From jerry at opendnssec.org Thu Oct 2 05:55:05 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Thu, 02 Oct 2014 07:55:05 +0200 Subject: [Softhsm-develop] SoftHSM v2 not able to configure multiple slots? Message-ID: <1412229305.12397.1.camel@what> Hi, The configuration file for SoftHSM v2 does not look like it can handle multiple slots but all tools and API can, why or am I missing something? -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 643 bytes Desc: This is a digitally signed message part URL: From jakob at kirei.se Thu Oct 2 06:32:51 2014 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 2 Oct 2014 08:32:51 +0200 Subject: [Softhsm-develop] testing 2.0.0b1 Message-ID: <4F505C8A-8AD1-4F40-A6CD-832BBAD80459@kirei.se> Anyone working to more extensive testing of 2.0.0b1? If so, how does it look? jakob -- Jakob Schlyter Kirei AB - www.kirei.se From pspacek at redhat.com Thu Oct 2 07:45:40 2014 From: pspacek at redhat.com (Petr Spacek) Date: Thu, 02 Oct 2014 09:45:40 +0200 Subject: [Softhsm-develop] testing 2.0.0b1 In-Reply-To: <4F505C8A-8AD1-4F40-A6CD-832BBAD80459@kirei.se> References: <4F505C8A-8AD1-4F40-A6CD-832BBAD80459@kirei.se> Message-ID: <542D02A4.9050308@redhat.com> On 2.10.2014 08:32, Jakob Schlyter wrote: > Anyone working to more extensive testing of 2.0.0b1? If so, how does it look? We are using it for FreeIPA development (i.e. OpenDNSSEC + heavy key wrapping/unwrapping). Up to now we did only basic tests but it will get more attention in upcoming weeks as we will get closer to FreeIPA 4.1 release. Paul Wouters sent results of static code analysis to opendnssec-users list, maybe it could point to some interesting bugs. (However I did not read report for SoftHSM 2 but only for OpenDNSSEC 1.4.6 so I can't say anything about it.) -- Petr Spacek @ Red Hat From jerry at opendnssec.org Thu Oct 2 08:24:07 2014 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=) Date: Thu, 02 Oct 2014 10:24:07 +0200 Subject: [Softhsm-develop] testing 2.0.0b1 In-Reply-To: <4F505C8A-8AD1-4F40-A6CD-832BBAD80459@kirei.se> References: <4F505C8A-8AD1-4F40-A6CD-832BBAD80459@kirei.se> Message-ID: <1412238247.3232.2.camel@mine> On tor, 2014-10-02 at 08:32 +0200, Jakob Schlyter wrote: > Anyone working to more extensive testing of 2.0.0b1? If so, how does it look? I am developing a PKCS11 module for Perl and have implemented the tests from SoftHSM v1 "make check", now working on running that test suite with SoftHSM v2 and will see if I can complement the test suite with something from the SoftHSM v2 "make check". Will keep the list up to date. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 603 bytes Desc: This is a digitally signed message part URL: From jerry.lundstrom at iis.se Thu Oct 2 11:37:06 2014 From: jerry.lundstrom at iis.se (=?utf-8?B?SmVycnkgTHVuZHN0csO2bQ==?=) Date: Thu, 2 Oct 2014 13:37:06 +0200 Subject: [Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1 Message-ID: <1412249826.3232.22.camel@mine> Hi, So I found some issues during my testing of my Perl module and SoftHSMv2 with regards to v1, a few of them where just different return codes so they are not listed here. - C_Login with CKU_CONTEXT_SPECIFIC This will always returns CKR_OPERATION_NOT_INITIALIZED because its not handled (there is a TODO in the source). - C_Login while already logged in This returns CKR_SESSION_READ_ONLY_EXISTS while v1 returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN. - Unable to use object/key handle after C_Logout In runObjectCheck() for v1 a key pair is created then the user is logged out to run tests while logged out and later on the user is logged back in to do the same. This does not work in v2, the object/key handle received while logged in does not work after logout/login, CKR_OBJECT_HANDLE_INVALID is received from for example C_GetAttributeValue, C_SetAttributeValue and C_DestroyObject. This problem also affected sign/verify/encrypt and decrypt tests, had to turn off a bunch of tests. - Encrypt and decrypt operations not separated In runDecryptCheck() a encrypt and decrypt operation is initiated at the same time, v1 could handle this but v2 does not. - Decrypting data with the wrong key returns CKR_GENERAL_ERROR This happens in v2 but in v1 CKR_ENCRYPTED_DATA_INVALID is returned