Bug 1465566

Summary: Fix HmacTest code for AES encrypt/unwrap
Product: Red Hat Enterprise Linux 7 Reporter: Matthew Harmsen <mharmsen>
Component: jssAssignee: Jack Magne <jmagne>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.4CC: aakkiang, cfu, edewata, extras-qa, jmagne, kwright, mharmsen, msauton, nkinder, rmeggins, rpattath
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
This is an obscure test modification that no users will care about.
 Story Points: ---
Clone Of: 1465565
: 1488846 (view as bug list) Environment:
Last Closed: 2018-04-10 17:56:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1465565    
Bug Blocks: 1488846    
Attachments:
Description Flags
TKS debug log when nist is set to true none

Description Matthew Harmsen 2017-06-27 16:14:00 UTC 
+++ This bug was initially created as a clone of Bug #1465565 +++

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36

Steps to reproduce:

HmacTest code shows importing an HMAC-SHA1 key via an AES encrypt and AES unwrap call.  It works prior to change 2163 (or if I revert PK11MessageDigest.c).


Actual results:

After changeset 2163 (particularly change to PK11MessageDigest.c), it fails.
The failure is caused because PK11_CreateContextBySymKey(mech, CKA_SIGN,
newKey, &param) returns null.

[root@VTPFWSMUXG ~]# java -cp $CLASS_PATH:. HmacTest
mac: javax.crypto.Mac@126097b, Mozilla-JSS version 4.4
key: org.mozilla.jss.crypto.SecretKeyFacade@1468bd9
Exception in thread "main" java.security.InvalidKeyException: DigestException: Unable to initialize digest context
	at org.mozilla.jss.provider.javax.crypto.JSSMacSpi.engineInit(JSSMacSpi.java:53)
	at org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA1.engineInit(JSSMacSpi.java:93)
	at javax.crypto.Mac.init(Mac.java:413)
	at HmacTest.main(HmacTest.java:37)



Expected results:

Prior to changeset 2163, importing an HMAC-SHA1 key via encryption and then
unwrap worked.

[root@VTPFWSMUXG ~]# java -cp $CLASS_PATH:. HmacTest
mac: javax.crypto.Mac@30f1c0, Mozilla-JSS version 4.4
key: org.mozilla.jss.crypto.SecretKeyFacade@c77c2e
Done
Comment 2 Jack Magne 2017-09-01 23:49:23 UTC 
Upstream checkin:

changeset:   2197:eec15518fd61
tag:         tip
user:        Jack Magne <jmagne>
date:        Fri Sep 01 16:15:54 2017 -0700
files:       org/mozilla/jss/pkcs11/PK11KeyWrapper.java org/mozilla/jss/pkcs11/PK11MessageDigest.c org/mozilla/jss/tests/HmacTest.java org/mozilla/jss/tests/all.pl
description:
unwrapping of HMAC-SHA1 secret keys using AES wrapping and unwrapping
cfu on behalf of jmagne
Comment 3 Jack Magne 2017-09-01 23:52:50 UTC 
QE Testing instructions:

We want to make sure this fix allows TPS to continue to function normally under the following circumstances.


1. General TPS sanity testing, can we do simple format and enrollments using the software token.

2. The following is one specific case that we want to verify which is the following:

  a) We must exercise the scenario where we are using the SP800 key derivation function while using a master key on the hsm of type HMAC. We should already have a test case for that. This as we recall requires generating the given HMAC master key on the hsm using the build in commands. Once we have verified that the HMAC master key on the HSM work properly, we should be good to go.
Comment 5 Roshni 2017-09-12 13:59:10 UTC 
Noticed the attached TKS debug log messages and the following TKS audit messages when trying to test https://bugzilla.redhat.com/show_bug.cgi?id=1186896#c30 with tks.defKeySet.nistSP800-108KdfOnKeyVersion=0
tks.defKeySet.nistSP800-108KdfUseCuidAsKdd=true in TKS CS.cfg.

0.http-bio-23443-exec-23 - [12/Sep/2017:09:30:22 EDT] [14] [6] [AuditEvent=COMPUTE_SESSION_KEY_REQUEST][CUID_encoded=#40#90#61#45#75#C1#24#0E#03#27][KDD_encoded=#00#00#41#06#24#0E#03#27#75#C1][Outcome=Success][AgentID=TPS-nocp1.idm.lab.eng.rdu2.redhat.com-25443] TKS Compute session key request
0.http-bio-23443-exec-23 - [12/Sep/2017:09:30:23 EDT] [14] [6] [AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS][CUID_decoded=4090614575C1240E0327][KDD_decoded=00004106240E032775C1][Outcome=Success][status=0][AgentID=TPS-nocp1.idm.lab.eng.rdu2.redhat.com-25443][IsCryptoValidate=true][IsServerSideKeygen=true][SelectedToken=NHSM-RPATTATH-SOFTCARD][KeyNickName=hsm-master-scp01][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x2][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false] TKS Compute session key request processed successfully

Key change operation was successful though. I am not sure if the error messages in the TKS debug log and the audit message indicating NistSP800_108KdfUseCuidAsKdd=false when it is actually set to true is related to this bug or if it has anything to do with FIPS.
Comment 6 Roshni 2017-09-12 14:00:33 UTC 
Created attachment 1324904 [details]
TKS debug log when nist is set to true
Comment 7 Roshni 2017-09-14 19:53:35 UTC 
Please ignore, the previous comment, noticed i had updated the wrong param in TKS CS.cfg.
Comment 9 Roshni 2017-12-15 16:30:11 UTC 
[root@nocp1 certdb]# rpm -qi jss
Name        : jss
Version     : 4.4.0
Release     : 10.el7
Architecture: x86_64
Install Date: Tue 28 Nov 2017 02:30:31 PM EST
Group       : System Environment/Libraries
Size        : 1029659
License     : MPLv1.1 or GPLv2+ or LGPLv2+
Signature   : RSA/SHA256, Wed 01 Nov 2017 02:37:50 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : jss-4.4.0-10.el7.src.rpm
Build Date  : Wed 01 Nov 2017 02:19:14 PM EDT
Build Host  : x86-020.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www.mozilla.org/projects/security/pki/jss/
Summary     : Java Security Services (JSS)

Verification steps as explained in https://bugzilla.redhat.com/show_bug.cgi?id=1488846#c16
Comment 12 errata-xmlrpc 2018-04-10 17:56:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0958