1948485 - FIPS pair-wise consistency test algorithms

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[joachim.vandersmissen]

The pair-wise consistency test implemented in Softoken currently has a number of issues:

• RSA encryption padding (PKCS#1 v1.5) has been disallowed since 2024
• The signature mechanisms don't compute the hash value internally even though this is required by FIPS
• For RSA, the PCT will not fail if the private key is corrupted due to a separate consistency check in rsa_PrivateKeyOpCRTCheckedPubKey
• For DH and ECDH, the PCT (currently) defined by NIST is different than what's implemented in the code.

The easiest ones to address right now are the first two:

• The RSA encryption padding should be changed to OAEP.
• The signature mechanisms should be changed to include the hashing step. Additionally, it is prudent to change the padding mechanism for RSA signatures to PSS.

Comment 1

[joachim.vandersmissen]

Attachment: Bug 1948485 - Update mechanisms for Softoken PCT r=#nss-reviewers,rrelyea

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:beurdouche, could you have a look please?

For more information, please visit BugBot documentation.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

There is an r+ patch which didn't land and no activity in this bug for 2 weeks.
:joachim, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit BugBot documentation.

Comment 4

[joachim.vandersmissen]

I'm not sure what I'm supposed to do here. I don't have Lando permissions so I cannot land the patch.

Comment 5

[Robert Relyea]

I'll check it in as soon as the 3.113 branch clears and default is set again.