Hi folks.
I forgot to mention that the problem happens in Open Solaris (uname -r=5.11)
too. The behavior, inputs and outputs are similar. Regards, Ignacio
> =====
> 2009/3/3 Mark Powers <mark.powers at sun.com>
>
> Hi,
>>
>> Would it be possible for you to run your test on opensolaris instead of
>> S10?
>> This alias is for opensolaris development issues rather than S10.
>> Sun Services handles Solaris 10 issues.
>>
>> Thanks.
>>
>> Mark
>>
>> NACHO SAAVEDRA wrote:
>>
>>> Hello folks. I'm working with separate encryption programs in PKCS11. For
>>> now I'm working with Solaris 10 (and Open Solaris 5.11) for Intel in a
>>> virtual machine, i.e., i don't have hw HSM, I'm working with the softoken or
>>> libpkcs11.so version 2.20.
>>>
>>> For instance, for the wrap process I did:
>>> 1- To generate a key pair RSA, 1024 length. At the generation moment I
>>> could retain or made persistent the pair of keys into the "virtual Sun HSM"
>>> throw an ID # an a label uniques.
>>> 2- To generate a key symmetric, (it could be AES 128 length, DES of 64/56
>>> or 3DES 192/168).
>>> 3- To wrap the sym key with the Public generated in 1-. Standard: RSA
>>> PKCS11 version 1.5.
>>> 4- To do a symmetric cryptogram (i.e., symmetric encryption) with the
>>> symm key.
>>> 5- I stored in 2 different binary files the wrapped key and the symmetric
>>> cryptogram.
>>> 6- I made a routine in order to export the Public Key and store the
>>> modulus in other binary file.
>>>
>>> With the three aboved files I try to run the unwrap process in a external
>>> HSM, for instance a java cryptoAPI program or Spyrus component sets with RSA
>>> PKCS11 versi?n 1.5 and 1024 RSA key pair length. Unfortunatelly in both the
>>> unwrap process fails and the HSM return a block codification problem. I
>>> could not get the original plain text encrypted at "virtual Sun HSM".
>>>
>>> The opposite process, i.e., to do the wrap in the external HSMs (java or
>>> Spyrus) and to import their Public Keys (Puk) into the Sun HSM does not work
>>> too. Of course, I have the modulus' Puk and I could insert it into the HSM
>>> building a new Puk with other id # and label; and I have the wrapped key
>>> file and the symmetric cryptogram.
>>> When I do the unwrap the error is 00082 or CKR_OBJECT_HANDLE_INVALID and
>>> this error is shown in the C_GetAttributeValue function. If I ignore it,
>>> then the same error appears at the C_UnwrapKey function. Without sym key the
>>> unwrap process is aborted, i.e., the decrypt symmetric part is not run.
>>>
>>> My loop or internal tests work fine: i.e.,
>>> 1- Generate a pair of keys RSA (for instance with index 1).
>>> 2- Export the Puk.
>>> 3- Import the Puk with other index (for instance with index 4).
>>> 4- Wrap process with the Puk's index 4 (wrap process: wrap key plus sym
>>> encryption).
>>> 5- Unwrap process with the Private or Prk's index 1 (unwrap process:
>>> unwrap key pluys sym decryption).
>>>
>>> The only difference of my internal test with the externals are the data,
>>> not the programs.
>>>
>>> My question is if the softoken could be tested with external data like
>>> the test I did. I have the same problem with asymmetric encryption and
>>> decryption.
>>>
>>> I'm attaching some technical information of interest related with the
>>> unwrap program.
>>>
>>> Thanks and regards.
>>>
>>> Jos? Ignacio Saavedra Vivas
>>> Voting Solutions
>>> Bogot? - Colombia
>>> =====================
>>> *Attachments:*
>>>
>>> Symmetric Key: AES-128.
