From 76210527067524925075188f51b701e4e7547d63 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 30 2017 13:44:04 +0000 Subject: import jss-4.4.0-9.el7_4 --- diff --git a/SOURCES/jss-HMAC-test-for-AES-encrypt-unwrap.patch b/SOURCES/jss-HMAC-test-for-AES-encrypt-unwrap.patch new file mode 100644 index 0000000..435dfd0 --- /dev/null +++ b/SOURCES/jss-HMAC-test-for-AES-encrypt-unwrap.patch @@ -0,0 +1,196 @@ +# HG changeset patch +# User Jack Magne +# Date 1504307754 25200 +# Fri Sep 01 16:15:54 2017 -0700 +# Node ID eec15518fd61f1d988c25b4de589555796f9e65f +# Parent 17d1d7b740ca5777fbcf8ee817a2f26b9c93593a +unwrapping of HMAC-SHA1 secret keys using AES wrapping and unwrapping +cfu on behalf of jmagne + +diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/pkcs11/PK11KeyWrapper.java +--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.java Mon May 01 10:39:50 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.java Fri Sep 01 16:15:54 2017 -0700 +@@ -588,6 +588,8 @@ + return EncryptionAlgorithm.RC4; + } else if( type == SymmetricKey.AES ) { + return EncryptionAlgorithm.AES_128_ECB; ++ } else if( type == SymmetricKey.SHA1_HMAC) { ++ return HMACAlgorithm.SHA1; + } else { + Assert._assert( type == SymmetricKey.RC2 ); + return EncryptionAlgorithm.RC2_CBC; +diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/pkcs11/PK11MessageDigest.c +--- a/org/mozilla/jss/pkcs11/PK11MessageDigest.c Mon May 01 10:39:50 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11MessageDigest.c Fri Sep 01 16:15:54 2017 -0700 +@@ -67,19 +67,19 @@ + } + + /* copy the key, setting the CKA_SIGN attribute */ +- /* ++ + newKey = PK11_CopySymKeyForSigning(origKey, mech); ++ ++ /* For some key on the hsm, this call could fail, but the key may work anyway */ ++ + if( newKey == NULL ) { +- JSS_throwMsg(env, DIGEST_EXCEPTION, +- "Unable to set CKA_SIGN attribute on symmetric key"); +- goto finish; ++ newKey = origKey; + } +- */ + + param.data = NULL; + param.len = 0; + +- context = PK11_CreateContextBySymKey(mech, CKA_SIGN, origKey, ¶m); ++ context = PK11_CreateContextBySymKey(mech, CKA_SIGN, newKey, ¶m); + if( context == NULL ) { + JSS_throwMsg(env, DIGEST_EXCEPTION, + "Unable to initialize digest context"); +@@ -88,7 +88,7 @@ + + contextObj = JSS_PK11_wrapCipherContextProxy(env, &context); + finish: +- if(newKey) { ++ if(newKey && (newKey != origKey)) { + /* SymKeys are ref counted, and the context will free it's ref + * when it is destroyed */ + PK11_FreeSymKey(newKey); +diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/tests/HmacTest.java +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/org/mozilla/jss/tests/HmacTest.java Fri Sep 01 16:15:54 2017 -0700 +@@ -0,0 +1,119 @@ ++ ++package org.mozilla.jss.tests; ++ ++ ++import java.security.Key; ++import javax.crypto.Cipher; ++import javax.crypto.KeyGenerator; ++import javax.crypto.Mac; ++import javax.crypto.SecretKey; ++import javax.crypto.spec.IvParameterSpec; ++ ++import org.mozilla.jss.CryptoManager; ++import org.mozilla.jss.crypto.CryptoToken; ++import org.mozilla.jss.crypto.SymmetricKey; ++ ++ ++public class HmacTest { ++ ++ private static final String INTERNAL_KEY_STORAGE_TOKEN = ++ new CryptoManager.InitializationValues("").getInternalKeyStorageTokenDescription().trim(); ++ ++ private static final String NSS_DATABASE_DIR = "sql:data"; ++ private static final String PROVIDER = "Mozilla-JSS"; ++ ++ ++ public static void main(String[] args) ++ { ++ ++ String algorithm = "hmac-sha1"; ++ ++ try { ++ configureCrypto(args); ++ ++ Mac mac = Mac.getInstance(algorithm, PROVIDER); ++ ++ byte[] keyData = new byte[16]; ++ Key key = importHmacSha1Key(keyData); ++ ++ mac.init(key); ++ ++ doHMAC(mac,"Dogtag rules!"); ++ ++ System.out.println("Done"); ++ ++ System.exit(0); ++ } catch (Exception e) { ++ System.exit(1); ++ } ++ } ++ ++ private static void configureCrypto(String[] args) ++ throws Exception { ++ ++ CryptoManager.InitializationValues initializationValues = ++ new CryptoManager.InitializationValues(args[0]); ++ ++ CryptoManager.initialize(initializationValues); ++ ++ CryptoManager cryptoManager = CryptoManager.getInstance(); ++ ++ CryptoToken cryptoToken = ++ cryptoManager.getTokenByName(INTERNAL_KEY_STORAGE_TOKEN); ++ ++ cryptoManager.setThreadToken(cryptoToken); ++ } ++ ++ private static Key