Re: How does PK11_GetPadMechanism work?

[Graham Leggett]

Nelson B Bolyard wrote:


I think this may only be true because of the involvement of PKCS5v2.
If PKCS5v2 was not part of the problem space, I would have said that
there was no need to use OIDs at all, none whatsoever.  I would have
said that PK11_ interfaces exist that can do everything you need with
just mechanisms, and no OIDs.

The SSL library, for example, manages to use many forms of encryption
without ever identifying any of them with an OID.  If I recall correctly,
so does the SDR interface which is used to encrypt and decrypt users'
web site passwords that are remembered by Firefox.

I would have recommended that you look at the SDR interface as an example
of how to do what you wanted to do, simple encryption of a string with an
algorithm of your choice and an arbitrary key.  But SDR doesn't use PBE
and hence doesn't use PKCS#5.


The OpenSSL docs said Newer applications should use more standard 
algorithms such as PKCS#5 v2.0 for key derivation, and as this was new 
code, and as interoperability was important, I decided to follow the 
advice as it seemed sensible. I did see that the PKCS5v2 function has 
only been available since v3.12, which is relatively new.


So far 3DES/CBC and AES256/CBC interoperate between OpenSSL and NSS 
without an issue, which I think is good enough for now for what we 
need it for.


Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How do I reset a password of slot for soft-token after removing the token

[Robert Relyea]

Subrata Mazumdar wrote:

   nsCOMPtrnsIPK11Token softToken;
   rv = pkcs11Slot-GetToken(getter_AddRefs(softToken));
  softToken-Login(PR_FALSE); // prompts for initializing password

   . .  .

   softToken-Reset();  // expected that token/slot password would be in 
the uninitialized state

   SECMOD_CloseUserDB( softTokenSlot);
  
  
When th slot is closed, the token is removed but the slot is still there 
with the old password.
  
You need to make sure you free all your references to your slot 
(including the slot itself  and objects associated with the slot). That 
is likely what's causing you to create a new slot in your step below.


This doesn't explain why softToken-Reset() is not working. The base 
code is in PSM, but I believe it just maps to a token reset at that PKCS 
#11 level. Tracing the error code from NSC_InitToken() might be 
instructive here.
When I open a new soft-token using SECMOD_OpenUserDB() with a new token 
name, it is installed in
existing the empty slot with the old slot name and protected with the 
old password.
How do I take the empty slot to uninitialized state so that 
'nsIPK11Token.login()' does not prompt for the

old password while asking for the new password?
  
Thanks for your help.

--
Subrata




  
___

dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
  




smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How does PK11_GetPadMechanism work?

[Robert Relyea]

Graham Leggett wrote:


Completeness I guess - xml-security's API allowed you to choose both 
CBC and ECB modes, so I was trying to emulate the same thing.


The only mechanism that I cannot find an oid for is CKM_DES3_ECB - do 
you know which SEC_OID_* macro I should be using?


The PK11_MechanismToAlgtag function for CKM_DES3_ECB returns 
SEC_OID_UNKNOWN.
So ECB mode is used exclusively for key wrapping. There isn't a separate 
algoID tag for it. In general we try to use the OID mappings internally 
because that is what can be coded. There is no definition for using ECB 
mode in any type of PKCS #7 encodings, so there is no mapping.


Typically things proceed from the CBC mode of block ciphers.

bob



smime.p7s
Description: S/MIME Cryptographic Signature
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Problem with JSS on Ubuntu

[Glen Beasley]

Marcin T wrote:
 Hi

 I finally discovered what is the issue here. In appears that in case
 of unsigned applets, the code is unable to access SunJCE provider

You need to spend your time on signing the applet correctly.

You really don't want to get unsigned applets working by modifying your 
java.policy
for the long term, as this grant permission to all applets. Now when you 
surf the web any
applet that is executed has the extra permissions that you configured:

 As a workaround I have set up the following policies using Policy
 Manager:

 grant {
permission java.security.SecurityPermission
 putProviderProperty.SunJCE;
 };

 grant {
permission java.lang.RuntimePermission getProtectionDomain;
 };

 grant {
permission java.lang.RuntimePermission
 accessClassInPackage.sun.security.*;
 };

 I don't know how insecure my actions are, but this definitely fixed
 problems with applets under SSL / HTTPS.


Security - Signed Applets forum:
http://forums.sun.com/forum.jspa?forumID=63start=0

http://java.sun.com/javase/6/docs/technotes/guides/plugin/
http://java.sun.com/javase/6/docs/technotes/guides/plugin/developer_guide/security.html
 


-glen

 Feel free to send me your ideas how to fix this issue in more elegant
 way.

