RSA key size

[msetina]

I am using CKA_MODULUS_BITS to get length of RSA key. Using pkcs11-tool I noticed that the key size is not presented. Is it something that should be expected to not be available on private key? On SoftHSM after generating a key the forementioned attribute return null. After testing with a key generated on OpenPGP card I was surprised that also the private key has the CKA_MODULUS_BITS set and returns the proper value. Which is more common? I found something in the spec that generated key does not have this attribute set.
I stumbled upon this while preparing a test case with SoftHSM and could not find a way to trick it to have CKA_MODULUS_BITS set on private key.

[metsma]

Is there reason you need to know key size? Or just for signature buffer size?

[msetina]

In my case I am trying to connect python package of cryptography to PKCS11 cards and there is a parameter for PSS salt length which has a value of MAX_LENGTH and in this case cryptography calculates salt length like this:

emlen = (key.key_size + 6) // 8
salt_length = emlen - hash_algorithm.digest_size - 2

and you can emagine that this is done on private key if we do signing with RSA. Missing key_size on the key would make a problem using this. There are other posibilities for salt length, but for completenes I tried to finish this also.

[mouse07410]

I say there is a reason to be able to tell RSA key length, and for ECC keys - what curve they belong to. It's weird to even hear a request to justify this need.

[msetina]

I agree. Will go to SoftHSM to check for a reason. If real HSMs do sync this between public and private keys I am good.

[dengert]

PKCS11 "CKA_MODULUS_BITS" is not an attribute of object class "CKO_PRIVATE_KEY, key type CKK_RSA"
"CKA_MODULUS_BITS" is an attribute of "CKO_PUBLIC_KEY, key type CKK_RSA"

"Note that when generating an RSA private key, there is no CKA_MODULUS_BITS attribute specified. 389 This is because RSA private keys are only generated as part of an RSA key pair, and the 390 CKA_MODULUS_BITS attribute for the pair is specified in the template for the RSA public key."

See https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.pdf in sections "2.1.2 RSA public key objects" and "2.1.3 RSA private key objects.

The CKO_PRIVATE_KEY, CKO_PUBLIC_KEY and CKO_CERTIFICATE should all contain the same CKA_ID so given one you can find the matching other two. At least CKO_PUBLIC_KEY or CKO_CERTIFICATE should be present if if there is a private key object: CKO_PRIVATE_KEY. See: https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.pdf

RSA uses these common sizes keys in bits: 1024, 2048, 3072, 4096 so you could look at the size of CKA_MODULUS in bytes which will be just under one of these sizes in bits.

[msetina]

Thank you. WIll go with this. It is a little cumbersome in my case.
If someone writes just private key on the card this all breaks apart, but from usability point of view it should.