Hi, Dina. Thank you for your time and interest. Let?s go step by step.
Here are my commentaries:
- I'm keeping the RSA key pair by setting the public and private templates
attributes in true:
...
{CKA_TOKEN, &truevalue, sizeof (truevalue)},
I stored each pair with an unique ID an label, so, for instance I could set
the modulus bits of the public with their unique id and label; and the id of
the private is the same of the public and its label is unique and I can see
other properties like the key type, etc. Each time I run my programs I could
see that info, I suppose then I have key persitence. I took care having only
one rsa key pair generated by softoken. When I import publick keys they have
other index or ID. Same for private symmetric keys.
- I apologize if I emailed a confused issue to all. But my problem of wrap
and unwrap is in both sides. The steps you mentioned are ok and I'm
following these steps to do un unwrap in PKCS11 virtual HSM or softoken'
Open Solaris. Obviously to do the unwrap proccess in the Spyrus side the
actors take place in inverted roles. When I run the unwrap proccess at Sun I
get the pkcs11 error 0000082. When i run the unwrap proccess at external
hsm, for instance a CryptoAPI of java I get an error similar to "encoding
block error".
- In the steps you mention, I have problems in the step #8. When the data
comes from inside the proccess continues succesfully unitl the end and the
unwrap complete is ok. When the data comes from Spyrus or java's CryptoAPI
the error 000082 happens.
- I'm not transporting private keys. The private keys are at its respectives
hsms (if we transport private keys were are the security?): softoken, spyrus
or java's cryptoAPI. I'm only exporting publics keys from one hsm to the
other. And in each hsm I have import public key programs too. The
parameteres to import and export public keys are the modulus and the
exponent. When I import a public key at Open Solaris I couldn't set the
modulusbits attribute (attribue invalid error), only the exponent and the
modulus, i.e. in public key template:
...
{CKA_PUBLIC_EXPONENT, &myPublicExponent, sizeof (myPublicExponent)},
{CKA_MODULUS, &modulusBytes, modulusBytesSize},
// {CKA_MODULUS_BITS, &modulusbits, sizeof(modulusbits)},// I have to
comment this line because if not gets an attribute error
- I guess probably the problem is softoken. I don't know if problems related
with crypto in Solaris 10 have relation with Open Solaris.
By surfing the web I note that there is a Dos (Denial of Service) that
affects crypto operations over ssl connections. The syntoms over ssl
connections affects crypto operations like signing and its' verifying (and I
suppose if affects pkcs11 too, why not?):
Please see this web site with the info:
http://secunia.com/advisories/33050/
Like I said I'm probably speculating. The problem is that I don't have a Sun
plan in order to unblock the patch, download it and test in Solaris 10.
- Please tell me if you did succesfullys tests of wrap and unwrap with the
steps you mention with softoken vs. external hsms?
- If you need the complete code of the wrap and unwrap programs and they are
ussefull to solve the problem, I could send them to you.
Thanks very much.
Best regards,
J. Ignacio Saavedra V.
Software Specialist V.S.
2009/3/4 Dina <dina.nimeh at sun.com>
> Hi,
>
> What I didn't understand from your list of steps is where you are
> keeping the private key.
>
> For example, if you are generating the RSA key pair (public and
> private) with Spyrus, then where are you generating the symmetric
> key?
>
> If you generated the symmetric key on the Spyrus side, and you wrap
> the symmetric key with RSA public key on the Spyrus side, you will
> not be able to unwrap it on the Sun softtoken side -- it doesn't
> have the RSA private key to do the unwrap operation.
>
> Unless I misunderstand something, I would expect that the transaction
> proceeds like this:
>
> Step 1: Generate RSA key pair, private and public, on Softtoken side.
>
> Step 2: Generate symmetric key on Spyrus side.
> Step 3: Encrypt data "hello world" with symmetric key on Spyrus side.
>
> Step 4: Send RSA public key from Softtoken side to Spyrus side.
> Step 5: Wrap symmetric key with RSA public key on Spyrus side.
>
> Step 6: Write encrypted data from #3 and wrapped key from #5 to files.
>
> Step 7: Read wrapped key from file on Softtoken side
> Step 8: Unwrap wrapped key using RSA private key which is already on
> Softtoken side to reveal the symmetric key on Softtoken side.
