[xmlsec] signature verification failures using NSS with FIPS

Lara Blatchford lara.blatchford at nteligen.com
Thu Jun 25 07:03:37 PDT 2015 

Thank you for your quick response!

The specification that I am coding to requires the KeyInfo element to be included.  Are you suggesting that the signature may verify successfully if I omit the KeyInfo and/or KeyName information from the signature template?   

I tried removing the calls to xmlSecTmplSignatureEnsureKeyInfo, xmlSecTmplKeyInfoAddKeyName, and
xmlSecTmplKeyInfoAddX509Data, but when I do so, xmlsec generates the following error when
xmlSecDSigCtxSign is called:

func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=889:obj=unknown:subj=unknown:error=45:key is not found: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=581:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: ;last nss error=0 (0x00000000)
func=xmlSecDSigCtxSign:file=xmldsig.c:line=319:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: ;last nss error=0 (0x00000000)

if I take out only the call to xmlSecTmplKeyInfoAddX509Data, then xmlsec will sign the document,
but signature verification still fails with the "invalid signature" error you previously indicated, so it
appears that xmlsec is generating an invalid signature for some reason.

Could you please provide an example of a signature template that should work when using an
NSS database in FIPS mode?  Or is there more additional information I can provide that would
help to determine why xmlsec generates an invalid signature from the signature template I 
previously provided?

Thanks again,
Lara

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: Tuesday, June 23, 2015 12:15 PM
To: Lara Blatchford; xmlsec at aleksey.com
Subject: Re: [xmlsec] signature verification failures using NSS with FIPS

This particular error means that the certificate verification failed

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_functions/sslerr.html

SEC_ERROR_BAD_SIGNATURE 	-8182 	Peer's certificate has an invalid signature.

I didn't test in FIPS mode recently, but as far as I know it should work fine for a subset of XMLDsig spec (e.g. you can't put keys into signature for obvious reasons).

Aleksey

On 6/23/15 8:49 AM, Lara Blatchford wrote:
> Though I am able to generate signatures using RSA keys retrievedfroma 
> FIPS-enabled NSS database, the signatures do
> 
> not verify. 
> 
> If FIPS is disabledon the database, the signature does verify.
> 
> A mail archive post fromWed, 05 Mar 2003 21:39:24indicated that FIPS 
> modeisnot supported for the NSS library.
> 
> Why is this, and is there a plan to add support in the future?
> 
> Here is the error received when attempting to verify the database,as 
> well as the signature portion of my XML document:
> 
> [nss]$ xmlsec1 --verify --crypto nss --crypto-config . 
> 100_1_2003_doc.xml
> 
> func=xmlSecNssSignatureVerify:file=signatures.c:line=356:obj=rsa-sha51
> 2:subj=VFY_EndWithSignature:error=4:crypto
> library function failed:error code=-8182;last nss error=-8182
> (0xFFFFE00A)
> 
> func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1804:obj=
> rsa-sha512:subj=xmlSecTransformVerify:error=1:xmlsec
> library function failed: ;last nss error=-8182 (0xFFFFE00A)
> 
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=401:obj=unknown:subj=xmlS
> ecTransformVerifyNodeContent:error=1:xmlsec
> library function failed: ;last nss error=-8182 (0xFFFFE00A)
> 
> Error: signature failed
> 
> ERROR
> 
> SignedInfo References (ok/all): 1/1
> 
> Manifests References (ok/all): 0/0
> 
> Error: failed to verify file "100_1_2003_doc.xml"
> 
> [nss]$
> 
> [nss]$ modutil -chkfips true -dbdir .
> 
> FIPS mode enabled.
> 
> [nss]$
> 
>   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> 
>     <SignedInfo>
> 
>       <CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
> 
>       <SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
> 
>       <Reference URI="#xpointer(/)">
> 
>         <Transforms>
> 
>           <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> 
>           <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
> 
>         </Transforms>
> 
>         <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
> 
>        
> <DigestValue>DotbZXz+hs3PZpA2SflWZvtbT9LI0i7pUMGfx9g1isX92tD8FtQ09r3wV
> ls3gRZr
> 
> mIkMbgPU4pbcV493Ks/j7g==</DigestValue>
> 
>       </Reference>
> 
>     </SignedInfo>
> 
>    
> <SignatureValue>ol+p5Jpj7mL+gl5UfeIemn4d+NBAgHpRKmUzl1/aJuJ82frs5WHep5
> zvVbdUcWNg
> 
> RTalqXo0D1TlbT6JzP54UnwCYSTk8L9ttROPKRWF+28sJzujigyVQ0QYDkGJLu3e
> 
> R7IunkvESUmoiBjDZlJXHoBkrWVIeazvV0qfouQHmFHxNxg8epLXsjXkUjNgyWUK
> 
> WFDqnS2h+qTNvuxYEOUcQaR1wDvSg/7KHCoEfShMLOY1avgs3ZEDfEX2Vn0GsN9w
> 
> Fy1smTmeBd+yHINe3HpkOJeG5h7zpCdTU2NSD1Bs3gWH4r/HSUNENswIKdpS58JJ
> 
> 6hLhncPMK28FiyLOefcCUYVfUu0i5nROcCZewbgOJws2fmn21GcXm9XlrUM7tNP+
> 
> 73FP2I0sdQU04mPbj2TcacGprw1ELd1zIJFDxGVYmQ9fQ1zoOpXr1O6C0iTxHrGk
> 
> 80KEwhTiuHwiLtSbc2I2F/fKWKqun/VQ1pKccN9b9jNaNPCFvzs87luuW3OKW7w3
> 
> DQiLJKQ8e9/b3sJEf9HYFNDmam75rm4E15rPvNr97jF5uZQ55dwQGp3tEPejbAtg
> 
> 6rkEifPTOMydGFT6G7nSKM+T3+mw051BovXgtuVkg4YxRGsv2ozWgwCKQv4kdrZ8
> 
> lfCpA4vij5HcFoOPsleth5twmY69GBMPnl0cgfmW7sA=</SignatureValue>
> 
>     <KeyInfo>
> 
> <KeyName>signingCert</KeyName>
> 
> <X509Data>
> 
> <X509Certificate>MIIEpzCCAo+gAwIBAgIBADANBgkqhkiG9w0BAQUFADAWMRQwEgYDV
> QQDEwtzaWdu
> 
> aW5nQ2VydDAgFw0xNTA2MjMxNTMwMzNaGA81MDU5MDIyMzE1MzAzM1owFjEUMBIG
> 
> A1UEAxMLc2lnbmluZ0NlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
> 
> AQDeKjUCmUAIis5nJ2xYkRo8OYoH853ebnLh+WxnjSy6vUzkKQGRsNgBWY0XJpgf
> 
> kugjZpUH1F6LaV/4e/jzvGp5fF+f42u9X9VPXYod07dzbJneJTdw+WcSw9v4oKzK
> 
> J/gqLvuz+MTT0GRN5M+E7tT7vjyz/D/n+mPpmd6TAUYnYTPI+6OMfbbD4pDu7Xyf
> 
> c8whVfLbRuIR0qC43V3dNAg6Hb0FqJH1VkQe83iTdhGM2G21ppQuxBZsMjsLvlvR
> 
> rAyt4Ma6q4AIMx/slyP0ZNrSo0HYqEVYo3+ZPjdHyzUDtKgmybO8yM/HXrXtQHVs
> 
> HolnHEQPNOuhFiOB8lkWUUuDjHshBAelmf05466qYK32MXXV27vpzwL5n6uw1C8D
> 
> qj/BJrvFCGRfhJMSJcRVR6CznWMByclvPH0YGoL/nwm3Y5d5/CzG6aE34FF+jExF
> 
> uCEb1/L48hVR+RtY7G9GyUigQ8lM0YzTDRIlEeWd1YZ5JJwQmaanw1qV+/8z/FMC
> 
> aRDrmNVWuIPBx3Hh8B+i6Lw8HJ+JqlDdR3dYPH0HGhwvsJrIG1PN1PHbfjkgxVh4
> 
> 70NJ85qyt/Dk9ulxNIYpEgiCCSSdVrWhg9iH+Wi23VUtKQADyqqXlPfv7cArYstH
> 
> d3O7ihgxK/fs9zt29RSP0IRPppr2JogjNEsb4qq+BOKO4wIDAQABMA0GCSqGSIb3
> 
> DQEBBQUAA4ICAQBVKULeDMz/HdA8Z2XmVOkv/OckVm/ZxjJYG4HnZQ3VR10Ih9Oq
> 
> gpJgRS0k1lpwFgQJMNV0kT2yxmlHWTuYrvQty7RXSFIbfANojCivJ+LnFYiJjqZi
> 
> WwQOT51NQ849MTwRV8ETHbWkuA3oEPRqJFVrM3Ww66IEPFLLWH7ybH3ij7TD/T9d
> 
> 1xuBk+5NC3Tn1ECLEhiKYZ8sVnSFtQqIXx3bYecwGc53ToUqrXMqei6zSkrxdz7N
> 
> xZ3vahhRoK0Pjd7foLVktQ279h/Sg6QtB5V8hLBhFouu7qRB3I02B/h8fGhfxf22
> 
> mMgtppQnOYpO27LUIo2OqzO9g7/dbvlyoRNIJ2iBQpJohKfHFEq9Bhn9jsurOVuV
> 
> F2+lgHOEWqPMAEa30mFzvkcauQlZJ2wK5TVWFt5jPlGj3Nq0rIelCjFqkEgaJTfU
> 
> Cvlgbt3hobr5nLeBpk3P4fsUe/m2FNiYLcoE+z4tTSdmZ0lMWBqQySfOm3WU5txR
> 
> e6YgfRnQOckuIWJJIcCvFgVBqeV+QKueWUG1EGCBw4LmcWibV+0GRgT8PYDsCsFL
> 
> H9AGwhAKDuZXGdhIM/88zL7FPfE8A0Cb0FnYtrWh93wz4K3CTZZrn3bG2xpctco0
> 
> E6mxACLMMkgy792ldum5QfOiLiA1KYe4ZvwS4/rJIlzdf7LQy/liBpT4Nw==</X509Cert
> ificate>
> 
> </X509Data>
> 
> </KeyInfo>
> 
>   </Signature>
> 
> Thanks you,
> 
> Lara
> 
> ~~~~~~~~~~~~~~
> 
> Lara Blatchford
> 
> Principal Engineer
> 
> Nteligen, LLC
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list