Bug 1155306

Sorry, premature enter.

Description of problem:

In Certificate Development we are trying to implement a later secure channel protocol. One of the things we need to do , is to be able to derive a symmetric key based in the encryption of some data with the original symmetric key.


In order to maintain FIPS compliance we want to not have to do this operation in the clear and have it done by NSS in the given token. Here is an example of what we want to do:

PK11_Derive( master , CKM_DES_ECB_ENCRYPT_DATA , &param , CKM_CONCATENATE_BASE_AND_KEY  , CKA_DERIVE, 0);

Ideally we need to be able to do some sort of CBC encrytion on this message data. If there is a mechanism that gives us that as well, that would be great to have also.



Version-Release number of selected component (if applicable):

Latest Fedora, 21,20 if possible.


How reproducible:

Always.


Steps to Reproduce:
1. Try to use the given mechanism in code with NSS.


Actual results:

An error will be returned saying something about mechanism not supported.


Expected results:

The mechanism should ideally work in the soft token.


Additional info:

Created attachment 954691 [details]
Test case for issue

Created attachment 954692 [details]
makefile for test case

Created attachment 954693 [details]
Fix - same as being tested in rhel

scratch build at http://koji.fedoraproject.org/koji/taskinfo?taskID=8058292

nss-3.17.3-1.fc21,nss-softokn-3.17.3-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/nss-3.17.3-1.fc21,nss-softokn-3.17.3-1.fc21

nss-3.17.3-1.fc20,nss-softokn-3.17.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/nss-3.17.3-1.fc20,nss-softokn-3.17.3-1.fc20

nss-3.17.3-1.fc19,nss-softokn-3.17.3-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/nss-3.17.3-1.fc19,nss-softokn-3.17.3-1.fc19

Package nss-3.17.3-1.fc20, nss-util-3.17.3-1.fc20, nss-softokn-3.17.3-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-3.17.3-1.fc20 nss-util-3.17.3-1.fc20 nss-softokn-3.17.3-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-1.fc20,nss-softokn-3.17.3-1.fc20
then log in and leave karma (feedback).

nss-util-3.17.3-1.fc21, nss-3.17.3-1.fc21, nss-softokn-3.17.3-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

nss-3.17.3-2.fc20, nss-util-3.17.3-1.fc20, nss-softokn-3.17.3-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.