Closed Bug 1400884 Opened 7 years ago Closed 7 years ago

new JSS failures: HMAC Unwrap and KeyWrapping FIPSMODE

Categories

(JSS Graveyard :: Tests, defect)

Product:
JSS Graveyard
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: jmagne)

Details

Attachments

(1 file)

Simple fix for issue.
1.19 KB, patch
cfu
: review+
Details | Diff | Splinter Review 
The JSS test suite fails with latest JSS, a full log can be found here:
https://bot.nss-crypto.org:8011/builders/rhel6-fips-x64-DBG/builds/1461/steps/shell/logs/stdio

============= HMAC Unwrap 
/etc/alternatives/java_sdk_1.8.0/jre/bin/java -d64 -cp /home/tinderbox/slavedir/rhel6-fips-x64-DBG/hg/dist/Linux2.6_x86_64_glibc_PTH_64_DBG.OBJ/../xpclass_dbg.jar org.mozilla.jss.tests.HmacTest /home/tinderbox/slavedir/rhel6-fips-x64-DBG/hg/tests_results/jss/nssfips.1 passwords 
main: jss library loaded
JSSTEST_CASE 14 (HMAC Unwrap): FAILED return value 1

============= KeyWrapping FIPSMODE 
/etc/alternatives/java_sdk_1.8.0/jre/bin/java -d64 -cp /home/tinderbox/slavedir/rhel6-fips-x64-DBG/hg/dist/Linux2.6_x86_64_glibc_PTH_64_DBG.OBJ/../xpclass_dbg.jar org.mozilla.jss.tests.JCAKeyWrap /home/tinderbox/slavedir/rhel6-fips-x64-DBG/hg/tests_results/jss/nssfips.1 passwords 
main: jss library loaded
***FilePasswordCallback returns m1oZilla
in Fipsmode.
Wrap DESede 168 with RSA. Test DESede/CBC/PKCS5Padding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap DESede 168 with AES 128 symmetric key. Test DESede/CBC/PKCS5Padding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap AES 128 with AES 128 symmetric key. Test AES/CBC/NoPadding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap AES 128 with RSA. Test AES/ECB/NoPadding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap DESede 168 with AES 192 symmetric key. Test DESede/CBC/PKCS5Padding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap AES 128 with AES 192 symmetric key. Test AES/CBC/NoPadding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap AES 192 with RSA. Test AES/ECB/NoPadding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap DESede 168 with AES 256 symmetric key. Test DESede/CBC/PKCS5Padding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap AES 192 with AES 256 symmetric key. Test AES/CBC/PKCS5Padding encrypt with Mozilla-JSS decrypt Mozilla-JSS
Wrap AES 256 with RSA. Test AES/CBC/PKCS5Padding encrypt with Mozilla-JSS decrypt Mozilla-JSS
org.mozilla.jss.util.AssertionException: should not be reached: Unknown algorithm
	at org.mozilla.jss.util.Assert.notReached(Assert.java:51)
	at org.mozilla.jss.pkcs11.PK11Cipher.checkKey(PK11Cipher.java:261)
	at org.mozilla.jss.pkcs11.PK11Cipher.initEncrypt(PK11Cipher.java:84)
	at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit(JSSCipherSpi.java:152)
	at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$AES.engineInit(JSSCipherSpi.java:511)
	at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit(JSSCipherSpi.java:238)
	at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$AES.engineInit(JSSCipherSpi.java:511)
	at javax.crypto.Cipher.init(Cipher.java:1246)
	at javax.crypto.Cipher.init(Cipher.java:1186)
	at org.mozilla.jss.tests.JCAKeyWrap.testKeys(JCAKeyWrap.java:391)
	at org.mozilla.jss.tests.JCAKeyWrap.wrapSymetricKeyWithRSA(JCAKeyWrap.java:295)
	at org.mozilla.jss.tests.JCAKeyWrap.wrapSymetricKeyWithRSA(JCAKeyWrap.java:260)
	at org.mozilla.jss.tests.JCAKeyWrap.main(JCAKeyWrap.java:144)
JSSTEST_CASE 28 (KeyWrapping FIPSMODE): FAILED return value 1
Assignee: mharmsen → jmagne
Have you been able to look into this issue? It would be great to get this addressed quickly, to avoid that the NSS CI is permanently red.
Khai:

Unfortunately, i just got back from a big PTO and have not.

But I have an excellent idea what is going on. Probably due to fips not liking what the longtime code does to unwrap one of those hmac keys. It tries to add the signing attribute. I feel the short term solution to satisfy the test failure is to simply remove the test from the list until it can be determined if it can be fixed.
Thanks Jack, are you able to commit the change to upstream NSS?
Khai:

Upon further review it looks like my new test and an older test (in fips mode) is failing due to not being able to locate a certain algorithm. I'm investigating with respect to changes made after I put my code in. Will keep you up to date on how that goes.
Sorry for the mispell, Kai :)
I recently got this note from Fraser explaining the issue and what we have to do to fix it.

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

The failure seems to have been induced by changeset:

    changeset:   220139e9b373798                      
    user:        Fraser Tweedale<ftweedale@redhat.com>  
    date:        Fri Sep 08 11:32:32 2017 -0700        
    summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes

Specifically, hunk:

@@ -393,6 +397,9 @@
         Padding.PKCS5, IVParameterSpecClasses, 16, null, 256); // no oid

     public static final EncryptionAlgorithm
-    AES_256_CBC_PAD = AES_CBC_PAD;
+    AES_256_CBC_PAD = new EncryptionAlgorithm(SEC_OID_AES_256_CBC,
+        Alg.AES, Mode.CBC,
+        Padding.PKCS5, IVParameterSpecClasses, 16,
+        AES_ROOT_OID.subBranch(42), 256);

 }

This was a change I made recently as part of KRA/PKCS12 AES support.

Whereas previously AES_256_CBC_PAD and AES_CBC_PAD were the same
object, now they are not.  Your hunch that the fix is in
KeyType.java is correct.

206                             EncryptionAlgorithm.AES_256_CBC,
207                             /* AES CBC PAD is the same as AES_256_CBC_PAD */
208                             /* shouldn't break backward compatibility 313798*/
209                             //EncryptionAlgorithm.AES_CBC_PAD,
210                             EncryptionAlgorithm.AES_128_CBC_PAD,

Just uncomment the AES_CBC_PAD line (and remove the associated
comment), and I think it should be good to go.

Cheers,
Fraser
Apply patch and re-run tests, they should all succeed at that point.
Attachment #8913471 - Flags: review?(cfu)
Comment on attachment 8913471 [details] [diff] [review]
Simple fix for issue.

Review of attachment 8913471 [details] [diff] [review]:
-----------------------------------------------------------------

ack
Kai:

For this fix, we are hoping to get edewata access to check this thing in for him. Any attention you could bring to that effort would assist us. That is if you have the permissions to do so.
The checkin issue has been fixed. I've pushed the patch to master:
https://hg.mozilla.org/projects/jss/rev/252c10f448971b7ae087bde259505abd5dc5a03a
Status: NEW → ASSIGNED
Thank you, buildbot no longer shows a failure.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment on attachment 8913471 [details] [diff] [review]
Simple fix for issue.

Review of attachment 8913471 [details] [diff] [review]:
-----------------------------------------------------------------

removing review flag so won't get any more overdue request reminder.
Attachment #8913471 - Flags: review?(cfu) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: