PKCS#11 Glue

Where we encountered the limits

Stef Walter, Red Hat

2013-03-04
PKCS#11 Glue

Uses PKCS#11 as a common key and certificate storage

across Linux crypto libraries

http://p11-glue.freedesktop.org/

2
PKCS#11 Glue provides:

● Common configuration of modules

● Facilitates sharing of modules between callers
● Remoting of modules
● Logging of calls
● Standard module for sharing trust information

3
Why Remote PKCS#11?
● Moving the driver code out of process in another
security context.
● Sharing login state across an entire desktop session
● Use PKCS#11 module another machine, for security
policy, or hardware usage

4
4
Limits encountered
● We pushed PKCS#11 beyond its designed use cases
● Not complaining or surprised we hit some limitations

5
5
Subclassing and wrapping PKCS#11 modules
● We can think of CK_FUNCTION_LIST as a vtable
● But the vtable pointer is not passed to each function
● module.C_GetFunctionList is awkward to
implement when wrapping
● p11-glue uses a custom CK_X_FUNCTION_LIST
● p11-glue uses libffi and make each function a closure
to receive the vtable pointer

6
Limited to single instance of module
● p11-glue modules return a new function list for each
C_GetFunctionList
● Together with wrapping, this facilitates sharing of
modules between callers

7
Callers Sharing Modules
● C_Initialize and C_Finalize behave
unexpectedly and race between multiple callers
● No thread safety guarantees for C_Initialize
● C_CloseAllSessions is problematic
● We virtualize the above module functions
● Login state is shared by callers

8
RPC: Limitations
● No introspection data, can only remote known
attributes because we don't know if the attribute
contains endian specific data like a CK_ULONG
● Can only remote some known CK_MECHANISM due to
embedded pointers and endianness
● Cannot cache objects and track object changes
● Remoting PKCS#11 is possible, but not all of it is
remotable in a general fashion
● Chatty and sensitive to latency

9
Storing Trust Information
● CKA_TRUST is not enough
● Researching stapled certificate extensions similar to
those in RFC 5914

10
Initialization parameters
● CK_C_INITIALIZE_ARGS.pReserved is non-
standard but often used by module implementations
to receive a string of initialization arguments
● Some modules allow multiple C_Initialize calls
and add new slots when called with different
pReserved arguments

11
Events
● C_WaitForSlotEvent requires one thread per slot
per interested caller
● No way to be notified when an object changes

12
Extension Mechanism for Functions
● Missing an extension mechanism for additional sets
of functions

13
Why?

Because PKCS#11 support is quite ubiquitous and

growing steadily

14
 Questions?

PKCS#11 Glue:
http://p11-glue.freedesktop.org

15
16