PKCS11 » History » Version 2
Johannes Schmölz, 12/19/2012 11:44 AM
1 | 1 | Johannes Schmölz | h1. PKCS11 |
---|---|---|---|
2 | |||
3 | The main goal of the PKCS#11-interface of the Open eCard App is to provide the functionality, which is required by Mozilla’s Firefox browser. |
||
4 | |||
5 | Mozilla’s overall crypto architecture as taken from [Grif09] is depicted in Figure 1. |
||
6 | |||
7 | !mozilla-crypto-architecture.jpg! |
||
8 | 2 | Johannes Schmölz | _Figure 1: Mozilla's Cryptographic Architecture ([Grif09], p. 22)_ |
9 | 1 | Johannes Schmölz | |
10 | 2 | Johannes Schmölz | |
11 | |||
12 | 1 | Johannes Schmölz | The important part is the usage of the PKCS#11-interface by the “Core Crypto Code” within the “Network Security Services” as explained in [NSS-PKCS#11]. |
13 | |||
14 | As this browser is a successor of Netscape’s Communicator it is expected that the PKCS#11-usage in today’s Firefox is similar to the PKCS#11-usage explained in [NSS-PKCS#11]. |
||
15 | |||
16 | |||
17 | 2 | Johannes Schmölz | |
18 | 1 | Johannes Schmölz | h2. Required Functions |
19 | |||
20 | h3. General-Purpose Functions |
||
21 | |||
22 | Among the general-purpose functions defined in Section 11.4 of [NSS-PKCS#11] the following functions need to be supported: |
||
23 | |||
24 | 2 | Johannes Schmölz | * @C_Initialize@ |
25 | * @C_Finalize@ |
||
26 | * @C_GetFunctionList@ |
||
27 | * @C_GetInfo@ |
||
28 | 1 | Johannes Schmölz | |
29 | |||
30 | 2 | Johannes Schmölz | |
31 | 1 | Johannes Schmölz | *C_Initialize* |
32 | |||
33 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_Initialize@ on startup or when it loads a new module. The Netscape Security Library always passes @NULL@, as required by the PKCS #11 specification, in the single @C_Initialize@ parameter @pReserved@. This function will use the IFD-function @EstablishContext@ to initialize the IFD-module. |
34 | 1 | Johannes Schmölz | |
35 | |||
36 | 2 | Johannes Schmölz | |
37 | 1 | Johannes Schmölz | *C_Finalize* |
38 | |||
39 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_Finalize@ on shutdown and whenever it unloads a module. |
40 | 1 | Johannes Schmölz | |
41 | 2 | Johannes Schmölz | This function will use the IFD-function @ReleaseContext@ to initialize the IFD-module. |
42 | 1 | Johannes Schmölz | |
43 | |||
44 | 2 | Johannes Schmölz | |
45 | 1 | Johannes Schmölz | *C_GetInfo* |
46 | |||
47 | 2 | Johannes Schmölz | The Netscape Security Library calls @C_GetInfo@ on startup or when it loads a new module. The version numbers, manufacturer IDs, and so on are displayed when the user views the information. The supplied library names are used as the default library names; currently, these names should not include any double quotation marks. |
48 | 1 | Johannes Schmölz | |
49 | This function will only return static information and does not involve any IFD-function. |
||
50 | |||
51 | 2 | Johannes Schmölz | |
52 | |||
53 | 1 | Johannes Schmölz | *C_GetFunctionList* |
54 | |||
55 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_GetFunctionList@ on startup or when it loads a new module. In [NSS-PKCS#11] it is recommended that for a not implemented function there should at least be a stub that returns @CKR_FUNCTION_NOT_SUPPORTED@. |
56 | 1 | Johannes Schmölz | |
57 | This function will only return static information and does not involve any IFD-function. |
||
58 | |||
59 | |||
60 | 2 | Johannes Schmölz | |
61 | 1 | Johannes Schmölz | h3. Slot and Token Management |
62 | |||
63 | *C_GetSlotList* |
||
64 | |||
65 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_GetSlotList@ on startup or when it loads a new module, requests all the module's slots, and keeps track of the list from that point on. The slots are expected to remain static: that is, the module never has more slots or fewer slots than the number on the original list. This means that the function @C_WaitForSlotEvent@ is not used by the Netscape Security Library. |
66 | 1 | Johannes Schmölz | |
67 | This function uses the following IFD-functions: |
||
68 | |||
69 | 2 | Johannes Schmölz | * @ListIFDs@ |
70 | * @GetIFDCapabilities@ |
||
71 | * @GetStatus@ |
||
72 | 1 | Johannes Schmölz | |
73 | |||
74 | 2 | Johannes Schmölz | |
75 | 1 | Johannes Schmölz | *C_GetSlotInfo* |
76 | |||
77 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_GetSlotInfo@ on startup or when it loads a new module and reads in the information that can be viewed on the slot information page. If the @CKF_REMOVABLE_DEVICE@ flag is set, the Netscape Security Library also calls @C_GetSlotInfo@ whenever it looks up slots to make sure the token is present. If the @CKF_REMOVABLE_DEVICE@ flag is not set, the Netscape Security Library uses that token information without checking again. |
78 | 1 | Johannes Schmölz | |
79 | 2 | Johannes Schmölz | If the @CKF_REMOVABLE_DEVICE@ flag is not set, the @CKF_TOKEN_PRESENT@ flag must be set, or else the Netscape Security Library marks the slot as bad and will never use it. |
80 | 1 | Johannes Schmölz | |
81 | 2 | Johannes Schmölz | The Netscape Security Library doesn't currently use the @CKF_HW_SLOT@ flag. |
82 | 1 | Johannes Schmölz | |
83 | For a particular slot this function returns the following structure: |
||
84 | |||
85 | <pre><code class="c"> |
||
86 | typedef struct CK_SLOT_INFO { |
||
87 | CK_UTF8CHAR slotDescription[64]; |
||
88 | CK_UTF8CHAR manufacturerID[32]; |
||
89 | CK_FLAGS flags; |
||
90 | CK_VERSION hardwareVersion; |
||
91 | CK_VERSION firmwareVersion; |
||
92 | } CK_SLOT_INFO; |
||
93 | </code></pre> |
||
94 | 2 | Johannes Schmölz | _Listing 1: @CK_SLOT_INFO@ structure_ |
95 | 1 | Johannes Schmölz | |
96 | 2 | Johannes Schmölz | |
97 | 1 | Johannes Schmölz | |
98 | 2 | Johannes Schmölz | |
99 | |||
100 | 1 | Johannes Schmölz | *C_GetTokenInfo* |
101 | |||
102 | 2 | Johannes Schmölz | If a token is a permanent device (that is, if the @CKF_REMOVABLE_DEVICE@ flag is not set), the Netscape Security Library calls @C_GetTokenInfo@ only on startup or when it loads a new module. If the token is a removable device, the Netscape Security Library may call @C_GetTokenInfo@ anytime it's looking for a new token to check whether the token is write protected, whether it can generate random numbers, and so on. |
103 | 1 | Johannes Schmölz | |
104 | 2 | Johannes Schmölz | The Netscape Security Library expects @CK_TOKEN_INFO@ label to contain the name of the token. |
105 | 1 | Johannes Schmölz | |
106 | 2 | Johannes Schmölz | If the @CKF_WRITE_PROTECTED@ flag is set, the Netscape Security Library won't use the token to generate keys. |
107 | 1 | Johannes Schmölz | |
108 | 2 | Johannes Schmölz | The Netscape Security Library interprets the combination of the @CKF_LOGIN_REQUIRED@ and @CKF_USER_PIN_INITIALIZED@ flags as shown in the following table. |
109 | 1 | Johannes Schmölz | |
110 | 2 | Johannes Schmölz | |_. @CFK_LOGIN_REQUIRED@ |_. @CFK_USER_PIN_INITIALIZED@ |_. Netscape Security Library assumes that: | |
111 | | @FALSE@ | @FALSE@ | This is a general access device. The Netscape Security Library will use it without prompting the user for a PIN. | |
||
