Blob Blame History Raw
From 3cc2f62eaca0e616dadc3053919180615b48bf54 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <alexander.m.scheel@gmail.com>
Date: Fri, 12 Mar 2021 20:41:51 -0500
Subject: [PATCH] Encrypt & unwrap symmetric key in FIPS mode (#678)

NSS doesn't generally allow keys to be imported in FIPS mode. However,
for portability with other JCA providers, we sometimes need to import
keys from byte arrays. Do this in the JNI layer by executing a PKCS#11
encrypt and then unwrap using the same key. This lets us effectively
"import" a key into a token, if the token supports using the given
mechanism for both encryption and unwrapping operations. Some HSMs are
getting stricter about this and forbid using the same key for encrypt
and unwrap operations.

Resolves: #334

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
---
 org/mozilla/jss/pkcs11/PK11KeyWrapper.c | 62 ++++++++++++++++++++++++-
 1 file changed, 60 insertions(+), 2 deletions(-)

diff --git a/org/mozilla/jss/pkcs11/PK11KeyWrapper.c b/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
index f39a3796..e8e9da16 100644
--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
+++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
@@ -712,6 +712,61 @@ finish:
     return keyObj;
 }
 
+PK11SymKey *JSS_PK11_ImportSymKeyWithFlagsFIPS(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+        CK_ATTRIBUTE_TYPE operation, SECItem *key, CK_FLAGS flags,
+        PRBool isPerm, void *wincx)
+{
+    PK11SymKey *result = NULL;
+    PK11SymKey *wrapper = NULL;
+    SECStatus ret = SECFailure;
+    unsigned int wrapped_len = 0;
+    unsigned int wrapped_max = key->len + 64;
+    unsigned char *wrapped_key = calloc(wrapped_max, sizeof(unsigned char));
+    SECItem wrapped_item = { siBuffer, wrapped_key, 0 };
+    SECItem *param = NULL;
+
+    /* Steps:
+     * 1. Generate a temporary key to encrypt and unwrap with,
+     * 2. Encrypt our key to import using the wrapping key,
+     * 3. Unwrap into the token using the wrapping key.
+     */
+
+#define FIPS_KEYGEN_ALGO CKM_AES_KEY_GEN
+#define FIPS_ENCRYPT_UNWRAP_ALGO CKM_AES_KEY_WRAP_PAD
+
+    wrapper = PK11_KeyGen(slot, FIPS_KEYGEN_ALGO, NULL, 32, wincx);
+    if (wrapper == NULL) {
+        goto done;
+    }
+
+    param = PK11_GenerateNewParam(FIPS_ENCRYPT_UNWRAP_ALGO, wrapper);
+    if (param == NULL) {
+        goto done;
+    }
+
+    ret = PK11_Encrypt(wrapper, FIPS_ENCRYPT_UNWRAP_ALGO, param,
+            wrapped_key, &wrapped_len, wrapped_max,
+            key->data, key->len);
+    if (ret != SECSuccess) {
+        goto done;
+    }
+
+    wrapped_item.len = wrapped_len;
+
+    result = PK11_UnwrapSymKeyWithFlagsPerm(wrapper, FIPS_ENCRYPT_UNWRAP_ALGO,
+            param, &wrapped_item, type, operation, key->len, flags,
+            isPerm);
+
+done:
+    free(wrapped_key);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (wrapper != NULL) {
+        PK11_DeleteTokenSymKey(wrapper);
+        PK11_FreeSymKey(wrapper);
+    }
+    return result;
+}
+
 /***********************************************************************
  *
  * PK11KeyWrapper.nativeUnwrapSymPlaintext
@@ -765,8 +820,11 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapSymPlaintext
     }
 
     /* pull in the key */
-    symKey = PK11_ImportSymKeyWithFlags(slot, keyTypeMech, PK11_OriginUnwrap,
-        operation, wrappedKey, flags, isPerm, NULL);
+    if (PK11_IsFIPS()) {
+        symKey = JSS_PK11_ImportSymKeyWithFlagsFIPS(slot, keyTypeMech, operation, wrappedKey, flags, isPerm, NULL);
+    } else {
+        symKey = PK11_ImportSymKeyWithFlags(slot, keyTypeMech, PK11_OriginUnwrap, operation, wrappedKey, flags, isPerm, NULL);
+    }
     if( symKey == NULL ) {
         JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Failed to unwrap key");
         goto finish;
-- 
2.26.2