Bug 1155340 – Provide sym key derive mechansm as result of encryption of message

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1155340 - Provide sym key derive mechansm as result of encryption of message

Summary:	Provide sym key derive mechansm as result of encryption of message

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	nss-softokn (Show other bugs)
Sub Component:
Version:	7.1
Hardware:	Unspecified Unspecified

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Bob Relyea
QA Contact:	Hubert Kario
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	1155306
Blocks:
	Show dependency tree / graph

Reported:	2014-10-21 19:19 EDT by Jack Magne
Modified:	2015-03-05 03:28 EST (History)
CC List:	9 users (show)

See Also:
Fixed In Version:	nss-softokn-3.16.2-12.el7
Doc Type:	Enhancement
Doc Text:	Feature: Add a symmetric key derive mechanism as result of encryption of message. Reason: The Certificate System Development team that is trying to implement a later secure channel protocol and needs to be able to derive a symmetric key based in the encryption of some data with the original symmetric key. In order to maintain FIPS compliance this operation can't be made in the clear and needs to be done by NSS in the given token. Result: The Certificate System development needs have been met.
Story Points:	---
Clone Of:	1155306
Clones:	1167975 (view as bug list)
Environment:
Last Closed:	2015-03-05 03:28:53 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Test case for issue (5.39 KB, text/x-csrc) 2014-11-04 16:15 EST, Bob Relyea	no flags	Details
makefile for test case (277 bytes, patch) 2014-11-04 16:17 EST, Bob Relyea	no flags	Details \| Diff
Fix (9.70 KB, patch) 2014-11-04 16:18 EST, Bob Relyea	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0364	normal	SHIPPED_LIVE	nss, nss-softokn, nss-util, and nspr bug fix and enhancement update	2015-03-05 07:51:43 EST

Groups: None (edit)

Description Jack Magne 2014-10-21 19:19:13 EDT

+++ This bug was initially created as a clone of Bug #1155306 +++

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Jack Magne on 2014-10-21 17:23:30 EDT ---

Sorry, premature enter.

Description of problem:

In Certificate Development we are trying to implement a later secure channel protocol. One of the things we need to do , is to be able to derive a symmetric key based in the encryption of some data with the original symmetric key.


In order to maintain FIPS compliance we want to not have to do this operation in the clear and have it done by NSS in the given token. Here is an example of what we want to do:

PK11_Derive( master , CKM_DES_ECB_ENCRYPT_DATA , &param , CKM_CONCATENATE_BASE_AND_KEY  , CKA_DERIVE, 0);

Ideally we need to be able to do some sort of CBC encrytion on this message data. If there is a mechanism that gives us that as well, that would be great to have also.



Version-Release number of selected component (if applicable):

Latest Fedora, 21,20 if possible.


How reproducible:

Always.


Steps to Reproduce:
1. Try to use the given mechanism in code with NSS.


Actual results:

An error will be returned saying something about mechanism not supported.


Expected results:

The mechanism should ideally work in the soft token.


Additional info:

Comment 4 Bob Relyea 2014-11-04 16:15:38 EST

Created attachment 953836 [details]
Test case for issue

Comment 5 Bob Relyea 2014-11-04 16:17:18 EST

Created attachment 953838 [details]
makefile for test case

Comment 6 Bob Relyea 2014-11-04 16:18:07 EST

Created attachment 953839 [details]
Fix

Comment 10 Jack Magne 2014-11-06 12:38:58 EST

Elio:

Great! I will give this a spin in the next day or so.

Comment 13 Hubert Kario 2015-01-27 12:20:33 EST

(In reply to Bob Relyea from comment #4)
> Created attachment 953836 [details]
> Test case for issue

could you extend it to support also FIPS mode? or how do I detect FIPS mode in NSS?

Comment 14 Bob Relyea 2015-01-27 12:52:56 EST

>	rv = PK11_ExtractKeyValue(newKey);

Will fail in FIPS mode. (PORT_GetError() == SEC_ERROR_IO).

The test case would have to be rewritten as a known answer test. :

PK11_PBEKeyGen() /*use a known fixed password */
PK11_Dervive()
PK11_Encrypt() /* with derived key (not basekey), use a known buffer, and IV */
PORT_Memcmp()  /* with answer you calculated earlier using the same password, known buffer, and IV */

I presume you are running on RHEL-7 with the system in system FIPS mode.

You call PK11_IsFIPS() to tell if NSS is in FIPS mode.

bob

Comment 15 Hubert Kario 2015-01-28 07:01:29 EST

ok, thanks, I'll try to update it later

Comment 17 errata-xmlrpc 2015-03-05 03:28:53 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0364.html

Note You need to log in before you can comment on or make changes to this bug.