importHmacSha1Key(byte[] key) ++ throws Exception { ++ ++ final String WRAPPING_ALGORITHM = "AES/CBC/PKCS5Padding"; ++ ++ Key wrappingKey = getWrappingKey(); ++ ++ byte[] iv = new byte[16]; ++ IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); ++ ++ Cipher wrappingCipher = Cipher.getInstance(WRAPPING_ALGORITHM, PROVIDER); ++ wrappingCipher.init(Cipher.ENCRYPT_MODE, wrappingKey, ivParameterSpec); ++ ++ byte[] wrappedKeyData = wrappingCipher.doFinal(key); ++ ++ Cipher unwrappingCipher = Cipher.getInstance(WRAPPING_ALGORITHM, PROVIDER); ++ unwrappingCipher.init(Cipher.UNWRAP_MODE, wrappingKey, ivParameterSpec); ++ ++ return (SecretKey) unwrappingCipher.unwrap(wrappedKeyData, ++ SymmetricKey.SHA1_HMAC.toString(), ++ Cipher.SECRET_KEY); ++ } ++ ++ private static synchronized Key getWrappingKey() ++ throws Exception { ++ ++ final String keyGenAlgorithm = "AES"; ++ final int wrappingKeyLength = 256; ++ ++ KeyGenerator keyGen = KeyGenerator.getInstance(keyGenAlgorithm, PROVIDER); ++ keyGen.init(wrappingKeyLength); ++ return keyGen.generateKey(); ++ } ++ ++ public static void doHMAC(Mac mozillaHmac, String clearText) ++ throws Exception { ++ byte[] mozillaHmacOut; ++ ++ //Get the Mozilla HMAC ++ mozillaHmacOut = mozillaHmac.doFinal(clearText.getBytes()); ++ ++ if (mozillaHmacOut.length == mozillaHmac.getMacLength()) { ++ System.out.println(PROVIDER + " supports " + ++ mozillaHmac.getAlgorithm() + " and the output size is " + mozillaHmac.getMacLength()); ++ } else { ++ throw new Exception("ERROR: hmac output size is " + ++ mozillaHmacOut.length + ", should be " + ++ mozillaHmac.getMacLength()); ++ } ++ } ++ ++ ++} +diff -r 17d1d7b740ca -r eec15518fd61 org/mozilla/jss/tests/all.pl +--- a/org/mozilla/jss/tests/all.pl Mon May 01 10:39:50 2017 -0700 ++++ b/org/mozilla/jss/tests/all.pl Fri Sep 01 16:15:54 2017 -0700 +@@ -492,6 +492,10 @@ + $command = "$java -cp $jss_classpath org.mozilla.jss.tests.HMACTest $testdir $pwfile"; + run_test($testname, $command); + ++$testname = "HMAC Unwrap"; ++$command = "$java -cp $jss_classpath org.mozilla.jss.tests.HmacTest $testdir $pwfile"; ++run_test($testname, $command); ++ + $testname = "KeyWrapping "; + $command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCAKeyWrap $testdir $pwfile"; + run_test($testname, $command); diff --git a/SOURCES/jss-HMAC-unwrap-keywrap-FIPSMODE.patch b/SOURCES/jss-HMAC-unwrap-keywrap-FIPSMODE.patch new file mode 100644 index 0000000..529d33a --- /dev/null +++ b/SOURCES/jss-HMAC-unwrap-keywrap-FIPSMODE.patch @@ -0,0 +1,22 @@ +# HG changeset patch +# User Jack Magne +# Date 1506640850 25200 +# Thu Sep 28 16:20:50 2017 -0700 +# Node ID 252c10f448971b7ae087bde259505abd5dc5a03a +# Parent 3e9a5ae2149d04877dc19b117a8917c22854f8eb +Fix: Bug 1400884 - new JSS failures: HMAC Unwrap and KeyWrapping FIPSMODE. + +diff --git a/org/mozilla/jss/pkcs11/KeyType.java b/org/mozilla/jss/pkcs11/KeyType.java +--- a/org/mozilla/jss/pkcs11/KeyType.java ++++ b/org/mozilla/jss/pkcs11/KeyType.java +@@ -204,9 +204,7 @@ + EncryptionAlgorithm.AES_192_CBC, + EncryptionAlgorithm.AES_256_ECB, + EncryptionAlgorithm.AES_256_CBC, +- /* AES CBC PAD is the same as AES_256_CBC_PAD */ +- /* shouldn't break backward compatibility 313798*/ +- //EncryptionAlgorithm.AES_CBC_PAD, ++ EncryptionAlgorithm.AES_CBC_PAD, + EncryptionAlgorithm.AES_128_CBC_PAD, + EncryptionAlgorithm.AES_192_CBC_PAD, + EncryptionAlgorithm.AES_256_CBC_PAD diff --git a/SOURCES/jss-PBE-padded-block-cipher-enhancements.patch b/SOURCES/jss-PBE-padded-block-cipher-enhancements.patch new file mode 100644 index 0000000..8f43ec5 --- /dev/null +++ b/SOURCES/jss-PBE-padded-block-cipher-enhancements.patch @@ -0,0 +1,620 @@ +# HG changeset patch +# User Fraser Tweedale +# Date 1504894163 25200 +# Fri Sep 08 11:09:23 2017 -0700 +# Node ID 3629b598a9ce73e83c7896407e3ca820f6383750 +# Parent eec15518fd61f1d988c25b4de589555796f9e65f +Bug 1370778 PBE and padded block cipher enhancements and fixes - + patch jss-ftweedal-0006-PBEKeyGenParams-allow-specifying-encryption-algorith.patch + +Allow specifying an target encryption algorithm in PBEKeyGenParams; + if the PBE algorithm does not imply a particular cipher, this is needed + to determine the size of the key to generate + +cfu for ftweedale + +diff -r eec15518fd61 -r 3629b598a9ce org/mozilla/jss/crypto/PBEKeyGenParams.java +--- a/org/mozilla/jss/crypto/PBEKeyGenParams.java Fri Sep 01 16:15:54 2017 -0700 ++++ b/org/mozilla/jss/crypto/PBEKeyGenParams.java Fri Sep 08 11:09:23 2017 -0700 +@@ -13,6 +13,7 @@ + private Password pass; + private byte[] salt; + private int iterations; ++ private EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.DES3_CBC; + + private PBEKeyGenParams() { } + +@@ -40,7 +41,8 @@ + } + + /** +- * Creates PBE parameters. ++ * Creates PBE parameters using default encryption algorithm ++ * (DES3_EDE3_CBC). + * + * @param pass The password. It will be cloned, so the + * caller is still responsible for clearing it. It must not be null. +@@ -60,6 +62,33 @@ + } + + /** ++ * Creates PBE parameters using default encryption algorithm ++ * (DES3_EDE3_CBC). ++ * ++ * @param pass The password. It will be cloned, so the ++ * caller is still responsible for clearing it. It must not be null. ++ * @param salt The salt for the PBE algorithm. Will not be cloned. ++ * Must not be null. It is the responsibility of the caller to ++ * use the right salt length for the algorithm. Most algorithms ++ * use 8 bytes of salt. ++ * @param iterations The iteration count for the PBE algorithm. ++ * @param encAlg The encryption algorithm. This is used with SOME ++ * PBE algorithms for determining the KDF output length. ++ */ ++ public PBEKeyGenParams( ++ char[] pass, byte[] salt, int iterations, ++ EncryptionAlgorithm encAlg) { ++ if (pass == null || salt == null) { ++ throw new NullPointerException(); ++ } ++ this.pass = new Password((char[]) pass.clone()); ++ this.salt = salt; ++ this.iterations = iterations; ++ if (encAlg != null) ++ this.encryptionAlgorithm = encAlg; ++ } ++ ++ /** + * Returns a reference to the password, not a copy. + */ + public Password getPassword() { +@@ -81,6 +110,14 @@ + } + + /** ++ * The encryption algorithm is used with SOME PBE algorithms for ++ * determining the KDF output length. ++ */ ++ public EncryptionAlgorithm getEncryptionAlgorithm() { ++ return encryptionAlgorithm; ++ } ++ ++ /** + * Clears the password. This should be called when this object is no + * longer needed so the password is not left around in memory. + */ +diff -r eec15518fd61 -r 3629b598a9ce org/mozilla/jss/pkcs11/PK11KeyGenerator.c +--- a/org/mozilla/jss/pkcs11/PK11KeyGenerator.c Fri Sep 01 16:15:54 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11KeyGenerator.c Fri Sep 08 11:09:23 2017 -0700 +@@ -246,9 +246,9 @@ + * + */ + JNIEXPORT jobject JNICALL +-Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE +- (JNIEnv *env, jclass clazz, jobject token, jobject alg, jbyteArray passBA, +- jbyteArray saltBA, jint iterationCount) ++Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE( ++ JNIEnv *env, jclass clazz, jobject token, jobject alg, jobject encAlg, ++ jbyteArray passBA, jbyteArray saltBA, jint iterationCount) + { + PK11SlotInfo *slot=NULL; + PK11SymKey *skey=NULL; +@@ -299,12 +299,15 @@ + oidTag = JSS_getOidTagFromAlg(env, alg); + PR_ASSERT(oidTag != SEC_OID_UNKNOWN); + ++ SECOidTag encAlgOidTag = JSS_getOidTagFromAlg(env, encAlg); ++ PR_ASSERT(encAlgOidTag != SEC_OID_UNKNOWN); ++ + /* create algid */ + algid = PK11_CreatePBEV2AlgorithmID( + oidTag, +- SEC_OID_DES_EDE3_CBC, ++ encAlgOidTag, + SEC_OID_HMAC_SHA1, +- 168/8, ++ 0, + iterationCount, + salt); + +diff -r eec15518fd61 -r 3629b598a9ce org/mozilla/jss/pkcs11/PK11KeyGenerator.java +--- a/org/mozilla/jss/pkcs11/PK11KeyGenerator.java Fri Sep 01 16:15:54 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11KeyGenerator.java Fri Sep 08 11:09:23 2017 -0700 +@@ -178,8 +178,9 @@ + byte[] pwbytes=null; + try { + pwbytes = charToByte.convert( kgp.getPassword().getChars() ); +- return generatePBE(token, algorithm, pwbytes, +- kgp.getSalt(), kgp.getIterations()); ++ return generatePBE( ++ token, algorithm, kgp.getEncryptionAlgorithm(), ++ pwbytes, kgp.getSalt(), kgp.getIterations()); + } finally { + if( pwbytes!