>>> Symmetric Mechanism for the key to unwrap:
>>> symGenMech.mechanism = CKM_AES_KEY_GEN;
>>> symGenMech.pParameter = NULL_PTR;
>>> symGenMech.ulParameterLen = 0;
>>> symSMech.mechanism = CKM_AES_ECB;
>>> symSMech.ulParameterLen = 16;
>>>
>>> Template of the sym key to unwrap:
>>> CK_ATTRIBUTE templateOut[] = {
>>> {CKA_CLASS, &class, sizeof (class) },
>>> {CKA_KEY_TYPE, &keySymType, sizeof (keySymType) },
>>> {CKA_TOKEN, &falsevalue, sizeof (falsevalue) },
>>> {CKA_LABEL, symLabel, sizeof (symLabel) },
>>> {CKA_ENCRYPT, &truevalue, sizeof (truevalue) },
>>> {CKA_DECRYPT, &truevalue, sizeof (truevalue) },
>>> {CKA_WRAP, &truevalue, sizeof(truevalue) },
>>> {CKA_UNWRAP, &truevalue, sizeof(truevalue) },
>>> {CKA_EXTRACTABLE, &truevalue, sizeof(truevalue) }
>>> };
>>>
>>> Key Pair: RSA-1024.
>>> Template for the Private Key (Prk) or unwrapping key:
>>> CK_ATTRIBUTE privatekey_template[] = {
>>> {CKA_CLASS, &privateClass, sizeof (privateClass)},
>>> {CKA_ID, id, sizeof (id)},
>>> {CKA_KEY_TYPE, &keyAsymType, sizeof (keyAsymType) },
>>> {CKA_LABEL, prkLabel, sizeof (prkLabel)-1},
>>> {CKA_DECRYPT, &truevalue, sizeof (truevalue)},
>>> {CKA_UNWRAP, &truevalue, sizeof (truevalue)},
>>> {CKA_SIGN, &truevalue, sizeof (truevalue)},
>>> {CKA_TOKEN, &truevalue, sizeof (truevalue)},
>>> {CKA_PRIVATE, &falsevalue, sizeof (falsevalue)},
>>> {CKA_MODIFIABLE, &falsevalue, sizeof (falsevalue)},
>>> {CKA_SENSITIVE, &truevalue, sizeof (truevalue)},
>>> {CKA_EXTRACTABLE, &truevalue, sizeof (truevalue)},
>>> {CKA_APPLICATION, &application, sizeof (application)-1}
>>> };
>>>
>>> Mechanisms for the Private keys:
>>> genmech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
>>> genmech.pParameter = NULL_PTR;
>>> genmech.ulParameterLen = 0;
>>>
>>> smech.mechanism = CKM_RSA_PKCS;
>>> smech.pParameter = NULL_PTR;
>>> smech.ulParameterLen = 0;
>>>
>>> Functions: Unwrap key:
>>> rv = C_UnwrapKey(hSession, &smech, hUnwrappingKey, wrappedKey,
>>> wrappedKeySize, templateOut, sizeof (templateOut) / sizeof (CK_ATTRIBUTE),
>>> &hKeyOut);
>>>
>>> Attributes to show of the sym key once is unwrapped (it works with my
>>> internal data, not with externals, in this case the attributes are empty):
>>> CK_ATTRIBUTE getsymattributes[] = {
>>> {CKA_CLASS, NULL_PTR, 0},
>>> {CKA_KEY_TYPE, NULL_PTR, 0},
>>> {CKA_VALUE_LEN, NULL_PTR, 0},
>>> {CKA_WRAP, NULL_PTR, 0},
>>> {CKA_UNWRAP, NULL_PTR, 0},
>>> {CKA_VALUE, NULL_PTR, 0}
>>> };
>>> The following instruction is the first fail with the external HSM's
>>> interchange:
>>> rv = C_GetAttributeValue(hSession, hKeyOut, getsymattributes,
>>> template_size);
>>>
>>> Decryption process once the sym key was get it:
>>> /* Initialize the decryption operation in the session */
>>> rv = C_DecryptInit(hSession, &symSMech, hKeyOut);
>>> if (rv != CKR_OK) {
>>> fprintf(stderr, "C_DecryptInit: rv = 0x%.8X\n", rv);
>>> error = 1;
>>> goto exit_program;
>>> }
>>> /* Decrypt the entire ciphertext string */
>>> decrypttext_len = sizeof (decrypttext);
>>> rv = C_Decrypt(hSession, (CK_BYTE_PTR)cipherText, cipherTextSize,
>>> decrypttext, &decrypttext_len);
>>> if (rv != CKR_OK) {
>>> fprintf(stderr, "C_Decrypt: rv = 0x%.8X\n", rv);
>>> error = 1;
>>> goto exit_session;
>>> }
>>>
>>> OUTPUTS AT SCREEN - RUN #1:
>>> BEGIN TEST WITH INTERNAL DATA-IT WORKS!
