pkcs11-tool -t: Key unwrap testing fails

[carblue]

Problem Description

There are still errors with pkcs11-tool -t (see output below)

1. The "fix pkcs11-tool: broken encryption/decryption #1786" by commit 25bc8fc was incomplete, in that now (for me) there is a total match within the first 10 bytes of Original/Decrypted but the length differ and thus result in error(s) (see output below in the end) UpdateEdit: False alarm, it's no OpenSC issue, but my own bug issue

2. "Key unwrap" testing seems to be not fully implemented in OpenSC. With the following (incomplete) patch I succeed to at least get a call to card's sc_card_operations:unwrap function, otherwise that would never be called:

Proposed Resolution

For encryption/decryption: nothing supplied.
For unwrap maybe something similar to:

user@host:~/workspace/libopensc/C/contribute_opensc/OpenSC-1$ diff -u src/tools/pkcs11-tool.c_orig src/tools/pkcs11-tool.c                                              
--- src/tools/pkcs11-tool.c_orig        2019-09-16 17:45:14.000000000 +0200
+++ src/tools/pkcs11-tool.c     2019-09-17 13:14:11.564117967 +0200
@@ -5383,9 +5383,17 @@
        unsigned char   iv[32], ciphered[1024], cleartext[1024];
        int             ciphered_len, cleartext_len, len;
        CK_MECHANISM    mech;
-       CK_ULONG        key_type = CKM_DES_CBC;
+       CK_ULONG        key_type = CKK_DES;//CKM_DES_CBC;
        CK_ULONG key_len_ul;
-       CK_ATTRIBUTE    key_template = { CKA_KEY_TYPE, &key_type, sizeof(key_type) };
+       CK_BBOOL false = FALSE;
+       CK_OBJECT_CLASS  class = CKO_SECRET_KEY;
+       CK_BYTE id = 0xFF; // this is not suitable generally to be a fixed id ?
+       CK_ATTRIBUTE    key_template[4] = {
+               { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
+               { CKA_TOKEN, &false, sizeof(false) }, /* session only object */
+               { CKA_CLASS, &class, sizeof(class) },
+               { CKA_ID,    &id, sizeof(id) }
+       };
 
        pkey = get_public_key(session, privKeyObject);
        if (pkey == NULL)
@@ -5426,7 +5434,7 @@
        mech.mechanism = CKM_RSA_PKCS;
        rv = p11->C_UnwrapKey(session, &mech, privKeyObject,
                        key, key_len,
-                       &key_template, 1,
+                       key_template, 4,
                        &cipherKeyObject);
 
        /* mechanism not implemented, don't test */
user@host:~/workspace/libopensc/C/contribute_opensc/OpenSC-1$

I'm not yet familiar with this topic and thus also did this terrible hack just in order to get a call to card's sc_card_operations:unwrap function:
user@host:~/workspace/libopensc/C/contribute_opensc/OpenSC-1$ diff -u src/libopensc/pkcs15-sec.c_orig src/libopensc/pkcs15-sec.c
--- src/libopensc/pkcs15-sec.c_orig     2019-07-30 08:23:45.000000000 +0200
+++ src/libopensc/pkcs15-sec.c  2019-09-17 13:47:12.478101887 +0200
@@ -367,7 +367,7 @@
        sc_security_env_t senv;
        const struct sc_pkcs15_prkey_info *src_prkey = (const struct sc_pkcs15_prkey_info *) key->data;
        const struct sc_pkcs15_skey_info *src_skey = (const struct sc_pkcs15_skey_info *) key->data;
-       const struct sc_pkcs15_skey_info *tkey = (const struct sc_pkcs15_skey_info *) target_key->data;
+       /*const*/ struct sc_pkcs15_skey_info *tkey = (/*const*/ struct sc_pkcs15_skey_info *) target_key->data;
        unsigned long pad_flags = 0, sec_flags = 0;
        u8 *out = 0;
        size_t poutlen = 0;
@@ -394,6 +394,11 @@
        memset(&path, 0, sizeof(sc_path_t));
        memset(&target_file_id, 0, sizeof(sc_path_t));
 
+       tkey->path.type = SC_PATH_TYPE_FILE_ID;
+       tkey->path.len =  2;
+       tkey->path.value[0] = 0x41;
+       tkey->path.value[1] = 2;
+
        if (!tkey->path.len && tkey->path.aid.len) {
                /* Target key is a SDO allocated in application DF */
                target_file_id = tkey->path;
user@host:~/workspace/libopensc/C/contribute_opensc/OpenSC-1$ 

Steps to reproduce

Mark keyusage (PKCS#15) of an RSA key as decrypt, unwrap and invoke
pkcs11-tool -t -l

