-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkcs11-tool: Insecure default template attributes allow WRAP & DECRYPT attack #1913
Comments
Thanks for the links. OpenSC has just released the first version which actually supports a card that's capable of wrapping a key, so I guess, you're talking about using pkcs11-tool with different pkcs11 modules. Anyway, I'll look at this for the next release. Feel free to make a pull request if you find the time. |
@hongquan the issues mostly relate to the token's implementation, you may want to have a look... |
I've created #1915 which uses the proposed solution. |
Correct. I am implementing (parts of) a pkcs11 token right now and I am testing some things with pkcs11-tool. This token prevents the WRAP & DECRYPT attack above by checking whether wrap and decryption related flags are set, although it will not implement the wrap & unwrap functionality soon. But I at least needed the option to disable disable wrap attribute, because my token would not allow me to create the keys. The question now of course is whether OpenSC itself wants to take a similar approach. It probably was never relevant since it didn't support C_WrapKey until recently. It is unfortunate that by following PKCS#11 strictly you introduce problems like this though. But maybe this should be discussed in a separate issue? |
A corollary to this issue is: Unless the card can prevent the WRAP & DECRYPT attack,(which your card can do, adding OpenSC support to prevent the attack does not stop a hacker from using other software or a modified OpenSC to still do the attack. |
Problem Description
pkcs11-tool sets wrap and unwrap to true. There is no way to unset wrap and unwrap when generating keys.
Furthermore, this default template is a classic PKCS#11 attack, see e. g. https://link.springer.com/content/pdf/10.1007%2F978-3-540-45238-6_32.pdf section 2.3
Proposed Resolution
The text was updated successfully, but these errors were encountered: