Re: error creating PKCS#12 (PFX) in FIPS mode (JSS)

Tue, 28 Aug 2007 08:08:36 -0700 

On 8/28/07, David Stutzman <[EMAIL PROTECTED]> wrote:
> I turned on FIPS mode in our JSS-using application and in the last step
> of creating a PKCS#12 file I get the following token exception:
>
> org.mozilla.jss.crypto.TokenException: Failed to import PBA key from
> PBA-generated bits

This error message comes from
http://lxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c#263:

263     key = PK11_ImportSymKey( PK11_GetInternalSlot(), CKM_SHA_1,
264                 PK11_OriginGenerated, CKA_SIGN, keyBits, NULL);
265     if( key == NULL ) {
266         JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to import PBA key from"
267             " PBA-generated bits");
268         goto finish;
269     }

where keyBits points to a SECItem buffer holding the symmetric key.

PK11_ImportSymKey ultimately calls the C_CreateKey function of
the softoken.  In FIPS mode, the function does not allow a secret
or private key to be created:
http://lxr.mozilla.org/security/source/security/nss/lib/softoken/fipstokn.c#698

698     /* FIPS can't create keys from raw key material */
699     if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) {
700         rv = CKR_ATTRIBUTE_VALUE_INVALID;

Now let's go back to the JSS code.  It hasn't changed since
we open-sourced it in 2000, and the comments say it is a
workaround for a bug:
http://lxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c#321

321     mech = JSS_getPK11MechFromAlg(env, alg);
322
323     if( mech == CKM_PBA_SHA1_WITH_SHA1_HMAC ) {
324
325         /* special case, construct key by hand. Bug #336587 */
326
327         skey = constructSHA1PBAKey(env, pwitem, salt, iterationCount);
328         if( skey==NULL ) {
329             /* exception was thrown */
330             goto finish;
331         }
332
333     } else {

It is possible that "Bug #336587" has been fixed.  So please try
removing the special case for CKM_PBA_SHA1_WITH_SHA1_HMAC
and just keeping the code block in the 'else' branch.  Does it
work for CKM_PBA_SHA1_WITH_SHA1_HMAC?  If not, could
you try some other mechanism such as CKM_PBE_SHA1_DES3_EDE_CBC?

Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to