>>>
>>> ^C# sh unwrapAll.sh
>>> unwrapAll.c: In function `main':
>>> unwrapAll.c:28: warning: return type of 'main' is not `int'
>>> slotCount = 1
>>> selected slot: 0
>>> sessionInfo2= 0x00000002
>>> CKS_RW_PUBLIC_SESSION
>>> CKF_SERIAL_SESSION | CKF_RW_SESSION
>>> C_GetAttributeValue: rv = 0x00000012
>>>
>>> Attributes Private Key:
>>> Class: 03000000
>>> keyAsymType: 00000000
>>> ObjectLabel: RSA private GCSun for middle-ware
>>> PrkExclusive: 01
>>> Object ID: 01
>>> k antes=1
>>>
>>> Go...k=1
>>> La longitud de wrappedKey es=128
>>> El valor de wrappedKey es
>>> 0=74 1=-16 2=44 3=-29 4=-74 5=-8 6=-37 7=25 8=91 9=-11610=82 11=89 12=-80
>>> 13=-44 14=14 15=26 16=-11 17=39 18=-40 19=-3 20=88 21=14 22=-38 23=-80
>>> 24=-77 25=-104 26=-22 27=-107 28=-118 29=-5230=38 31=-121 32=126 33=127
>>> 34=-56 35=37 36=9 37=-35 38=90 39=-1140=87 41=-1 42=81 43=-8 44=-26 45=-2
>>> 46=27 47=-67 48=74 49=71 50=3 51=96 52=41 53=-76 54=64 55=83 56=-94 57=40
>>> 58=-119 59=-1260=100 61=-65 62=93 63=87 64=73 65=31 66=-113 67=40 68=42
>>> 69=12170=-12 71=-5 72=123 73=53 74=-107 75=-17 76=-101 77=-41 78=-101
>>> 79=10880=-35 81=-102 82=-23 83=-16 84=117 85=83 86=115 87=-40 88=66
>>> 89=-1290=0 91=-7 92=-118 93=91 94=-113 95=83 96=-127 97=-41 98=98 99=99
>>> 100=73 101=9 102=-80 103=48 104=102 105=-126 106=127 107=95 108=10109=76
>>> 110=-34 111=33 112=97 113=42 114=-70 115=23 116=21 117=56 118=12119=-125
>>> 120=-84 121=126 122=-42 123=110 124=-58 125=96 126=64 127=-59
>>> Attributes Wrapped Key:
>>> Class: 04000000
>>> keySymType: 1f000000
>>> Length of Key: 10000000
>>> Wrap Attribute: 01
>>> Unwrap Attribute: 01
>>> Value raw of key:
>>> 162-232-85-82-92-135-138-47-197-103-79-23-131-239-63-196-
>>>
>>> Key was successfully unwrapped with private key!
>>> slotCount = 1
>>> selected slot: 0
>>>
>>>
>>> 16 bytes decrypted!!!
>>>
>>> The value of the decryption is:
>>> ?Hello my world!
>>> Done!!!
