1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
|
.. _mozilla_projects_nss_nss_sample_code_nss_sample_code_sample1:
NSS Sample Code Sample1
=======================
.. _nss_sample_code_1_key_generation_and_transport_between_servers.:
`NSS Sample Code 1: Key Generation and Transport Between Servers. <#nss_sample_code_1_key_generation_and_transport_between_servers.>`__
---------------------------------------------------------------------------------------------------------------------------------------
.. container::
This is an example program that demonstrates how to do key generation and transport between
cooperating servers. This program shows the following:
- RSA key pair generation
- Naming RSA key pairs
- Looking up a previously generated key pair by name
- Creating AES and MAC keys (or encryption and MAC keys in general)
- Wrapping symmetric keys using your own RSA key pair so that they can be stored on disk or in a
database.
- As an alternative to TOKEN symmetric keys
- As a way to store large numbers of symmetric keys
- Wrapping symmetric keys using an RSA key from another server
- Unwrapping keys using your own RSA key pair
| The main part of the program shows a typical sequence of events for two servers that are trying
to extablish a shared key pair.
| We will add message protection (encryption and MACing) examples to this program in the future.
.. _sample_code:
`Sample Code <#sample_code>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
.. code:: notranslate
#include <iostream.h>
#include "pk11pub.h"
#include "keyhi.h"
#include "nss.h"
// Key management for keys share among multiple hosts
//
// This example shows how to use NSS functions to create and
// distribute keys that need to be shared among multiple servers
// or hosts.
//
// The management scheme assumes that one host is PRIMARY. It
// generates the secret keys that will be used by all participating
// hosts. The other hosts (SECONDARY) request keys from the
// primary host. As an alternative, new keys may be sent to the
// current set of SECONDARY hosts when they are generated by the
// PRIMARY. In this case, the PRIMARY maintains a list of the
// secondary hosts.
//
// The sequence of events is:
// 1. The primary host generates a new symmetric key. This key
// may be used for an encryption mechanism (DES or AES) or for
// integrity (MD5_HMAC or SHA1_HMAC). This key needs to be
// permanent, since it may be used during several runs of the
// server. (Currently NSS doesn't store persistant keys. Steps
// 1a through 1x show how to do this).
// 1a. The primary host generates an RSA keypair that will be used
// store keys locally.
// 1b. The primary host wraps the newly generated key using the
// RSA key and stores the wrapped key data in a local file.
// 1c. The primary host unwraps the key using the RSA key each time
// access to the key is required, such as at server startup.
// 2. The secondary host generates an RSA keypair that will be used
// to transport keys between the primary host and itself. This
// key needs to exist long enough to be used to process the
// response to a key transport request that is made to the primary
// server. The example here shows how to create a permanent (token)
// RSA key for this purpose. (This key will also be used for
// storage of the keys, since NSS does not support permanent symmetric
// keys at the current time.)
// 3. The secondary host sends its RSA public key to the primary host as
// part of a request for a particular key, or to be added to a list
// of secondary hosts.
// 4. The administrator of the primary host verifies that the RSA key
// that was received belongs to a valid secondary host. The adminstrator
// may do this by checking that the key was received in a signed email
// message, or by checking a digest value with the adminstrator of the
// secondary host. [Need support for digest check values]
// 5. The primary host exports (wraps) the symmetric key using the
// secondary host's RSA key. The wrapped value is sent back to
// the secondary host.
// 6. The administrator of the secondary host verifies that the wrapped
// key data came from the primary host. The same methods outlined
// in step 4 may be used here.
// 7. The secondary host unwraps the key using its own RSA private key.
// NOTE: currently NSS does not support permanent symmetric keys.
// The secondary host may store the wrapped value that was received
// from the primary in a file, and unwrap it each time the key is required
// (such as at server startup).
// NSS actually has some support for permanent symmetric keys. However this
// example will need to be modified somewhat in order to demonstrate it.
// Utility function to print hex data
static void
printBuffer(unsigned char *digest, unsigned int len)
{
int i;
cout << "length: " << len << endl;
for(i = 0;i < len;i++) printf("%02x ", digest[i]);
cout << endl;
}
// XXX Data protection
// - takes an input buffer, applies the encryption
// and MAC, and generates a buffer with the result.
// - the application sends or uses the result (possibly
// after base64 encoding it.
