[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Groups - TLS 1.2 mechanisms uploaded
Mike, Bob R., Your proposal has three sets of rules about key sensitivity and extractability. The first set of rules is used for CKM_TLS12_MASTER_KEY_DERIVE and CKM_TLS12_MASTER_KEY_DERIVE_DH. The second set of rules is used for CKM_TLS12_KEY_AND_MAC_DERIVE and CKM_TLS12_KEY_SAFE_DERIVE. The third set of rules is used for CKM_TLS_KDF. (The three sets of rules are listed at the end of this message.) Question 1: does CKM_TLS_KDF need its own set of rules? It seems that the rules for the master key derivation mechanisms should be appropriate for CKM_TLS_KDF because these mechanisms all derive one generic secret key from another generic secret key. Note: I may have found the answer to this question. See my next question. Question 2: I found that the rules for CKM_TLS_KDF are based on the rules for CKM_EXTRACT_KEY_FROM_KEY (with "base key" changed to "original key"). The only important change is that "from a default value" is changed to "from the original key". Why the change? I assume "from the original key" also implies if the original key doesn't have the CKA_SENSITIVE attribute, neither will the derived key. Correct? Thanks, Wan-Teh Chang ========== 1. CKM_TLS12_MASTER_KEY_DERIVE and CKM_TLS12_MASTER_KEY_DERIVE_DH: This mechanism has the following rules about key sensitivity and extractability: * The CKA_SENSITIVE and CKA_EXTRACTABLE attributes in the template for the new key can both be specified to be either CK_TRUE or CK_FALSE. If omitted, these attributes each take on some default value. * If the base key has its CKA_ALWAYS_SENSITIVE attribute set to CK_FALSE, then the derived key will as well. If the base key has its CKA_ALWAYS_SENSITIVE attribute set to CK_TRUE, then the derived key has its CKA_ALWAYS_SENSITIVE attribute set to the same value as its CKA_SENSITIVE attribute. * Similarly, if the base key has its CKA_NEVER_EXTRACTABLE attribute set to CK_FALSE, then the derived key will, too. If the base key has its CKA_NEVER_EXTRACTABLE attribute set to CK_TRUE, then the derived key has its CKA_NEVER_EXTRACTABLE attribute set to the opposite value from its CKA_EXTRACTABLE attribute. 2. CKM_TLS12_KEY_AND_MAC_DERIVE and CKM_TLS12_KEY_SAFE_DERIVE: All four keys inherit the values of the CKA_SENSITIVE, CKA_ALWAYS_SENSITIVE, CKA_EXTRACTABLE, and CKA_NEVER_EXTRACTABLE attributes from the base key. The template provided to C_DeriveKey may not specify values for any of these attributes which differ from those held by the base key. 3. CKM_TLS_KDF: This mechanism has the following rules about key sensitivity and extractability: * If the original key has its CKA_SENSITIVE attribute set to CK_TRUE, so does the derived key. If not, then the derived key’s CKA_SENSITIVE attribute is set either from the supplied template or from the original key. * Similarly, if the original key has its CKA_EXTRACTABLE attribute set to CK_FALSE, so does the derived key. If not, then the derived key’s CKA_EXTRACTABLE attribute is set either from the supplied template or from the original key. * The derived key’s CKA_ALWAYS_SENSITIVE attribute is set to CK_TRUE if and only if the original key has its CKA_ALWAYS_SENSITIVE attribute set to CK_TRUE. * Similarly, the derived key’s CKA_NEVER_EXTRACTABLE attribute is set to CK_TRUE if and only if the original key has its CKA_NEVER_EXTRACTABLE attribute set to CK_TRUE. 4. CKM_EXTRACT_KEY_FROM_KEY: This mechanism has the following rules about key sensitivity and extractability: * If the base key has its CKA_SENSITIVE attribute set to CK_TRUE, so does the derived key. If not, then the derived key’s CKA_SENSITIVE attribute is set either from the supplied template or from a default value. * Similarly, if the base key has its CKA_EXTRACTABLE attribute set to CK_FALSE, so does the derived key. If not, then the derived key’s CKA_EXTRACTABLE attribute is set either from the supplied template or from a default value. * The derived key’s CKA_ALWAYS_SENSITIVE attribute is set to CK_TRUE if and only if the base key has its CKA_ALWAYS_SENSITIVE attribute set to CK_TRUE. * Similarly, the derived key’s CKA_NEVER_EXTRACTABLE attribute is set to CK_TRUE if and only if the base key has its CKA_NEVER_EXTRACTABLE attribute set to CK_TRUE.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]