[xmlsec] signature verification failures using NSS with FIPS

Lara Blatchford lara.blatchford at nteligen.com
Thu Jun 25 10:45:31 PDT 2015


We are using mod_nss 1.0.8, this appears to indicate that the bug being described
was addressed in mod_nss 1.0.3

Thanks,
Lara

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Thursday, June 25, 2015 12:55 PM
To: Lara Blatchford; xmlsec at aleksey.com
Subject: Re: [xmlsec] signature verification failures using NSS with FIPS


https://www.google.com/search?q=nss+certificate+verification+fails+fips+mode&ie=UTF-8#q=nss+certificate++failed+fips+

The first link.

Aleksey

On 6/25/15 9:37 AM, Lara Blatchford wrote:
> Please find attached examples.tar.  This contains a program to sign an 
> XML document based on the sign1.c example.  It also contains a script 
> to create an NSS database in FIPS mode, and an XML document containing the signature template we are using.
> 
> Below is an example run of the application and the subsequent verification failure (this was
> done on a Linux machine).   Input on why verification would fail is greatly appreciated.  As shown
> below, verification works if the signature is regenerated after FIPS mode is disabled.
>  
> lara at aft1:chroot ~/xmlsec_example$ ./gen_fips_selfsigned_rsa.sh 
> creating db put in fips mode FIPS mode enabled.
> generate self signed cert
> 
> 
> Generating key.  This may take a few moments...
> 
> lara at aft1:chroot ~/xmlsec_example$ ./sign1visnss docToSign.xml ./fips_db_dir vis password >signed.xml
> set nss_passwd=password
> Loading template file: docToSign.xml
> adding key name: vis
> returning nss_passwd=password
> lara at aft1:chroot ~/xmlsec_example$ xmlsec1 --verify --crypto nss --crypto-config ./fips_db_dir signed.xml
> func=xmlSecNssSignatureVerify:file=signatures.c:line=356:obj=rsa-sha512:subj=VFY_EndWithSignature:error=4:crypto library function failed:error code=-8182;last nss error=-8182 (0xFFFFE00A)
> func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1804:obj=rsa-sha512:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: ;last nss error=-8182 (0xFFFFE00A)
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=401:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: ;last nss error=-8182 (0xFFFFE00A)
> Error: signature failed
> ERROR
> SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> Error: failed to verify file "signed.xml"
> lara at aft1:chroot ~/xmlsec_example$ exit
> 
> Script done on Thu 25 Jun 2015 12:30:50 PM EDT
> lara at aft1:chroot ~/xmlsec_example$
> lara at aft1:chroot ~/xmlsec_example$ modutil -fips false -dbdir ./fips_db_dir
> 
> WARNING: Performing this operation while the browser is running could cause
> corruption of your security databases. If the browser is currently running,
> you should exit browser before continuing this operation. Type
> 'q <enter>' to abort, or <enter> to continue:
> 
> FIPS mode already disabled.
> lara at aft1:chroot ~/xmlsec_example$ ./sign1visnss docToSign.xml ./fips_db_dir vis password >signed.xml
> set nss_passwd=password
> Loading template file: docToSign.xml
> adding key name: vis
> returning nss_passwd=password
> lara at aft1:chroot ~/xmlsec_example$ xmlsec1 --verify --crypto nss --crypto-config ./fips_db_dir signed.xml
> OK
> SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> lara at aft1:chroot ~/xmlsec_example$
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Thursday, June 25, 2015 11:18 AM
> To: Lara Blatchford; xmlsec at aleksey.com
> Subject: Re: [xmlsec] signature verification failures using NSS with FIPS
> 
> I have no idea what are you doing. As I said, the current error means that certificate verification fails. That's the reason.
> 
> Aleksey
> 
> On 6/25/15 7:03 AM, Lara Blatchford wrote:
>>
>> Thank you for your quick response!
>>
>> The specification that I am coding to requires the KeyInfo element to be included.  Are you suggesting that the signature may verify successfully if I omit the KeyInfo and/or KeyName information from the signature template?   
>>
>> I tried removing the calls to xmlSecTmplSignatureEnsureKeyInfo, 
>> xmlSecTmplKeyInfoAddKeyName, and xmlSecTmplKeyInfoAddX509Data, but 
>> when I do so, xmlsec generates the following error when xmlSecDSigCtxSign is called:
>>
>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSe
>> cKeysMngrFindKey:error=1:xmlsec library function failed: ;last nss 
>> error=0 (0x00000000) 
>> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=889:obj=unkno
>> wn:subj=unknown:error=45:key is not found: ;last nss error=0 
>> (0x00000000) 
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=581:obj=unk
>> nown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library 
>> function failed: ;last nss error=0 (0x00000000) 
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=319:obj=unknown:subj=xmlSec
>> DSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
>> ;last nss error=0 (0x00000000)
>>
>> if I take out only the call to xmlSecTmplKeyInfoAddX509Data, then 
>> xmlsec will sign the document, but signature verification still fails 
>> with the "invalid signature" error you previously indicated, so it appears that xmlsec is generating an invalid signature for some reason.
>>
>> Could you please provide an example of a signature template that 
>> should work when using an NSS database in FIPS mode?  Or is there more 
>> additional information I can provide that would help to determine why 
>> xmlsec generates an invalid signature from the signature template I previously provided?
>>
>> Thanks again,
>> Lara
>>
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>> Sent: Tuesday, June 23, 2015 12:15 PM
>> To: Lara Blatchford; xmlsec at aleksey.com
>> Subject: Re: [xmlsec] signature verification failures using NSS with 
>> FIPS
>>
>> This particular error means that the certificate verification failed
>>