112 | | @TRUE@ | @FALSE@ | The device is uninitialized. The Netscape Security Library attempts to initialize the device only if it needs to generate a key or needs to set the user PIN. The Netscape Security Library calls @C_InitPIN@ to initialize the device and set the user PIN; if these calls are successful, the key is generated and at that point the @CFK_USER_PIN_INITIALIZED@ flag should change from @FALSE@ to @TRUE@. | |
||
113 | | @FALSE@ | @TRUE@ | This is a general access device that can have a PIN set on it. Because it's a general access device, the Netscape Security Library never prompts for the PIN, even though it's possible to set a PIN with @C_SetPIN@. If the PIN is set successfully, the @CFK_LOGIN_REQUIRED@ flag should change to @TRUE@. The Netscape Security Library uses this combination of flags for its internal token when the key database password is @NULL@. These are not standard PKCS #11 semantics; they are intended for the Netscape Security Library's internal use only. | |
||
114 | | @TRUE@ | @TRUE@ | The device has been initialized and requires authentication. The Netscape Security Library checks whether the user is logged on, and if not prompts the user for a PIN. | |
||
115 | 1 | Johannes Schmölz | |
116 | 2 | Johannes Schmölz | _Table 1: Interpretation of flags ([NSS-PKCS#11], Table 1.1)_ |
117 | 1 | Johannes Schmölz | |
118 | 2 | Johannes Schmölz | |
119 | 1 | Johannes Schmölz | |
120 | 2 | Johannes Schmölz | For a typical signature card in operational mode the two flags are @TRUE@. On the other side the two flags for the private key on the eGK, which is used for card2card-authentication, are both @FALSE@. |
121 | |||
122 | This function returns the @CK_TOKEN_INFO@ struct for a specific token. |
||
123 | |||
124 | 1 | Johannes Schmölz | <pre><code class="c"> |
125 | typedef struct CK_TOKEN_INFO { |
||
126 | CK_UTF8CHAR label[32]; |
||
127 | CK_UTF8CHAR manufacturerID[32]; |
||
128 | CK_UTF8CHAR model[16]; |
||
129 | CK_CHAR serialNumber[16]; |
||
130 | CK_FLAGS flags; |
||
131 | CK_ULONG ulMaxSessionCount; |
||
132 | CK_ULONG ulSessionCount; |
||
133 | CK_ULONG ulMaxRwSessionCount; |
||
134 | CK_ULONG ulRwSessionCount; |
||
135 | CK_ULONG ulMaxPinLen; |
||
136 | CK_ULONG ulMinPinLen; |
||
137 | CK_ULONG ulTotalPublicMemory; |
||
138 | CK_ULONG ulFreePublicMemory; |
||
139 | CK_ULONG ulTotalPrivateMemory; |
||
140 | CK_ULONG ulFreePrivateMemory; |
||
141 | CK_VERSION hardwareVersion; |
||
142 | CK_VERSION firmwareVersion; |
||
143 | CK_CHAR utcTime[16]; |
||
144 | } CK_TOKEN_INFO; |
||
145 | </code></pre> |
||
146 | 2 | Johannes Schmölz | _Listing 2: @CK_TOKEN_INFO@ structure ([PKCS#11(v2.3)], p. 37)_ |
147 | 1 | Johannes Schmölz | |
148 | 2 | Johannes Schmölz | |
149 | 1 | Johannes Schmölz | |
150 | 2 | Johannes Schmölz | |
151 | |||
152 | 1 | Johannes Schmölz | *C_GetMechanismList* |
153 | |||
154 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11], the Netscape Security Library calls @C_GetMechanismList@ fairly frequently to identify the mechanisms supported by a token. |
155 | 1 | Johannes Schmölz | |
156 | 2 | Johannes Schmölz | This function returns the @CK_MECHANISM_INFO@ struct for a specific token. |
157 | 1 | Johannes Schmölz | |
158 | <pre><code class="c"> |
||
159 | typedef struct CK_MECHANISM_INFO { |
||
160 | CK_ULONG ulMinKeySize; |
||
161 | CK_ULONG ulMaxKeySize; |
||
162 | CK_FLAGS flags; |
||
163 | } CK_MECHANISM_INFO; |
||
164 | </code></pre> |
||
165 | 2 | Johannes Schmölz | _Listing 3: @CK_MECHANISM_INFO@ structure ([PKCS#11(v2.3)], p. 49)_ |
166 | 1 | Johannes Schmölz | |
167 | 2 | Johannes Schmölz | |
168 | 1 | Johannes Schmölz | |
169 | 2 | Johannes Schmölz | |_. Bit Flag |_. Mask |_. Meaning | |
