-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CKA_ALLOWED_MECHANISMS attribute generation #397
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have some tests with this attribute? I know softhsm supports this but I do not recall if we used this in the tests somewhere. I am not aware of any other implementation supporting this attribute for now.
@Jakuje |
I was writing a test for opensc for this when I introduced support for this into pkcs11-tool: https://github.com/OpenSC/OpenSC/blob/master/tests/test-pkcs11-tool-allowed-mechanisms.sh Technically, the only needed thing is to present the CKA_ALLOWED_MECHANISMS when generating/unwrapping/writing key as part of the template: https://github.com/OpenSC/OpenSC/blob/master/src/tools/pkcs11-tool.c#L3183 I think the same think should be possible to make working with kryoptic too. |
Soo it looks like Ubuntu has a version of softhsm that is too old ? |
Ugh no that is not the problem, somehow Ubuntu is getting confused by the request to use CTR-DRBG via provider ...
@beldmit have you seen this before perchance? |
Not for rdrand... |
fb23c2e
to
97d5cca
Compare
@Jakuje I restored setting the default PSS mechanisms and added more fine-tuned error checking. PTAL. |
The current code sets the number of elements as length, but that seems incorrect. Fixes latchset#396 Signed-off-by: Simo Sorce <simo@redhat.com>
This is translated to setting the CKA_ALLOWED_MECHANISMS param. No other parameter restritctions is currently supported by PKCS#11 specs, and there is no guarantee that the restriction is supported nor respected by pkcs11 modules. Signed-off-by: Simo Sorce <simo@redhat.com>
Seem like we forgot to explicitly enable them in the past. OpenSSL considers RSA-PSS a separate key type and requires explicit encoders, will not fallback to RSA encoders/decoders from a provider and instead will try to export private keys to the default provider to use the base encoders/decoders. Signed-off-by: Simo Sorce <simo@redhat.com>
SoftHSM supports applying restrictions to keys that have CKA_ALLOWED_MECHANISMS at key generation. Softoken ingests the attribute but then performs no enforcement, so we do not enable the test for it. Signed-off-by: Simo Sorce <simo@redhat.com>
Apparently Ubuntu has some configuration that tries hard to load a rdrand engine. When the propquery is set to a hard provider=pkcs11 this fails as the tpe of DRBG being sourced becomes incompatible with the mandate property. Soften the test to only prefer the provider so that the operations we care for will come from the pkcs11 provider (we check errors anyway) and we do not get the noise of unrelated failures. Signed-off-by: Simo Sorce <simo@redhat.com>
When an application pre-hashes the content to be signed it can use the raw CKM_RSA_PKCS_PSS mechanism to apply a signature. This may be done with simple hardware tokens that do not support digest operations on board and need to rely on the software to deal with that part. We should not preclude such use for key we generate. Signed-off-by: Simo Sorce <simo@redhat.com>
Fixed a minor issue found by coverity and rebase on main. |
Signed-off-by: Simo Sorce <simo@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Uhmm I need to fix the CI scripts to recognize that the no-covscan label is already present when a PR gets updated ... and as usual Bind test fails, but that test is not binding (pun fully intended :-) ). Thanks for the review @Jakuje |
Description
The spec says the length is the size of the data
The current code sets the number of elements as length, but that seems incorrect.
Checklist
Documentation updatedReviewer's checklist: