Project

General

Profile

PKCS11 » History » Version 7

Hans-Martin Haase, 08/20/2015 10:41 AM
New parent Development.

1 1 Johannes Schmölz
h1. PKCS11
2
3
The main goal of the PKCS#11-interface of the Open eCard App is to provide the functionality, which is required by Mozilla’s Firefox browser.
4
5
Mozilla’s overall crypto architecture as taken from [Grif09] is depicted in Figure 1.
6
7
!mozilla-crypto-architecture.jpg!
8 2 Johannes Schmölz
_Figure 1: Mozilla's Cryptographic Architecture ([Grif09], p. 22)_
9 1 Johannes Schmölz
10 2 Johannes Schmölz
 
11
12 1 Johannes Schmölz
The important part is the usage of the PKCS#11-interface by the “Core Crypto Code” within the “Network Security Services” as explained in [NSS-PKCS#11]. 
13
14
As this browser is a successor of Netscape’s Communicator it is expected that the PKCS#11-usage in today’s Firefox is similar to the PKCS#11-usage explained in [NSS-PKCS#11]. 
15
16
17 2 Johannes Schmölz
18 1 Johannes Schmölz
h2. Required Functions
19
20
h3. General-Purpose Functions
21
22
Among the general-purpose functions defined in Section 11.4 of [NSS-PKCS#11] the following functions need to be supported:
23
24 2 Johannes Schmölz
* @C_Initialize@
25
* @C_Finalize@
26
* @C_GetFunctionList@
27
* @C_GetInfo@
28 1 Johannes Schmölz
29
30 2 Johannes Schmölz
31 1 Johannes Schmölz
*C_Initialize*
32
33 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_Initialize@ on startup or when it loads a new module. The Netscape Security Library always passes @NULL@, as required by the PKCS #11 specification, in the single @C_Initialize@ parameter @pReserved@. This function will use the IFD-function @EstablishContext@ to initialize the IFD-module.
34 1 Johannes Schmölz
35
36 2 Johannes Schmölz
37 1 Johannes Schmölz
*C_Finalize*
38
39 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_Finalize@ on shutdown and whenever it unloads a module.
40 1 Johannes Schmölz
41 2 Johannes Schmölz
This function will use the IFD-function @ReleaseContext@ to initialize the IFD-module.
42 1 Johannes Schmölz
43
44 2 Johannes Schmölz
45 1 Johannes Schmölz
*C_GetInfo*
46
47 2 Johannes Schmölz
The Netscape Security Library calls @C_GetInfo@ on startup or when it loads a new module. The version numbers, manufacturer IDs, and so on are displayed when the user views the information. The supplied library names are used as the default library names; currently, these names should not include any double quotation marks. 
48 1 Johannes Schmölz
49
This function will only return static information and does not involve any IFD-function.
50
51 2 Johannes Schmölz
52
53 1 Johannes Schmölz
*C_GetFunctionList*
54
55 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_GetFunctionList@ on startup or when it loads a new module. In [NSS-PKCS#11] it is recommended that for a not implemented function there should at least be a stub that returns @CKR_FUNCTION_NOT_SUPPORTED@. 
56 1 Johannes Schmölz
57
This function will only return static information and does not involve any IFD-function.
58
59
60 2 Johannes Schmölz
61 1 Johannes Schmölz
h3. Slot and Token Management
62
63
*C_GetSlotList*
64
65 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_GetSlotList@ on startup or when it loads a new module, requests all the module's slots, and keeps track of the list from that point on. The slots are expected to remain static: that is, the module never has more slots or fewer slots than the number on the original list. This means that the function @C_WaitForSlotEvent@ is not used by the Netscape Security Library. 
66 1 Johannes Schmölz
67
This function uses the following IFD-functions:
68
69 2 Johannes Schmölz
* @ListIFDs@
70
* @GetIFDCapabilities@
71
* @GetStatus@
72 1 Johannes Schmölz
73
74 2 Johannes Schmölz
75 1 Johannes Schmölz
*C_GetSlotInfo*
76
77 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_GetSlotInfo@ on startup or when it loads a new module and reads in the information that can be viewed on the slot information page. If the @CKF_REMOVABLE_DEVICE@ flag is set, the Netscape Security Library also calls @C_GetSlotInfo@ whenever it looks up slots to make sure the token is present. If the @CKF_REMOVABLE_DEVICE@ flag is not set, the Netscape Security Library uses that token information without checking again.
78 1 Johannes Schmölz
79 2 Johannes Schmölz
If the @CKF_REMOVABLE_DEVICE@ flag is not set, the @CKF_TOKEN_PRESENT@ flag must be set, or else the Netscape Security Library marks the slot as bad and will never use it.
80 1 Johannes Schmölz
81 2 Johannes Schmölz
The Netscape Security Library doesn't currently use the @CKF_HW_SLOT@ flag.
82 1 Johannes Schmölz
83
For a particular slot this function returns the following structure:
84
85
<pre><code class="c">
86
typedef struct CK_SLOT_INFO {
87
    CK_UTF8CHAR slotDescription[64];
88
    CK_UTF8CHAR manufacturerID[32];
89
    CK_FLAGS flags;
90
    CK_VERSION hardwareVersion;
91
    CK_VERSION firmwareVersion;
92
} CK_SLOT_INFO;
93
</code></pre>
94 2 Johannes Schmölz
_Listing 1: @CK_SLOT_INFO@ structure_
95 1 Johannes Schmölz
96 2 Johannes Schmölz
&nbsp;
97 1 Johannes Schmölz
98 2 Johannes Schmölz
99
100 1 Johannes Schmölz
*C_GetTokenInfo*
101
102 2 Johannes Schmölz
If a token is a permanent device (that is, if the @CKF_REMOVABLE_DEVICE@ flag is not set), the Netscape Security Library calls @C_GetTokenInfo@ only on startup or when it loads a new module. If the token is a removable device, the Netscape Security Library may call @C_GetTokenInfo@ anytime it's looking for a new token to check whether the token is write protected, whether it can generate random numbers, and so on.
103 1 Johannes Schmölz
104 2 Johannes Schmölz
The Netscape Security Library expects @CK_TOKEN_INFO@ label to contain the name of the token.
105 1 Johannes Schmölz
106 2 Johannes Schmölz
If the @CKF_WRITE_PROTECTED@ flag is set, the Netscape Security Library won't use the token to generate keys.
107 1 Johannes Schmölz
108 2 Johannes Schmölz
The Netscape Security Library interprets the combination of the @CKF_LOGIN_REQUIRED@ and @CKF_USER_PIN_INITIALIZED@ flags as shown in the following table.
109 1 Johannes Schmölz
110 2 Johannes Schmölz
|_. @CFK_LOGIN_REQUIRED@ |_. @CFK_USER_PIN_INITIALIZED@ |_. Netscape Security Library assumes that: |
111
| @FALSE@                | @FALSE@                      | This is a general access device. The Netscape Security Library will use it without prompting the user for a PIN. |
112
| @TRUE@                 | @FALSE@                      | The device is uninitialized. The Netscape Security Library attempts to initialize the device only if it needs to generate a key or needs to set the user PIN. The Netscape Security Library calls @C_InitPIN@ to initialize the device and set the user PIN; if these calls are successful, the key is generated and at that point the @CFK_USER_PIN_INITIALIZED@ flag should change from @FALSE@ to @TRUE@. |
113
| @FALSE@                | @TRUE@                       | This is a general access device that can have a PIN set on it. Because it's a general access device, the Netscape Security Library never prompts for the PIN, even though it's possible to set a PIN with @C_SetPIN@. If the PIN is set successfully, the @CFK_LOGIN_REQUIRED@ flag should change to @TRUE@. The Netscape Security Library uses this combination of flags for its internal token when the key database password is @NULL@. These are not standard PKCS #11 semantics; they are intended for the Netscape Security Library's internal use only. |
114
| @TRUE@                 | @TRUE@                       | The device has been initialized and requires authentication. The Netscape Security Library checks whether the user is logged on, and if not prompts the user for a PIN. |
115 1 Johannes Schmölz
116 2 Johannes Schmölz
_Table 1: Interpretation of flags ([NSS-PKCS#11], Table 1.1)_
117 1 Johannes Schmölz
118 2 Johannes Schmölz
&nbsp;
119 1 Johannes Schmölz
120 2 Johannes Schmölz
For a typical signature card in operational mode the two flags are @TRUE@. On the other side the two flags for the private key on the eGK, which is used for card2card-authentication, are both @FALSE@.
