Re: Cannot wrap an EC key?

Thu, 19 Dec 2024 12:50:15 -0800

Hmm... looking at the PKCS11 soft token nss code  (from hg.mozilla.org/projects/nss) - ANY failure to unwrap a private key gets returned as a CKR_INCOMPLETE_TEMPLATE.
The NSS code for sftk_unwrapPrivateKey is weird.  It starts out with a CKR_ code in a number of places, and if that code is not CKR_OK, returns SECFailure which if that is seen gets translated back into CKR_INCOMPLETE_TEMPLATE regardless of the actual underlying error. 


see pkcs11c.c sftk_unwrapPrivateKey beginning at line 6443 and 
NSC_UnwrapKey at 6739.



I'd make a fix here to have sftk_unwrapPrivateKey return a CK_RV and 
translate the early SECFailure(s) and others along the way into a 
CKR_VENDOR_DEFINED code that maps to the specific error.


Good Luck - Mike




On 12/18/2024 11:11 PM, Wei-Jun Wang wrote:

No, it’s the EncryptedPrivateKeyInfo format and internally the data is PKCS8. I 
can unwrap it with a cipher from SunJCE.

BTW, I made a mistake in my first mail. The config needn’t be sensitive. Then I 
am able to use the key to init a SunJCE cipher.

—Weijun


On Dec 18, 2024, at 22:02, Mike StJohns <mstjo...@comcast.net> wrote:

If I had to make a wild guess, I’d guess that the wrapped key doesn’t include 
the curve info.  If the length of the wrapped data is only 40 bytes, then all 
you have is the x from the private key.  I’m wondering if the algorithm has to 
include the curve info.

Something like “EC/secp256r1”?

If it’s longer than 40 bytes (or 8 plus the length of the private key data for 
a given curve) then something besides the bare private key has been wrapped.

For some unknown reason, the format of the key material being wrapped was not 
specified by PKCS11.

Mike

Sent from my iPad


On Dec 18, 2024, at 19:23, Wei-Jun Wang <weijun.w...@oracle.com> wrote:

Hi, PKCS #11 gurus,

   var sp = KeyPairGenerator.getInstance("EC", 
p).generateKeyPair().getPrivate();
   var k = KeyGenerator.getInstance("AES", p).generateKey();

   var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
   cipher.init(Cipher.WRAP_MODE, k);
   var wrapped = cipher.wrap(sp);
   cipher.init(Cipher.UNWRAP_MODE, k);
   cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);

Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method 
reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.

Thanks,
Weijun


























					Reply via email to