Wrap and unwrap in softoken are not compatibles with its corresponding functions with externals HSMs?

NACHO SAAVEDRA saavedra.nacho at gmail.com
Mon Mar 2 09:04:41 PST 2009 

Hello folks. I'm working with separate encryption programs in PKCS11. For
now I'm working with Solaris 10 for Intel in a virtual machine, i.e., i
don't have hw HSM, I'm working with the softoken or libpkcs11.so version
2.20.

For instance, for the wrap process I did:
1- To generate a key pair RSA, 1024 length. At the generation moment I could
retain or made persistent the pair of keys into the "virtual Sun HSM" throw
an ID # an a label uniques.
2- To generate a key symmetric, (it could be AES 128 length, DES of 64/56 or
3DES 192/168).
3- To wrap the sym key with the Public generated in 1-. Standard: RSA PKCS11
version 1.5.
4- To do a symmetric cryptogram (i.e., symmetric encryption) with the symm
key.
5- I stored in 2 different binary files the wrapped key and the symmetric
cryptogram.
6- I made a routine in order to export the Public Key and store the modulus
in other binary file.

With the three aboved files I try to run the unwrap process in a external
HSM, for instance a java cryptoAPI program or Spyrus component sets with RSA
PKCS11 versión 1.5 and 1024 RSA key pair length. Unfortunatelly in both the
unwrap process fails and the HSM return a block codification problem. I
could not get the original plain text encrypted at "virtual Sun HSM".

The opposite process, i.e., to do the wrap in the external HSMs (java or
Spyrus) and to import their Public Keys (Puk) into the Sun HSM does not work
too. Of course, I have the modulus' Puk and I could insert it into the HSM
building a new Puk with other id # and label; and I have the wrapped key
file and the symmetric cryptogram.
When I do the unwrap the error is 00082 or CKR_OBJECT_HANDLE_INVALID and
this error is shown in the C_GetAttributeValue function. If I ignore it,
then the same error appears at the C_UnwrapKey function. Without sym key the
unwrap process is aborted, i.e., the decrypt symmetric part is not run.

My loop or internal tests work fine: i.e.,
1- Generate a pair of keys RSA (for instance with index 1).
2- Export the Puk.
3- Import the Puk with other index (for instance with index 4).
4- Wrap process with the Puk's index 4 (wrap process: wrap key plus sym
encryption).
5- Unwrap process with the Private or Prk's index 1 (unwrap process: unwrap
key pluys sym decryption).

The only difference of my internal test with the externals are the data, not
the programs.

My question is if the softoken could be tested with external data like the
test I did. I have the same problem with asymmetric encryption and
decryption.

I'm attaching some technical information of interest related with the unwrap
program.

Thanks and regards.

José Ignacio Saavedra Vivas
Voting Solutions
Bogotá - Colombia
=====================
*Attachments:*

Symmetric Key: AES-128.
Symmetric Mechanism for the key to unwrap:
symGenMech.mechanism = CKM_AES_KEY_GEN;
symGenMech.pParameter = NULL_PTR;
symGenMech.ulParameterLen = 0;
symSMech.mechanism = CKM_AES_ECB;
symSMech.ulParameterLen = 16;

Template of the sym key to unwrap:
CK_ATTRIBUTE templateOut[] = {
{CKA_CLASS, &class, sizeof (class) },
{CKA_KEY_TYPE, &keySymType, sizeof (keySymType) },
{CKA_TOKEN, &falsevalue, sizeof (falsevalue) },
{CKA_LABEL, symLabel, sizeof (symLabel) },
{CKA_ENCRYPT, &truevalue, sizeof (truevalue) },
{CKA_DECRYPT, &truevalue, sizeof (truevalue) },
{CKA_WRAP, &truevalue, sizeof(truevalue) },
{CKA_UNWRAP, &truevalue, sizeof(truevalue) },
{CKA_EXTRACTABLE, &truevalue, sizeof(truevalue) }
};

Key Pair: RSA-1024.
Template for the Private Key (Prk) or unwrapping key:
CK_ATTRIBUTE privatekey_template[] = {
{CKA_CLASS, &privateClass, sizeof (privateClass)},
{CKA_ID, id, sizeof (id)},
{CKA_KEY_TYPE, &keyAsymType, sizeof (keyAsymType) },
{CKA_LABEL, prkLabel, sizeof (prkLabel)-1},
{CKA_DECRYPT, &truevalue, sizeof (truevalue)},
{CKA_UNWRAP, &truevalue, sizeof (truevalue)},
{CKA_SIGN, &truevalue, sizeof (truevalue)},
{CKA_TOKEN, &truevalue, sizeof (truevalue)},
{CKA_PRIVATE, &falsevalue, sizeof (falsevalue)},
{CKA_MODIFIABLE, &falsevalue, sizeof (falsevalue)},
{CKA_SENSITIVE, &truevalue, sizeof (truevalue)},
{CKA_EXTRACTABLE, &truevalue, sizeof (truevalue)},
{CKA_APPLICATION, &application, sizeof (application)-1}
};