170 | | @CKF_HW@ | 0x00000001 | True if the mechanism is performed by the device; false if the mechanism is performed in software | |
||
171 | | @CKF_ENCRYPT@ | 0x00000100 | True if the mechanism can be used with @C_EncryptInit@ | |
||
172 | | @CKF_DECRYPT@ | 0x00000200 | True if the mechanism can be used with @C_DecryptInit@ | |
||
173 | | @CKF_DIGEST@ | 0x00000400 | True if the mechanism can be used with @C_DigestInit@ | |
||
174 | | @CKF_SIGN@ | 0x00000800 | True if the mechanism can be used with @C_SignInit@ | |
||
175 | | @CKF_SIGN_RECOVER@ | 0x00001000 | True if the mechanism can be used with @C_SignRecoverInit@ | |
||
176 | | @CKF_VERIFY@ | 0x00002000 | True if the mechanism can be used with @C_VerifyInit@ | |
||
177 | | @CKF_VERIFY_RECOVER@ | 0x00004000 | True if the mechanism can be used with @C_VerifyRecoverInit@ | |
||
178 | | @CKF_GENERATE@ | 0x00008000 | True if the mechanism can be used with @C_GenerateKey@ | |
||
179 | | @CKF_GENERATE_KEY_PAIR@ | 0x00010000 | True if the mechanism can be used with @C_GenerateKeyPair@ | |
||
180 | | @CKF_WRAP@ | 0x00020000 | True if the mechanism can be used with @C_WrapKey@ | |
||
181 | | @CKF_UNWRAP@ | 0x00040000 | True if the mechanism can be used with @C_UnwrapKey@ | |
||
182 | | @CKF_DERIVE@ | 0x00080000 | True if the mechanism can be used with @C_DeriveKey@ | |
||
183 | | @CKF_EXTENSION@ | 0x80000000 | True if there is an extension to the flags; false if no extensions. Must be false for this version. | |
||
184 | 1 | Johannes Schmölz | |
185 | |||
186 | 2 | Johannes Schmölz | _Table 2: Mechanism Information Flags ([PKCS#11(v2.3)], p. 50)_ |
187 | 1 | Johannes Schmölz | |
188 | 2 | Johannes Schmölz | |
189 | |||
190 | |||
191 | |||
192 | h3. Session Management |
||
193 | |||
194 | 1 | Johannes Schmölz | *C_OpenSession* |
195 | |||
196 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_OpenSession@ whenever it initializes a token and keeps the session open as long as possible. The Netscape Security Library almost never closes a session after it finishes doing something with a token. It uses a single session for all single-part RSA operations such as logging in, logging out, signing, verifying, generating keys, wrapping keys, and so on. |
197 | 1 | Johannes Schmölz | |
198 | The Netscape Security Library opens a separate session for each part of a multipart encryption (bulk encryption). If it runs out of sessions, it uses the initial session for saves and restores. |
||
199 | |||
200 | 2 | Johannes Schmölz | This function will use the IFD-function @Connect@ to open a session to the token. |
201 | 1 | Johannes Schmölz | |
202 | |||
203 | 2 | Johannes Schmölz | |
204 | 1 | Johannes Schmölz | *C_CloseSession* |
205 | |||
206 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_CloseSession@ to close sessions created for bulk encryption. |
207 | 1 | Johannes Schmölz | |
208 | 2 | Johannes Schmölz | This function will use the IFD-function @Disconnect@ to close a session to the token. |
209 | 1 | Johannes Schmölz | |
210 | |||
211 | 2 | Johannes Schmölz | |
212 | 1 | Johannes Schmölz | *C_CloseAllSessions* |
213 | |||
214 | 2 | Johannes Schmölz | As explained in [NSS-PKCS#11] the Netscape Security Library may call @C_CloseAllSessions@ when it closes down a slot. |
215 | 1 | Johannes Schmölz | |
216 | |||
217 | 2 | Johannes Schmölz | |
218 | 1 | Johannes Schmölz | *C_GetSessionInfo* |
219 | |||
220 | 2 | Johannes Schmölz | The Netscape Security Library calls @C_GetSessionInfo@ frequently. |
221 | 1 | Johannes Schmölz | |
222 | 2 | Johannes Schmölz | If a token has been removed during a session, @C_GetSessionInfo@ should return either @CKR_SESSION_CLOSED@ or @CKR_SESSION_HANDLE_INVALID@. If a token has been removed and then the same or another token is inserted, @C_GetSessionInfo@ should return @CKR_SESSION_HANDLE_INVALID@. |
223 | 1 | Johannes Schmölz | |
224 | 2 | Johannes Schmölz | |
225 | |||
226 | 1 | Johannes Schmölz | *C_Login* |
227 | |||
228 | 2 | Johannes Schmölz | The Netscape Security Library calls @C_Login@ on a token's initial session whenever @CKF_LOGIN_REQUIRED@ is @TRUE@ and the user state indicates that the user isn't logged in. |
229 | 1 | Johannes Schmölz | |
230 | 2 | Johannes Schmölz | This function will use the IFD-function @VerifyUser@ to perform the authentication of a user. |
231 | 1 | Johannes Schmölz | |
232 | |||
233 | 2 | Johannes Schmölz | |
234 | 1 | Johannes Schmölz | *C_Logout* |
235 | |||
236 | 2 | Johannes Schmölz | The Netscape Security Library calls @C_Logout@ on a token's initial session |
237 | 1 | Johannes Schmölz | |
238 | * when the password is timed out |
||
239 | * when performing any kind of private key operation if "ask always" is turned on |
||
240 | * when changing a password |
||
241 | * when the user logs out |
||
242 | |||
243 | |||
244 | 2 | Johannes Schmölz | |
245 | 1 | Johannes Schmölz | h3. Object Management |
246 | |||
247 | In the scope of a TLS-handshake the client needs to read the certificate from the card and send it to the server. This functionality is most likely performed using the following two functions. |
||
248 | |||
249 | |||
250 | 2 | Johannes Schmölz | |
251 | 1 | Johannes Schmölz | *C_GetAttributeValue* |
252 | |||
253 | 2 | Johannes Schmölz | The Netscape Security Library calls @C_GetAttributeValue@ to get the value of attributes for both single objects and multiple objects. This is useful for extracting public keys, nonsecret bulk keys, and so on. |
254 | 1 | Johannes Schmölz | |
255 | |||
256 | 2 | Johannes Schmölz | |
257 | 1 | Johannes Schmölz | *C_FindObjectsInit, C_FindObjects, C_FindFinal* |
258 | |||
259 | 2 | Johannes Schmölz | The Netscape Security Library calls these functions frequently to look up objects by @CKA_ID@ or @CKA_LABEL@. These values must match the equivalent values for related keys and certificates and must be unique among key pairs on a given token. |
260 | 1 | Johannes Schmölz | |
261 | 2 | Johannes Schmölz | The Netscape Security Library also looks up certificates by @CK_ISSUER@ and @CK_SERIAL@. If those fields aren't set on the token, S/MIME won't work. |
262 | 1 | Johannes Schmölz | |
263 | |||
264 | 2 | Johannes Schmölz | |
265 | 1 | Johannes Schmölz | h3. Cryptographic Operations |
266 | |||
267 | 2 | Johannes Schmölz | In the scope of a TLS-handshake the client needs to sign data, which is constructed based on previously exchanged messages in the handshake. This signature is most likely created using the functions @C_SignInit@, @C_Sign@ and @C_SignFinal@. |
268 | 1 | Johannes Schmölz | |
269 | |||
270 | 2 | Johannes Schmölz | |
271 | 1 | Johannes Schmölz | h2. References |
272 | |||
273 | [Grif09] R. Griffin: Encryption and Key Management Tutorials, Part II: PKCS #11 – Enhancements and Opportunities, Talk at RSA 2009, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-30/TUT-M51_Griffin_PKCS11.pdf |
||
274 | |||
275 | [NSS-PKCS#11] Implementing PKCS #11 for the Netscape Security Library, http://docs.oracle.com/cd/E19957-01/816-6150-10/pkcs.htm |
||
276 | 2 | Johannes Schmölz | |
277 | [PKCS#11(v2.3)] RSA Laboratories: PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4, 10 July 2009 |