[xmlsec] xmlsec-nss patches from Sun( 2003-07-22 )

Tej Arora tejbiz at aol.com
Wed Jul 23 08:41:33 PDT 2003 

Andrew,

Based on the fact that your generalization doesn't
require the programmer to do anything extra in the
default case, I really have no objections. But I'm
still quite unsure that the generalization is needed,
and whether there is a good basis for programmers
to specify a slot, or that programmers are interested in
slot management at all...

BTW, I have no problems understanding your english :)

cheers,
-Tej

Andrew Fan wrote:

 > It is so hard to make you all understand myself because of my poor
 > English. :-) My poor English skill! Great, you understand me now. :-)
 >
 > First of all, I'll describe some ideas and the functions in the patch.
 > 1. I hope end user initialize NSS and xmlSec only once in his
 > application;
 > 2. In order to simplify the interface between high level and xmlSec,
 > crypto related operations( which xmlSec do not care ) should be done on
 > high level;
 > 3. User has the right and ability to set up the crypto environment for
 > every signature/encryption operation instead of a common one.
 >
 > -PK11SlotInfo* xmlSecNssGetSlot( CK_MECHANISM_TYPE type ) ;
 >     This interface is used by xmlSec functions internally, it is
 > designed to replace "GetBestSlot". It call "GetBestSlot" if no
 > particular slot list given.
 >
 > -PK11SlotList* xmlSecNssSetSlotList( PK11SlotList* list ) ;
 >     This interface is used by high level applications. Only the slots in
 > the list are available.
 >
 > -PK11SlotList* xmlSecNssGetSlotList( void ) ;
 >     This interface is used by high level applications if it want to
 > access or maintain the slot list, such as disable an slot, add a new
 > slot and so on.
 >
 > -void xmlSecNssFreeSlot( void ) ;
 >     This interface is used by high level applications when no routines
 > need to get slot.
 >
 > Above four function name is somesence obscure.  With you recommendation,
 > I prefer to the following ones:
 >
 > -PK11SlotInfo* xmlSecNssGetSlot( CK_MECHANISM_TYPE type ) ;
 > -PK11SlotList* xmlSecNssSlotInit( PK11SlotList* list ) ;
 > -PK11SlotList* xmlSecNssGetSlotList( void ) ;
 > -void xmlSecNssSlotShutdown( void ) ;
 >
 > By now, you should have asked several times, "why Pk11SlotList". Some
 > reason are:
 > 1. NSS provides a set of functions to manage PK11SlotList;
 > 2. User can dynamicly adjust PK11SlotList directly  instead of call
 > xmlSec functions, and which  is safe also because xmlSec only get and
 > reference the slot handler;
 > 3. xmlSec care less just to find the suitable slot from the list.
 >
 > See inlines, please.
 >
 > Aleksey Sanin wrote:
 >
 > > As far as I can understand Andrew's concerns, he wants to make sure
 > > that particular crypto operation is performed on particular crypto
 > > device.
 > > Since nobody (except NSS developers :) ) knows how PK11_GetBestSlot()
 > > function selects the crypto device (slot) his point is perfectly valid:
 > >
 > >    Suppose we have slots A and B that both perform RSA encryption.
 > >    How to ensure that we always do it on slot A and not on slot B?
 > >
 > > Again, IMHO this should be done on NSS level. I.e. there should be
 > > an NSS function that would say: if slot A supports RSA encryption then
 > > always do it on slot A. However, it does not look like NSS guys want
 > > or can
 > > do it in NSS level (correct me if I am wrong and there is such a
 > function
 > > already :) ). Thus Andrew wants to have this in xmlsec-nss and
 > personaly
 > > I don't have any objections.
 > >     How about this: xmlsec-nss would have following functions:
 > >
 > >    int xmlSecNssBestSlotInit(void) :
 > >             Initializes whatever is needed.
 >
 > It is not the best one, it is the suitable one. So I like the name
 > "xmlSecNssSlotInit". :-P
 >
 > >
 > >    void xmlSecNssBestSlotShutdown(void) :
 > >            Shuts down whatever is needed.
 >
 > Agree.
 >
 > >
 > >    int xmlSecNssBestSlotAdopt(CK_MECHANISM_TYPE alg, PK11SlotInfo*
 > > slot) :
 > >           Sets "slot" to be used for "alg" (global inside xmlsec).
 >
 > No. Which result in complex lines because there are so many crypto
 > mechanism, and which also result in a table that must be maintained
 > internally by xmlSec, it is in-flexible. This is another reason why use
 > PK11SlotList.
 >
 > >
 > >    PK11SlotInfo* xmlSecNssBestSlotGet(CK_MECHANISM_TYPE* alg):
 > >           Returns the slot for "alg" by first looking thru the list of
 > > slots
 > >           set with xmlSecNssBestSlotSet() function and if matching slot
 > >           is not found then it simply calls NSS PK11_GetBestSlot()
 > > function
 > >           and hopes for the best.
 >
 > Agree.
 >
 > >
 > > Finally we replace PK11_GetBestSlot() with xmlSecNssBestSlotGet()
 > > everywhere
 > > inside xmlsec-nss.
 > >
 > > By default if user does nothing (i.e. user does not call
 > > xmlSecNssBestSlotAdopt
 > > function) we have xmlSecNssBestSlotGet() function that simply calls
 > > PK11_GetBestSlot()
 > > function with a little overhead to check that something is NULL (or
 > > not NULL).
 > >
 > > Andrew's patch does more or less the same thing but it operates with
 > > PK11SlotList
 > > which seems less intuitive to me (I might be wrong). As I wrote,
 > > functions descriptions
 > > (API docs) would help. Any approach is good for me. In the outlined
 > > above API
 > > I would use subclass of xmlSecList to store the slots and algorithms.
 > > The only
 > > problem  I have is that xmlSecNssBestSlotGet() would need to
 > > "duplicate" the returned
 > > slot because code always frees returned slot with PK11_FreeSlot(). I
 > > am sure it is possible, \
 > > I just dn't know how to do this. PK11SlotList might do it as well, I
 > > just don't know enough
 > > about it.
 > >
 > > To Andrew: I missed this when I looked at your patch first time but
 > > you have to rename
 > > you functions from xmlSec* to xmlSecNss* (the functions are NSS
 > specific).
 >
 > I forgot this, so sorry.
 >
 > > Also having
 > > an init function (even if it does nothing) is a good idea: you may
 > > visually check your
 > > xmlSecNssInit/xmlSecNssShutdown functions to make sure all inits and
 > > shutdowns
 > > are done in correct order. Also probably it's worth it to have a
 > > fallback to PK11_GetBestSlot()
 > > in the xmlSecNssGetSlot() function even if there is PK11SlotList
 > > initialized.
 >
 > I don't think so( fallback to PK11_getBestSlot(): I understand this is
 > "if no slot in the slot list meet the require( mechanism ), call this
 > function", right?). If a PK11Slot list specified, it means only those
 > slot in the list are available, while "GetBestSlot" will search all
 > active slots; if not slot list initialized, it means user do not care
 > which slot selected, we can call "GetBestSlot".
 >
 > > xmlsec
 > > has other ways to control which algorithms are allowed.
 >
 > I think xmlSec controls that which algorithms are supported in gerneral.
 > The above functions controls that in a certain session, which crypto
 > devices are permitted.
 >
 > Thanks,
 > Andrew
 >
 > >
 > >
 > > Aleksey
 > >
 > >
 > >
 > >
 >
 >

More information about the xmlsec mailing list