Logs

Some comments referring to environment: Kubuntu 18.04.3 LTS,
OpenSC installed from source code github master, Latest commit d4a97c6
Card is an ACOS5-64 with my external driver from https://github.com/carblue/acos5_64, but card/driver don't seem to matter here.
The keys 0 and 1 intentionally are "deactivated" via keyusage for this test. (The (internal) "sign-only" capability of those keys would raise errors otherwise with non-sha1/non-sha256 sign/verify tests due to ACOS5-64 shortcomings).
Driver's init function, among others, sets:
card->caps |=  SC_CARD_CAP_WRAP_KEY | SC_CARD_CAP_UNWRAP_KEY;
rsa_algo_flags = SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_PAD_PKCS1;
The implemented card function for sc_card_operations:unwrap  never get's called (without patches) !


user@host:~$ pkcs11-tool -t -l -p 12345678 
Using slot 0 with a present token (0x0)
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
  testing key 0 (CAroot)  -- can't be used for signature, skipping
  testing key 1 (CAinter)  -- can't be used for signature, skipping
  testing key 2 (posteo) 
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
    SHA256-RSA-PKCS: OK
  testing key 1 (4096 bits, label=CAinter) with 1 signature mechanism -- can't be used to sign/verify, skipping
  testing key 2 (4095 bits, label=posteo) with 1 signature mechanism
    RSA-PKCS: OK
  testing key 3 (4096 bits, label=arcor) with 1 signature mechanism
    RSA-PKCS: OK
  testing key 4 (1024 bits, label=dummy) with 1 signature mechanism
    RSA-PKCS: OK
Verify (currently only for RSA)
  testing key 0 (CAroot) -- can't be used to sign/verify, skipping
  testing key 1 (CAinter) with 1 mechanism -- can't be used to sign/verify, skipping
  testing key 2 (posteo) with 1 mechanism
    RSA-PKCS: OK
  testing key 3 (arcor) with 1 mechanism
    RSA-PKCS: OK
  testing key 4 (dummy) with 1 mechanism
    RSA-PKCS: OK
Key unwrap (currently only for RSA)
  testing key 0 (CAroot)  -- can't be used to unwrap, skipping
  testing key 1 (CAinter)  -- can't be used to unwrap, skipping
  testing key 2 (posteo)  -- can't be used to unwrap, skipping
  testing key 3 (arcor)  -- can't be used to unwrap, skipping
  testing key 4 (dummy) 
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
    DES-CBC:     DES-EDE3-CBC:     BF-CBC:     CAST5-CFB: Decryption (currently only for RSA)
  testing key 0 (CAroot)  -- can't be used to decrypt, skipping
  testing key 1 (CAinter)  -- can't be used to decrypt, skipping
  testing key 2 (posteo) 
    RSA-PKCS: resulting cleartext doesn't match input
    Original: 00 ac 86 21 2b aa 1a 55 a2 be
    Decrypted: 00 ac 86 21 2b aa 1a 55 a2 be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
  testing key 3 (arcor) 
    RSA-PKCS: resulting cleartext doesn't match input
    Original: 00 f7 ed de 13 ef e5 20 c7 e2
    Decrypted: 00 f7 ed de 13 ef e5 20 c7 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
  testing key 4 (dummy) 
    RSA-PKCS: resulting cleartext doesn't match input
    Original: 00 3a 84 14 3b 43 bf 2a 01 d0
    Decrypted: 00 3a 84 14 3b 43 bf 2a 01 d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
7 errors


With my patches applied, I get the desired call(s) to acos5_64_unwrap, but probably due it's incomplete/incorrect implementation (it does return rv which is >0) ?, now still other errors from pkcs11-tool -t :
Key unwrap (currently only for RSA)
  testing key 0 (CAroot)  -- can't be used to unwrap, skipping
  testing key 1 (CAinter)  -- can't be used to unwrap, skipping
  testing key 2 (posteo)  -- can't be used to unwrap, skipping
  testing key 3 (arcor)  -- can't be used to unwrap, skipping
  testing key 4 (dummy) 
Key length mismatch (0 != 8)
Key length mismatch (0 != 24)
Key length mismatch (0 != 16)
Key length mismatch (0 != 16)
    DES-CBC:     DES-EDE3-CBC:     BF-CBC:     CAST5-CFB:

[popovec]

similar result - MyEID driver, OsEID simulated card, opensc from git d4a97c6

$ pkcs11-tool --login --test --pin xxxxxxxx
Using slot 0 with a present token (0x0)
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
  testing key 0 (gen_rsa_1024)
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-X-509: OK
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
Verify (currently only for RSA)
  testing key 0 (gen_rsa_1024)
    RSA-X-509: OK
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
Key unwrap (currently only for RSA)
  testing key 0 (gen_rsa_1024)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
  ERR: C_UnwrapKey failed: CKR_TEMPLATE_INCOMPLETE (0xd0)
    DES-CBC:     DES-EDE3-CBC:     BF-CBC:     CAST5-CFB: Decryption (currently only for RSA)
  testing key 0 (gen_rsa_1024)
    RSA-X-509: OK
    RSA-PKCS: OK
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
 -- mechanism can't be used to decrypt, skipping
4 errors

With patch from above:

Key unwrap (currently only for RSA)
  testing key 0 (gen_rsa_1024)
  ERR: C_UnwrapKey failed: CKR_GENERAL_ERROR (0x5)
  ERR: C_UnwrapKey failed: CKR_GENERAL_ERROR (0x5)
  ERR: C_UnwrapKey failed: CKR_GENERAL_ERROR (0x5)
  ERR: C_UnwrapKey failed: CKR_GENERAL_ERROR (0x5)

[carblue]

I have to correct myself:

1. testing Decryption with pkcs11-tool --login --test is okay for me now: The issue was a bug in my driver's return value of acos5_64_decipher. Sorry for the false alarm. @popovec Thanks for Your test !
2. "Key unwrap" testing still fails.

[dengert]

Looks like for DES or AES (and may be others) you may need to add CKA_VALUE_LEN to the template.

http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html

2.8.4 AES-ECB

"For unwrapping, the mechanism decrypts the wrapped key, and truncates the result according to the CKA_KEY_TYPE attribute of the template and, if it has one, and the key type supports it, the CKA_VALUE_LEN attribute of the template."

It gets messy.

[carblue]

@dengert
Thank You very much for pointing me to the oasis section and in general for Your help, but it didn't solve the issue.
@frankmorgner
Currently I think there is a design flaw with sc_card_operations:unwrap. I always wondered, how the function's prototype int (*unwrap)(struct sc_card *card, const u8 *crgram, size_t crgram_len); shall communicate it's unwrapping result to the outside world. Only 'card' and 'int return value' are able to but not suitable. Another hint for my judgement is function src/libopensc/sec.c:sc_unwrap : It has an "unconnected/unused" parameter u8 * out and calls card->ops->unwrap

The missing of parameters "u8 * out, size_t outlen" in function unwrap makes sense to me only, if it's supposed to write it's result to a somehow known or fixed location itself.
So I could try to and would probably succeed to write the unwrap result to the location, where the receiving key object (of template above) sits in slot's object list - thereby fixing errors of the specialized case of pkcs11-tool --test , but that wouldn't be a general solution.

So the "Logs"/pkcs11-tool errors "Key length mismatch (0 !=..." are to be expected as acos5_64_unwrap currently doesn't write anything anywhere (because unknown where to write to).

[dengert]

There may be some issues. These may have resulted from what does a card can do with an unwrapped key. Does it return the results or does it unwrap the key and leave it on the card to be used on the card at a leter time.

PKCS#11 support this as a derive or unwrap requires a template and a key object is created which may or may not be a key on the card or in memory. pkcs11-tool.c can do either.

But pkcs11/mechanisum.c says:

910         /*
 911          *  TODO: does it make sense to support unwrapping to an in memory key object?
 912          *  This implementation assumes that the key should be unwrapped into a
 913          *  key object on card, regardless whether CKA_TOKEN = FALSE
 914          *  CKA_TOKEN = FALSE is considered an on card session object.
 915          */
 916 
 917         rv = operation->type->unwrap(operation, unwrappingKey,
 918                         pWrappedKey, ulWrappedKeyLen,
 919                         targetKey);

In response to the question in line 911, I would say YES as many can only return the key value.

So the ability to return in software the key value is not supported. It is also not clear if the key is unwrapped and left on the card how is it identified by PKCS#11.

[popovec]

just some comments to unwrap operation..

From card view, PSO operation:

00 2a 80 84/86 Lc DATA Le
00 2a 00 84/86 Lc DATA

P1 - 00 - the response data field is absent
P1 - 80 - return decrypted data
(source, MyEID reference manual 2.3.0)

For Unwrap, both APDU seems to be identical, because security environment is used to set where the unwrapped key is to be stored... CT template Tag 0x83, Len 2, V - file reference. (alt, tag 0x84, more in table 33 in iso7816-4).

example APDU for MSE: (generated by test software for MyEID card from https://github.com/hhonkanen/WrapTest operation UNWRAP AES key by RSA key)

00 22 41 B8 0B 80 01 0A 81 02 4B 01 83 02 4D 01

[carblue]

For card ACOS5-64, storing a sym. key on card from an unwrap result (or any other source) is possible, e.g. for PSO to iEF Symmetric File (file->type==SC_FILE_TYPE_INTERNAL_EF, file->ef_structure==SC_FILE_EF_LINEAR_VARIABLE).
iEF Symmetric File's file id is implicitly known by cos depending on selected application DF.
It's characteristic:
"Contains symmetric key records with the Key valid bit, Key identifier, Key type, Key Information, Algorithm reference, and the Key. The symmetric keys are typically, used by symmetric-key algorithms such as DES, 3DES (128 and 192 bit) and AES (128, 192 and 256 bit) for External Authentication, Internal Authentication and Mutual Authentication. A DF or MF shall contain only one Symmetric Key File. The access right is recommended to be READ==NEVER."

From the above follows, that an unwrapped key length of {UpdateEdit: 16 or} 24 bytes would be ambiguous to deduce an Algorithm reference from (3DES or AES?), and that some key identifying information still would be needed from unwrap parameters (or must be immutably fixed by acos5_64_unwrap; something like record # or 1 byte Key identifier which will be used as key_reference). The options of Key type/Information (External Authentication Error Counter or Internal Authentication Usage Counter) are supposed to not be fed in by an unwrap parameter.

Storing a sym. key on card with ACOS5-64 is done via SC_AC_OP_UPDATE's requirement satisfied for iEF Symmetric File and ordinary sc_update_record or sc_write_record, with special indexing, beginning from 1 and flag SC_RECORD_BY_REC_NR; no sc_set_security_env required.

[frankmorgner]

I'm not sure if we can resolve all the issues mentioned here soon... It seems that pkcs11-tool's tests for wrapping/unwrapping don't seem to be suitable for every type of card/OS, but it's unclear whether that's a limitation of the original code or whether this is a regression that should work. So far all the proposed fixes are looking at pkcs11-tool rather than the core code of OpenSC.

I suspect the mentioned issues don't affect the regular user's experience and the intended workflow, suggested in https://github.com/OpenSC/OpenSC/pull/1393/files. @hhonkanen could you look at the release candidate to check if at least your use cases are OK? If so, I'd like to postpone the fixing for the next release.

[carblue]

PKCS#11 wrapping/unwrapping - I suspect - doesn't work for any type of card/OS in a general way, currently, because nobody can write a PKCS#11 application that refers to an unwrapped key on an arbitrary card. With the current design of unwrap, each card is supposed to do some arbitrary on-card-storage or nothing. PKCS#11 can never refer to an unwrapped key again in a general way and this also is by design untestable, except tailored to what a specific card does and e.g. pkcs11-tool.c knows that specific card's unwrap circumstances.
As Doug Engert analyzed above (and I fully agree with him), "the ability to return in software the key value (my/carblue addition: as in memory key object/CKA_TOKEN==FALSE) is not supported", but this seems to be required to make feasible the general PKCS#11 usage of unwrap.
And I stress D.E.'s last sentence: " It is also not clear - if the key is unwrapped and left on the card - how is it identified by PKCS#11."

@frankmorgner If You refer to my patches as proposed fixes: The first one could be part of fixing but NOT the second one: That was just the dirty hack to make the framework (core code of OpenSC) think there is an on-card-unwrap-target in order to continue processing; otherwise it would have stopped (as shown in popovec's output with ERR: C_UnwrapKey failed: CKR_GENERAL_ERROR) and never called card's unwrap function.

[hhonkanen]

I wrote the wrap/unwrap implementation, so let me explain how it is designed and how it works. There was discussion pn should we allow returning key material in sc_card_operations:unwrap, and I finally decided to not add an output buffer to the argument list.

The reason is that if you want to decrypt wrapped key material and return the unwrapped key material to caller, you could as well just use C_Decrypt to do this. A reason to specifically use C_UnwrapKey in PKCS#11 would be to unwrap the key material inside a hardware token (a HSM or a smart card), and not reveal the key as plain text outside the token during the operation. In these use cases it is often essential to know and trust that the unwrapped key never leaves the protected hardware. So not even having an output buffer kind of guarantees that the operation is done inside the token and the key stays there securely.

In PKCS#11 level it works so, that C_UnwrapKey first creates the target object. Calls lead to pkcs15_create_secret key in framework_pkcs15.c. This function calls pkcs15init to create the secret key object on card. pkcs15init also creates the pkcs#15 structures for the object. A handle to this object is returned to pkcs11 level, and it is passed to function sc_pkcs15_unwrap, which can pass it to the card driver using sc_set_security_env. The driver should command the card to do the unwrap operation and place the resulting data into the new key object. The handle to this key object is returned to the caller in the last argument of C_UnwrapKey. From that point it is just another PKCS#11 key object. The implementation is designed to be generic for any card that can unwrap keys directly into an object on card.

If support for cards that cannot unwrap keys fully on harware shall be added (I mean, you'd need to decrypt the key, read the result from card, create a new key object and write the key material to the card), I suggest that the logic would be implemented into sc_pkcs15_unwrap so that driver's unwrap function wouldn't be called at all. You could use decrypt() function. But this would be kind of similar to extracting a private RSA key from card and doing the crypto operation on software - why would you want to do that? My idea of flags SC_CARD_CAP_WRAP_KEY and SC_CARD_CAP_UNWRAP_KEY is that they indicate, that a card can do key warpping/unwrapping fully on card.

I have created a little test program to test the wrap and unwrap operations using PKCS#11. You can find it here: https://github.com/hhonkanen/WrapTest.

