proof-of-concept code is available:

Please let me know if it fulfills your requirements or what should be changed.

Thank you!

Petr Spacek  @  Red Hat

More information about the Softhsm-develop mailing list