>
> Step 9: Read encrypted data from file on Softtoken side.
> Step 10: Decrypt the data with symmetric key on Softtoken side.
>
> Some variation of the steps listed above is possible, but the critical
> part is the RSA private key needs to be available where you unwrap the
> wrapped symmetric key. If it's still on the Spyrus side, Softtoken
> is not able to unwrap.
>
> Unless you also transport the private key from side to the other,
> I'm not sure I understand what you actually did in your test program.
>
> It sounds like your internal loop test works because the private key
> is available when you are going the unwrap operation.
>
> Please let us know if this helps with what you are trying to do.
>
> Thanks,
> D.
>
>
> NACHO SAAVEDRA wrote:
>
>> Hi folks.
>>
>> I forgot to mention that the problem happens in Open Solaris (uname
>> -r=5.11) too. The behavior, inputs and outputs are similar. Regards, Ignacio
>>
>> =====
>> 2009/3/3 Mark Powers <mark.powers at sun.com <mailto:mark.powers at
>> sun.com
>> >>
>>
>>
>> Hi,
>>
>> Would it be possible for you to run your test on opensolaris
>> instead of S10?
>> This alias is for opensolaris development issues rather than S10.
>> Sun Services handles Solaris 10 issues.
>>
>> Thanks.
>>
>> Mark
>>
>> NACHO SAAVEDRA wrote:
>>
>> Hello folks. I'm working with separate encryption programs
>> in PKCS11. For now I'm working with Solaris 10 (and Open
>> Solaris 5.11) for Intel in a virtual machine, i.e., i don't
>> have hw HSM, I'm working with the softoken or libpkcs11.so
>> version 2.20.
>>
>> For instance, for the wrap process I did:
>> 1- To generate a key pair RSA, 1024 length. At the
>> generation moment I could retain or made persistent the pair
>> of keys into the "virtual Sun HSM" throw an ID # an a label
>> uniques.
>> 2- To generate a key symmetric, (it could be AES 128 length,
>> DES of 64/56 or 3DES 192/168).
>> 3- To wrap the sym key with the Public generated in 1-.
>> Standard: RSA PKCS11 version 1.5.
>> 4- To do a symmetric cryptogram (i.e., symmetric encryption)
>> with the symm key.
>> 5- I stored in 2 different binary files the wrapped key and
>> the symmetric cryptogram.
>> 6- I made a routine in order to export the Public Key and
>> store the modulus in other binary file.
>>
>> With the three aboved files I try to run the unwrap process
>> in a external HSM, for instance a java cryptoAPI program or
>> Spyrus component sets with RSA PKCS11 versi?n 1.5 and 1024
>> RSA key pair length. Unfortunatelly in both the unwrap
>> process fails and the HSM return a block codification
>> problem. I could not get the original plain text encrypted
>> at "virtual Sun HSM".
>>
>> The opposite process, i.e., to do the wrap in the external
>> HSMs (java or Spyrus) and to import their Public Keys (Puk)
>> into the Sun HSM does not work too. Of course, I have the
>> modulus' Puk and I could insert it into the HSM building a
>> new Puk with other id # and label; and I have the wrapped
>> key file and the symmetric cryptogram.
>> When I do the unwrap the error is 00082 or
>> CKR_OBJECT_HANDLE_INVALID and this error is shown in the
>> C_GetAttributeValue function. If I ignore it, then the same
>> error appears at the C_UnwrapKey function. Without sym key
>> the unwrap process is aborted, i.e., the decrypt symmetric
>> part is not run.
>>
>> My loop or internal tests work fine: i.e.,
>> 1- Generate a pair of keys RSA (for instance with index 1).
>> 2- Export the Puk.
>> 3- Import the Puk with other index (for instance with index 4).
>> 4- Wrap process with the Puk's index 4 (wrap process: wrap
>> key plus sym encryption).
>> 5- Unwrap process with the Private or Prk's index 1 (unwrap
>> process: unwrap key pluys sym decryption).
>>
>> The only difference of my internal test with the externals
>> are the data, not the programs.
>>
>> My question is if the softoken could be tested with external
>> data like the test I did. I have the same problem with
>> asymmetric encryption and decryption.
>>
>> I'm attaching some technical information of interest related
>> with the unwrap program.
>>
>> Thanks and regards.
