Cannot wrap an EC key?

Thu Dec 19 20:44:22 UTC 2024

Hmm... looking at the PKCS11 soft token nss code  (from 
hg.mozilla.org/projects/nss) - ANY failure to unwrap a private key gets 
returned as a CKR_INCOMPLETE_TEMPLATE.

The NSS code for sftk_unwrapPrivateKey is weird.  It starts out with a 
CKR_ code in a number of places, and if that code is not CKR_OK, returns 
SECFailure which if that is seen gets translated back into 
CKR_INCOMPLETE_TEMPLATE regardless of the actual underlying error.

see pkcs11c.c sftk_unwrapPrivateKey beginning at line 6443 and 
NSC_UnwrapKey at 6739.

I'd make a fix here to have sftk_unwrapPrivateKey return a CK_RV and 
translate the early SECFailure(s) and others along the way into a 
CKR_VENDOR_DEFINED code that maps to the specific error.

Good Luck - Mike

On 12/18/2024 11:11 PM, Wei-Jun Wang wrote:
> No, it’s the EncryptedPrivateKeyInfo format and internally the data is PKCS8. I can unwrap it with a cipher from SunJCE.
>
> BTW, I made a mistake in my first mail. The config needn’t be sensitive. Then I am able to use the key to init a SunJCE cipher.
>
> —Weijun
>
>> On Dec 18, 2024, at 22:02, Mike StJohns <mstjohns at comcast.net> wrote:
>>
>> If I had to make a wild guess, I’d guess that the wrapped key doesn’t include the curve info.  If the length of the wrapped data is only 40 bytes, then all you have is the x from the private key.  I’m wondering if the algorithm has to include the curve info.
>>
>> Something like “EC/secp256r1”?
>>
>> If it’s longer than 40 bytes (or 8 plus the length of the private key data for a given curve) then something besides the bare private key has been wrapped.
>>
>> For some unknown reason, the format of the key material being wrapped was not specified by PKCS11.
>>
>> Mike
>>
>> Sent from my iPad
>>
>>> On Dec 18, 2024, at 19:23, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>>>
>>> Hi, PKCS #11 gurus,
>>>
>>>    var sp = KeyPairGenerator.getInstance("EC", p).generateKeyPair().getPrivate();
>>>    var k = KeyGenerator.getInstance("AES", p).generateKey();
>>>
>>>    var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
>>>    cipher.init(Cipher.WRAP_MODE, k);
>>>    var wrapped = cipher.wrap(sp);
>>>    cipher.init(Cipher.UNWRAP_MODE, k);
>>>    cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);
>>>
>>> Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.
>>>
>>> Thanks,
>>> Weijun
>>>
>>>