Re: RSA OAEP encryption support in NSS

Sun, 03 Aug 2008 21:10:31 -0700 

David Allan wrote, On 2008-08-02 19:43:
> 
>>> PK11_PubWrapSymKey(CKM_RSA_PKCS_OAEP,
>>>                     RSAPublicKey,
>>>                     UnwrappedKey,
>>>                     WrappedKey);
>> I'd guess that call failed, right?
>> Or are you using some third party PKCS#11 module that implements it?
>> NSS's PKCS#11 module does not implement that mechanism.
> 
> I am using the NSS PKCS#11 implementation, but oddly the call does not 
> fail, and produces something that looks like a wrapped key.  I'll take a 
> wild guess that it's doing PKCS1-v1.5, but I'll check into it and let you 
> know.  I would also expect the call to fail, though; would you like me to 
> file a bug against that?

Yes, please.  You can put this text into the bug report, if you'd like.

I just walked through that code again more carefully.  It's definitely a
bug. It's really a flaw in the design of the private function
pk11_ForceSlot.  That function can have any of the following outcomes:

1) the key is already in a slot that does the requested mechanism.
        SUCCESS: returns NULL
2) the key is not already in a slot that does the requested mechanism,
   and another slot can be found that does it.  It attempts to copy the
   symkey to the slot that can do the mechanism, and that succeeds.
   It creates a new PK11SymKey struct for the new copy of the key.
   This all succeeds:
        SUCCESS: returns address of new symkey
3) Same as 2 above, but fails to copy key to new slot, or fails to allocate
   new symkey struct.
        FAILURE: returns NULL
4) the key is not already in a slot that does the requested mechanism,
   and no slot exists that can do it.
        FAILURE: returns NULL

As you can see from that description, a NULL return is entirely ambiguous.
It means either
a) the key is fine and no slot change is needed (SUCCESS), or
b) the operation CANNOT succeed because the key is not in a slot that can
   do the requested mechanism (FAILURE).

IMO, pk11_ForceSlot should be changed to return a success/failure indicator
that is independent of whether a new symkey was allocated or not.  It
should also be able to output a new symkey.

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to