121
122
This function returns the @CK_TOKEN_INFO@ struct for a specific token.
123
124 1 Johannes Schmölz
<pre><code class="c">
125
typedef struct CK_TOKEN_INFO {
126
    CK_UTF8CHAR label[32];
127
    CK_UTF8CHAR manufacturerID[32];
128
    CK_UTF8CHAR model[16];
129
    CK_CHAR serialNumber[16];
130
    CK_FLAGS flags;
131
    CK_ULONG ulMaxSessionCount;
132
    CK_ULONG ulSessionCount;
133
    CK_ULONG ulMaxRwSessionCount;
134
    CK_ULONG ulRwSessionCount;
135
    CK_ULONG ulMaxPinLen;
136
    CK_ULONG ulMinPinLen;
137
    CK_ULONG ulTotalPublicMemory;
138
    CK_ULONG ulFreePublicMemory;
139
    CK_ULONG ulTotalPrivateMemory;
140
    CK_ULONG ulFreePrivateMemory;
141
    CK_VERSION hardwareVersion;
142
    CK_VERSION firmwareVersion;
143
    CK_CHAR utcTime[16];
144
} CK_TOKEN_INFO;
145
</code></pre>
146 2 Johannes Schmölz
_Listing 2: @CK_TOKEN_INFO@ structure ([PKCS#11(v2.3)], p. 37)_
147 1 Johannes Schmölz
148 2 Johannes Schmölz
&nbsp;
149 1 Johannes Schmölz
150 2 Johannes Schmölz
151
152 1 Johannes Schmölz
*C_GetMechanismList*
153
154 2 Johannes Schmölz
As explained in [NSS-PKCS#11], the Netscape Security Library calls @C_GetMechanismList@ fairly frequently to identify the mechanisms supported by a token.
155 1 Johannes Schmölz
156 2 Johannes Schmölz
This function returns the @CK_MECHANISM_INFO@ struct for a specific token.