I am familiar with the issue with pkcs11-tool -t. The current implementation assumes that the key material can be extracted from the card, then it tries to do crypto with this using openssl. I had plans to make it compliant with the new wrap/unwrap code, but unfortunately haven't had time to do it. @carblue your changes to pkcs11-tool to add more information to the target key template look ok, but testing the resulting key if it has CKA_EXTRACTABLE=FALSE is more complicated. Temporary solution would be to just check for CKA_EXTRACTABLE and skip that test in this case. I don't see need for changes in pkcs15-sec in setting target key path, because the path of the target object should come from framework-pkcs15.

[popovec]

I'll try to summarize it if I understand it well ..

For now, pkcs11-tool -t -l always fails on unwrap operation because design of this test is wrong
(this unwrap test should be disabled in 0.20 release). In future releases this code must be reworked:

1. pkcs11: search RSA key on card, extract public key
2. openssl: generate AES key
3. openssl: encipher AES key by public RSA key
4. pkcs11: install AES key by unwrap operation
5. openssl: encipher random data by AES key
6. pkcs11: decipher this by unwrapped AES key
7. if data from decipher operation matches the initial random data, unwrap operation is OK

[carblue]

@hhonkanen Hello Hannu, thank You for Your detailed explanation how unwrap is designed and how it works, the pointer to the test program and of course for Your implementation. It will take time to follow the flow of control, test etc. and possibly comment. Obviously I missed/overlooked any feedback from unwrap operation to PKCS#11.

What I can say upfront: I agree with Your reasoning in Your first 2 sentences, i.a. "essential to know and trust that the unwrapped key never leaves the protected hardware". But for the same reason, the unwrapped key should then never be extractable, but that extractability is currently assumed in the pkcs11-tool unwrap testing.
With card ACOS5-64, I have the choice where to store-on-card the unwrap result: In some ordinary (data) file which might be extractable, or preferably to the one-per-appDF-existing-only file that is designed to hold sym. keys and Perform Sec. Operations on-card with. The latter one is record-based with acos and for security reasons never allowed to be read (by file access rights and keyAccess, CKA_EXTRACTABLE=FALSE), thus all keys there including a new one from an unwrap operation are subject to on-card/hw encrypt/decrypt, but not by openssl from extracted key.

The "Temporary solution would be to just check for CKA_EXTRACTABLE" currently is impossible to practice for me with my card/card content? (see issue #1805 "pkcs11-tool -l -O -y secrkey: Secret sym. key listing fails"): None of my sym. keys get's recognized as such, nor it's correct extractability attribute.
Thus from the view of my card I currently recommend to temporarily disable pkcs11-tool Key Unwrap testing.

[frankmorgner]

It's great to see this commitment and I am sure we can refine the status quo soon. So far, nobody linked this problem to a certain commit that introduces the problem, so I assume the main problem is that the new feature of key wrapping is not (yet) as universal as it could be. For the upcoming release, I think we should postpone this issue, however, and follow the suggestion to disable the tests temporarily.

[dengert]

In response to: #1796 (comment)
"With the current design of unwrap, each card is supposed to do some arbitrary on-card-storage or nothing." That is true for the card driver layer, but this does not have to be true for the PKCS#11 layer. The storage may be in memory.

The PKCS#11 CKM_ECDH is very similar to an unwrap. A crypto operation accepts a blob of data
(i.e. wrapped key or the ECDH public key of the other party) and returns a handle to a secret key.
The handle may point to the key on the card or the key stored in memory. I bring this up as the card
I am most interested in (PIV) can only do RAW RSA, ECDSA or ECDH on the card. The results are always returned by the PIV driver. No derived or unwrapped key is stored on the card.
The original ECDH support in OpenSC was added to support the PIV ECDH.

I had also said: "It is also not clear - if the key is unwrapped and left on the card - how is it
identified by PKCS#11." I would like to changed that to say two possible ways to address this:

The mechanism/CKF_HW flag could be used to indicate the unwrap is done on the card with the key stored on the card and the unwrapped key must be on the card. This should be set
If a card enforces unwrap to be done on the card and will not allow key to be read. It should never be set if the key is in memory or the key can be extracted. The caller is trusting the middleware and card to enforce any mechanism/CKF_HW flag. A driver could set a card->caps flag to say it supports this.

It may be possible for a calling application that does not require CKF_HW to request where it would like the unwrapped/derive key to be stored. It can do this by trial and error by requesting
different flags in the template. CKA_TOKEN=TRUE requests a token object. CKA_TOKEN==FALSE requests a session object. (This is a little vague, as you could have a key on the card that is erased on reset or power down/up.) Combined with other attributes CKA_EXTRACTABLE, CKA_SENSITIVE and others it should be possible to tell PKCS#11 where the caller wants the key stored and OpenSC checks if the combination is possible.

So on some cards it may be possible to only unwrap a key and leave it on the card. On others
like the PIV, it is only possible to unwrap and leave the key in memory. I thing OpenSC should support both and set the mechanism/CKF_HW and other attributes based on the card capabilities.

