Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 530
    • Issues 530
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 97
    • Merge requests 97
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #348

Closed
Open
Created Jun 19, 2018 by Ondřej Surý@ondrejOwner

PKCS#11 implementation of DH is broken (at least with SoftHSMv2)

The PKCS#11 implementation of DH algorithm doesn't work with SoftHSMv2 and although I very much doubt anybody uses TKEY or SIG(0) with HSMs, it will need to be fixed eventually.

The best way to test it is to checkout 328-make-openssl-mandatory branch and revert the commit with commit message "Disable DH test with PKCS#11" and compile with ./configure --enable-developer --with-atf=/usr/local --with-openssl=/usr/local/opt/openssl --enable-native-pkcs11 --with-pkcs11=/usr/local/lib/softhsm/libsofthsm2.so and the dh_test in lib/dns/tests fails with:

$ ./dh_test isc_dh_computesecret
failed: dh_test.c:65: ret != DST_R_COMPUTESECRETFAILURE

this is due to CKA_VALUE2 attribute is not found (https://gitlab.isc.org/isc-projects/bind9/blob/master/lib/dns/pkcs11dh_link.c#L127). I strongly suspect that (ab)using CKA_PRIVATE_EXPONENT for this might at fault:

 *  reuse CKA_PRIVATE_EXPONENT for key pair private value
[...]
#define CKA_VALUE2      CKA_PRIVATE_EXPONENT

but the PKCS#11 interface is written by cryptographers for cryptographers, so normal people can just blankly stare when reading the code using PKCS#11 API.

That said, the official specification for PKCS#11 Diffie-Hellman Section 2.4.4 is quite clear on the number of attributes, so my suggestion would be to follow the specification when fixing this.

Edited Jul 03, 2018 by Ondřej Surý
Assignee
Assign to
Time tracking