David Stutzman wrote, On 2008-12-30 07:55:
> I was playing around with the Sun PKCS11 provider and accessing NSS
> directly while in FIPS mode. It appears nss 3.12 (on Vista 32-bit) has
> issues reporting key sizes both to Java and using symkeyutil directly:
>
> Attempting to create a 128 byte (1024 bit) aes key on the token:
> C:\nss\fips>symkeyutil -K -n aesKey3 -t aes -s 128 -d .
> Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":
> aesKey3 128 1024 aes <restricted>
AES has 1024 bit keys?
> Here's the output showing all keys (aesKey and aesKey2 were created using
> sunPKCS11-nss):
> C:\nss\fips>symkeyutil -L -d .
> Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":
> Name Len Strength Type Data
> NSS FIPS 140-2 Certificate DB:
> aesKey3 -2147483648 0 aes <restricted>
> aesKey2 268435456 -2147483648 aes <restricted>
> aesKey 268435456 -2147483648 aes <restricted>
268435456 is 0x10000000
-2147483648 is 0x80000000
Neither of those values seems right. That's probably a bug.
But it's clear to see how the two values relate to each other.
The "strength" is 8 times the length (in 2 of the 3 cases).
> Now, I switched to NSS 3.11.4 libraries/utils (which are the FIPS
> certified ones anyway) and the output changes:
> C:\nss\fips>symkeyutil -L -d .
> Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":
> Name Len Strength Type Data
> NSS FIPS 140-2 Certificate DB:
> aesKey3 128 1024 aes <restricted>
> aesKey2 16 128 aes <restricted>
> aesKey 16 128 aes <restricted>
>
> Doing the following in Java to generate a store a key (Provider "p" is
> the Sun PKCS11 one I initialized with the config at the end of email):
> KeyGenerator keyGen = KeyGenerator.getInstance("AES", p);
> keyGen.init(128);
> SecretKey rawKey = keyGen.generateKey();
> System.out.println("Generated symmetric key:" + rawKey.toString());
> ks.setEntry("javaAES", new KeyStore.SecretKeyEntry(rawKey),
> new KeyStore.PasswordProtection(password));
> ks.store(null, password);
>
> Some output from test program showing it's session key at first, then
> after importing it's token key:
> Generated symmetric key:SunPKCS11-NSSfips AES secret key, 128 bits (id 1,
> session object, sensitive, extractable)
> Stored aesKey on token
> pulled sym key out of keystore? SunPKCS11-NSSfips AES secret key, 16 bits
> (id 3126949473, token object, sensitive, extractable)
>
> yields the following:
> C:\nss\fips>symkeyutil -L -d .
> Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":
> Name Len Strength Type Data
> NSS FIPS 140-2 Certificate DB:
> javaAES 16 128 aes <restricted>
>
> Deleting javaAES using symkeyutil, switching back to nss 3.12 libs/utils
> and re-running test program...
> Generated symmetric key:SunPKCS11-NSSfips AES secret key, 128 bits (id 1,
> session object, sensitive, extractable)
> Stored aesKey on token
> pulled sym key out of keystore? SunPKCS11-NSSfips AES secret key,
> 268435456 bits (id 3663820385, token object, sensitive, extractable)
> Exception in thread "main" java.security.InvalidKeyException: Illegal key size
> at javax.crypto.Cipher.a(DashoA13*..)
> at javax.crypto.Cipher.init(DashoA13*..)
> at javax.crypto.Cipher.init(DashoA13*..)
> at NssPkcs11.main(NssPkcs11.java:64)
>
> and symkeyutil output:
> C:\nss\fips>symkeyutil -L -d .
> Enter Password or Pin for "NSS FIPS 140-2 Certificate DB":
> Name Len Strength Type Data
> NSS FIPS 140-2 Certificate DB:
> javaAES 268435456 -2147483648 aes <restricted>
>
> I must admit I don't know as much about C/C++ as I'd like but is this
> just a signed/unsigned problem?
The fact that one value appears negative is a signed/unsigned problem,
as you put it, but the fact that both values are so huge is some other
problem.
> I have all NSS libs/utils in /usr/mozilla
> I have a db in /nss/fips that's in fips mode
> My pkcs11 cfg file for the sun PKCS11 provider contains the following:
> name = NSSfips
> nssLibraryDirectory = /usr/mozilla
> nssSecmodDirectory = /nss/fips
> nssModule = fips
> nssDbMode = readWrite
>
> Should I file a bug or am I just doing something stupid?
Please file a bug.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