>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_func
>> tions/sslerr.html
>>
>> SEC_ERROR_BAD_SIGNATURE 	-8182 	Peer's certificate has an invalid signature.
>>
>> I didn't test in FIPS mode recently, but as far as I know it should work fine for a subset of XMLDsig spec (e.g. you can't put keys into signature for obvious reasons).
>>
>> Aleksey
>>
>> On 6/23/15 8:49 AM, Lara Blatchford wrote:
>>> Though I am able to generate signatures using RSA keys retrievedfroma 
>>> FIPS-enabled NSS database, the signatures do
>>>
>>> not verify. 
>>>
>>> If FIPS is disabledon the database, the signature does verify.
>>>
>>> A mail archive post fromWed, 05 Mar 2003 21:39:24indicated that FIPS 
>>> modeisnot supported for the NSS library.
>>>
>>> Why is this, and is there a plan to add support in the future?
>>>
>>> Here is the error received when attempting to verify the database,as 
>>> well as the signature portion of my XML document:
>>>
>>> [nss]$ xmlsec1 --verify --crypto nss --crypto-config . 
>>> 100_1_2003_doc.xml
>>>
>>> func=xmlSecNssSignatureVerify:file=signatures.c:line=356:obj=rsa-sha5
>>> 1 2:subj=VFY_EndWithSignature:error=4:crypto
>>> library function failed:error code=-8182;last nss error=-8182
>>> (0xFFFFE00A)
>>>
>>> func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1804:obj
>>> = rsa-sha512:subj=xmlSecTransformVerify:error=1:xmlsec
>>> library function failed: ;last nss error=-8182 (0xFFFFE00A)
>>>
>>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=401:obj=unknown:subj=xml
>>> S ecTransformVerifyNodeContent:error=1:xmlsec
>>> library function failed: ;last nss error=-8182 (0xFFFFE00A)
>>>
>>> Error: signature failed
>>>
>>> ERROR
>>>
>>> SignedInfo References (ok/all): 1/1
>>>
>>> Manifests References (ok/all): 0/0
>>>
>>> Error: failed to verify file "100_1_2003_doc.xml"
>>>
>>> [nss]$
>>>
>>> [nss]$ modutil -chkfips true -dbdir .
>>>
>>> FIPS mode enabled.
>>>
>>> [nss]$
>>>
>>>   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>>
>>>     <SignedInfo>
>>>
>>>       <CanonicalizationMethod
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
>>>
>>>       <SignatureMethod
>>> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
>>>
>>>       <Reference URI="#xpointer(/)">
>>>
>>>         <Transforms>
>>>
>>>           <Transform
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>>
>>>           <Transform
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
>>>
>>>         </Transforms>
>>>
>>>         <DigestMethod
>>> Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
>>>
>>>        
>>> <DigestValue>DotbZXz+hs3PZpA2SflWZvtbT9LI0i7pUMGfx9g1isX92tD8FtQ09r3w
>>> V
>>> ls3gRZr
>>>
>>> mIkMbgPU4pbcV493Ks/j7g==</DigestValue>
>>>
>>>       </Reference>
>>>
>>>     </SignedInfo>
>>>
>>>    
>>> <SignatureValue>ol+p5Jpj7mL+gl5UfeIemn4d+NBAgHpRKmUzl1/aJuJ82frs5WHep
>>> 5
>>> zvVbdUcWNg
>>>
>>> RTalqXo0D1TlbT6JzP54UnwCYSTk8L9ttROPKRWF+28sJzujigyVQ0QYDkGJLu3e
>>>
>>> R7IunkvESUmoiBjDZlJXHoBkrWVIeazvV0qfouQHmFHxNxg8epLXsjXkUjNgyWUK
>>>
>>> WFDqnS2h+qTNvuxYEOUcQaR1wDvSg/7KHCoEfShMLOY1avgs3ZEDfEX2Vn0GsN9w
>>>
>>> Fy1smTmeBd+yHINe3HpkOJeG5h7zpCdTU2NSD1Bs3gWH4r/HSUNENswIKdpS58JJ
>>>
>>> 6hLhncPMK28FiyLOefcCUYVfUu0i5nROcCZewbgOJws2fmn21GcXm9XlrUM7tNP+
>>>
>>> 73FP2I0sdQU04mPbj2TcacGprw1ELd1zIJFDxGVYmQ9fQ1zoOpXr1O6C0iTxHrGk
>>>
>>> 80KEwhTiuHwiLtSbc2I2F/fKWKqun/VQ1pKccN9b9jNaNPCFvzs87luuW3OKW7w3
>>>
>>> DQiLJKQ8e9/b3sJEf9HYFNDmam75rm4E15rPvNr97jF5uZQ55dwQGp3tEPejbAtg
>>>
>>> 6rkEifPTOMydGFT6G7nSKM+T3+mw051BovXgtuVkg4YxRGsv2ozWgwCKQv4kdrZ8
>>>
>>> lfCpA4vij5HcFoOPsleth5twmY69GBMPnl0cgfmW7sA=</SignatureValue>
>>>
>>>     <KeyInfo>
>>>
>>> <KeyName>signingCert</KeyName>
>>>
>>> <X509Data>
>>>
>>> <X509Certificate>MIIEpzCCAo+gAwIBAgIBADANBgkqhkiG9w0BAQUFADAWMRQwEgYD
>>> V
>>> QQDEwtzaWdu
>>>
>>> aW5nQ2VydDAgFw0xNTA2MjMxNTMwMzNaGA81MDU5MDIyMzE1MzAzM1owFjEUMBIG
>>>
>>> A1UEAxMLc2lnbmluZ0NlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
>>>
>>> AQDeKjUCmUAIis5nJ2xYkRo8OYoH853ebnLh+WxnjSy6vUzkKQGRsNgBWY0XJpgf
>>>
>>> kugjZpUH1F6LaV/4e/jzvGp5fF+f42u9X9VPXYod07dzbJneJTdw+WcSw9v4oKzK
>>>
>>> J/gqLvuz+MTT0GRN5M+E7tT7vjyz/D/n+mPpmd6TAUYnYTPI+6OMfbbD4pDu7Xyf
>>>
>>> c8whVfLbRuIR0qC43V3dNAg6Hb0FqJH1VkQe83iTdhGM2G21ppQuxBZsMjsLvlvR
>>>
>>> rAyt4Ma6q4AIMx/slyP0ZNrSo0HYqEVYo3+ZPjdHyzUDtKgmybO8yM/HXrXtQHVs
>>>
>>> HolnHEQPNOuhFiOB8lkWUUuDjHshBAelmf05466qYK32MXXV27vpzwL5n6uw1C8D
>>>
>>> qj/BJrvFCGRfhJMSJcRVR6CznWMByclvPH0YGoL/nwm3Y5d5/CzG6aE34FF+jExF
>>>
>>> uCEb1/L48hVR+RtY7G9GyUigQ8lM0YzTDRIlEeWd1YZ5JJwQmaanw1qV+/8z/FMC
>>>
>>> aRDrmNVWuIPBx3Hh8B+i6Lw8HJ+JqlDdR3dYPH0HGhwvsJrIG1PN1PHbfjkgxVh4
>>>
>>> 70NJ85qyt/Dk9ulxNIYpEgiCCSSdVrWhg9iH+Wi23VUtKQADyqqXlPfv7cArYstH
>>>
>>> d3O7ihgxK/fs9zt29RSP0IRPppr2JogjNEsb4qq+BOKO4wIDAQABMA0GCSqGSIb3
>>>
>>> DQEBBQUAA4ICAQBVKULeDMz/HdA8Z2XmVOkv/OckVm/ZxjJYG4HnZQ3VR10Ih9Oq
>>>
>>> gpJgRS0k1lpwFgQJMNV0kT2yxmlHWTuYrvQty7RXSFIbfANojCivJ+LnFYiJjqZi
>>>
>>> WwQOT51NQ849MTwRV8ETHbWkuA3oEPRqJFVrM3Ww66IEPFLLWH7ybH3ij7TD/T9d
>>>
>>> 1xuBk+5NC3Tn1ECLEhiKYZ8sVnSFtQqIXx3bYecwGc53ToUqrXMqei6zSkrxdz7N
>>>
>>> xZ3vahhRoK0Pjd7foLVktQ279h/Sg6QtB5V8hLBhFouu7qRB3I02B/h8fGhfxf22
>>>
>>> mMgtppQnOYpO27LUIo2OqzO9g7/dbvlyoRNIJ2iBQpJohKfHFEq9Bhn9jsurOVuV
>>>
>>> F2+lgHOEWqPMAEa30mFzvkcauQlZJ2wK5TVWFt5jPlGj3Nq0rIelCjFqkEgaJTfU
>>>
>>> Cvlgbt3hobr5nLeBpk3P4fsUe/m2FNiYLcoE+z4tTSdmZ0lMWBqQySfOm3WU5txR
>>>
>>> e6YgfRnQOckuIWJJIcCvFgVBqeV+QKueWUG1EGCBw4LmcWibV+0GRgT8PYDsCsFL
>>>
>>> H9AGwhAKDuZXGdhIM/88zL7FPfE8A0Cb0FnYtrWh93wz4K3CTZZrn3bG2xpctco0
>>>
>>> E6mxACLMMkgy792ldum5QfOiLiA1KYe4ZvwS4/rJIlzdf7LQy/liBpT4Nw==</X509Cer
>>> t
>>> ificate>
>>>
>>> </X509Data>
>>>
>>> </KeyInfo>
>>>
>>>   </Signature>
>>>
>>> Thanks you,
>>>
>>> Lara
>>>
>>> ~~~~~~~~~~~~~~
>>>
>>> Lara Blatchford
>>>
>>> Principal Engineer
>>>
>>> Nteligen, LLC
>>>
>>>
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec



More information about the xmlsec mailing list