[xmlsec] signature verification failures using NSS with FIPS

Lara Blatchford lara.blatchford at nteligen.com
Thu Jun 25 09:37:55 PDT 2015


Please find attached examples.tar.  This contains a program to sign an XML document based
on the sign1.c example.  It also contains a script to create an NSS database in FIPS mode, and
an XML document containing the signature template we are using.

Below is an example run of the application and the subsequent verification failure (this was
done on a Linux machine).   Input on why verification would fail is greatly appreciated.  As shown
below, verification works if the signature is regenerated after FIPS mode is disabled.
 
lara at aft1:chroot ~/xmlsec_example$ ./gen_fips_selfsigned_rsa.sh
creating db
put in fips mode
FIPS mode enabled.
generate self signed cert


Generating key.  This may take a few moments...

lara at aft1:chroot ~/xmlsec_example$ ./sign1visnss docToSign.xml ./fips_db_dir vis password >signed.xml
set nss_passwd=password
Loading template file: docToSign.xml
adding key name: vis
returning nss_passwd=password
lara at aft1:chroot ~/xmlsec_example$ xmlsec1 --verify --crypto nss --crypto-config ./fips_db_dir signed.xml
func=xmlSecNssSignatureVerify:file=signatures.c:line=356:obj=rsa-sha512:subj=VFY_EndWithSignature:error=4:crypto library function failed:error code=-8182;last nss error=-8182 (0xFFFFE00A)
func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1804:obj=rsa-sha512:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: ;last nss error=-8182 (0xFFFFE00A)
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=401:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: ;last nss error=-8182 (0xFFFFE00A)
Error: signature failed
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "signed.xml"
lara at aft1:chroot ~/xmlsec_example$ exit

Script done on Thu 25 Jun 2015 12:30:50 PM EDT
lara at aft1:chroot ~/xmlsec_example$
lara at aft1:chroot ~/xmlsec_example$ modutil -fips false -dbdir ./fips_db_dir

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:

FIPS mode already disabled.
lara at aft1:chroot ~/xmlsec_example$ ./sign1visnss docToSign.xml ./fips_db_dir vis password >signed.xml
set nss_passwd=password
Loading template file: docToSign.xml
adding key name: vis
returning nss_passwd=password
lara at aft1:chroot ~/xmlsec_example$ xmlsec1 --verify --crypto nss --crypto-config ./fips_db_dir signed.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
lara at aft1:chroot ~/xmlsec_example$

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Thursday, June 25, 2015 11:18 AM
To: Lara Blatchford; xmlsec at aleksey.com
Subject: Re: [xmlsec] signature verification failures using NSS with FIPS

I have no idea what are you doing. As I said, the current error means that certificate verification fails. That's the reason.

Aleksey

On 6/25/15 7:03 AM, Lara Blatchford wrote:
> 
> Thank you for your quick response!
> 
> The specification that I am coding to requires the KeyInfo element to be included.  Are you suggesting that the signature may verify successfully if I omit the KeyInfo and/or KeyName information from the signature template?   
> 
> I tried removing the calls to xmlSecTmplSignatureEnsureKeyInfo, 
> xmlSecTmplKeyInfoAddKeyName, and xmlSecTmplKeyInfoAddX509Data, but 
> when I do so, xmlsec generates the following error when xmlSecDSigCtxSign is called:
> 
> func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSe
> cKeysMngrFindKey:error=1:xmlsec library function failed: ;last nss 
> error=0 (0x00000000) 
> func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=889:obj=unkno
> wn:subj=unknown:error=45:key is not found: ;last nss error=0 
> (0x00000000) 
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=581:obj=unk
> nown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library 
> function failed: ;last nss error=0 (0x00000000) 
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=319:obj=unknown:subj=xmlSec
> DSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
> ;last nss error=0 (0x00000000)
> 
> if I take out only the call to xmlSecTmplKeyInfoAddX509Data, then 
> xmlsec will sign the document, but signature verification still fails 
> with the "invalid signature" error you previously indicated, so it appears that xmlsec is generating an invalid signature for some reason.
> 
> Could you please provide an example of a signature template that 
> should work when using an NSS database in FIPS mode?  Or is there more 
> additional information I can provide that would help to determine why 
> xmlsec generates an invalid signature from the signature template I previously provided?
> 
> Thanks again,
> Lara
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
> Sent: Tuesday, June 23, 2015 12:15 PM
> To: Lara Blatchford; xmlsec at aleksey.com
> Subject: Re: [xmlsec] signature verification failures using NSS with 
> FIPS
> 
> This particular error means that the certificate verification failed
> 
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_func
> tions/sslerr.html
> 
> SEC_ERROR_BAD_SIGNATURE 	-8182 	Peer's certificate has an invalid signature.
> 
> I didn't test in FIPS mode recently, but as far as I know it should work fine for a subset of XMLDsig spec (e.g. you can't put keys into signature for obvious reasons).
> 
> Aleksey
> 
> On 6/23/15 8:49 AM, Lara Blatchford wrote:
>> Though I am able to generate signatures using RSA keys retrievedfroma 
>> FIPS-enabled NSS database, the signatures do
>>
>> not verify. 
>>
>> If FIPS is disabledon the database, the signature does verify.
>>
>> A mail archive post fromWed, 05 Mar 2003 21:39:24indicated that FIPS 
>> modeisnot supported for the NSS library.
>>
>> Why is this, and is there a plan to add support in the future?
>>
>> Here is the error received when attempting to verify the database,as 
>> well as the signature portion of my XML document:
>>
>> [nss]$ xmlsec1 --verify --crypto nss --crypto-config . 
>> 100_1_2003_doc.xml
>>
>> func=xmlSecNssSignatureVerify:file=signatures.c:line=356:obj=rsa-sha5
>> 1 2:subj=VFY_EndWithSignature:error=4:crypto
>> library function failed:error code=-8182;last nss error=-8182
>> (0xFFFFE00A)
>>
>> func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1804:obj
>> = rsa-sha512:subj=xmlSecTransformVerify:error=1:xmlsec
>> library function failed: ;last nss error=-8182 (0xFFFFE00A)
>>
>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=401:obj=unknown:subj=xml
>> S ecTransformVerifyNodeContent:error=1:xmlsec
>> library function failed: ;last nss error=-8182 (0xFFFFE00A)
>>
>> Error: signature failed
>>
>> ERROR
>>
>> SignedInfo References (ok/all): 1/1
>>
>> Manifests References (ok/all): 0/0
>>
>> Error: failed to verify file "100_1_2003_doc.xml"
>>
>> [nss]$
>>
>> [nss]$ modutil -chkfips true -dbdir .
>>
>> FIPS mode enabled.
>>
>> [nss]$
>>
>>   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>
>>     <SignedInfo>
>>
>>       <CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
>>
>>       <SignatureMethod
>> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
>>
>>       <Reference URI="#xpointer(/)">
>>
>>         <Transforms>
>>
>>           <Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>
>>           <Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
>>
>>         </Transforms>
>>
>>         <DigestMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
>>
>>        
>> <DigestValue>DotbZXz+hs3PZpA2SflWZvtbT9LI0i7pUMGfx9g1isX92tD8FtQ09r3w
>> V
>> ls3gRZr
>>
>> mIkMbgPU4pbcV493Ks/j7g==</DigestValue>
>>
>>       </Reference>
>>
>>     </SignedInfo>
>>
>>    
>> <SignatureValue>ol+p5Jpj7mL+gl5UfeIemn4d+NBAgHpRKmUzl1/aJuJ82frs5WHep
>> 5
>> zvVbdUcWNg
>>
>> RTalqXo0D1TlbT6JzP54UnwCYSTk8L9ttROPKRWF+28sJzujigyVQ0QYDkGJLu3e
>>
>> R7IunkvESUmoiBjDZlJXHoBkrWVIeazvV0qfouQHmFHxNxg8epLXsjXkUjNgyWUK
>>
>> WFDqnS2h+qTNvuxYEOUcQaR1wDvSg/7KHCoEfShMLOY1avgs3ZEDfEX2Vn0GsN9w
>>
>> Fy1smTmeBd+yHINe3HpkOJeG5h7zpCdTU2NSD1Bs3gWH4r/HSUNENswIKdpS58JJ
>>
>> 6hLhncPMK28FiyLOefcCUYVfUu0i5nROcCZewbgOJws2fmn21GcXm9XlrUM7tNP+
>>
>> 73FP2I0sdQU04mPbj2TcacGprw1ELd1zIJFDxGVYmQ9fQ1zoOpXr1O6C0iTxHrGk
>>
>> 80KEwhTiuHwiLtSbc2I2F/fKWKqun/VQ1pKccN9b9jNaNPCFvzs87luuW3OKW7w3
>>
>> DQiLJKQ8e9/b3sJEf9HYFNDmam75rm4E15rPvNr97jF5uZQ55dwQGp3tEPejbAtg
>>
>> 6rkEifPTOMydGFT6G7nSKM+T3+mw051BovXgtuVkg4YxRGsv2ozWgwCKQv4kdrZ8
>>
>> lfCpA4vij5HcFoOPsleth5twmY69GBMPnl0cgfmW7sA=</SignatureValue>
>>
>>     <KeyInfo>
>>
>> <KeyName>signingCert</KeyName>
>>
>> <X509Data>
>>
>> <X509Certificate>MIIEpzCCAo+gAwIBAgIBADANBgkqhkiG9w0BAQUFADAWMRQwEgYD
>> V
>> QQDEwtzaWdu
>>
>> aW5nQ2VydDAgFw0xNTA2MjMxNTMwMzNaGA81MDU5MDIyMzE1MzAzM1owFjEUMBIG
>>
>> A1UEAxMLc2lnbmluZ0NlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
>>
>> AQDeKjUCmUAIis5nJ2xYkRo8OYoH853ebnLh+WxnjSy6vUzkKQGRsNgBWY0XJpgf
>>
>> kugjZpUH1F6LaV/4e/jzvGp5fF+f42u9X9VPXYod07dzbJneJTdw+WcSw9v4oKzK
>>
>> J/gqLvuz+MTT0GRN5M+E7tT7vjyz/D/n+mPpmd6TAUYnYTPI+6OMfbbD4pDu7Xyf
>>
>> c8whVfLbRuIR0qC43V3dNAg6Hb0FqJH1VkQe83iTdhGM2G21ppQuxBZsMjsLvlvR
>>
>> rAyt4Ma6q4AIMx/slyP0ZNrSo0HYqEVYo3+ZPjdHyzUDtKgmybO8yM/HXrXtQHVs
>>
>> HolnHEQPNOuhFiOB8lkWUUuDjHshBAelmf05466qYK32MXXV27vpzwL5n6uw1C8D
>>
>> qj/BJrvFCGRfhJMSJcRVR6CznWMByclvPH0YGoL/nwm3Y5d5/CzG6aE34FF+jExF
>>
>> uCEb1/L48hVR+RtY7G9GyUigQ8lM0YzTDRIlEeWd1YZ5JJwQmaanw1qV+/8z/FMC
>>
>> aRDrmNVWuIPBx3Hh8B+i6Lw8HJ+JqlDdR3dYPH0HGhwvsJrIG1PN1PHbfjkgxVh4
>>
>> 70NJ85qyt/Dk9ulxNIYpEgiCCSSdVrWhg9iH+Wi23VUtKQADyqqXlPfv7cArYstH
>>
>> d3O7ihgxK/fs9zt29RSP0IRPppr2JogjNEsb4qq+BOKO4wIDAQABMA0GCSqGSIb3
>>
>> DQEBBQUAA4ICAQBVKULeDMz/HdA8Z2XmVOkv/OckVm/ZxjJYG4HnZQ3VR10Ih9Oq
>>
>> gpJgRS0k1lpwFgQJMNV0kT2yxmlHWTuYrvQty7RXSFIbfANojCivJ+LnFYiJjqZi
>>
>> WwQOT51NQ849MTwRV8ETHbWkuA3oEPRqJFVrM3Ww66IEPFLLWH7ybH3ij7TD/T9d
>>
>> 1xuBk+5NC3Tn1ECLEhiKYZ8sVnSFtQqIXx3bYecwGc53ToUqrXMqei6zSkrxdz7N
>>
>> xZ3vahhRoK0Pjd7foLVktQ279h/Sg6QtB5V8hLBhFouu7qRB3I02B/h8fGhfxf22
>>
>> mMgtppQnOYpO27LUIo2OqzO9g7/dbvlyoRNIJ2iBQpJohKfHFEq9Bhn9jsurOVuV
>>
>> F2+lgHOEWqPMAEa30mFzvkcauQlZJ2wK5TVWFt5jPlGj3Nq0rIelCjFqkEgaJTfU
>>
>> Cvlgbt3hobr5nLeBpk3P4fsUe/m2FNiYLcoE+z4tTSdmZ0lMWBqQySfOm3WU5txR
>>
>> e6YgfRnQOckuIWJJIcCvFgVBqeV+QKueWUG1EGCBw4LmcWibV+0GRgT8PYDsCsFL
>>
>> H9AGwhAKDuZXGdhIM/88zL7FPfE8A0Cb0FnYtrWh93wz4K3CTZZrn3bG2xpctco0
>>
>> E6mxACLMMkgy792ldum5QfOiLiA1KYe4ZvwS4/rJIlzdf7LQy/liBpT4Nw==</X509Cer
>> t
>> ificate>
>>
>> </X509Data>
>>
>> </KeyInfo>
>>
>>   </Signature>
>>
>> Thanks you,
>>
>> Lara
>>
>> ~~~~~~~~~~~~~~
>>
>> Lara Blatchford
>>
>> Principal Engineer
>>
>> Nteligen, LLC
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example.tar
Type: application/x-tar
Size: 10240 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20150625/6a98746d/attachment-0001.tar>


More information about the xmlsec mailing list