157 1 Johannes Schmölz
158
<pre><code class="c">
159
typedef struct CK_MECHANISM_INFO {
160
    CK_ULONG ulMinKeySize;
161
    CK_ULONG ulMaxKeySize;
162
    CK_FLAGS flags;
163
} CK_MECHANISM_INFO;
164
</code></pre>
165 2 Johannes Schmölz
_Listing 3: @CK_MECHANISM_INFO@ structure ([PKCS#11(v2.3)], p. 49)_
166 1 Johannes Schmölz
167 2 Johannes Schmölz
&nbsp;
168 1 Johannes Schmölz
169 2 Johannes Schmölz
|_. Bit Flag              |_. Mask     |_. Meaning |
170
| @CKF_HW@                | 0x00000001 | True if the mechanism is performed by the device; false if the mechanism is performed in software   |
171
| @CKF_ENCRYPT@           | 0x00000100 | True if the mechanism can be used with @C_EncryptInit@                                              |
172
| @CKF_DECRYPT@           | 0x00000200 | True if the mechanism can be used with @C_DecryptInit@                                              |
173
| @CKF_DIGEST@            | 0x00000400 | True if the mechanism can be used with @C_DigestInit@                                               |
174
| @CKF_SIGN@              | 0x00000800 | True if the mechanism can be used with @C_SignInit@                                                 |
175
| @CKF_SIGN_RECOVER@      | 0x00001000 | True if the mechanism can be used with @C_SignRecoverInit@                                          |
176
| @CKF_VERIFY@            | 0x00002000 | True if the mechanism can be used with @C_VerifyInit@                                               |
177
| @CKF_VERIFY_RECOVER@    | 0x00004000 | True if the mechanism can be used with @C_VerifyRecoverInit@                                        |
178
| @CKF_GENERATE@          | 0x00008000 | True if the mechanism can be used with @C_GenerateKey@                                              |
179
| @CKF_GENERATE_KEY_PAIR@ | 0x00010000 | True if the mechanism can be used with @C_GenerateKeyPair@                                          |
180
| @CKF_WRAP@              | 0x00020000 | True if the mechanism can be used with @C_WrapKey@                                                  |
181
| @CKF_UNWRAP@            | 0x00040000 | True if the mechanism can be used with @C_UnwrapKey@                                                |
182
| @CKF_DERIVE@            | 0x00080000 | True if the mechanism can be used with @C_DeriveKey@                                                |
183
| @CKF_EXTENSION@         | 0x80000000 | True if there is an extension to the flags; false if no extensions. Must be false for this version. |
184 1 Johannes Schmölz
185
186 2 Johannes Schmölz
_Table 2: Mechanism Information Flags ([PKCS#11(v2.3)], p. 50)_
187 1 Johannes Schmölz
188 2 Johannes Schmölz
&nbsp;
189
190
191
192
h3. Session Management
193
194 1 Johannes Schmölz
*C_OpenSession*
195
196 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_OpenSession@ whenever it initializes a token and keeps the session open as long as possible. The Netscape Security Library almost never closes a session after it finishes doing something with a token. It uses a single session for all single-part RSA operations such as logging in, logging out, signing, verifying, generating keys, wrapping keys, and so on.
197 1 Johannes Schmölz
198
The Netscape Security Library opens a separate session for each part of a multipart encryption (bulk encryption). If it runs out of sessions, it uses the initial session for saves and restores.
199
200 2 Johannes Schmölz
This function will use the IFD-function @Connect@ to open a session to the token.
201 1 Johannes Schmölz
202
203 2 Johannes Schmölz
204 1 Johannes Schmölz
*C_CloseSession*
205
206 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library calls @C_CloseSession@ to close sessions created for bulk encryption.
207 1 Johannes Schmölz
208 2 Johannes Schmölz
This function will use the IFD-function @Disconnect@ to close a session to the token.
209 1 Johannes Schmölz
210
211 2 Johannes Schmölz
212 1 Johannes Schmölz
*C_CloseAllSessions*
213
214 2 Johannes Schmölz
As explained in [NSS-PKCS#11] the Netscape Security Library may call @C_CloseAllSessions@ when it closes down a slot.
215 1 Johannes Schmölz
216
217 2 Johannes Schmölz
218 1 Johannes Schmölz
*C_GetSessionInfo*
219
220 2 Johannes Schmölz
The Netscape Security Library calls @C_GetSessionInfo@ frequently.
221 1 Johannes Schmölz
222 2 Johannes Schmölz
If a token has been removed during a session, @C_GetSessionInfo@ should return either @CKR_SESSION_CLOSED@ or @CKR_SESSION_HANDLE_INVALID@. If a token has been removed and then the same or another token is inserted, @C_GetSessionInfo@ should return @CKR_SESSION_HANDLE_INVALID@.
