I have an application that includes an implementation of SSH in Java.
It currently uses the Sun JCE and I'm trying to make use of the
SunPKCS11 provider which wraps calls to NSS (3.12.4) to take advantage
of NSS's FIPS compliance. (We won't be shipping this until after 3.12.4
has completed the process.)
I'm stuck at the point where the SSH key exchange creates the first
session key and attempts to encrypt with it. After a couple days of
digging I found the following seems to prevent me from using any key
that wasn't randomly generated by NSS.
in fipstokn.c:
/* FIPS can't create keys from raw key material */
if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
} else {
I found an old thread that points to the "Implementation Guidance for
FIPS PUB 140-2 and the Cryptographic Module Validation Program"
http://old.nabble.com/Re%3A-error-creating-PKCS-12-%28PFX%29-in-FIPS-mode-%28JSS%29-p15226290.html
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
The implementation guide however explicitly mentions the following with
respect to SSH, "The KDF specified in SSH (IETF RFC 4253) is allowed
only for the purpose of establishing SSH sessions, ..."
SSH 2.0 creates keys by doing operations such as the following
'HASH(K || H || "C" || session_id)' where K is a shared secret and H is
an exchange hash.
Is it possible to do this with NSS without commenting out the if
statement above?
I'm not yet wedded to using the SunPKCS11 wrapper, so if there's
something that's feasible with JSS I can look at that too.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