>>> ==================================================================
>>> RUN #2: BEGIN TEST WITH EXTERNAL HSM - DOES NOT WORK
>>>
>>> slotCount = 1
>>> selected slot: 0
>>> sessionInfo2= 0x00000002
>>> CKS_RW_PUBLIC_SESSION
>>> CKF_SERIAL_SESSION | CKF_RW_SESSION
>>> C_GetAttributeValue: rv = 0x00000012
>>>
>>> Attributes Private Key:
>>> Class: 03000000
>>> keyAsymType: 00000000
>>> ObjectLabel: RSA private GCSun for middle-ware
>>> PrkExclusive: 01
>>> Object ID: 01
>>> k antes=1
>>>
>>> Go...k=1
>>> La longitud de wrappedKey es=128
>>> El valor de wrappedKey es
>>> C_GetAttributeValue-1: rv = 0x00000082
>>> C_UnwrapKey: rv = 0x00000082
>>> 0=102 1=-12 2=-97 3=60 4=-35 5=-113 6=-34 7=-29 8=87 9=47 10=-23 11=43
>>> 12=-127 13=-78 14=-14 15=-26 16=68 17=108 18=-62 19=56 20=-24 21=33 22=-27
>>> 23=2 24=11 25=-121 26=32 27=90 28=109 29=-1830=74 31=-113 32=-24 33=-48
>>> 34=115 35=50 36=-105 37=62 38=3 39=74 40=-36 41=-117 42=-22 43=-47 44=121
>>> 45=90 46=-59 47=39 48=-44 49=-4250=104 51=-80 52=54 53=116 54=114 55=19
>>> 56=17 57=-125 58=43 59=-6660=36 61=54 62=-11 63=44 64=-37 65=32 66=-105
>>> 67=59 68=-56 69=-1270=-53 71=121 72=-113 73=53 74=-89 75=-67 76=-73 77=12
>>> 78=-50 79=13 80=-92 81=-38 82=-98 83=-100 84=-40 85=-13 86=-126 87=-83 88=42
>>> 89=9 90=-125 91=42 92=-20 93=55 94=-20 95=-65 96=119 97=21 98=16
>>> 99=-12100=42 101=-119 102=-13 103=62 104=-50 105=88 106=-31 107=-95
>>> 108=-2109=26 110=-48 111=122 112=53 113=84 114=9 115=-88 116=68 117=49
>>> 118=-8119=-58 120=-62 121=-113 122=-88 123=114 124=18 125=101 126=104
>>> 127=-1slotCount = 1
>>> selected slot: 0
>>> sessionInfo2= 0x00000002
>>> CKS_RW_PUBLIC_SESSION
>>> CKF_SERIAL_SESSION | CKF_RW_SESSION
>>> C_GetAttributeValue: rv = 0x00000012
>>>
>>> Attributes Private Key:
>>> Class: 03000000
>>> keyAsymType: 00000000
>>> ObjectLabel: RSA private GCSun for middle-ware
>>> PrkExclusive: 01
>>> Object ID: 01
>>> k antes=1
>>>
>>> Go...k=1
>>> La longitud de wrappedKey es=128
>>> El valor de wrappedKey es
>>> C_GetAttributeValue-1: rv = 0x00000082
>>> C_UnwrapKey: rv = 0x00000082
>>> 0=25 1=106 2=42 3=-47 4=88 5=70 6=37 7=-81 8=-81 9=-26 10=-24 11=-35
>>> 12=49 13=121 14=75 15=-59 16=-75 17=86 18=47 19=-7520=-67 21=115 22=67
>>> 23=-44 24=24 25=17 26=-51 27=19 28=-72 29=44 30=42 31=66 32=-54 33=-59 34=76
>>> 35=-66 36=72 37=83 38=103 39=56 40=109 41=119 42=28 43=120 44=-16 45=26
>>> 46=-12 47=104 48=-27 49=92 50=-71 51=47 52=110 53=34 54=66 55=47 56=115
>>> 57=-90 58=65 59=61 60=118 61=47 62=53 63=-17 64=-41 65=-105 66=-4 67=-9
>>> 68=12 69=86 70=91 71=51 72=42 73=-11 74=37 75=12 76=-116 77=-45 78=27 79=26
>>> 80=43 81=35 82=11 83=-98 84=98 85=-1 86=-125 87=-101 88=39 89=-4690=-111
>>> 91=-23 92=60 93=1 94=-38 95=64 96=65 97=-32 98=113 99=-20100=-59 101=7
>>> 102=-40 103=81 104=65 105=68 106=-5 107=-31 108=-6 109=-8110=76 111=-16
>>> 112=110 113=-15 114=-63 115=-52 116=118 117=85 118=-4 119=67120=81 121=45
>>> 122=12 123=-17 124=-23 125=-91 126=-37 127=-59 ^C
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> crypto-discuss mailing list
>>> crypto-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090303/e3575fe9/attachment.html>