which is a much better error. -- Jerry Lundstr?m - Software Engineer .SE - The Internet Infrastructure Foundation http://www.iis.se/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 603 bytes Desc: This is a digitally signed message part URL: From pspacek at redhat.com Thu Oct 2 12:06:26 2014 From: pspacek at redhat.com (Petr Spacek) Date: Thu, 02 Oct 2014 14:06:26 +0200 Subject: [Softhsm-develop] CK_RSA_PKCS_OAEP_PARAMS.source question In-Reply-To: References: <5422B71E.9050205@redhat.com> Message-ID: <542D3FC2.3080609@redhat.com> On 28.9.2014 21:33, Rickard Bellgrim wrote: > On Wed, Sep 24, 2014 at 2:20 PM, Petr Spacek wrote: > >> Hello, >> >> I'm working on a patch with PKCS #1 RSA OAEP support and I have a question >> regarding "source" member in CK_RSA_PKCS_OAEP_PARAMS structure. >> >> IMHO CK_RSA_PKCS_OAEP_PARAMS.source should always be set to >> CKZ_DATA_SPECIFIED, i.e. to 0x00000001. >> >> Is this correct (I'm looking into pkcs-11v2-30m1-d7.doc page 26)? >> >> I'm asking because current code ignores this value completely so I'm >> trying to determine if it is a bug or intentional decision. >> >> Thank you for clarification! > > > Yes, that is correct. I believe that this field was not checked because the > parameter is not used by the function. If we want to be strict then source > == CKZ_DATA_SPECIFIED, pSourceData == NULL_PTR, and ulSourceDataLen == 0 > must be set. Thank you for answer! I have implemented RSA PKCS OAEP key un/wrapping: https://github.com/opendnssec/SoftHSMv2/pull/90 This code strictly checks all parameters to prevent confusion in future. The patch set contains couple new tests for invalid parameter handling so we can be reasonably sure that it works. Patch set with support for new OpenSSL AES key un/wrapping APIs will follow. -- Petr Spacek @ Red Hat From pspacek at redhat.com Fri Oct 3 15:04:55 2014 From: pspacek at redhat.com (Petr Spacek) Date: Fri, 03 Oct 2014 17:04:55 +0200 Subject: [Softhsm-develop] AES wrap_key_with_pad & OpenSSL master branch In-Reply-To: <393E651C-A5F8-40BE-AC22-BAB1E91F7328@kirei.se> References: <53F45D01.20605@redhat.com> <393E651C-A5F8-40BE-AC22-BAB1E91F7328@kirei.se> Message-ID: <542EBB17.4070706@redhat.com> On 21.8.2014 11:23, Jakob Schlyter wrote: > On 20 aug 2014, at 10:32, Petr Spacek wrote: > >> Unfortunately I have had to re-write the original patch [1] to make it acceptable and the final API is not compatible with API from the original patch. (Now the key wrap mode is part of EVP API.) >> >> I would like to send patches for SoftHSM with support for the 'official' OpenSSL API so AES key wrap with padding will be usable on systems even without custom OpenSSL build. >> >> Can I remove the unofficial API and replace it with the official one? Or is it necessary to keep support the unofficial API around? > > Since we've not yet released SoftHSM 2.0, I believe we can replace it. Great, patch https://github.com/opendnssec/SoftHSMv2/pull/91 does exactly that. The old/proprietary interface was completely replaced with "standard" OpenSSL EVP interface (I didn't touch code for Botan). I didn't change anything on encryption/wrapping method separation but technically for now. In future, it should be possible to implement SymmetricAlgorithm::wrapKey() as a wrapper around SymmetricAlgorithm::encryptInit/Update/Final() in similar way as it is done with AsymmetricAlgorithm::wrapKey(). I didn't do it because it would require bigger changes to internal SymmetricAlgorithm structure so it can be let as possible optimization. I'm looking forward to code review! Have a nice day. -- Petr Spacek @ Red Hat From rickard at opendnssec.org Sun Oct 5 19:10:18 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Sun, 5 Oct 2014 21:10:18 +0200 Subject: [Softhsm-develop] SoftHSM v2 not able to configure multiple slots? In-Reply-To: <1412229305.12397.1.camel@what> References: <1412229305.12397.1.camel@what> Message-ID: The slots are allocated dynamically. The configuration only handle the location where the tokens will be stored. On Thu, Oct 2, 2014 at 7:55 AM, Jerry Lundstr?m wrote: > Hi, > > The configuration file for SoftHSM v2 does not look like it can handle > multiple slots but all tools and API can, why or am I missing something? > > -- > Jerry Lundstr?m - OpenDNSSEC