106 lines
3.7 KiB
Diff
106 lines
3.7 KiB
Diff
From 3cc2f62eaca0e616dadc3053919180615b48bf54 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Scheel <alexander.m.scheel@gmail.com>
|
|
Date: Fri, 12 Mar 2021 20:41:51 -0500
|
|
Subject: [PATCH] Encrypt & unwrap symmetric key in FIPS mode (#678)
|
|
|
|
NSS doesn't generally allow keys to be imported in FIPS mode. However,
|
|
for portability with other JCA providers, we sometimes need to import
|
|
keys from byte arrays. Do this in the JNI layer by executing a PKCS#11
|
|
encrypt and then unwrap using the same key. This lets us effectively
|
|
"import" a key into a token, if the token supports using the given
|
|
mechanism for both encryption and unwrapping operations. Some HSMs are
|
|
getting stricter about this and forbid using the same key for encrypt
|
|
and unwrap operations.
|
|
|
|
Resolves: #334
|
|
|
|
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
|
|
---
|
|
org/mozilla/jss/pkcs11/PK11KeyWrapper.c | 62 ++++++++++++++++++++++++-
|
|
1 file changed, 60 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/org/mozilla/jss/pkcs11/PK11KeyWrapper.c b/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
|
|
index f39a3796..e8e9da16 100644
|
|
--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
|
|
+++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
|
|
@@ -712,6 +712,61 @@ finish:
|
|
return keyObj;
|
|
}
|
|
|
|
+PK11SymKey *JSS_PK11_ImportSymKeyWithFlagsFIPS(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
|
|
+ CK_ATTRIBUTE_TYPE operation, SECItem *key, CK_FLAGS flags,
|
|
+ PRBool isPerm, void *wincx)
|
|
+{
|
|
+ PK11SymKey *result = NULL;
|
|
+ PK11SymKey *wrapper = NULL;
|
|
+ SECStatus ret = SECFailure;
|
|
+ unsigned int wrapped_len = 0;
|
|
+ unsigned int wrapped_max = key->len + 64;
|
|
+ unsigned char *wrapped_key = calloc(wrapped_max, sizeof(unsigned char));
|
|
+ SECItem wrapped_item = { siBuffer, wrapped_key, 0 };
|
|
+ SECItem *param = NULL;
|
|
+
|
|
+ /* Steps:
|
|
+ * 1. Generate a temporary key to encrypt and unwrap with,
|
|
+ * 2. Encrypt our key to import using the wrapping key,
|
|
+ * 3. Unwrap into the token using the wrapping key.
|
|
+ */
|
|
+
|
|
+#define FIPS_KEYGEN_ALGO CKM_AES_KEY_GEN
|
|
+#define FIPS_ENCRYPT_UNWRAP_ALGO CKM_AES_KEY_WRAP_PAD
|
|
+
|
|
+ wrapper = PK11_KeyGen(slot, FIPS_KEYGEN_ALGO, NULL, 32, wincx);
|
|
+ if (wrapper == NULL) {
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ param = PK11_GenerateNewParam(FIPS_ENCRYPT_UNWRAP_ALGO, wrapper);
|
|
+ if (param == NULL) {
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ ret = PK11_Encrypt(wrapper, FIPS_ENCRYPT_UNWRAP_ALGO, param,
|
|
+ wrapped_key, &wrapped_len, wrapped_max,
|
|
+ key->data, key->len);
|
|
+ if (ret != SECSuccess) {
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ wrapped_item.len = wrapped_len;
|
|
+
|
|
+ result = PK11_UnwrapSymKeyWithFlagsPerm(wrapper, FIPS_ENCRYPT_UNWRAP_ALGO,
|
|
+ param, &wrapped_item, type, operation, key->len, flags,
|
|
+ isPerm);
|
|
+
|
|
+done:
|
|
+ free(wrapped_key);
|
|
+ SECITEM_FreeItem(param, PR_TRUE);
|
|
+ if (wrapper != NULL) {
|
|
+ PK11_DeleteTokenSymKey(wrapper);
|
|
+ PK11_FreeSymKey(wrapper);
|
|
+ }
|
|
+ return result;
|
|
+}
|
|
+
|
|
/***********************************************************************
|
|
*
|
|
* PK11KeyWrapper.nativeUnwrapSymPlaintext
|
|
@@ -765,8 +820,11 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapSymPlaintext
|
|
}
|
|
|
|
/* pull in the key */
|
|
- symKey = PK11_ImportSymKeyWithFlags(slot, keyTypeMech, PK11_OriginUnwrap,
|
|
- operation, wrappedKey, flags, isPerm, NULL);
|
|
+ if (PK11_IsFIPS()) {
|
|
+ symKey = JSS_PK11_ImportSymKeyWithFlagsFIPS(slot, keyTypeMech, operation, wrappedKey, flags, isPerm, NULL);
|
|
+ } else {
|
|
+ symKey = PK11_ImportSymKeyWithFlags(slot, keyTypeMech, PK11_OriginUnwrap, operation, wrappedKey, flags, isPerm, NULL);
|
|
+ }
|
|
if( symKey == NULL ) {
|
|
JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Failed to unwrap key");
|
|
goto finish;
|
|
--
|
|
2.26.2
|
|
|