Hi there,
this is my first post to the list.
What I am trying to accomplish with my Cryptoki app (using the Eracom
implementation: eracom-tech.com) is to prepend 8 bytes of data to my
sensitive DES2 key (stored in an HSM based token) and wrap (encrypt) the
whole thing using a different key (also in the HSM token).
My first question is: is it possible to do this securely? Meaning, without
the sensitive key's sensitive attributes ever appearing on insecure HSM host
memory (the HSM is in the form of a PCI card).
I just started using PKCS11 and it seems to me (after consulting
programmer's manuals and the standard's spec itself) that the above should
indeed be possible. Bearing in mind that my CK implementation only supports
simple derivation mechanisms on generic secret keys, here is the strategy I
have decided to use:
* Using the CKM_EXTRACT_KEY_FROM_KEY mechanism, extract a CKK_GENERIC_SECRET
key out of my DES2 key.
* Using the CKM_CONCATENATE_DATA_AND_BASE mechanism, prepend my 8 byte data
buffer to the extracted generic key's payload (16 bytes)
* Wrap that, or if wrapping is not supported, go through the following extra
steps:
* Extract an extractable DES3 key (24 bytes) out of the generic key I
just constructed
* Wrap the DES3 key
However, my CKM_EXTRACT_KEY_FROM_KEY fails, giving me a 'key handle invalid'
error.
Can anyone direct me to or post a working code sample that does such a key
derivation? Any code smaples relating to concatenation of keys or keys and
data would also be very helpful.
Here is my non-working code (this is not even working when I try to extract
a DES2 or DES key out of the existing DES2 key):
CK_OBJECT_CLASS kc = CKO_SECRET_KEY;
CK_KEY_TYPE kt0 = CKK_GENERIC_SECRET;
CK_KEY_TYPE kt1 = CKK_DES2;
CK_KEY_TYPE kt2 = CKK_DES3;
// Derive a generic key of the same length out of a DES2 key
// template for key resulting from derivation operation
len = 16L;
CK_BYTE label[7];
memcpy(label, "generic", 7);
CK_ATTRIBUTE derivationTmpl[] = {
{CKA_CLASS, &kc, sizeof(kc)},
{CKA_KEY_TYPE, &kt0, sizeof(kt0)},
//{CKA_LABEL, label, sizeof(label)},
//{CKA_DERIVE, &True, sizeof(True)},
//{CKA_WRAP, (void*)&False, sizeof(False)},
//{CKA_EXTRACTABLE, (void*)&True, sizeof(True)},
{CKA_SENSITIVE, &True, sizeof(True)},
//{CKA_ALWAYS_SENSITIVE, &False, sizeof(False)},
//{CKA_NEVER_EXTRACTABLE, (void*)&False, sizeof(False)},
//{CKA_PRIVATE, &False, sizeof(False)},
//{CKA_LOCAL, (void*)&False, sizeof(False)}
//{CKA_MODIFIABLE, (void*)&True, sizeof(True)},
//{CKA_UNWRAP, (void*)&False, sizeof(False)},
//{CKA_ENCRYPT, (void*)&False, sizeof(False)},
//{CKA_DECRYPT, (void*)&False, sizeof(False)},
//{CKA_SIGN, (void*)&False, sizeof(False)},
//{CKA_VERIFY, (void*)&False, sizeof(False)},
//{CKA_TRUSTED, (void*)&True, sizeof(True)}
//{CKA_TOKEN, &True, sizeof(True)}
{CKA_VALUE_LEN, &len, sizeof(len)}
//{CKA_VALUE, g1Val, 16}
};
CK_EXTRACT_PARAMS param = 0L;
// Mechanism for generic key derivation
CK_MECHANISM derivationMech = {
CKM_EXTRACT_KEY_FROM_KEY,
¶m, //pointer to var that holds the bit index to start extraction
from
sizeof(CK_EXTRACT_PARAMS)
};
rv = C_DeriveKey(hsSession, &derivationMech, hKey,
(CK_ATTRIBUTE*)&derivationTmpl,
NUMITEMS(derivationTmpl), &hGKey);
CHECK_RV(FN "C_DeriveKey", rv); //proprietary
if (rv){
fprintf(stderr, "Error during generic key derivation\n");
return 1;
}
Many thanks for any help,
Fotios
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
