From 3fe2dd8094fcec76a1310d3ab33c1cc27c85c356 Mon Sep 17 00:00:00 2001

From: rpmbuild <rpmbuild@fedoraproject.org>

Date: Fri, 10 Aug 2018 09:45:56 +0100

Subject: [PATCH] rhbz#1614419 use workaround for PK11_ImportSymKey failure

 under FIPS

---

 include/oox/crypto/CryptTools.hxx |  3 ++

 oox/source/crypto/CryptTools.cxx  | 83 +++++++++++++++++++++++++++++++++++----

 2 files changed, 79 insertions(+), 7 deletions(-)

diff --git a/include/oox/crypto/CryptTools.hxx b/include/oox/crypto/CryptTools.hxx

index 84e4c48..07605da 100644

--- a/include/oox/crypto/CryptTools.hxx

+++ b/include/oox/crypto/CryptTools.hxx

@@ -56,9 +56,12 @@ protected:

     EVP_CIPHER_CTX mContext;

 #endif

 #if USE_TLS_NSS

+    PK11SlotInfo* mSlot;

     PK11Context* mContext;

     SECItem*     mSecParam;

     PK11SymKey*  mSymKey;

+    PK11Context* mWrapKeyContext;

+    PK11SymKey*  mWrapKey;

 #endif

 #if USE_TLS_OPENSSL

diff --git a/oox/source/crypto/CryptTools.cxx b/oox/source/crypto/CryptTools.cxx

index 5ecf7b3..ee91925 100644

--- a/oox/source/crypto/CryptTools.cxx

+++ b/oox/source/crypto/CryptTools.cxx

@@ -19,9 +19,12 @@ using namespace std;

 Crypto::Crypto()

 #if USE_TLS_NSS

-    : mContext(nullptr)

+    : mSlot(nullptr)

+    , mContext(nullptr)

     , mSecParam(nullptr)

     , mSymKey(nullptr)

+    , mWrapKeyContext(nullptr)

+    , mWrapKey(nullptr)

 #endif

 {

 #if USE_TLS_NSS

@@ -38,10 +41,16 @@ Crypto::~Crypto()

 #if USE_TLS_NSS

     if (mContext)

         PK11_DestroyContext(mContext, PR_TRUE);

-    if (mSymKey)

-        PK11_FreeSymKey(mSymKey);

     if (mSecParam)

         SECITEM_FreeItem(mSecParam, PR_TRUE);

+    if (mSymKey)

+        PK11_FreeSymKey(mSymKey);

+    if (mWrapKeyContext)

+        PK11_DestroyContext(mWrapKeyContext, PR_TRUE);

+    if (mWrapKey)

+        PK11_FreeSymKey(mWrapKey);

+    if (mSlot)

+        PK11_FreeSlot(mSlot);

 #endif

 }

@@ -59,11 +68,14 @@ const EVP_CIPHER* Crypto::getCipher(CryptoType type)

         default:

             break;

     }

-    return NULL;

+    return nullptr;

 }

 #endif

 #if USE_TLS_NSS

+

+#define MAX_WRAPPED_KEY_LEN 128

+

 void Crypto::setupContext(vector<sal_uInt8>& key, vector<sal_uInt8>& iv, CryptoType type, CK_ATTRIBUTE_TYPE operation)

 {

     CK_MECHANISM_TYPE mechanism = static_cast<CK_ULONG>(-1);

@@ -95,9 +107,9 @@ void Crypto::setupContext(vector<sal_uInt8>& key, vector<sal_uInt8>& iv, CryptoT

             break;

     }

-    PK11SlotInfo* pSlot( PK11_GetBestSlot( mechanism, nullptr ) );

+    mSlot = PK11_GetBestSlot(mechanism, nullptr);

-    if (!pSlot)

+    if (!mSlot)

         throw css::uno::RuntimeException("NSS Slot failure", css::uno::Reference<css::uno::XInterface>());

     SECItem keyItem;

@@ -105,7 +117,64 @@ void Crypto::setupContext(vector<sal_uInt8>& key, vector<sal_uInt8>& iv, CryptoT

     keyItem.data = &key[0];

     keyItem.len  = key.size();

-    mSymKey = PK11_ImportSymKey( pSlot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr );

+    mSymKey = PK11_ImportSymKey( mSlot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr );

+    if (!mSymKey) //rhbz#1614419 maybe failed due to FIPS, use rhbz#1461450 style workaround

+    {

+        /*

+         * Without FIPS it would be possible to just use

+         *  mSymKey = PK11_ImportSymKey( mSlot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr );

+         * with FIPS NSS Level 2 certification has to be "workarounded" (so it becomes Level 1) by using

+         * following method:

+         * 1. Generate wrap key

+         * 2. Encrypt authkey with wrap key

+         * 3. Unwrap encrypted authkey using wrap key

+         */

+

+        /*

+         * Generate wrapping key

+         */

+        CK_MECHANISM_TYPE wrap_mechanism = PK11_GetBestWrapMechanism(mSlot);

+        int wrap_key_len = PK11_GetBestKeyLength(mSlot, wrap_mechanism);

+        mWrapKey = PK11_KeyGen(mSlot, wrap_mechanism, nullptr, wrap_key_len, nullptr);

+        if (!mWrapKey)

+            throw css::uno::RuntimeException("PK11_KeyGen SymKey failure", css::uno::Reference<css::uno::XInterface>());

+

+        /*

+         * Encrypt authkey with wrapping key

+         */

+

+        /*

+         * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode

+         */

+        SECItem tmp_sec_item;

+        memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));

+        mWrapKeyContext = PK11_CreateContextBySymKey(wrap_mechanism, CKA_ENCRYPT, mWrapKey, &tmp_sec_item);

+        if (!mWrapKeyContext)

+            throw css::uno::RuntimeException("PK11_CreateContextBySymKey failure", css::uno::Reference<css::uno::XInterface>());

+

+        unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN];

+        int wrapped_key_len = sizeof(wrapped_key_data);

+

+        if (PK11_CipherOp(mWrapKeyContext, wrapped_key_data, &wrapped_key_len,

+            sizeof(wrapped_key_data), keyItem.data, keyItem.len) != SECSuccess)

+        {

+            throw css::uno::RuntimeException("PK11_CipherOp failure", css::uno::Reference<css::uno::XInterface>());

+        }

+

+        if (PK11_Finalize(mWrapKeyContext) != SECSuccess)

+            throw css::uno::RuntimeException("PK11_Finalize failure", css::uno::Reference<css::uno::XInterface>());

+

+        /*

+         * Finally unwrap sym key

+         */

+        SECItem wrapped_key;

+        memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));

+        wrapped_key.data = wrapped_key_data;

+        wrapped_key.len = wrapped_key_len;

+

+        mSymKey = PK11_UnwrapSymKey(mWrapKey, wrap_mechanism, &tmp_sec_item, &wrapped_key,

+            mechanism, CKA_ENCRYPT, keyItem.len);

+    }

     if (!mSymKey)

         throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>());

     mSecParam = PK11_ParamFromIV( mechanism, pIvItem );

-- 

1.8.3.1