=null ) { + Password.wipeBytes(pwbytes); +@@ -296,7 +297,9 @@ + * be null. + */ + private static native SymmetricKey +- generatePBE(PK11Token token, KeyGenAlgorithm algorithm, byte[] pass, +- byte[] salt, int iterationCount) throws TokenException; ++ generatePBE( ++ PK11Token token, KeyGenAlgorithm algorithm, EncryptionAlgorithm encAlg, ++ byte[] pass, byte[] salt, int iterationCount) ++ throws TokenException; + + } +# HG changeset patch +# User Fraser Tweedale +# Date 1504894529 25200 +# Fri Sep 08 11:15:29 2017 -0700 +# Node ID bada1409d2bb67cd92c3b7c292b8bb4ae6388513 +# Parent 3629b598a9ce73e83c7896407e3ca820f6383750 +Bug 1370778 PBE and padded block cipher enhancements and fixes - +patch jss-ftweedal-0007-Support-the-CKK_GENERIC_SECRET-symmetric-key-type.patch +Subject: Support the CKK_GENERIC_SECRET symmetric key type +From: Fraser Tweedale +Content-Type: text/plain +found patch at byte 873 +message: +Support the CKK_GENERIC_SECRET symmetric key type +The NSS PBKDF2 generation produces a key with the CKK_GENERIC_SECRET +key type. The underlying PKCS #11 object *does* record the intended +encryption algorithm that was specified when generating the key via +PK11_PBEKeyGen, but this information is not exposed via the PKCS #11 +interface. When initialising a cipher, JSS checks the key type +against the encryption algorithm and fails if they do not match, +which is always the case with PBKDF2-derived keys. + +To work around this problem, properly record the key type for +CKK_GENERIC_SECRET keys, and update the cipher initialisation key +type check to always accept such keys. + +cfu for ftweedal + +diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/pkcs11/KeyType.java +--- a/org/mozilla/jss/pkcs11/KeyType.java Fri Sep 08 11:09:23 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/KeyType.java Fri Sep 08 11:15:29 2017 -0700 +@@ -242,4 +242,7 @@ + "SHA1_HMAC" + ); + ++ static public final KeyType GENERIC_SECRET = ++ new KeyType(new Algorithm[] { }, "GENERIC_SECRET"); ++ + } +diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/pkcs11/PK11Cipher.java +--- a/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:09:23 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:15:29 2017 -0700 +@@ -243,8 +243,11 @@ + } + + try { +- if( ((PK11SymKey)key).getKeyType() != +- KeyType.getKeyTypeFromAlgorithm(algorithm) ) { ++ KeyType keyType = ((PK11SymKey) key).getKeyType(); ++ if ( ++ keyType != KeyType.GENERIC_SECRET ++ && keyType != KeyType.getKeyTypeFromAlgorithm(algorithm) ++ ) { + throw new InvalidKeyException("Key is not the right type for"+ + " this algorithm: " + ((PK11SymKey)key).getKeyType() + ":" + KeyType.getKeyTypeFromAlgorithm(algorithm) +";"); + } +diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/pkcs11/PK11SymKey.c +--- a/org/mozilla/jss/pkcs11/PK11SymKey.c Fri Sep 08 11:09:23 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11SymKey.c Fri Sep 08 11:15:29 2017 -0700 +@@ -305,6 +305,9 @@ + case CKK_DES2: + typeFieldName = DES3_KEYTYPE_FIELD; + break; ++ case CKK_GENERIC_SECRET: ++ typeFieldName = GENERIC_SECRET_KEYTYPE_FIELD; ++ break; + default: + PR_ASSERT(PR_FALSE); + typeFieldName = DES_KEYTYPE_FIELD; +diff -r 3629b598a9ce -r bada1409d2bb org/mozilla/jss/util/java_ids.h +--- a/org/mozilla/jss/util/java_ids.h Fri Sep 08 11:09:23 2017 -0700 ++++ b/org/mozilla/jss/util/java_ids.h Fri Sep 08 11:15:29 2017 -0700 +@@ -87,6 +87,7 @@ + #define RC2_KEYTYPE_FIELD "RC2" + #define SHA1_HMAC_KEYTYPE_FIELD "SHA1_HMAC" + #define AES_KEYTYPE_FIELD "AES" ++#define GENERIC_SECRET_KEYTYPE_FIELD "GENERIC_SECRET" + + /* + * NativeProxy +# HG changeset patch +# User Fraser Tweedale +# Date 1504894882 25200 +# Fri Sep 08 11:21:22 2017 -0700 +# Node ID 890216599f21df4c6d07815604aaac526823a892 +# Parent bada1409d2bb67cd92c3b7c292b8bb4ae6388513 +Bug 1370778 PBE and padded block cipher enhancements and fixes - +patch jss-ftweedal-0008-PK11Cipher-improve-error-reporting.patch +Subject: PK11Cipher: improve error reporting +From: Fraser Tweedale +message: +PK11Cipher: improve error reporting + +cfu for ftweedal + +diff -r bada1409d2bb -r 890216599f21 org/mozilla/jss/pkcs11/PK11Cipher.c +--- a/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:15:29 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:21:22 2017 -0700 +@@ -152,7 +152,9 @@ + /* do the operation */ + if( PK11_CipherOp(context, outbuf, (int*)&outlen, outlen, + (unsigned char*)inbuf, inlen) != SECSuccess) { +- JSS_throwMsg(env, TOKEN_EXCEPTION, "Cipher Operation failed"); ++ JSS_throwMsgPrErrArg( ++ env, TOKEN_EXCEPTION, "Cipher context update failed", ++ PR_GetError()); + goto finish; + } + PR_ASSERT(outlen >= 0); +@@ -209,7 +211,9 @@ + /* perform the finalization */ + status = PK11_DigestFinal(context, outBuf, &newOutLen, outLen); + if( (status != SECSuccess) ) { +- JSS_throwMsg(env, TOKEN_EXCEPTION, "Cipher operation failed on token"); ++ JSS_throwMsgPrErrArg( ++ env, TOKEN_EXCEPTION, "Cipher context finalization failed", ++ PR_GetError()); + goto finish; + } + +# HG changeset patch +# User Fraser Tweedale +# Date 1504895552 25200 +# Fri Sep 08 11:32:32 2017 -0700 +# Node ID d39e9b373798ea9d6ae7f35089b07143845b210e +# Parent 890216599f21df4c6d07815604aaac526823a892 +Bug 1370778 PBE and padded block cipher enhancements and fixes - +patch jss-ftweedal-0009-Update-AES-CBC-PAD-cipher-definitions.patch +Subject: Update AES-CBC-PAD cipher definitions +From: Fraser Tweedale +message: +Update AES-CBC-PAD cipher definitions +The AES_{128,192,256}_CBC_PAD EncryptionAlgorithm definitions declare +the correct PKCS #11 cipher mechanism and padding, but do not declare +the relevant OIDs. They are also unusable as target algorithms in +PBE key generation because they declare a PK11_MECH instead of a +SEC_OID_TAG. + +Update these algorithms definitions to declare a SEC_OID_TAG instead +of a PK11_MECH (JSS_getOidTagFromAlg() will still return the correct +mechanism) and declare the associated OIDs. + +cfu for ftweedal + +diff -r 890216599f21 -r d39e9b373798 org/mozilla/jss/crypto/EncryptionAlgorithm.java +--- a/org/mozilla/jss/crypto/EncryptionAlgorithm.java Fri Sep 08 11:21:22 2017 -0700 ++++ b/org/mozilla/jss/crypto/EncryptionAlgorithm.java Fri Sep 08 11:32:32 2017 -0700 +@@ -359,8 +359,10 @@ + AES_ROOT_OID.subBranch(2), 128); + + public static final EncryptionAlgorithm +- AES_128_CBC_PAD = new EncryptionAlgorithm(CKM_AES_CBC_PAD, Alg.AES, Mode.CBC, +- Padding.PKCS5, IVParameterSpecClasses, 16, null, 128); // no oid ++ AES_128_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_128_CBC, ++ Alg.AES, Mode.CBC, ++ Padding.PKCS5, IVParameterSpecClasses, 16, ++ AES_ROOT_OID.subBranch(2), 128); + + public static final EncryptionAlgorithm + AES_192_ECB = new EncryptionAlgorithm(SEC_OID_AES_192_ECB, +@@ -374,8 +376,10 @@ + AES_ROOT_OID.subBranch(22), 192); + + public static final EncryptionAlgorithm +- AES_192_CBC_PAD = new EncryptionAlgorithm(CKM_AES_CBC_PAD, Alg.AES, Mode.CBC, +- Padding.PKCS5, IVParameterSpecClasses, 16, null, 192); // no oid ++ AES_192_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_192_CBC, ++ Alg.AES, Mode.CBC, ++ Padding.PKCS5, IVParameterSpecClasses, 16, ++ AES_ROOT_OID.subBranch(22), 192); + + public static final EncryptionAlgorithm + AES_256_ECB = new EncryptionAlgorithm(SEC_OID_AES_256_ECB, +@@ -393,6 +397,9 @@ + Padding.PKCS5, IVParameterSpecClasses, 16, null, 256); // no oid + + public static final EncryptionAlgorithm +- AES_256_CBC_PAD = AES_CBC_PAD; ++ AES_256_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_256_CBC, ++ Alg.AES, Mode.CBC, ++ Padding.PKCS5, IVParameterSpecClasses, 16, ++ AES_ROOT_OID.subBranch(42), 256); + + } +# HG changeset patch +# User Fraser Tweedale +# Date 1504896621 25200 +# Fri Sep 08 11:50:21 2017 -0700 +# Node ID 0b8a6e84b6c736743f2184b2b858fda6be740544 +# Parent d39e9b373798ea9d6ae7f35089b07143845b210e +Bug 1370778 PBE and padded block cipher enhancements and fixes - +patch jss-ftweedal-0010-PK11Cipher-use-pad-mechanism-for-algorithms-that-use.patch +Subject: PK11Cipher: use pad mechanism for algorithms that use padding +From: Fraser Tweedale +message: +PK11Cipher: use pad mechanism for algorithms that use padding +The PK11Cipher implementation, when initialising a cipher context, +uses JSS_getPK11MechFromAlg() to retrieve the PKCS #11 mechanism to +use. When a JSS EncryptionAlgorithm uses a SEC_OID_TAG, this will +return the non-padded mechanism. Then, if the size of the data is +not a multiple of the cipher block size, a padding error occurs. + +When the EncryptionAlgorithm indicates that padding is to be used, +call PK11_GetPadMechanism() on the result of JSS_getPK11MechFromAlg() +to get the padding variant of the mechanism. + +cfu for ftweedal + +diff -r d39e9b373798 -r 0b8a6e84b6c7 org/mozilla/jss/pkcs11/PK11Cipher.c +--- a/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:32:32 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11Cipher.c Fri Sep 08 11:50:21 2017 -0700 +@@ -24,16 +24,16 @@ + JNIEXPORT jobject JNICALL + Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext + (JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj, +- jobject algObj, jbyteArray ivBA) ++ jobject algObj, jbyteArray ivBA, jboolean padded) + { + return Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits +- ( env, clazz, encrypt, keyObj, algObj, ivBA, 0); ++ ( env, clazz, encrypt, keyObj, algObj, ivBA, 0, padded); + } + + JNIEXPORT jobject JNICALL + Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits + (JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj, +- jobject algObj, jbyteArray ivBA, jint keyBits) ++ jobject algObj, jbyteArray ivBA, jint keyBits, jboolean padded) + { + CK_MECHANISM_TYPE mech; + PK11SymKey *key=NULL; +@@ -53,6 +53,9 @@ + goto finish; + } + ++ if (padded) ++ mech = PK11_GetPadMechanism(mech); ++ + /* get operation type */ + if( encrypt ) { + op = CKA_ENCRYPT; +diff -r d39e9b373798 -r 0b8a6e84b6c7 org/mozilla/jss/pkcs11/PK11Cipher.java +--- a/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:32:32 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11Cipher.java Fri Sep 08 11:50:21 2017 -0700 +@@ -90,10 +90,13 @@ + state = ENCRYPT; + + if( parameters instanceof RC2ParameterSpec ) { +- contextProxy = initContextWithKeyBits( true, key, algorithm, IV, +- ((RC2ParameterSpec)parameters).getEffectiveKeyBits() ); ++ contextProxy = initContextWithKeyBits( ++ true, key, algorithm, IV, ++ ((RC2ParameterSpec)parameters).getEffectiveKeyBits(), ++ algorithm.isPadded()); + } else { +- contextProxy = initContext( true, key, algorithm, IV ); ++ contextProxy = initContext( ++ true, key, algorithm, IV, algorithm.isPadded()); + } + } + +@@ -112,10 +115,13 @@ + state = DECRYPT; + + if( parameters instanceof RC2ParameterSpec ) { +- contextProxy = initContextWithKeyBits(false, key, algorithm, IV, +- ((RC2ParameterSpec)parameters).getEffectiveKeyBits() ); ++ contextProxy = initContextWithKeyBits( ++ false, key, algorithm, IV, ++ ((RC2ParameterSpec)parameters).getEffectiveKeyBits(), ++ algorithm.isPadded()); + } else { +- contextProxy = initContext(false, key, algorithm, IV); ++ contextProxy = initContext( ++ false, key, algorithm, IV, algorithm.isPadded()); + } + } + +@@ -182,13 +188,13 @@ + + private static native CipherContextProxy + initContext(boolean encrypt, SymmetricKey key, EncryptionAlgorithm alg, +- byte[] IV) ++ byte[] IV, boolean padded) + throws TokenException; + + // This version accepts the number of effective key bits for RC2 CBC. + private static native CipherContextProxy + initContextWithKeyBits(boolean encrypt, SymmetricKey key, +- EncryptionAlgorithm alg, byte[] IV, int keyBits) ++ EncryptionAlgorithm alg, byte[] IV, int keyBits, boolean padded) + throws TokenException; + + private static native byte[] +# HG changeset patch +# User Fraser Tweedale +# Date 1504896816 25200 +# Fri Sep 08 11:53:36 2017 -0700 +# Node ID b3b653faef8475ae03c670766429fd4dfab37a5e +# Parent 0b8a6e84b6c736743f2184b2b858fda6be740544 +bug 1370778 PBE and padded block cipher enhancements and fixes - +patch jss-ftweedal-0012-2-Add-method-EncryptedPrivateKeyInfo.createPBES2.patch +Subject: Add method EncryptedPrivateKeyInfo.createPBES2 +From: Fraser Tweedale +Content-Type: text/plain +found patch at byte 404 +message: +Add method EncryptedPrivateKeyInfo.createPBES2 +The createPBE method does not support PBES2 (it is necessary to know +the desired encrypted algorithm to derive the key and build the +parameters data). Add the createPBES2 method, which uses PBKDF2 to +derive the symmetric key and allows the caller to specify the +encryption algorithm. + +cfu for ftweedal + +diff -r 0b8a6e84b6c7 -r b3b653faef84 org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java Fri Sep 08 11:50:21 2017 -0700 ++++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java Fri Sep 08 11:53:36 2017 -0700 +@@ -155,6 +155,100 @@ + + + /** ++ * Export a private key in PBES2 format, using a random PBKDF2 salt. ++ * ++ * Token must support the CKM_PKCS5_PBKD2 mechanism. ++ * ++ * @param saltLen Length of salt in bytes (default: 16) ++ * @param kdfIterations PBKDF2 iterations (default: 2000) ++ * @param encAlg The symmetric encryption algorithm for enciphering the ++ * private key. Determines the size of derived key. ++ * @param pwd Password ++ * @param charToByteConverter The mechanism for converting the characters ++ * in the password into bytes. If