223 1 Johannes Schmölz
224 2 Johannes Schmölz
225
226 1 Johannes Schmölz
*C_Login*
227
228 2 Johannes Schmölz
The Netscape Security Library calls @C_Login@ on a token's initial session whenever @CKF_LOGIN_REQUIRED@ is @TRUE@ and the user state indicates that the user isn't logged in.
229 1 Johannes Schmölz
230 2 Johannes Schmölz
This function will use the IFD-function @VerifyUser@ to perform the authentication of a user.
231 1 Johannes Schmölz
232
233 2 Johannes Schmölz
234 1 Johannes Schmölz
*C_Logout*
235
236 2 Johannes Schmölz
The Netscape Security Library calls @C_Logout@ on a token's initial session
237 1 Johannes Schmölz
238
* when the password is timed out
239
* when performing any kind of private key operation if "ask always" is turned on
240
* when changing a password
241
* when the user logs out
242
243
244 2 Johannes Schmölz
245 1 Johannes Schmölz
h3. Object Management
246
247
In the scope of a TLS-handshake the client needs to read the certificate from the card and send it to the server. This functionality is most likely  performed using the following two functions.
248
249
250 2 Johannes Schmölz
251 1 Johannes Schmölz
*C_GetAttributeValue*
252
253 2 Johannes Schmölz
The Netscape Security Library calls @C_GetAttributeValue@ to get the value of attributes for both single objects and multiple objects. This is useful for extracting public keys, nonsecret bulk keys, and so on.
254 1 Johannes Schmölz
255
256 2 Johannes Schmölz
257 1 Johannes Schmölz
*C_FindObjectsInit, C_FindObjects, C_FindFinal*
258
259 2 Johannes Schmölz
The Netscape Security Library calls these functions frequently to look up objects by @CKA_ID@ or @CKA_LABEL@. These values must match the equivalent values for related keys and certificates and must be unique among key pairs on a given token.
260 1 Johannes Schmölz
261 2 Johannes Schmölz
The Netscape Security Library also looks up certificates by @CK_ISSUER@ and @CK_SERIAL@. If those fields aren't set on the token, S/MIME won't work.
262 1 Johannes Schmölz
263
264 2 Johannes Schmölz
265 1 Johannes Schmölz
h3. Cryptographic Operations
266
267 2 Johannes Schmölz
In the scope of a TLS-handshake the client needs to sign data, which is constructed based on previously exchanged messages in the handshake. This signature is most likely created using the functions @C_SignInit@, @C_Sign@ and @C_SignFinal@.
268 1 Johannes Schmölz
269
270 2 Johannes Schmölz
271 1 Johannes Schmölz
h2. References
272
273
[Grif09] R. Griffin: Encryption and Key Management Tutorials, Part II: PKCS #11 – Enhancements and Opportunities, Talk at RSA 2009, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-30/TUT-M51_Griffin_PKCS11.pdf
274
275
[NSS-PKCS#11] Implementing PKCS #11 for the Netscape Security Library, http://docs.oracle.com/cd/E19957-01/816-6150-10/pkcs.htm
276 2 Johannes Schmölz
277
[PKCS#11(v2.3)]	RSA Laboratories: PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4, 10 July 2009
278 3 Andreas Kuckartz
279
h2. Additional links
280
281
PKCS11 FAQ
282
https://developer.mozilla.org/en-US/docs/PKCS11_FAQ
283
284
Using the PKCS #11 Module Logger
285
NSS Technical Note: 2
286
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html
287 4 Andreas Kuckartz
288
Network Security Services (NSS)
289
(The main NSS page with lots of links to current material)
290
http://www.mozilla.org/projects/security/pki/nss/
291 5 Andreas Kuckartz
292
PKCS#11
293
https://dev.openecard.org/issues/128
294
295
Chromium support for PKCS #11
296
https://dev.openecard.org/issues/163
297 6 Tobias Wich
298
Open eCard PKCS#11 IPC Design
299
https://dev.openecard.org/attachments/download/237/pkcs11.pptx