Nitrokey HSM2 Key Use Counter C Code Example

Nils_Moskopp · September 2, 2021, 9:06am

In HSM2: Distributed key access & sign counter I read:

A key use counter can be defined using the PKCS#11 module from sc-hsm-embedded and a proprietary attribute defined in [3].

Does someone have a C code example for setting – and testing – the key use counter attribute for an RSA or EC keypair on the Nitrokey HSM 2? I could only find an AES key generation example so far and I am not sure how to set the attribute for RSA / EC keys:

github.com

CardContact/sc-hsm-embedded/blob/097fe6e874a529df78ff162d8673393fd8f8d96b/src/tests/sc-hsm-pkcs11-test.c#LC1627


      
          	rc = p11->C_DestroyObject(session, hndPublicKey);
          	printf("- %s : %s\n", id2name(p11CKRName, rc, 0, namebuf), verdict(rc == CKR_OK));
          
          	printf("Calling C_DestroyObject(ECPrivateKey) ");
          	rc = p11->C_DestroyObject(session, hndPrivateKey);
          	printf("- %s : %s\n", id2name(p11CKRName, rc, 0, namebuf), verdict(rc == CKR_OK));
          }
          
          
          
          void testAESKeyGeneration(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE session)
          {
          	int rc;
          	CK_CHAR label[] = "TestAESKey";
          	CK_BBOOL _false = FALSE;
          	CK_BBOOL _true = TRUE;
          
          	CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
          	CK_ULONG len = 16;
          	CK_ULONG kuc = 10;
          	CK_BYTE algoList[] = {0x10, 0x11, 0x18, 0x99};

saper · October 13, 2021, 12:08am

Key counter can be set only during the generation of the key. I don’t have C code handy, but JavaScript comes close, have a look at SmartCardHSM.test in scsh/sc-hsm/SmartCardHSM.js - it contains the sequence:

     var kg = new SmartCardHSMKeySpecGenerator(Crypto.EC, dp);
     sc.generateAsymmetricKeyPair(2, 0, kg.encode());

SmartCardHSMKeySpecGenerator.encode will add extra attribute with a tag 0x90 and the key counter value if requested to the template (kg) that will be used to write the key object.

In PKCS#11 terms this will be adding a new custom CK_ATTRIBUTE to the key generation template, like here:

github.com

CardContact/sc-hsm-embedded/blob/097fe6e874a529df78ff162d8673393fd8f8d96b/src/tests/sc-hsm-pkcs11-test.c#L627-L631

    
      
          	CK_ATTRIBUTE template[] = {
          			{ CKA_CLASS, &classprk, sizeof(classprk) },
          			{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
          			{ CKA_SIGN, &_true, sizeof(_true) }
          	};

and the attribute will be CKA_SC_HSM_KEY_USE_COUNTER:

github.com

CardContact/sc-hsm-embedded/blob/55de2360563e8410bf71cf1ec6609f634770eab5/src/sc-hsm/sc-hsm-pkcs11.h#L53

    
      
          #endif
          
          
#define CKA_CVC_INNER_CAR			CKA_VENDOR_DEFINED + 0x00000100
          #define CKA_CVC_OUTER_CAR			CKA_VENDOR_DEFINED + 0x00000101
          #define CKA_CVC_CHR				CKA_VENDOR_DEFINED + 0x00000102
          #define CKA_CVC_CED				CKA_VENDOR_DEFINED + 0x00000103
          #define CKA_CVC_CXD				CKA_VENDOR_DEFINED + 0x00000104
          #define CKA_CVC_CHAT				CKA_VENDOR_DEFINED + 0x00000105
          #define CKA_CVC_CURVE_OID			CKA_VENDOR_DEFINED + 0x00000106
          #define CKA_SC_HSM_PUBLIC_KEY_ALGORITHM		CKA_VENDOR_DEFINED + 0x00000107
          #define CKA_SC_HSM_KEY_USE_COUNTER		CKA_VENDOR_DEFINED + 0x00000108
          #define CKA_SC_HSM_ALGORITHM_LIST		CKA_VENDOR_DEFINED + 0x00000109
          #define CKA_CVC_REQUEST				CKA_VENDOR_DEFINED + 0x00000110
          #define CKA_SC_HSM_KEY_DOMAIN			CKA_VENDOR_DEFINED + 0x00000111
          #define CKA_SC_HSM_WRAPPING_KEY_ID		CKA_VENDOR_DEFINED + 0x00000112
          
          
#define CKC_CVC_TR3110				CKC_VENDOR_DEFINED + 0x00000001
          
          
/* PKCS#1 V2.0 PSS with external calculated hash and MGF1 using the same hash*/
          #define CKM_SC_HSM_PSS_SHA1			CKC_VENDOR_DEFINED + 0x00000001
          #define CKM_SC_HSM_PSS_SHA224			CKC_VENDOR_DEFINED + 0x00000002

AES key generation example is good, the templates are very similar

Now how to read it: key counter, domain ID are SmartCard HSM proprietary attributes in the PKCS#15 key structure.

For example, I have just tried opensc-explorer on my Nitrokey HSM2:

OpenSC Explorer version 0.21.0-0.21.0
OpenSC [3F00]> cd aid:e828bd080f
OpenSC [E828/BD08/0F]> info cc01

Working Elementary File  ID CC01

File path:               CC01
File size:               0 bytes
EF structure:            Transparent
ACL for READ:            N/A
ACL for UPDATE:          N/A
ACL for DELETE:          N/A
ACL for WRITE:           N/A
ACL for REHABILITATE:    N/A
ACL for INVALIDATE:      N/A
ACL for LIST FILES:      N/A
ACL for CRYPTO:          N/A
Type attributes:         01
Proprietary attributes:  90 04 FF FF FF FF 92 01 00

90 tag, 04 length and FF FF FF FF is the key counter (not set), and 92 tag, 01 length and 00 is the key domain of the key (first key domain in that case - if the key is outside of the domain, this attribute is not present).

So just re-use your key generation template or create a simple one with one key value like this one:

github.com

CardContact/sc-hsm-embedded/blob/097fe6e874a529df78ff162d8673393fd8f8d96b/src/tests/sc-hsm-pkcs11-test.c#L1739-L1741

    
      
          	CK_ATTRIBUTE keyValueTemplate[1] = {
          			{ CKA_VALUE, &keyValue, 32 }
          	};

and then call it

github.com

CardContact/sc-hsm-embedded/blob/097fe6e874a529df78ff162d8673393fd8f8d96b/src/tests/sc-hsm-pkcs11-test.c#L1764-L1764

    
      
          	rc = p11->C_GetAttributeValue(session, hndDerivedKey, (CK_ATTRIBUTE_PTR)&keyValueTemplate, 1);

Haven’t tried, but might work!

Nils_Moskopp · October 13, 2021, 3:53am

Haven’t tried, but might work!
Thank you for your effort, but I got that far already regarding my understanding of the issue – only that I was not able to make it work, which is why I was asking for working example code.

saper · October 13, 2021, 8:22am

If you have an almost-working code and something more than “it does not work”, for example "C_GetAttribute returns 255", then we can try…