//
// Server - an instance of a server that is part of a
// cluster of servers that are sharing a common set
// of encryption and MACing keys.
//
class Server
{
public:
// Initializes the server instance. In particular, this
// creates the key pair that is used for wrapping keys
int Init();
// Generates keys for encryption (AES) and MACing. The
// wrapped keys are stored in data files.
int GenerateKeys();
// Gets the server's public key (wrapping key) to
// send to another server. This becomes the input to
// the ExportKeys method on the remote server.
int ExportPublicKey(SECItem **pubKeyData);
// Export the encryption and key using the key
// provided. The key should come from another server
// in the cluster. (The admin should verify this.)
//
// In this example, the server must be started to perform
// this function (see Start())
int ExportKeys(SECItem *pubKey, SECItem **wrappedEncKey,
SECItem **wrappedMacKey);
// Import the keys received from another server in the
// cluster. The admin should make sure the keys actually
// came from the correct source.
int ImportKeys(SECItem *wrappedEncKey, SECItem *wrappedMacKey);
// Start the server, loading the encryption and MACing keys
// from files
int Start();
// Shut down the server. (For completeness)
int Shutdown();
// Compare keys in two server instances. Use this in the
// example to make sure the keys are transferred correctly.
// This will not work in real life!
//
// The servers must be started
int CompareKeys(Server *peer);
// Create a server - the name distiguish the keys in the
// shared database in this example
Server(const char *serverName);
~Server();
private:
int getPrivateKey(SECKEYPrivateKey **prvKey);
int getPublicKey(SECKEYPublicKey **pubKey);
int wrapKey(PK11SymKey *key, SECKEYPublicKey *pubKey, SECItem **data);
// export raw key (unwrapped) DO NOT USE
int rawExportKey(PK11SymKey *key, SECItem **data);
char *mServerName;
// These items represent data that might be stored
// in files or in a configuration file
SECItem *mWrappedEncKey;
SECItem *mWrappedMacKey;
// These are the runtime keys as loaded from the files
PK11SymKey *mEncKey;
PK11SymKey *mMacKey;
};
Server::Server(const char *serverName)
: mServerName(0), mWrappedEncKey(0), mWrappedMacKey(0),
mEncKey(0), mMacKey(0)
{
// Copy the server name
mServerName = PL_strdup(serverName);
}
Server::~Server()
{
if (mServerName) PL_strfree(mServerName);
if (mWrappedEncKey) SECITEM_FreeItem(mWrappedEncKey, PR_TRUE);
if (mWrappedMacKey) SECITEM_FreeItem(mWrappedMacKey, PR_TRUE);
if (mEncKey) PK11_FreeSymKey(mEncKey);
if (mMacKey) PK11_FreeSymKey(mMacKey);
}
int
Server::Init()
{
int rv = 0;
SECKEYPrivateKey *prvKey = 0;
SECKEYPublicKey *pubKey = 0;
PK11SlotInfo *slot = 0;
PK11RSAGenParams rsaParams;
SECStatus s;
// See if there is already a private key with this name.
// If there is one, no further action is required.
rv = getPrivateKey(&prvKey);
if (rv == 0 && prvKey) goto done;
rv = 0;
// These could be parameters to the Init function
rsaParams.keySizeInBits = 1024;
rsaParams.pe = 65537;
slot = PK11_GetInternalKeySlot();
if (!slot) { rv = 1; goto done; }
prvKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
&pubKey, PR_TRUE, PR_TRUE, 0);
if (!prvKey) { rv = 1; goto done; }
// Set the nickname on the private key so that it
// can be found later.
s = PK11_SetPrivateKeyNickname(prvKey, mServerName);
if (s != SECSuccess) { rv = 1; goto done; }
done:
if (slot) PK11_FreeSlot(slot);
if (pubKey) SECKEY_DestroyPublicKey(pubKey);
if (prvKey) SECKEY_DestroyPrivateKey(prvKey);
return rv;
}
int
Server::GenerateKeys()
{
int rv = 0;
SECKEYPublicKey *pubKey = 0;
PK11SlotInfo *slot = 0;
// Choose a slot to use
slot = PK11_GetInternalKeySlot();
if (!slot) { rv = 1; goto done; }
// Get our own public key to use for wrapping
rv = getPublicKey(&pubKey);
if (rv) goto done;
// Do the Encryption (AES) key
if (!mWrappedEncKey)
{
PK11SymKey *key = 0;
// The key size is 128 bits (16 bytes)
key = PK11_KeyGen(slot, CKM_AES_KEY_GEN, 0, 128/8, 0);
if (!key) { rv = 1; goto aes_done; }
rv = wrapKey(key, pubKey, &mWrappedEncKey);
aes_done:
if (key) PK11_FreeSymKey(key);
if (rv) goto done;
}
// Do the Mac key
if (!mWrappedMacKey)
{
PK11SymKey *key = 0;
// The key size is 160 bits (20 bytes)
key = PK11_KeyGen(slot, CKM_GENERIC_SECRET_KEY_GEN, 0, 160/8, 0);
if (!key) { rv = 1; goto mac_done; }
rv = wrapKey(key, pubKey, &mWrappedMacKey);
mac_done:
if (key) PK11_FreeSymKey(key);
}
done:
if (slot) PK11_FreeSlot(slot);
return rv;
}
int
Server::ExportPublicKey(SECItem **pubKeyData)
{
int rv = 0;
SECKEYPublicKey *pubKey = 0;
rv = getPublicKey(&pubKey);
if (rv) goto done;
*pubKeyData = SECKEY_EncodeDERSubjectPublicKeyInfo(pubKey);
if (!*pubKeyData) { rv = 1; goto done; }
done:
if (pubKey) SECKEY_DestroyPublicKey(pubKey);
return rv;
}
int
Server::ExportKeys(SECItem *pubKeyData, SECItem **wrappedEncKey,
SECItem **wrappedMacKey)
{
int rv;
CERTSubjectPublicKeyInfo *keyInfo = 0;
SECKEYPublicKey *pubKey = 0;
SECItem *data = 0;
// Make sure the keys are available (server running)
if (!mEncKey || !mMacKey) { rv = 1; goto done; }
// Import the public key of the other server
keyInfo = SECKEY_DecodeDERSubjectPublicKeyInfo(pubKeyData);
if (!keyInfo) { rv = 1; goto done; }
pubKey = SECKEY_ExtractPublicKey(keyInfo);
if (!pubKey) { rv = 1; goto done; }
// Export the encryption key
rv = wrapKey(mEncKey, pubKey, &data);
if (rv) goto done;
// Export the MAC key
rv = wrapKey(mMacKey, pubKey, wrappedMacKey);
if (rv) goto done;
// Commit the rest of the operation
*wrappedEncKey = data;
data = 0;
done:
if (data) SECITEM_FreeItem(data, PR_TRUE);
if (pubKey) SECKEY_DestroyPublicKey(pubKey);
if (keyInfo) SECKEY_DestroySubjectPublicKeyInfo(keyInfo);
return rv;
}
int
Server::ImportKeys(SECItem *wrappedEncKey, SECItem *wrappedMacKey)
{
int rv = 0;
if (mWrappedEncKey || mWrappedMacKey) { rv = 1; goto done; }
mWrappedEncKey = SECITEM_DupItem(wrappedEncKey);
if (!mWrappedEncKey) { rv = 1; goto done; }
mWrappedMacKey = SECITEM_DupItem(wrappedMacKey);
if (!mWrappedMacKey) { rv = 1; goto done; }
done:
return rv;
}
int
Server::Start()
{
int rv;
SECKEYPrivateKey *prvKey = 0;
rv = getPrivateKey(&prvKey);
if (rv) goto done;
if (!mEncKey)
{
// Unwrap the encryption key from the "file"
// This function uses a mechanism rather than a key type
// Does this need to be "WithFlags"??
mEncKey = PK11_PubUnwrapSymKey(prvKey, mWrappedEncKey,
CKM_AES_CBC_PAD, CKA_ENCRYPT, 0);
if (!mEncKey) { rv = 1; goto done; }
}
if (!mMacKey)
{
// Unwrap the MAC key from the "file"
// This function uses a mechanism rather than a key type
// Does this need to be "WithFlags"??
mMacKey = PK11_PubUnwrapSymKey(prvKey, mWrappedMacKey,
CKM_MD5_HMAC, CKA_SIGN, 0);
if (!mMacKey) { rv = 1; goto done; }
}
done:
if (prvKey) SECKEY_DestroyPrivateKey(prvKey);
return rv;
}
int
Server::Shutdown()
{
if (mEncKey) PK11_FreeSymKey(mEncKey);
if (mMacKey) PK11_FreeSymKey(mMacKey);
mEncKey = 0;
mMacKey = 0;
return 0;
}
int
Server::CompareKeys(Server *peer)
{
int rv;
SECItem *macKey1 = 0;
SECItem *macKey2 = 0;
SECItem *encKey1 = 0;
SECItem *encKey2 = 0;
// Export each of the keys in raw form
rv = rawExportKey(mMacKey, &macKey1);
if (rv) goto done;
rv = rawExportKey(peer->mMacKey, &macKey2);
if (rv) goto done;
rv = rawExportKey(mEncKey, &encKey1);
if (rv) goto done;
rv = rawExportKey(peer->mEncKey, &encKey2);
if (rv) goto done;
if (!SECITEM_ItemsAreEqual(macKey1, macKey2)) { rv = 1; goto done; }
if (!SECITEM_ItemsAreEqual(encKey1, encKey2)) { rv = 1; goto done; }
done:
if (macKey1) SECITEM_ZfreeItem(macKey1, PR_TRUE);
if (macKey2) SECITEM_ZfreeItem(macKey2, PR_TRUE);
if (encKey1) SECITEM_ZfreeItem(encKey1, PR_TRUE);
if (encKey2) SECITEM_ZfreeItem(encKey2, PR_TRUE);
return rv;
}
// Private helper, retrieves the private key for the server
// from the database. Free the key using SECKEY_DestroyPrivateKey
int
Server::getPrivateKey(SECKEYPrivateKey **prvKey)
{
int rv = 0;
PK11SlotInfo *slot = 0;
SECKEYPrivateKeyList *list = 0;
SECKEYPrivateKeyListNode *n;
char *nickname;
slot = PK11_GetInternalKeySlot();
if (!slot) goto done;
// ListPrivKeysInSlot looks like it should check the
// nickname and only return keys that match. However,
// that doesn't seem to work at the moment.
// BUG: XXXXX
list = PK11_ListPrivKeysInSlot(slot, mServerName, 0);
cout << "getPrivateKey: list = " << list << endl;
if (!list) { rv = 1; goto done; }
for(n = PRIVKEY_LIST_HEAD(list);
!PRIVKEY_LIST_END(n, list);
n = PRIVKEY_LIST_NEXT(n))
{
nickname = PK11_GetPrivateKeyNickname(n->key);
if (PL_strcmp(nickname, mServerName) == 0) break;
}
if (PRIVKEY_LIST_END(n, list)) { rv = 1; goto done; }
*prvKey = SECKEY_CopyPrivateKey(n->key);
done:
if (list) SECKEY_DestroyPrivateKeyList(list);
return rv;
}
int
Server::getPublicKey(SECKEYPublicKey **pubKey)
{
int rv;
SECKEYPrivateKey *prvKey = 0;
rv = getPrivateKey(&prvKey);
if (rv) goto done;
*pubKey = SECKEY_ConvertToPublicKey(prvKey);
if (!*pubKey) { rv = 1; goto done; }
done:
if (prvKey) SECKEY_DestroyPrivateKey(prvKey);
return rv;
}
int
Server::wrapKey(PK11SymKey *key, SECKEYPublicKey *pubKey, SECItem **ret)
{
int rv = 0;
SECItem *data;
SECStatus s;
data = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
if (!data) { rv = 1; goto done; }
// Allocate space for output of wrap
data->len = SECKEY_PublicKeyStrength(pubKey);
data->data = new unsigned char[data->len];
if (!data->data) { rv = 1; goto done; }
s = PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, key, data);
if (s != SECSuccess) { rv = 1; goto done; }
*ret = data;
data = 0;
done:
if (data) SECITEM_FreeItem(data, PR_TRUE);
return rv;
}
// Example of how to do a raw export (no wrapping of a key)
// This should not be used. Use the RSA-based wrapping
// methods instead.
int
Server::rawExportKey(PK11SymKey *key, SECItem **res)
{
int rv = 0;
SECItem *data;
SECStatus s;
s = PK11_ExtractKeyValue(key);
if (s != SECSuccess) { rv = 1; goto done; }
data = PK11_GetKeyData(key);
*res = SECITEM_DupItem(data);
if (!*res) { rv = 1; goto done; }
done:
return rv;
}
// Initialize the NSS library. Normally this
// would be done as part of each server's startup.
// However, this example uses the same databases
// to store keys for server in the "cluster" so
// it is done once.
int
InitNSS()
{
int rv = 0;
SECStatus s;
s = NSS_InitReadWrite(".");
if (s != SECSuccess) rv = 1; // Error
// For this example, we don't use database passwords
PK11_InitPin(PK11_GetInternalKeySlot(), "", "");
return rv;
}
int
main(int argc, char *argv[])
{
int rv;
Server *server1 = 0;
Server *server2 = 0;
// Initialize NSS
rv = InitNSS();
if (rv) { cout << "InitNSS failed" << endl; goto done; }
// Create the first "server"
server1 = new Server("Server1");
if (!server1 || server1->Init())
{
cout << "Server1 could not be created" << endl;
rv = 1;
goto done;
}
// Generate encryption and mac keys. These keys will
// be used by all the servers in the cluster.
rv = server1->GenerateKeys();
if (rv) { cout << "GenerateKeys failed" << endl; goto done; }
// Now that everything is ready, start server1. This loads
// the encryption and MAC keys from the "files"
rv = server1->Start();
if (rv) { cout << "Cannot start server 1" << endl; goto done; }
// Create a second server in the cluster. We will need
// to transfer the keys from the first server to this
// one
server2 = new Server("Server2");
if (!server2 || server2->Init())
{
cout << "Server2 could not be created" << endl;
rv = 1; // Error
goto done;
}
// Transfer the keys from server1
{
SECItem *wrappedEncKey = 0;
SECItem *wrappedMacKey = 0;
SECItem *pubKeyData = 0;
// Get the public key for server 2 so that it can
// be sent to server 1
rv = server2->ExportPublicKey(&pubKeyData);
if (rv) { cout << "ExportPublicKey failed" << endl; goto trans_done; }
// Send the public key to server 1 and get back the
// wrapped key values
rv = server1->ExportKeys(pubKeyData, &wrappedEncKey, &wrappedMacKey);
if (rv) { cout << "ExportKeys failed" << endl; goto trans_done; }
// Print - for information
cout << "Wrapped Encryption Key" << endl;
printBuffer(wrappedEncKey->data, wrappedEncKey->len);
cout << "Wrapped MAC Key" << endl;
printBuffer(wrappedMacKey->data, wrappedMacKey->len);
// Import the keys into server 2 - this just puts the wrapped
// values into the "files"
rv = server2->ImportKeys(wrappedEncKey, wrappedMacKey);
if (rv) { cout << "ImportKeys failed" << endl; goto trans_done; }
trans_done:
if (wrappedEncKey) SECITEM_FreeItem(wrappedEncKey, PR_TRUE);
if (wrappedMacKey) SECITEM_FreeItem(wrappedMacKey, PR_TRUE);
if (pubKeyData) SECITEM_FreeItem(pubKeyData, PR_TRUE);
}
if (rv) goto done;
// Start server 2 - this unwraps the encryption and MAC keys
// so that they can be used
rv = server2->Start();
if (rv) { cout << "Cannot start server 2" << endl; goto done; }
// List keys in the token - informational
{
PK11SlotInfo *slot = 0;
SECKEYPrivateKeyList *list = 0;
SECKEYPrivateKeyListNode *n;
slot = PK11_GetInternalKeySlot();
if (!slot) goto list_done;
cout << "List Private Keys" << endl;
list = PK11_ListPrivKeysInSlot(slot, 0, 0);
if (!list) goto list_done;
for(n = PRIVKEY_LIST_HEAD(list);
!PRIVKEY_LIST_END(n, list);
n = PRIVKEY_LIST_NEXT(n))
{
char *name;
name = PK11_GetPrivateKeyNickname(n->key);
cout << "Key: " << name << endl;
}
list_done:
if (slot) PK11_FreeSlot(slot);
if (list) SECKEY_DestroyPrivateKeyList(list);
cout << "Done" << endl;
}
// Let's see if the keys are the same
rv = server1->CompareKeys(server2);
if (rv) { cout << "Key Comparison failed" << endl; }
server1->Shutdown();
server2->Shutdown();
done:
if (server1) delete server1;
if (server2) delete server2;
NSS_Shutdown();
return rv;
}
|