 Best,
 Marcin
 ___
 dev-tech-crypto mailing list
 dev-tech-crypto@lists.mozilla.org
 https://lists.mozilla.org/listinfo/dev-tech-crypto


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How does PK11_GetPadMechanism work?

[Robert Relyea]

Nelson B Bolyard wrote:

Graham Leggett wrote, On 2008-09-06 12:51:

  
I think a big source of confusion is that everything is an OID, or 
everything is a mechanism, but not all OID or mechanisms are relevant 
for every situation, and this isn't clear from each function call.



I think this may only be true because of the involvement of PKCS5v2.
If PKCS5v2 was not part of the problem space, I would have said that
there was no need to use OIDs at all, none whatsoever.  I would have
said that PK11_ interfaces exist that can do everything you need with
just mechanisms, and no OIDs.
  

I'm going to disagree with nelson here.

Yes it's possible to use PKCS #11 mechanisms directly, but it's not the 
suggested way of doing it for most applications. OIDs are definately the 
way to go there. The reason for this is one of 'generality'. In most 
cases, at least for decryption, the application should not need to 
actually know the cipher that is being used. All the appropriate 
information can be encoded in the proper algorithm ID. pkcs #7 and 
company provide an easy way to wrap these, and if you support mechanisms 
in this way your application can support new.


OIDs are used because they are the standard mechanism to communicate 
cipher information in our standard protocols.


If you can capture the dead ends you went down, that would help us 
immensely in improving our documentation (and even layout).

The SSL library, for example, manages to use many forms of encryption
without ever identifying any of them with an OID.  If I recall correctly,
so does the SDR interface which is used to encrypt and decrypt users'
web site passwords that are remembered by Firefox.
  
The SSL library, in some sense, is a special case. Supporting new 
ciphers requires work at the SSL layer precisely because it uses PKCS 
#11 mechanisms directly (or more exactly because it uses a non-OID data 
to communicate cipher preferences).


Adding new

I would have recommended that you look at the SDR interface as an example
of how to do what you wanted to do, simple encryption of a string with an
algorithm of your choice and an arbitrary key.  But SDR doesn't use PBE
and hence doesn't use PKCS#5.
  
SDR is fixed keys, where you just generate a random key, get and index 
and then use the index to encrypt/decrypt data. There is not key 
exchange, so data encrypted with and SDR key from one database is not 
decrypted by someone on another machine or even someone using the same 
machine, but a different database (or token).


Currently we do not have tools to move these fixed keys around, but the 
NSS primitives are there to support those tools.
  
For example, the PK11_CreatePBEV2AlgorithmID function contains a 
SECOidTag prfAlgTag parameter, but what this parameter was (the pseudo 
random function) I only discovered after tripping over it mentioned in a 
section of the PKCS5 spec that I was reading looking for something else.



The PKCS5v2 support is a recent addition to NSS.  Apparently the new
interfaces created for that rely on algorithm Ids, which include OIDs.
I don't know if Algorithm Ids are an essential part of the definition
of PKCS#5v2 (I don't recall and don't have time to go look right now),
but if they are not, then I would imagine that the NSS team could add
some additional functions to NSS's public API that allow the caller to
specify mechanisms directly and avoid indirection through algorithm IDs
and their associated OIDs.
  
Yes, algorithm ID's is the one common method between all the various PBE 
mechanisms. Use of the algorithm ID allows us to use the same interfaces 
for the entire PBE set. This means applications that didn't support PKCS 
5v2 in older versions of NSS, at least can decrypt PKCS 5v2 blobs 
without any changes.
  

A design question: why do you want to use the ECB mode?  In
most applications, the ECB mode is less secure than the CBC
mode.
  
Completeness I guess - xml-security's API allowed you to choose both CBC 
and ECB modes, so I was trying to emulate the same thing.


The only mechanism that I cannot find an oid for is CKM_DES3_ECB - do 
you know which SEC_OID_* macro I should be using?

That's because there is no Oid for DES3_ECB.  there really isn't a case 
to use ECB mode except in wrapping keys.


.

Although the XML spec may include ECB, I think people with more than a
passing familiarity with encryption would not attempt to use it in any
serious applications.  So, you may be able to reach your goal more
quickly with NSS if you can simply abandon the use of ECB and stick
with CBC.  This is just a suggestion, of course.
  

I would echo the suggestion.