>>
>> Jos? Ignacio Saavedra Vivas
>> Voting Solutions
>> Bogot? - Colombia
>> =====================
>> *Attachments:*
>>
>> Symmetric Key: AES-128.
>> Symmetric Mechanism for the key to unwrap:
>> symGenMech.mechanism = CKM_AES_KEY_GEN;
>> symGenMech.pParameter = NULL_PTR;
>> symGenMech.ulParameterLen = 0;
>> symSMech.mechanism = CKM_AES_ECB;
>> symSMech.ulParameterLen = 16;
>>
>> Template of the sym key to unwrap:
>> CK_ATTRIBUTE templateOut[] = {
>> {CKA_CLASS, &class, sizeof (class) },
>> {CKA_KEY_TYPE, &keySymType, sizeof (keySymType) },
>> {CKA_TOKEN, &falsevalue, sizeof (falsevalue) },
>> {CKA_LABEL, symLabel, sizeof (symLabel) },
>> {CKA_ENCRYPT, &truevalue, sizeof (truevalue) },
>> {CKA_DECRYPT, &truevalue, sizeof (truevalue) },
>> {CKA_WRAP, &truevalue, sizeof(truevalue) },
>> {CKA_UNWRAP, &truevalue, sizeof(truevalue) },
>> {CKA_EXTRACTABLE, &truevalue, sizeof(truevalue) }
>> };
>>
>> Key Pair: RSA-1024.
>> Template for the Private Key (Prk) or unwrapping key:
>> CK_ATTRIBUTE privatekey_template[] = {
>> {CKA_CLASS, &privateClass, sizeof (privateClass)},
>> {CKA_ID, id, sizeof (id)},
>> {CKA_KEY_TYPE, &keyAsymType, sizeof (keyAsymType) },
>> {CKA_LABEL, prkLabel, sizeof (prkLabel)-1},
>> {CKA_DECRYPT, &truevalue, sizeof (truevalue)},
>> {CKA_UNWRAP, &truevalue, sizeof (truevalue)},
>> {CKA_SIGN, &truevalue, sizeof (truevalue)},
>> {CKA_TOKEN, &truevalue, sizeof (truevalue)},
>> {CKA_PRIVATE, &falsevalue, sizeof (falsevalue)},
>> {CKA_MODIFIABLE, &falsevalue, sizeof (falsevalue)},
>> {CKA_SENSITIVE, &truevalue, sizeof (truevalue)},
>> {CKA_EXTRACTABLE, &truevalue, sizeof (truevalue)},
>> {CKA_APPLICATION, &application, sizeof (application)-1}
>> };
>>
>> Mechanisms for the Private keys:
>> genmech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
>> genmech.pParameter = NULL_PTR;
>> genmech.ulParameterLen = 0;
>>
>> smech.mechanism = CKM_RSA_PKCS;
>> smech.pParameter = NULL_PTR;
>> smech.ulParameterLen = 0;
>>
>> Functions: Unwrap key:
>> rv = C_UnwrapKey(hSession, &smech, hUnwrappingKey,
>> wrappedKey, wrappedKeySize, templateOut, sizeof
>> (templateOut) / sizeof (CK_ATTRIBUTE), &hKeyOut);
>>
>> Attributes to show of the sym key once is unwrapped (it
>> works with my internal data, not with externals, in this
>> case the attributes are empty):
>> CK_ATTRIBUTE getsymattributes[] = {
>> {CKA_CLASS, NULL_PTR, 0},
>> {CKA_KEY_TYPE, NULL_PTR, 0},
>> {CKA_VALUE_LEN, NULL_PTR, 0},
>> {CKA_WRAP, NULL_PTR, 0},
>> {CKA_UNWRAP, NULL_PTR, 0},
>> {CKA_VALUE, NULL_PTR, 0}
>> };
>> The following instruction is the first fail with the
>> external HSM's interchange:
>> rv = C_GetAttributeValue(hSession, hKeyOut,
>> getsymattributes, template_size);
>>
>> Decryption process once the sym key was get it:
>> /* Initialize the decryption operation in the session */
>> rv = C_DecryptInit(hSession, &symSMech, hKeyOut);
>> if (rv != CKR_OK) {
>> fprintf(stderr, "C_DecryptInit: rv = 0x%.8X\n", rv);
>> error = 1;
>> goto exit_program;
>> }
>> /* Decrypt the entire ciphertext string */
>> decrypttext_len = sizeof (decrypttext);
>> rv = C_Decrypt(hSession, (CK_BYTE_PTR)cipherText,
>> cipherTextSize,
>> decrypttext, &decrypttext_len);
>> if (rv != CKR_OK) {
>> fprintf(stderr, "C_Decrypt: rv = 0x%.8X\n", rv);
>> error = 1;
>> goto exit_session;
>> }
>>
>> OUTPUTS AT SCREEN - RUN #1:
>> BEGIN TEST WITH INTERNAL DATA-IT WORKS!
