+++ This bug was initially created as a clone of Bug #1465565 +++ User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36 Steps to reproduce: HmacTest code shows importing an HMAC-SHA1 key via an AES encrypt and AES unwrap call. It works prior to change 2163 (or if I revert PK11MessageDigest.c). Actual results: After changeset 2163 (particularly change to PK11MessageDigest.c), it fails. The failure is caused because PK11_CreateContextBySymKey(mech, CKA_SIGN, newKey, ¶m) returns null. [root@VTPFWSMUXG ~]# java -cp $CLASS_PATH:. HmacTest mac: javax.crypto.Mac@126097b, Mozilla-JSS version 4.4 key: org.mozilla.jss.crypto.SecretKeyFacade@1468bd9 Exception in thread "main" java.security.InvalidKeyException: DigestException: Unable to initialize digest context at org.mozilla.jss.provider.javax.crypto.JSSMacSpi.engineInit(JSSMacSpi.java:53) at org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA1.engineInit(JSSMacSpi.java:93) at javax.crypto.Mac.init(Mac.java:413) at HmacTest.main(HmacTest.java:37) Expected results: Prior to changeset 2163, importing an HMAC-SHA1 key via encryption and then unwrap worked. [root@VTPFWSMUXG ~]# java -cp $CLASS_PATH:. HmacTest mac: javax.crypto.Mac@30f1c0, Mozilla-JSS version 4.4 key: org.mozilla.jss.crypto.SecretKeyFacade@c77c2e Done
Upstream checkin: changeset: 2197:eec15518fd61 tag: tip user: Jack Magne <jmagne> date: Fri Sep 01 16:15:54 2017 -0700 files: org/mozilla/jss/pkcs11/PK11KeyWrapper.java org/mozilla/jss/pkcs11/PK11MessageDigest.c org/mozilla/jss/tests/HmacTest.java org/mozilla/jss/tests/all.pl description: unwrapping of HMAC-SHA1 secret keys using AES wrapping and unwrapping cfu on behalf of jmagne
QE Testing instructions: We want to make sure this fix allows TPS to continue to function normally under the following circumstances. 1. General TPS sanity testing, can we do simple format and enrollments using the software token. 2. The following is one specific case that we want to verify which is the following: a) We must exercise the scenario where we are using the SP800 key derivation function while using a master key on the hsm of type HMAC. We should already have a test case for that. This as we recall requires generating the given HMAC master key on the hsm using the build in commands. Once we have verified that the HMAC master key on the HSM work properly, we should be good to go.
Noticed the attached TKS debug log messages and the following TKS audit messages when trying to test https://bugzilla.redhat.com/show_bug.cgi?id=1186896#c30 with tks.defKeySet.nistSP800-108KdfOnKeyVersion=0 tks.defKeySet.nistSP800-108KdfUseCuidAsKdd=true in TKS CS.cfg. 0.http-bio-23443-exec-23 - [12/Sep/2017:09:30:22 EDT] [14] [6] [AuditEvent=COMPUTE_SESSION_KEY_REQUEST][CUID_encoded=#40#90#61#45#75#C1#24#0E#03#27][KDD_encoded=#00#00#41#06#24#0E#03#27#75#C1][Outcome=Success][AgentID=TPS-nocp1.idm.lab.eng.rdu2.redhat.com-25443] TKS Compute session key request 0.http-bio-23443-exec-23 - [12/Sep/2017:09:30:23 EDT] [14] [6] [AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS][CUID_decoded=4090614575C1240E0327][KDD_decoded=00004106240E032775C1][Outcome=Success][status=0][AgentID=TPS-nocp1.idm.lab.eng.rdu2.redhat.com-25443][IsCryptoValidate=true][IsServerSideKeygen=true][SelectedToken=NHSM-RPATTATH-SOFTCARD][KeyNickName=hsm-master-scp01][TKSKeyset=defKeySet][KeyInfo_KeyVersion=0x2][NistSP800_108KdfOnKeyVersion=0x0][NistSP800_108KdfUseCuidAsKdd=false] TKS Compute session key request processed successfully Key change operation was successful though. I am not sure if the error messages in the TKS debug log and the audit message indicating NistSP800_108KdfUseCuidAsKdd=false when it is actually set to true is related to this bug or if it has anything to do with FIPS.
Created attachment 1324904 [details] TKS debug log when nist is set to true
Please ignore, the previous comment, noticed i had updated the wrong param in TKS CS.cfg.
[root@nocp1 certdb]# rpm -qi jss Name : jss Version : 4.4.0 Release : 10.el7 Architecture: x86_64 Install Date: Tue 28 Nov 2017 02:30:31 PM EST Group : System Environment/Libraries Size : 1029659 License : MPLv1.1 or GPLv2+ or LGPLv2+ Signature : RSA/SHA256, Wed 01 Nov 2017 02:37:50 PM EDT, Key ID 199e2f91fd431d51 Source RPM : jss-4.4.0-10.el7.src.rpm Build Date : Wed 01 Nov 2017 02:19:14 PM EDT Build Host : x86-020.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.mozilla.org/projects/security/pki/jss/ Summary : Java Security Services (JSS) Verification steps as explained in https://bugzilla.redhat.com/show_bug.cgi?id=1488846#c16
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0958