null, the default mechanism ++ * will be used, which is UTF8. ++ * @param privateKeyInfo The encoded PrivateKeyInfo to be encrypted and ++ * stored in the EncryptedContentInfo. ++ */ ++ public static EncryptedPrivateKeyInfo createPBES2( ++ int saltLen, ++ int kdfIterations, ++ EncryptionAlgorithm encAlg, ++ Password pwd, ++ KeyGenerator.CharToByteConverter charToByteConverter, ++ PrivateKeyInfo privateKeyInfo) ++ throws CryptoManager.NotInitializedException, NoSuchAlgorithmException, ++ InvalidKeyException, InvalidAlgorithmParameterException, TokenException, ++ CharConversionException ++ { ++ if (encAlg == null) ++ throw new IllegalArgumentException("encAlg cannot be null"); ++ if (pwd == null) ++ throw new IllegalArgumentException("pwd cannot be null"); ++ if (privateKeyInfo == null) ++ throw new IllegalArgumentException("privateKeyInfo cannot be null"); ++ ++ if (kdfIterations < 1) ++ kdfIterations = 2000; ++ if (saltLen < 1) ++ saltLen = 16; ++ ++ try { ++ // generate random PBKDF2 salt ++ SecureRandom random = new SecureRandom(); ++ byte salt[] = new byte[saltLen]; ++ random.nextBytes(salt); ++ ++ // derive symmetric key from passphrase using PBKDF2 ++ CryptoManager cm = CryptoManager.getInstance(); ++ CryptoToken token = cm.getInternalCryptoToken(); ++ KeyGenerator kg = token.getKeyGenerator( ++ PBEAlgorithm.PBE_PKCS5_PBKDF2); ++ PBEKeyGenParams pbekgParams = new PBEKeyGenParams( ++ pwd.getChars(), salt, kdfIterations, encAlg); ++ if (charToByteConverter != null) ++ kg.setCharToByteConverter(charToByteConverter); ++ kg.initialize(pbekgParams); ++ SymmetricKey sk = kg.generate(); ++ ++ // encrypt PrivateKeyInfo ++ byte iv[] = new byte[encAlg.getBlockSize()]; ++ random.nextBytes(iv); ++ Cipher cipher = token.getCipherContext(encAlg); ++ cipher.initEncrypt(sk, new IVParameterSpec(iv)); ++ byte[] encData = cipher.doFinal(ASN1Util.encode(privateKeyInfo)); ++ ++ // construct KDF AlgorithmIdentifier ++ SEQUENCE paramsKdf = new SEQUENCE(); ++ paramsKdf.addElement(new OCTET_STRING(salt)); ++ paramsKdf.addElement(new INTEGER((long) kdfIterations)); ++ paramsKdf.addElement(new INTEGER((long) sk.getLength())); ++ AlgorithmIdentifier algIdKdf = new AlgorithmIdentifier( ++ PBEAlgorithm.PBE_PKCS5_PBKDF2.toOID(), paramsKdf); ++ ++ // construct encryption AlgorithmIdentifier ++ AlgorithmIdentifier algIdEnc = new AlgorithmIdentifier( ++ encAlg.toOID(), new OCTET_STRING(iv)); ++ ++ // construct "composite" PBES2 AlgorithmIdentifier ++ SEQUENCE paramsPBES2 = new SEQUENCE(); ++ paramsPBES2.addElement(algIdKdf); ++ paramsPBES2.addElement(algIdEnc); ++ AlgorithmIdentifier algIdPBES2 = new AlgorithmIdentifier( ++ PBEAlgorithm.PBE_PKCS5_PBES2.toOID(), paramsPBES2); ++ ++ // construct EncryptedPrivateKeyInfo ++ return new EncryptedPrivateKeyInfo(algIdPBES2, new OCTET_STRING(encData)); ++ } catch (IllegalBlockSizeException e) { ++ Assert.notReached("IllegalBlockSizeException in EncryptedContentInfo.createPBES2"); ++ } catch (BadPaddingException e) { ++ Assert.notReached("BadPaddingException in EncryptedContentInfo.createPBES2"); ++ } ++ return null; // unreachable ++ } ++ ++ ++ /** + * Creates a new EncryptedPrivateKeyInfo, where the data is encrypted + * with a password-based key- + * with wrapping/unwrapping happening on token. +# HG changeset patch +# User Fraser Tweedale +# Date 1504896964 25200 +# Fri Sep 08 11:56:04 2017 -0700 +# Node ID 87dca07f7529463398734d1279bcfd7023a43d4c +# Parent b3b653faef8475ae03c670766429fd4dfab37a5e +Bug 1370778 PBE and padded block cipher enhancements and fixes - +patch jss-ftweedal-0013-Improve-error-reporting.patch +Subject: Improve error reporting +From: Fraser Tweedale +Content-Type: text/plain +found patch at byte 157 +message: +Improve error reporting + +cfu for ftweedal + +diff -r b3b653faef84 -r 87dca07f7529 org/mozilla/jss/pkcs11/PK11KeyWrapper.c +--- a/org/mozilla/jss/pkcs11/PK11KeyWrapper.c Fri Sep 08 11:53:36 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11KeyWrapper.c Fri Sep 08 11:56:04 2017 -0700 +@@ -251,9 +251,7 @@ + status = PK11_WrapPrivKey(slot, wrapping, toBeWrapped, mech, param, + &wrapped, NULL /* wincx */ ); + if(status != SECSuccess) { +- char err[256] = {0}; +- PR_snprintf(err, 256, "Wrapping operation failed on token:%d", PR_GetError()); +- JSS_throwMsg(env, TOKEN_EXCEPTION, err); ++ JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "Wrapping operation failed on token"); + goto finish; + } + PR_ASSERT(wrapped.len>0 && wrapped.data!