[hhonkanen]

I wonder how the unwrap test in pkcs11-tool could have ever worked in OpenSC, because C_UnwrapKey wasn't supported before 2017, but the test was already there. Maybe somebody originally wrote it to test some other pkcs#11 library? I don't understand either, how it could work with the incomplete target key template. The workflow proposed by @popovec would be good to begin with.

I agree that it would be a good feature to also support unwrapping keys to memory, as long as users are able to distinguish whether the key leaves the token or not. @dengert your idea of using CKF_HW flag sounds good.

The current three phase implementation of unwrap is fine with MyEID: The empty key object is first created on card and pkcs#15 structure is updated, the new key object is set as target key in MSE and unwrapping is finally executed using a PSO command. In other cards the workflow might be a bit different, the card might for example create the target key object in the unwrap command. I'm not familiar with ohter implementations but I believe this kind of workflow could also be supported without significant changes to OpenSC core.

[frankmorgner]

See #1808 for the suggested temporary workaround

[popovec]

@dengert I am not sure what you mean " On others like the PIV, it is only possible to unwrap and leave the key in memory. " What is memory ? memory in middleware or card memory (RAM - session object or EEPROM/FLASH - token object)?

If PIV card is able to unwrap key into card (for now it is irrelevant, if it is session object or token object), this is real unwrap. If key is returned to middleware this is only decipher operation.

If card does not have support for real unwrap, there is of course way to implement this in middleware .. we can run decipher and result can be stored back into card as token object .. but this is security issue.

[dengert]

I meant memory in middleware. The card only supports RSA RAW (CKM_RSA_X_509), ECDSA and ECDH.

So all RSA operations to card send k bytes to the card and receive k bytes in return. All padding is handled in software. "If key is returned to middleware this is only decipher operation." Is correct. Padding is checked and removed by the middleware.

Having C_UnWrap support the operation and return a CKO_SECRET_KEY object as a session object makes it easier for the calling PKCS#11 application. For example C_Encrypt using an AES key could be used with the CKO_SECRET_KEY on a card or from the key in memory. An in memory key could also be extractable requesting CKA_VALUE.

With the PIV and many cards, an unwrapped key can not be written to the card. (Actually the PIV standards leave it up to card vendors on how to write 3DES or AES key used for card management authentication. The vendor can chose to not support a 9B key and do card management authentication in other ways. PIVkey for example do not support a 9B key.

[popovec]

Real world example: pay TV .. AES key wrapped by RSA is received by smartcard, card does unwrap, and then AES key is used to decipher pay TV content .. User is not allowed to extract AES key from card. User is not allowed to decipher the AES key (RSA key can do only unwrap to card - token object, there is no decipher operation allowed).

Implementing "software" unwrap in opensc is wrong, some user may have feel, that unwrapped key is safe - but no, this in no safe key.

BTW, security of RSA private operation is reduced, if card return whole deciphered data with padding - better is if card does padding removal and in case of wrong padding only error in SW is returned. Similar, RSA sign operation - card should check for proper padding of signed data and revoke sign if data are not properly padded - or card may add padding automatically.

[dengert]

Not all cards should be used in some senerios. In your TV example, the cable/pay-per-view/content-owner is interested in not exposing the AES key to the consumer. They control your TV and the card/token within it. They are only interested is showing the TV content to the user. They control your TV. I would not expect to see a PIV type card used in this case.

A PIV was designed as a badge for physical access, logical access: login, web authentication, signatures and data encryption with escrow keys. NIST could have come up with a card that did more on the card, but they did not. They kept it simple and only support RAW RSA and two elliptical curves. I don't have a specific example of doing unwrap with PIV at this time. But I bet there may be one.

There is an argument to be made over what OpenSC should support. What I hear you saying is C_Unwrap should only be supported if it is done on the card and not extractable. We already support software padding and C_Verify if OpenSSL is enabled to make PKCS#11 easier to use with every card.

The security resides on the card. So select a card that meets your security requirements. I think that means opensc should support access to some functions even if done in software.

See the comment about using CKF_HW above.

[popovec]

Exposing secret key (AES) to middleware is security risk, this is not comparable to software padding function.

But OK, pkcs11-tool does not have support for unwrap operation, in future release this support can be added. If this tool detect that card does not have support for "hardware" unwrap, this tool then must reject unwrap operation. To allow unwrap in software, special switch (--soft-unwrap-force) may be used, with special phrase "--yes-i-know-what-i-am-doing" or "--please-expose-my-secret-to-world"... (similar switches are used in hdparm software, to prevent users from dangerous commands).

[dengert]

Something like that is OK for now. The CKF_HW needs to be implemented.

[carblue]

While continuing to try to test "Key Unwrap" in pkcs11-tool, I'm stuck now:

I have an operational implementation for RSA_WRAPPED_AES_KEY with template entries for receiving sym. key: CKA_TOKEN=TRUE and CKA_EXTRACTABLE=FALSE.
Hannu Honkanen's https://github.com/hhonkanen/WrapTest reports success.
A testing code branch for CKA_EXTRACTABLE=FALSE - replacing openssl 'decrypt' by on-card/hardware 'decrypt' - revealed:
While the card is able to, OpenSC doesn't seem to allow that: framework-pkcs15.c has a NULL entry for 'decrypt' in pkcs15_skey_ops.
I then don't get around error: PKCS11 function C_DecryptInit failed: rv = CKR_KEY_TYPE_INCONSISTENT (0x63), induced by pkcs11-object.c:904:C_DecryptInit: C_DecryptInit() = CKR_KEY_TYPE_INCONSISTENT, induced by:

	if (object->ops->decrypt == NULL_PTR) {
		rv = CKR_KEY_TYPE_INCONSISTENT;
		goto out;
	}

Another finding:
SC_SEC_ENV_TARGET_FILE_REF_PRESENT and target_file_ref are unused currently in OpenSC !
As far as I can analyze, (with the current unwrap design) SC_SEC_ENV_TARGET_FILE_REF_PRESENT and target_file_ref don't make sense, as the unwrapped key target object creation via sc_pkcs15init_operations:create_key and possibly storage via sc_pkcs15init_operations:emu_store_data are done already before calling sc_set_security_env, and sc_set_security_env doesn't get passed-in target_file_ref by the framework.

I suggest to comment-out these until they possibly get used later on.

[hhonkanen]

OpenSC doesn't support symmetric decrypt/encrypt operations, because nobody has implemented them yet. Keys can be loaded using pkcs15-init and symmetric keys can used to wrap/unwrap keys but not for just doing encryption. It could be implemented in quite similar way as the wrap/unwrap, but it needs to be done all the way from the pkcs11-layer via framework-pkcs15 to the card driver level.

Handling of target file in security environment is actually done by adding a dynamic parmeter of type sc_sec_env_param with param_type SC_SEC_ENV_PARAM_TARGET_FILE to the security environment.
Looking back at my commits, seems like SC_SEC_ENV_TARGET_FILE_REF_PRESENT and sc_path target_file_ref were added in a10480d. In 90ec712 I have rewritten this in a more dynamic way, but it appears that I have forgotten the now unused flag and type to opensc.h. Feel free to delete them.

Please take a look at lines 418-428 in pkcs15-sec.c on how the target file is set and card-myeid.c to see how it is finally used. The framework calls pkcs15init to create the target file in earlier phase, and the file gets a FID assigned there. The path is passed back to framework-pkcs15 which passes it to pkcs15-sec, to point to the (at this point empty) key file which shall receive the unwrapped key data.

[hhonkanen]

At least I think that symmetric on-card crypto would be a good feature. It would make OpenSC's implementation of PKCS#11 more comprehensive and I know there are some users who need this functionality. Much of the code needed is already there. You can already wrap or unwrap a symmetric key with another symmetric key, if your card/driver supports it. These features could be extended to encrypt or decrypt data and return the result. Basically you could take functions pkcs15_skey_wrap, pkcs15_sckey_unwrap, sc_pkcs15_wrap and sc_pkcs15_unwrap, extend and refactor them a bit to allow taking the input from caller in C_Encrypt and returning the plaintext data to caller in C_Decrypt.

[carblue]

@hhonkanen
Thanks for Your feedback. That's exactly what I think too, and already required symmetric on-card crypto from my card/driver, but being forced to bypass the OpenSC PKCS#11 layer so far, I used that via sc_card_ctl. I will let You know when there is a working impl. at https://github.com/carblue/OpenSC-1/tree/sym_hw_encrypt, that You might perhaps want to have a look at/test.

[carblue]

@hhonkanen
Our cards MyEID and ACOS5 seem to be the only ones currently interested/capable? of symmetric on-card crypto. I got no more feedback from the opensc-devel mailing list (within ~ 1 month).

Symmetric on-card crypto is implemented at https://github.com/carblue/OpenSC-1/tree/sym_hw_encrypt, ready to be used/tested/reviewed. Until end of 2020 I'll rebase timely, such that it should always be ahead of OpenSC:master.

It supports C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt for AES: ECB, CBC, CBC_PAD (what my card can do, hence I can test). My design rationale is at https://github.com/carblue/acos5/tree/master/info/design_rationale_sym.md with more details, comments.

@frankmorgner and/or @Jakuje
Please have a look at last 3 comments (for context) as well and comment on whether OpenSC potentially wants symmetric on-card crypto included. If yes, then I will submit a PR for broader review/discussion etc.

[Jakuje]

I don't have anything against this even though I do not have direct use case for this just now. In any case, I would like to see some test coverage of the new code, making sure it works. As you wrote that the MyEID should work with this, there are already test cases with the OsEID SW implementation so you can use it as a start.

[popovec]

Beware, OsEID implementation is incomplete - there is no CBC chaining implemented. I didn't finish it because there was no code in OpenSC that I could test my implementation with.