>>
>> ^C# sh unwrapAll.sh
>> unwrapAll.c: In function `main':
>> unwrapAll.c:28: warning: return type of 'main' is not `int'
>> slotCount = 1
>> selected slot: 0
>> sessionInfo2= 0x00000002
>> CKS_RW_PUBLIC_SESSION
>> CKF_SERIAL_SESSION | CKF_RW_SESSION
>> C_GetAttributeValue: rv = 0x00000012
>>
>> Attributes Private Key:
>> Class: 03000000
>> keyAsymType: 00000000
>> ObjectLabel: RSA private GCSun for middle-ware
>> PrkExclusive: 01
>> Object ID: 01
>> k antes=1
>>
>> Go...k=1
>> La longitud de wrappedKey es=128
>> El valor de wrappedKey es
>> 0=74 1=-16 2=44 3=-29 4=-74 5=-8 6=-37 7=25 8=91 9=-11610=82
>> 11=89 12=-80 13=-44 14=14 15=26 16=-11 17=39 18=-40 19=-3
>> 20=88 21=14 22=-38 23=-80 24=-77 25=-104 26=-22 27=-107
>> 28=-118 29=-5230=38 31=-121 32=126 33=127 34=-56 35=37 36=9
>> 37=-35 38=90 39=-1140=87 41=-1 42=81 43=-8 44=-26 45=-2
>> 46=27 47=-67 48=74 49=71 50=3 51=96 52=41 53=-76 54=64 55=83
>> 56=-94 57=40 58=-119 59=-1260=100 61=-65 62=93 63=87 64=73
>> 65=31 66=-113 67=40 68=42 69=12170=-12 71=-5 72=123 73=53
>> 74=-107 75=-17 76=-101 77=-41 78=-101 79=10880=-35 81=-102
>> 82=-23 83=-16 84=117 85=83 86=115 87=-40 88=66 89=-1290=0
>> 91=-7 92=-118 93=91 94=-113 95=83 96=-127 97=-41 98=98 99=99
>> 100=73 101=9 102=-80 103=48 104=102 105=-126 106=127 107=95
>> 108=10109=76 110=-34 111=33 112=97 113=42 114=-70 115=23
>> 116=21 117=56 118=12119=-125 120=-84 121=126 122=-42 123=110
>> 124=-58 125=96 126=64 127=-59
>> Attributes Wrapped Key:
>> Class: 04000000
>> keySymType: 1f000000
>> Length of Key: 10000000
>> Wrap Attribute: 01
>> Unwrap Attribute: 01
>> Value raw of key:
>> 162-232-85-82-92-135-138-47-197-103-79-23-131-239-63-196-
>>
>> Key was successfully unwrapped with private key!
>> slotCount = 1
>> selected slot: 0
>>
>>
>> 16 bytes decrypted!!!
>>
>> The value of the decryption is:
>> ?Hello my world!
>> Done!!!