Developer > http://www.opendnssec.org/ > > > _______________________________________________ > Softhsm-develop mailing list > Softhsm-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/softhsm-develop > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rickard at opendnssec.org Sun Oct 5 19:13:50 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Sun, 5 Oct 2014 21:13:50 +0200 Subject: [Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1 In-Reply-To: <1412249826.3232.22.camel@mine> References: <1412249826.3232.22.camel@mine> Message-ID: Thanks for comparing the behavior. Will check the details and get back to you during next week. On Thu, Oct 2, 2014 at 1:37 PM, Jerry Lundstr?m wrote: > Hi, > > So I found some issues during my testing of my Perl module and SoftHSMv2 > with regards to v1, a few of them where just different return codes so > they are not listed here. > > - C_Login with CKU_CONTEXT_SPECIFIC > This will always returns CKR_OPERATION_NOT_INITIALIZED because its not > handled (there is a TODO in the source). > > - C_Login while already logged in > This returns CKR_SESSION_READ_ONLY_EXISTS while v1 returns > CKR_USER_ANOTHER_ALREADY_LOGGED_IN. > > - Unable to use object/key handle after C_Logout > In runObjectCheck() for v1 a key pair is created then the user is logged > out to run tests while logged out and later on the user is logged back > in to do the same. This does not work in v2, the object/key handle > received while logged in does not work after logout/login, > CKR_OBJECT_HANDLE_INVALID is received from for example > C_GetAttributeValue, C_SetAttributeValue and C_DestroyObject. > This problem also affected sign/verify/encrypt and decrypt tests, had to > turn off a bunch of tests. > > - Encrypt and decrypt operations not separated > In runDecryptCheck() a encrypt and decrypt operation is initiated at the > same time, v1 could handle this but v2 does not. > > - Decrypting data with the wrong key returns CKR_GENERAL_ERROR > This happens in v2 but in v1 CKR_ENCRYPTED_DATA_INVALID is returned > which is a much better error. > > -- > Jerry Lundstr?m - Software Engineer > .SE - The Internet Infrastructure Foundation > http://www.iis.se/ > > > _______________________________________________ > Softhsm-develop mailing list > Softhsm-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/softhsm-develop > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.lundstrom at iis.se Mon Oct 6 05:30:01 2014 From: jerry.lundstrom at iis.se (=?utf-8?B?SmVycnkgTHVuZHN0csO2bQ==?=) Date: Mon, 6 Oct 2014 07:30:01 +0200 Subject: [Softhsm-develop] SoftHSM v2 not able to configure multiple slots? In-Reply-To: References: <1412229305.12397.1.camel@what> Message-ID: <1412573401.12281.2.camel@what> On s?n, 2014-10-05 at 21:10 +0200, Rickard Bellgrim wrote: > The slots are allocated dynamically. The configuration only handle the > location where the tokens will be stored. Ok, thanks for the information. It helped solve some of the tests I had problems with. Side note; Seems like slots can only be initialized in sequentially (0, 1, 2, 3...), is v2 suppose to not allow non sequential slots initialization? -- Jerry Lundstr?m - Software Engineer .SE - The Internet Infrastructure Foundation http://www.iis.se/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 643 bytes Desc: This is a digitally signed message part URL: From rickard at opendnssec.org Mon Oct 6 19:12:36 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 6 Oct 2014 21:12:36 +0200 Subject: [Softhsm-develop] SoftHSM v2 not able to configure multiple slots? In-Reply-To: <1412573401.12281.2.camel@what> References: <1412229305.12397.1.camel@what> <1412573401.12281.2.camel@what> Message-ID: On Mon, Oct 6, 2014 at 7:30 AM, Jerry Lundstr?m wrote: > On s?n, 2014-10-05 at 21:10 +0200, Rickard Bellgrim wrote: > > The slots are allocated dynamically. The configuration only handle the > > location where the tokens will be stored. > > Ok, thanks for the information. It helped solve some of the tests I had > problems with. > > Side note; Seems like slots can only be initialized in sequentially (0, > 1, 2, 3...), is v2 suppose to not allow non sequential slots > initialization? > Correct, just sequentially. You can use the PKCS#11 function calls to find the first uninitialized slot. There is however a potential feature request in https://issues.opendnssec.org/browse/SOFTHSM-100 to initialize the first free slot when using the softhsm tool. You normally never use the PKCS#11 interface to initialize a token in e.g. a SafeNet HSM. You use the administrative interface. Because you also need to setup other credentials than the SO and User PIN. // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From rickard at opendnssec.org Sat Oct 11 07:53:41 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Sat, 11 Oct 2014 09:53:41 +0200 Subject: [Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1 In-Reply-To: <1412249826.3232.22.camel@mine> References: <1412249826.3232.22.camel@mine> Message-ID: On Thu, Oct 2, 2014 at 1:37 PM, Jerry Lundstr?m wrote: > - C_Login with CKU_CONTEXT_SPECIFIC > This will always returns CKR_OPERATION_NOT_INITIALIZED because its not > handled (there is a TODO in the source). > This usage scenario is not implemented in e.g. C_SignInit(). PKCS#11 says that CKR_OPERATION_NOT_INITIALIZED is the proper return value. SoftHSMv1 is not doing anything with this user type, if we want to be strict then SoftHSMv1 should also return this value. > - C_Login while already logged in > This returns CKR_SESSION_READ_ONLY_EXISTS while v1 returns > CKR_USER_ANOTHER_ALREADY_LOGGED_IN. > This is just an order of evaluation. This can differ between HSM:s. Both are doing the same checks but in different order. Except that SoftHSMv1 is not checking if the given user is already logged in, CKR_USER_ALREADY_LOGGED_IN. > - Unable to use object/key handle after C_Logout > In runObjectCheck() for v1 a key pair is created then the user is logged > out to run tests while logged out and later on the user is logged back > in to do the same. This does not work in v2, the object/key handle > received while logged in does not work after logout/login, > CKR_OBJECT_HANDLE_INVALID is received from for example > C_GetAttributeValue, C_SetAttributeValue and C_DestroyObject. > This problem also affected sign/verify/encrypt and decrypt tests, had to > turn off a bunch of tests. > PKCS#11 says that handles for private objects will become invalid after logout. When you login again, the private object will be assigned a new handle. In SoftHSMv1, the handle is the ID in the database and will not change during the lifetime of the object. In theory, the object handle is a temporary ID and this is also true for SoftHSMv2. > - Encrypt and decrypt operations not separated > In runDecryptCheck() a encrypt and decrypt operation is initiated at the > same time, v1 could handle this but v2 does not. > The tests for SoftHSMv1 are using two different sessions, but the code in SoftHSMv1 is not checking if other crypto operations are active. The different crypto operations are not using the same resources within the session. Are you just using one session in your code? SoftHSMv2 only allows one active crypto operation per session. This is because the crypto operations are using the same resources within the session. See the definition for CKR_OPERATION_ACTIVE. You could check for the flag CKF_DUAL_CRYPTO_OPERATIONS but that is not set in non of the versions. SoftHSMv1 could have that one set if we want. - Decrypting data with the wrong key returns CKR_GENERAL_ERROR > This happens in v2 but in v1 CKR_ENCRYPTED_DATA_INVALID is returned > which is a much better error. > SoftHSMv2 is using more abstraction layers than SoftHSMv1. The internal decrypt function only has a boolean return value, where the negative result could be other things than just CKR_ENCRYPTED_DATA_INVALID. More details are given in the logs. In total: There are some things that we can change in SoftHSMv1. // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From rickard at opendnssec.org Wed Oct 29 21:10:52 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 29 Oct 2014 22:10:52 +0100 Subject: [Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1 In-Reply-To: References: <1412249826.3232.22.camel@mine> Message-ID: > In total: There are some things that we can change in SoftHSMv1. > The changes has been merged from https://github.com/opendnssec/SoftHSMv1/pull/16 // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: