Re: [TLS] TLS and hardware security modules - some issues related to PKCS11

Michael StJohns <> Tue, 17 September 2013 16:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1188B11E8526 for <>; Tue, 17 Sep 2013 09:26:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bQ2ys35MN+lz for <>; Tue, 17 Sep 2013 09:26:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D484611E8522 for <>; Tue, 17 Sep 2013 09:26:11 -0700 (PDT)
Received: by with SMTP id hv10so1937371vcb.8 for <>; Tue, 17 Sep 2013 09:26:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=rhstycX4wp+r76reXnoTbnEZ3UMbnI/bFTv+CGRNFJU=; b=GBorsOTLhrP/khLyEerMOvK21pcHG4CxD8atwrXa2rvCiREtDK244ufBjnMYpKVVg9 550QAZStXzl+I8ooWIW5HOPp6x/5a94UIQyJ/MndFtkUTc2JVp2/KLnhPmI0B0U2C1aA rdGxHPb9EJ7vslOv++pheO4UHfYX/QW1Kkvm1UtaMS+JJMgBR7KpK3gbqyvzwa1DiBOg y6b3NThGhEks4R9dcoqffAVGQzhupe2xTob5WmIpVvtdqEsPBe0OQHdo5n+bPBwqb2GN DOOeFONaJ3Y2FnpNFsB93UwyDueN3jviQv/iBaL80O03cORIyxhBIo1AoM0E0rrhb9Em WB6Q==
X-Gm-Message-State: ALoCoQnTXpVOKBu3saW21PJYepzLZtoVCsPhkA7hkVwMEBWjk6pMsgtHrX28wzc72GIplaNo683/
X-Received: by with SMTP id q6mr17181229vev.9.1379435171117; Tue, 17 Sep 2013 09:26:11 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id p5sm24663216vek.1.1969. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Sep 2013 09:26:10 -0700 (PDT)
Message-ID: <>
Date: Tue, 17 Sep 2013 12:26:24 -0400
From: Michael StJohns <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Salz, Rich" <>
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "" <>
Subject: Re: [TLS] TLS and hardware security modules - some issues related to PKCS11
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Sep 2013 16:26:31 -0000

On 9/17/2013 12:00 PM, Salz, Rich wrote:
>> I want to protect inside of the HSM all of the following:
>> a) the private keys related to the server or client identity
>> b) the pre-master key
>> c) the master key
>> d) the session keys.
>> I want to be able to do all the cryptographic processing inside that module and only allow out true plain text.
> The programming model for such a beast is probably more like an I/O processor than an HSM.  You need input and output "local plaintext" data streams, and the same for "to/from the network crypto streams."  And ways to signal "I can't give you more plaintext until you write this on the network and get more data back from the other side."  And so on.

What?  No.

TLS is pretty much a two stage beast:

1) Figure out the keys. (TLS handshaking, data gathering, key transport 
and/key derivation).
2) use the crypto suite and the keys from (1) to encrypt and decrypt the 

Both of these are general purpose crypto operations.  How you get there 
is wrapped in TLS protocols, but the HSM doesn't actually need to know 
anything about TLS except its defined cryptographic operations (e.g., 
PKCS11 implements all of the various cipher and mac modes, implements 
signature creation and verification, and in addition, implements the TLS 
specific KDF (the TLS PRF in its various uses)).

> Have you seen a market need for this kind of thing?  Have you got an API designed?  I'd be curious about both.
> I also don't understand why you do not trust the host software with the ability to decrypt its own data (i.e,. session) when you don't have control over what it does with the plaintext, like copy it over to an adversary directly.

Small amounts of data (e.g. recovered keys) might be missed.  Harder to 
miss pretty much a doubling in traffic (e.g. a complete copy of the 
decrypted stream now being sent to the adversary).


> 	/r$
> --
> Principal Security Engineer
> Akamai Technology
> Cambridge, MA