>>
>> ==================================================================
>> RUN #2: BEGIN TEST WITH EXTERNAL HSM - DOES NOT WORK
>>
>> slotCount = 1
>> selected slot: 0
>> sessionInfo2= 0x00000002
>> CKS_RW_PUBLIC_SESSION
>> CKF_SERIAL_SESSION | CKF_RW_SESSION
>> C_GetAttributeValue: rv = 0x00000012
>>
>> Attributes Private Key:
>> Class: 03000000
>> keyAsymType: 00000000
>> ObjectLabel: RSA private GCSun for middle-ware
>> PrkExclusive: 01
>> Object ID: 01
>> k antes=1
>>
>> Go...k=1
>> La longitud de wrappedKey es=128
>> El valor de wrappedKey es
>> C_GetAttributeValue-1: rv = 0x00000082
>> C_UnwrapKey: rv = 0x00000082
>> 0=102 1=-12 2=-97 3=60 4=-35 5=-113 6=-34 7=-29 8=87 9=47
>> 10=-23 11=43 12=-127 13=-78 14=-14 15=-26 16=68 17=108
>> 18=-62 19=56 20=-24 21=33 22=-27 23=2 24=11 25=-121 26=32
>> 27=90 28=109 29=-1830=74 31=-113 32=-24 33=-48 34=115 35=50
>> 36=-105 37=62 38=3 39=74 40=-36 41=-117 42=-22 43=-47 44=121
>> 45=90 46=-59 47=39 48=-44 49=-4250=104 51=-80 52=54 53=116
>> 54=114 55=19 56=17 57=-125 58=43 59=-6660=36 61=54 62=-11
>> 63=44 64=-37 65=32 66=-105 67=59 68=-56 69=-1270=-53 71=121
>> 72=-113 73=53 74=-89 75=-67 76=-73 77=12 78=-50 79=13 80=-92
>> 81=-38 82=-98 83=-100 84=-40 85=-13 86=-126 87=-83 88=42
>> 89=9 90=-125 91=42 92=-20 93=55 94=-20 95=-65 96=119 97=21
>> 98=16 99=-12100=42 101=-119 102=-13 103=62 104=-50 105=88
>> 106=-31 107=-95 108=-2109=26 110=-48 111=122 112=53 113=84
>> 114=9 115=-88 116=68 117=49 118=-8119=-58 120=-62 121=-113
>> 122=-88 123=114 124=18 125=101 126=104 127=-1slotCount = 1
>> selected slot: 0
>> sessionInfo2= 0x00000002
>> CKS_RW_PUBLIC_SESSION
>> CKF_SERIAL_SESSION | CKF_RW_SESSION
>> C_GetAttributeValue: rv = 0x00000012
>>
>> Attributes Private Key:
>> Class: 03000000
>> keyAsymType: 00000000
>> ObjectLabel: RSA private GCSun for middle-ware
>> PrkExclusive: 01
>> Object ID: 01
>> k antes=1
>>
>> Go...k=1
>> La longitud de wrappedKey es=128
>> El valor de wrappedKey es
>> C_GetAttributeValue-1: rv = 0x00000082
>> C_UnwrapKey: rv = 0x00000082
>> 0=25 1=106 2=42 3=-47 4=88 5=70 6=37 7=-81 8=-81 9=-26
>> 10=-24 11=-35 12=49 13=121 14=75 15=-59 16=-75 17=86 18=47
>> 19=-7520=-67 21=115 22=67 23=-44 24=24 25=17 26=-51 27=19
>> 28=-72 29=44 30=42 31=66 32=-54 33=-59 34=76 35=-66 36=72
>> 37=83 38=103 39=56 40=109 41=119 42=28 43=120 44=-16 45=26
>> 46=-12 47=104 48=-27 49=92 50=-71 51=47 52=110 53=34 54=66
>> 55=47 56=115 57=-90 58=65 59=61 60=118 61=47 62=53 63=-17
>> 64=-41 65=-105 66=-4 67=-9 68=12 69=86 70=91 71=51 72=42
>> 73=-11 74=37 75=12 76=-116 77=-45 78=27 79=26 80=43 81=35
>> 82=11 83=-98 84=98 85=-1 86=-125 87=-101 88=39 89=-4690=-111
>> 91=-23 92=60 93=1 94=-38 95=64 96=65 97=-32 98=113
>> 99=-20100=-59 101=7 102=-40 103=81 104=65 105=68 106=-5
>> 107=-31 108=-6 109=-8110=76 111=-16 112=110 113=-15 114=-63
>> 115=-52 116=118 117=85 118=-4 119=67120=81 121=45 122=12
>> 123=-17 124=-23 125=-91 126=-37 127=-59 ^C
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> crypto-discuss mailing list
>> crypto-discuss at opensolaris.org
>> <mailto:crypto-discuss at opensolaris.org>
>> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> crypto-discuss mailing list
>> crypto-discuss at opensolaris.org
>> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090304/8e386110/attachment.html>
