Bug 1155306 - Provide sym key derive mechansm as result of encryption of message
Summary: Provide sym key derive mechansm as result of encryption of message
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nss-softokn
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1155340
TreeView+ depends on / blocked
 
Reported: 2014-10-21 21:18 UTC by Jack Magne
Modified: 2015-01-07 23:54 UTC (History)
4 users (show)

Fixed In Version: nss-3.17.3-2.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1155340 (view as bug list)
Environment:
Last Closed: 2014-12-15 04:30:39 UTC
Type: Bug


Attachments (Terms of Use)
Test case for issue (5.39 KB, text/x-csrc)
2014-11-06 22:32 UTC, Elio Maldonado Batiz
no flags Details
makefile for test case (277 bytes, text/plain)
2014-11-06 22:34 UTC, Elio Maldonado Batiz
no flags Details
Fix - same as being tested in rhel (9.70 KB, patch)
2014-11-06 22:37 UTC, Elio Maldonado Batiz
no flags Details | Diff

Description Jack Magne 2014-10-21 21:18:17 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Jack Magne 2014-10-21 21:23:30 UTC
Sorry, premature enter.

Description of problem:

In Certificate Development we are trying to implement a later secure channel protocol. One of the things we need to do , is to be able to derive a symmetric key based in the encryption of some data with the original symmetric key.


In order to maintain FIPS compliance we want to not have to do this operation in the clear and have it done by NSS in the given token. Here is an example of what we want to do:

PK11_Derive( master , CKM_DES_ECB_ENCRYPT_DATA , &param , CKM_CONCATENATE_BASE_AND_KEY  , CKA_DERIVE, 0);

Ideally we need to be able to do some sort of CBC encrytion on this message data. If there is a mechanism that gives us that as well, that would be great to have also.



Version-Release number of selected component (if applicable):

Latest Fedora, 21,20 if possible.


How reproducible:

Always.


Steps to Reproduce:
1. Try to use the given mechanism in code with NSS.


Actual results:

An error will be returned saying something about mechanism not supported.


Expected results:

The mechanism should ideally work in the soft token.


Additional info:

Comment 2 Elio Maldonado Batiz 2014-11-06 22:32:31 UTC
Created attachment 954691 [details]
Test case for issue

Comment 3 Elio Maldonado Batiz 2014-11-06 22:34:27 UTC
Created attachment 954692 [details]
makefile for test case

Comment 4 Elio Maldonado Batiz 2014-11-06 22:37:42 UTC
Created attachment 954693 [details]
Fix - same as being tested in rhel

Comment 5 Elio Maldonado Batiz 2014-11-06 22:40:21 UTC
scratch build at http://koji.fedoraproject.org/koji/taskinfo?taskID=8058292

Comment 6 Fedora Update System 2014-12-08 00:37:57 UTC
nss-3.17.3-1.fc21,nss-softokn-3.17.3-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/nss-3.17.3-1.fc21,nss-softokn-3.17.3-1.fc21

Comment 7 Fedora Update System 2014-12-08 23:07:42 UTC
nss-3.17.3-1.fc20,nss-softokn-3.17.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/nss-3.17.3-1.fc20,nss-softokn-3.17.3-1.fc20

Comment 8 Fedora Update System 2014-12-11 20:18:59 UTC
nss-3.17.3-1.fc19,nss-softokn-3.17.3-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/nss-3.17.3-1.fc19,nss-softokn-3.17.3-1.fc19

Comment 9 Fedora Update System 2014-12-12 04:05:39 UTC
Package nss-3.17.3-1.fc20, nss-util-3.17.3-1.fc20, nss-softokn-3.17.3-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-3.17.3-1.fc20 nss-util-3.17.3-1.fc20 nss-softokn-3.17.3-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-1.fc20,nss-softokn-3.17.3-1.fc20
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2014-12-15 04:30:39 UTC
nss-util-3.17.3-1.fc21, nss-3.17.3-1.fc21, nss-softokn-3.17.3-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2015-01-07 23:54:43 UTC
nss-3.17.3-2.fc20, nss-util-3.17.3-1.fc20, nss-softokn-3.17.3-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.