I would also point out that if you are using XML, you may actually be in 
the same situation as SSL, where you have a non-oid way of specifying 
crypto algorithms. In that case you have to have your own mapping, 
anyway, so mapping to PKCS #11 mechansim could very well be an option 
(though PKCS 5 and PKCS 5 v2 does purposefully 

New documentation: NSPR functions required for using NSS

[Wan-Teh Chang]

As part of the work to include NSS in LSB 4.0, I created a list
of NSPR functions required for using the NSS SSL functions at
http://developer.mozilla.org/En/NSS_reference/NSPR_functions

I generated this list by inspecting the source code of libcurl,
nss_compat_ossl, mod_nss, and the NSS test programs
selfserv, tstclnt, strsclnt, vfyserv, and vfychain.

Note, in particular, that I documented the PR_ImportTCPSocket
function, giving an official blessing to use this function when
you know what you're doing.  Please let me know if I have
explained the caveats adequately without discouraging
people from using this convenient function under the right
circumstances.

Wan-Teh
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: New documentation: NSPR functions required for using NSS

[Kyle Hamilton]

I'm pretty sure there are some things that can be done to put a TCP
socket into a state that's inappropriate for O_NONBLOCK mode, but I
can't think of any off the top of my head.  Is there a reference
somewhere that lists the kinds of things that a programmer needs to
avoid?  If there is, could the documentation page link to it, or
import it?

Thank you very much for documenting this!

-Kyle H

On Mon, Sep 8, 2008 at 4:35 PM, Wan-Teh Chang [EMAIL PROTECTED] wrote:
 As part of the work to include NSS in LSB 4.0, I created a list
 of NSPR functions required for using the NSS SSL functions at
 http://developer.mozilla.org/En/NSS_reference/NSPR_functions

 I generated this list by inspecting the source code of libcurl,
 nss_compat_ossl, mod_nss, and the NSS test programs
 selfserv, tstclnt, strsclnt, vfyserv, and vfychain.

 Note, in particular, that I documented the PR_ImportTCPSocket
 function, giving an official blessing to use this function when
 you know what you're doing.  Please let me know if I have
 explained the caveats adequately without discouraging
 people from using this convenient function under the right
 circumstances.

 Wan-Teh
 ___
 dev-tech-crypto mailing list
 dev-tech-crypto@lists.mozilla.org
 https://lists.mozilla.org/listinfo/dev-tech-crypto

___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: New documentation: NSPR functions required for using NSS

[Wan-Teh Chang]

On Mon, Sep 8, 2008 at 5:14 PM, Kyle Hamilton [EMAIL PROTECTED] wrote:
 I'm pretty sure there are some things that can be done to put a TCP
 socket into a state that's inappropriate for O_NONBLOCK mode, but I
 can't think of any off the top of my head.  Is there a reference
 somewhere that lists the kinds of things that a programmer needs to
 avoid?  If there is, could the documentation page link to it, or
 import it?

I haven't written such a reference.  I don't know anything that
can be done to put a TCP socket into a state that's inappropriate
for O_NONBLOCK off the top of my head either.

Rather than listing the kinds of things that a programmer needs
to avoid, perhaps we can require the caller to return the native
socket to the pristine mode it was created in by the socket()
system call?  This could be overly restrictive because some
modes, such as the close-on-exec flag, won't interfere with
the O_NONBLOCK mode.

Wan-Teh
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: New documentation: NSPR functions required for using NSS

[Kyle Hamilton]

On Mon, Sep 8, 2008 at 5:37 PM, Wan-Teh Chang [EMAIL PROTECTED] wrote:
 On Mon, Sep 8, 2008 at 5:14 PM, Kyle Hamilton [EMAIL PROTECTED] wrote:
 I'm pretty sure there are some things that can be done to put a TCP
 socket into a state that's inappropriate for O_NONBLOCK mode, but I
 can't think of any off the top of my head.  Is there a reference
 somewhere that lists the kinds of things that a programmer needs to
 avoid?  If there is, could the documentation page link to it, or
 import it?

 I haven't written such a reference.  I don't know anything that
 can be done to put a TCP socket into a state that's inappropriate
 for O_NONBLOCK off the top of my head either.

 Rather than listing the kinds of things that a programmer needs
 to avoid, perhaps we can require the caller to return the native
 socket to the pristine mode it was created in by the socket()
 system call?  This could be overly restrictive because some
 modes, such as the close-on-exec flag, won't interfere with
 the O_NONBLOCK mode.

 Wan-Teh

What is the semantic if someone opens the TCP socket in O_NONBLOCK in
the first place?

(Also, I found http://www.faqs.org/faqs/unix-faq/socket/ section 2.9.
It doesn't exactly help all that much in explaining what goes on, but
does PR_ImportTCPSocket's implementation (and thus the entirety of
NSPR) add something to handle SIGIO?  Or is it more of a select() with
a timeout of 0?)

-Kyle H
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto