Re: [TLS] TLS and hardware security modules - some issues related to PKCS11

Michael StJohns <> Wed, 25 September 2013 03:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3BD3311E81A4 for <>; Tue, 24 Sep 2013 20:09:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.567
X-Spam-Status: No, score=-3.567 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id n9YR+PlwAmdR for <>; Tue, 24 Sep 2013 20:09:04 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id CFA2411E8106 for <>; Tue, 24 Sep 2013 20:08:51 -0700 (PDT)
Received: by with SMTP id c9so3812272qcz.28 for <>; Tue, 24 Sep 2013 20:08:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=jgvjnjenvmN0YGb7CRUquCzfj4qQ6LFHD+qWVJZL8mE=; b=mq2tCJqLpTYm8wJDlllMGAYqDYELUa0YU2LqA0TpIC8riDwTyMfA4Wc0ozk9gDrxM6 foXSL5iTtgEl4SjX9GBi1uOW+i3epPFFcOrVIRCxpPul3xDoDIVVvDd4PhNPxyGjb7un niKn+/8km+hT6WcsLZjAU0HHv8q+Bdlcgs/UCoE1eAf3FvQdwpk/5lBN0L9eBzh43q2H VYkTIeRlUo+KXz1KxyZgpHPYzBLxMevNxal/QfFXAV8M+qGTQFiWEYCDThUMvuLOYUNu nLx1uNqtx1rjMduVS47U7TJI/keoc4ucFjUs5d0AzzzylQQtHESJ100nmcsXgNz7GICo LP1Q==
X-Gm-Message-State: ALoCoQkYcRljY94FMUx1U4dRFxLJHFxJFf5jnBo5+uP5X3B1iVwZX50mFRv/Gl62rb1uVutXKcfj
X-Received: by with SMTP id s7mr41645527qcc.7.1380078529241; Tue, 24 Sep 2013 20:08:49 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id u8sm58483279qef.3.1969. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Sep 2013 20:08:48 -0700 (PDT)
Message-ID: <>
Date: Tue, 24 Sep 2013 23:08:49 -0400
From: Michael StJohns <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Juraj Somorovsky <>
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "" <>
Subject: Re: [TLS] TLS and hardware security modules - some issues related to PKCS11
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Sep 2013 03:09:10 -0000

On 9/24/2013 5:21 PM, Juraj Somorovsky wrote:
> On 09/23/2013 10:30 PM, Michael StJohns wrote:
>>> TL;DR: you can recover low entropy GCM plaintexts if the same key is used
>>> in a mode like CBC.
>> Right.  But you can't recover the key.
>> Let me reiterate the threat model:
>> 1) All keys are kept in an HSM (not supposed to be extracted - but TLS
>> KDF trivially allows this)
>> 2) Attacker has access to use the keys (e.g. either has HSM credentials,
>> or has hacked the program using the HSM that has HSM credentials - the
>> TLS stack for example).
> You are right, the attacks do not apply to your scenario since they do
> not recover the key.
> ...Sorry, my last one attack scenario :) ...assuming you are going to
> use your KDF taking as input the key length. This would mean you would
> generate the same key for AES-128 and RC4? (both have the key lengths of
> 16 bytes)
> If the user would use AES-128, the attacker could force the HSM to
> regenerate a new key for RC4 (in this case the same key as for AES-128
> would be generated) and generate the RC4 keystream. Afterwards, he could
> run one of the attacks against RC4 to learn the original RC4 key (and
> thus also the AES key).
> Does it make sense?

Yes.  But preventing that requires a different/additional set of policy 
protections to be built into PKCS11.  I'm working on them in the PKCS11 
group.  The general idea is provide a way to specify mandatory policies 
(e.g. key types) for keys derived from other keys.  That problem is 
broader than just the KDFs used for TLS.

In some ways, the right answer to the above threat is to prevent the 
module from actually providing RC4 based keys and mechanisms.  Ah well....


> Thanks
> Juraj