Mechanisms for the Private keys:
genmech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
genmech.pParameter = NULL_PTR;
genmech.ulParameterLen = 0;

smech.mechanism = CKM_RSA_PKCS;
smech.pParameter = NULL_PTR;
smech.ulParameterLen = 0;

Functions: Unwrap key:
rv = C_UnwrapKey(hSession, &smech, hUnwrappingKey, wrappedKey,
wrappedKeySize, templateOut, sizeof (templateOut) / sizeof (CK_ATTRIBUTE),
&hKeyOut);

Attributes to show of the sym key once is unwrapped (it works with my
internal data, not with externals, in this case the attributes are empty):
CK_ATTRIBUTE getsymattributes[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_KEY_TYPE, NULL_PTR, 0},
{CKA_VALUE_LEN, NULL_PTR, 0},
{CKA_WRAP, NULL_PTR, 0},
{CKA_UNWRAP, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
The following instruction is the first fail with the external HSM's
interchange:
rv = C_GetAttributeValue(hSession, hKeyOut, getsymattributes,
template_size);

Decryption process once the sym key was get it:
/* Initialize the decryption operation in the session */
rv = C_DecryptInit(hSession, &symSMech, hKeyOut);
if (rv != CKR_OK) {
fprintf(stderr, "C_DecryptInit: rv = 0x%.8X\n", rv);
error = 1;
goto exit_program;
}
/* Decrypt the entire ciphertext string */
decrypttext_len = sizeof (decrypttext);
rv = C_Decrypt(hSession, (CK_BYTE_PTR)cipherText, cipherTextSize,
decrypttext, &decrypttext_len);
if (rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8X\n", rv);
error = 1;
goto exit_session;
}

OUTPUTS AT SCREEN - RUN #1:
BEGIN TEST WITH INTERNAL DATA-IT WORKS!

^C# sh unwrapAll.sh
unwrapAll.c: In function `main':
unwrapAll.c:28: warning: return type of 'main' is not `int'
slotCount = 1
selected slot: 0
sessionInfo2= 0x00000002
CKS_RW_PUBLIC_SESSION
CKF_SERIAL_SESSION | CKF_RW_SESSION
C_GetAttributeValue: rv = 0x00000012

Attributes Private Key:
Class: 03000000
keyAsymType: 00000000
ObjectLabel: RSA private GCSun for middle-ware
PrkExclusive: 01
Object ID: 01
k antes=1

Go...k=1
La longitud de wrappedKey es=128
El valor de wrappedKey es
0=74 1=-16 2=44 3=-29 4=-74 5=-8 6=-37 7=25 8=91 9=-11610=82 11=89 12=-80
13=-44 14=14 15=26 16=-11 17=39 18=-40 19=-3 20=88 21=14 22=-38 23=-80
24=-77 25=-104 26=-22 27=-107 28=-118 29=-5230=38 31=-121 32=126 33=127
34=-56 35=37 36=9 37=-35 38=90 39=-1140=87 41=-1 42=81 43=-8 44=-26 45=-2
46=27 47=-67 48=74 49=71 50=3 51=96 52=41 53=-76 54=64 55=83 56=-94 57=40
58=-119 59=-1260=100 61=-65 62=93 63=87 64=73 65=31 66=-113 67=40 68=42
69=12170=-12 71=-5 72=123 73=53 74=-107 75=-17 76=-101 77=-41 78=-101
79=10880=-35 81=-102 82=-23 83=-16 84=117 85=83 86=115 87=-40 88=66
89=-1290=0 91=-7 92=-118 93=91 94=-113 95=83 96=-127 97=-41 98=98 99=99
100=73 101=9 102=-80 103=48 104=102 105=-126 106=127 107=95 108=10109=76
110=-34 111=33 112=97 113=42 114=-70 115=23 116=21 117=56 118=12119=-125
120=-84 121=126 122=-42 123=110 124=-58 125=96 126=64 127=-59
Attributes Wrapped Key:
Class: 04000000
keySymType: 1f000000
Length of Key: 10000000
Wrap Attribute: 01
Unwrap Attribute: 01
Value raw of key: 162-232-85-82-92-135-138-47-197-103-79-23-131-239-63-196-

Key was successfully unwrapped with private key!
slotCount = 1
selected slot: 0


16 bytes decrypted!!!