First I will try to write the necessary things to the MyEID driver and when it works with a real MyEID card, I will adjust the OsEID implementation accordingly.

[popovec]

@carblue
Do you plan to write support for symmetric encryption in user programs (pkcs15-crypt / pkcs11-tool)? It would be useful for us to do CI tests .. i.e. something is encrypted with pkcs11-tool and decrypted with openssl.

Currently with your patch:

$ pkcs15-tool -D

Secret Generic Key [Secret Key]
        Object Flags   : [0x03], private, modifiable
        Usage          : [0x03], encrypt, decrypt
        Access Flags   : [0x01], sensitive
        Size           : 256 bits
        ID             : 87
        Native         : yes
        Key ref        : 5 (0x05)
        Path           : 3f0050154d05
        GUID           : f913f89c-7333-dbbd-5385-49772c2c7073

$ pkcs11-tool --decrypt --id 87 --pin 11111111
Using slot 0 with a present token (0x0)
error: Private key not found
Abortion.

Alternatively .. is there a another tool available in the regular Linux distribution that encrypts (with AES) the file via the pkcs11 interface (using opensc-pkcs11.so of course) and returns the output so that I can check it via openssl?

[carblue]

@popovec
Thanks for Your interest and yes, I'll have a look into that and add to https://github.com/carblue/OpenSC-1/tree/sym_hw_encrypt soon, and add to https://github.com/carblue/acos5/tree/master/info/design_rationale_sym.md what I did.

[popovec]

@carblue

I picked up your commits via cherry-pick. I wrote symmetric encryption support for MyEID.

https://github.com/popovec/OpenSC/tree/sym_hw_encrypt

Here experimental OsEID code that is used to test AES cipher:
(This code will be included in the official OsEID repository within a few days)

https://travis-ci.com/github/popovec/oseid-travis

pkcs11-tool --test was also tested on MyEID 4.0.1, without any problems.

You should probably modify your pkcs11-tool --test to perform a test with any AES key it finds on the card.

[carblue]

@popovec
I'll contact You by eMail for some coordination

[frankmorgner]

What's the status of this topic, well we get something working now that we are way ahead of a new relase?

[popovec]

This test is rather problematic to write so that it works for all pkcs11 libraries. There are several reasons. The first problem is the template. Some implementations need CKA_VALUE_LEN, others do not. (http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html 2.8.4 ) SoftHSM must not have CKA_VALUE_LEN set, but I need this value for the MyEID card (before the unwrap operation I have to create a file for the key, and it must have a defined length).

Another problem is that this test modifies the content of the token ... which is sometimes/sometimes not a problem. If we store the unwrapped key in the session object, it will be deleted when the token is reset. But again, not all pkcs11 implementations support session objects. Of course, we can delete the created key after the test. However, here we are again faced with the problem of how many rewrites the token can handle (this may not be a major problem, eeprom in tokens can handle even 100,000 of these "writes", but does the user really want that during testing?) and do we even have the access right to create a new key on the token ( can be conditioned by entering SO-PIN, depends on PKCS#15 profile)

And then we come to the unwrap operation itself.. This test uses the RSA operation to unwrap keys, and the result is a symmetric key.. AES or DES. And here we have the problem that some implementations support only DES and another only AES.

The test will necessarily be written in such a way that if the template with CKA_VALUE_LEN set fails, we will test the template without CKA_VALUE_LEN in the next attempt .. and similarly for session object, key type etc..

[frankmorgner]

Thanks for the comprehensive summary (sorry, for my missing effort reading through the whole thread 🙈 )

To move forward, I would propose to create a seperate commandline switch (e.g. --test-unwrap). That allows the user to control if he wants to write to the card's memory and it allows us switching this test on in CI (where we know what modules should work with the pkcs11-tool implementation of unwrapping).

If you think handling the flexibility with CKA_VALUE_LEN for the actual test is too difficult, please implement it in a way that is compatible with the OpenSC pkcs11 module, i.e. MyEID, first (for use in CI and release testing).

Please write some documentation regarding the unwrap operation and its limitations when used with MyEID. I assume the best place to put this, would be the wiki https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card

[Jakuje]

If you think handling the flexibility with CKA_VALUE_LEN for the actual test is too difficult, please implement it in a way that is compatible with the OpenSC pkcs11 module, i.e. MyEID, first (for use in CI and release testing).

I think the test tool can quite simply distinguish the different pkcs11 modules or even drivers in opensc by the token/slot info so I would prefer to use that information rather than trying different combinations.

I was stumbling around similar issues in the p11test, but mostly came to the same conclusion as Peter.

[popovec]

Currently in CI unwrap /wrap is tested using OsEID simulator .. pkcs11-tool --unwrap/--wrap is used. The operation of unwrapping an AES key using the AES-CBC-PAD and RSA-PKCS mechanisms and wrapping an AES key using AES-CBC-PAD is tested.

But the separate test --test-unwrap is a better solution. When I have some free time, I will try to prepare some test.