=NULL); +@@ -450,8 +448,8 @@ + attribs, numAttribs, NULL /*wincx*/); + if( privk == NULL ) { + char err[256] = {0}; +- PR_snprintf(err, 256, "Key Unwrap failed on token:error=%d, keyType=%d", PR_GetError(), keyType); +- JSS_throwMsg(env, TOKEN_EXCEPTION, err); ++ PR_snprintf(err, 256, "Key Unwrap failed on token; keyType=%d", keyType); ++ JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, err); + goto finish; + } + +diff -r b3b653faef84 -r 87dca07f7529 org/mozilla/jss/pkcs11/PK11Store.c +--- a/org/mozilla/jss/pkcs11/PK11Store.c Fri Sep 08 11:53:36 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11Store.c Fri Sep 08 11:56:04 2017 -0700 +@@ -734,7 +734,7 @@ + PR_TRUE /* isperm */, PR_TRUE /* isprivate */, + pubKey->keyType, keyUsage, NULL /* wincx */); + if (result != SECSuccess) { +- JSS_throwMsg( ++ JSS_throwMsgPrErr( + env, TOKEN_EXCEPTION, + "Failed to import EncryptedPrivateKeyInfo to token"); + goto finish; diff --git a/SOURCES/jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch b/SOURCES/jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch new file mode 100644 index 0000000..fb93dc0 --- /dev/null +++ b/SOURCES/jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch @@ -0,0 +1,35 @@ +# HG changeset patch +# User Fraser Tweedale +# Date 1505175862 25200 +# Mon Sep 11 17:24:22 2017 -0700 +# Node ID 3e9a5ae2149d04877dc19b117a8917c22854f8eb +# Parent 87dca07f7529463398734d1279bcfd7023a43d4c +Bug 1371147 PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails - +patch jss-ftweedal-0011-Don-t-crash-if-PK11_ExportEncryptedPrivKeyInfo-retur.patch +Subject: Don't crash if PK11_ExportEncryptedPrivKeyInfo returns NULL +From: Fraser Tweedale +Content-Type: text/plain +found patch at byte 239 +message: +Don't crash if PK11_ExportEncryptedPrivKeyInfo returns NULL +PK11_ExportEncryptedPrivKeyInfo returning NULL is not being handled +properly, causing segfault. Detect this condition and raise a +TokenException instead. + +cfu for ftweedal + +diff -r 87dca07f7529 -r 3e9a5ae2149d org/mozilla/jss/pkcs11/PK11Store.c +--- a/org/mozilla/jss/pkcs11/PK11Store.c Fri Sep 08 11:56:04 2017 -0700 ++++ b/org/mozilla/jss/pkcs11/PK11Store.c Mon Sep 11 17:24:22 2017 -0700 +@@ -581,6 +581,11 @@ + // export the epki + epki = PK11_ExportEncryptedPrivKeyInfo( + slot, algTag, pwItem, privk, iterations, NULL /*wincx*/); ++ if (epki == NULL) { ++ JSS_throwMsgPrErr( ++ env, TOKEN_EXCEPTION, "Failed to export EncryptedPrivateKeyInfo"); ++ goto finish; ++ } + + // DER-encode the epki + if (SEC_ASN1EncodeItem(NULL, &epkiItem, epki, diff --git a/SPECS/jss.spec b/SPECS/jss.spec index 07214f3..ec2a94b 100644 --- a/SPECS/jss.spec +++ b/SPECS/jss.spec @@ -1,6 +1,7 @@ Name: jss Version: 4.4.0 -Release: 7%{?dist} +#Release: 8%{?dist} +Release: 9.el7_4 Summary: Java Security Services (JSS) Group: System Environment/Libraries @@ -34,6 +35,10 @@ Requires: nss >= 3.28.4-6 Patch1: jss-post-rebase.patch Patch2: jss-rhel-7-4-beta.patch +Patch3: jss-HMAC-test-for-AES-encrypt-unwrap.patch +Patch4: jss-PBE-padded-block-cipher-enhancements.patch +Patch5: jss-fix-PK11Store-getEncryptedPrivateKeyInfo-segfault.patch +Patch6: jss-HMAC-unwrap-keywrap-FIPSMODE.patch %description Java Security Services (JSS) is a java native interface which provides a bridge @@ -53,6 +58,10 @@ This package contains the API documentation for JSS. pushd jss %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 popd %build @@ -145,6 +154,18 @@ rm -rf $RPM_BUILD_ROOT %{_javadocdir}/%{name}-%{version}/* %changelog +* Fri Oct 27 2017 Dogtag Team 4.4.0-9 +- Bugzilla #1505690 - new JSS failures: HMAC Unwrap and KeyWrapping + FIPSMODE [rhel-7.4.z] (jmagne) + +* Mon Sep 11 2017 Dogtag Team 4.4.0-8 +- Bugzilla #1488846 - Fix HmacTest code for AES encrypt/unwrap [rhel-7.4.z] + (jmagne) +- Bugzilla #1490494 - PKCS12: (JSS) upgrade to at least AES and SHA2 (FIPS) + [RHEL-7.4.z] (ftweedal) +- Bugzilla #1490740 - PK11Store.getEncryptedPrivateKeyInfo() segfault if + export fails [rhel-7.4.z] (ftweedal) + * Tue May 9 2017 Matthew Harmsen - 4.4.0-7 - Bump NSS dependencies from 4.28.3 to 4.28.4-6 to pick-up fix in Mozilla Bugzilla #1360207 - Fix incorrect if (ss->...) in SSL_ReconfigFD