The value of the decryption is:
¡Hello my world!
Done!!!
==================================================================
RUN #2: BEGIN TEST WITH EXTERNAL HSM - DOES NOT WORK

slotCount = 1
selected slot: 0
sessionInfo2= 0x00000002
CKS_RW_PUBLIC_SESSION
CKF_SERIAL_SESSION | CKF_RW_SESSION
C_GetAttributeValue: rv = 0x00000012

Attributes Private Key:
Class: 03000000
keyAsymType: 00000000
ObjectLabel: RSA private GCSun for middle-ware
PrkExclusive: 01
Object ID: 01
k antes=1

Go...k=1
La longitud de wrappedKey es=128
El valor de wrappedKey es
C_GetAttributeValue-1: rv = 0x00000082
C_UnwrapKey: rv = 0x00000082
0=102 1=-12 2=-97 3=60 4=-35 5=-113 6=-34 7=-29 8=87 9=47 10=-23 11=43
12=-127 13=-78 14=-14 15=-26 16=68 17=108 18=-62 19=56 20=-24 21=33 22=-27
23=2 24=11 25=-121 26=32 27=90 28=109 29=-1830=74 31=-113 32=-24 33=-48
34=115 35=50 36=-105 37=62 38=3 39=74 40=-36 41=-117 42=-22 43=-47 44=121
45=90 46=-59 47=39 48=-44 49=-4250=104 51=-80 52=54 53=116 54=114 55=19
56=17 57=-125 58=43 59=-6660=36 61=54 62=-11 63=44 64=-37 65=32 66=-105
67=59 68=-56 69=-1270=-53 71=121 72=-113 73=53 74=-89 75=-67 76=-73 77=12
78=-50 79=13 80=-92 81=-38 82=-98 83=-100 84=-40 85=-13 86=-126 87=-83 88=42
89=9 90=-125 91=42 92=-20 93=55 94=-20 95=-65 96=119 97=21 98=16
99=-12100=42 101=-119 102=-13 103=62 104=-50 105=88 106=-31 107=-95
108=-2109=26 110=-48 111=122 112=53 113=84 114=9 115=-88 116=68 117=49
118=-8119=-58 120=-62 121=-113 122=-88 123=114 124=18 125=101 126=104
127=-1slotCount = 1
selected slot: 0
sessionInfo2= 0x00000002
CKS_RW_PUBLIC_SESSION
CKF_SERIAL_SESSION | CKF_RW_SESSION
C_GetAttributeValue: rv = 0x00000012

Attributes Private Key:
Class: 03000000
keyAsymType: 00000000
ObjectLabel: RSA private GCSun for middle-ware
PrkExclusive: 01
Object ID: 01
k antes=1

Go...k=1
La longitud de wrappedKey es=128
El valor de wrappedKey es
C_GetAttributeValue-1: rv = 0x00000082
C_UnwrapKey: rv = 0x00000082
0=25 1=106 2=42 3=-47 4=88 5=70 6=37 7=-81 8=-81 9=-26 10=-24 11=-35 12=49
13=121 14=75 15=-59 16=-75 17=86 18=47 19=-7520=-67 21=115 22=67 23=-44
24=24 25=17 26=-51 27=19 28=-72 29=44 30=42 31=66 32=-54 33=-59 34=76 35=-66
36=72 37=83 38=103 39=56 40=109 41=119 42=28 43=120 44=-16 45=26 46=-12
47=104 48=-27 49=92 50=-71 51=47 52=110 53=34 54=66 55=47 56=115 57=-90
58=65 59=61 60=118 61=47 62=53 63=-17 64=-41 65=-105 66=-4 67=-9 68=12 69=86
70=91 71=51 72=42 73=-11 74=37 75=12 76=-116 77=-45 78=27 79=26 80=43 81=35
82=11 83=-98 84=98 85=-1 86=-125 87=-101 88=39 89=-4690=-111 91=-23 92=60
93=1 94=-38 95=64 96=65 97=-32 98=113 99=-20100=-59 101=7 102=-40 103=81
104=65 105=68 106=-5 107=-31 108=-6 109=-8110=76 111=-16 112=110 113=-15
114=-63 115=-52 116=118 117=85 118=-4 119=67120=81 121=45 122=12 123=-17
124=-23 125=-91 126=-37 127=-59 ^C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090302/939f6c7c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Wrap_and_unwrap_in_softoken_are_no_compatibles_with_external_HSMs_.rtf
Type: application/rtf
Size: 15578 bytes
Desc: not available
URL: <http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090302/939f6c7c/attachment.rtf>

More information about the crypto-discuss mailing list