CloudHSM Cavium integration fails with exception during two-way SSL handshake (client-side) in a Java based Lambda

Hi, I am trying to use Cavium in a Java application for two-way SSL handshake. My application is the client application. However when the application runs, the client handshake fails with the following exception:

2022-02-21T18:30:39.152Z java.lang.RuntimeException: com.cavium.cfm2.CFM2Exception: A call to the API getRSAPrivateKeyComponents for size failed with error code ffffffff : Error: new error from underlying FW/SW, might need to upgrade to new SW to decode 2022-02-21T18:30:39.152Z at com.cavium.key.CaviumRSAPrivateKey.populateKeyComponents(CaviumRSAPrivateKey.java:154) 2022-02-21T18:30:39.152Z at com.cavium.key.CaviumRSAPrivateKey.getPrimeP(CaviumRSAPrivateKey.java:82) 2022-02-21T18:30:39.152Z at sun.security.rsa.RSACore.crtCrypt(RSACore.java:168) 2022-02-21T18:30:39.152Z at sun.security.rsa.RSACore.rsa(RSACore.java:122) 2022-02-21T18:30:39.152Z at sun.security.rsa.RSAPSSSignature.engineSign(RSAPSSSignature.java:371) 2022-02-21T18:30:39.152Z at java.security.Signature$Delegate.engineSign(Signature.java:1382) 2022-02-21T18:30:39.152Z at java.security.Signature.sign(Signature.java:698) 2022-02-21T18:30:39.152Z at sun.security.ssl.CertificateVerify$T12CertificateVerifyMessage.<init>(CertificateVerify.java:608) 2022-02-21T18:30:39.152Z at sun.security.ssl.CertificateVerify$T12CertificateVerifyProducer.produce(CertificateVerify.java:760) 2022-02-21T18:30:39.152Z at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421) 2022-02-21T18:30:39.152Z at sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182) 2022-02-21T18:30:39.152Z at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) 2022-02-21T18:30:39.152Z at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) 2022-02-21T18:30:39.152Z at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) 2022-02-21T18:30:39.152Z at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)

The application adds CaviumProvder at start-up: Security.addProvider(new com.cavium.provider.CaviumProvider());

My client application also attempts to sign a message using "NONEwithRSA" at the start of the application and successfully verifies the signing using the same key alias.

I have also verified that the user my application is using to authenticate towards CloudHSM is of type CU (Crypto User).

The CloudHSM jar file is cloudhsm-3.1.0.jar.

Please help.

Themen

Sicherheit, Identität & Konformität

Relevanter Inhalt

Wie kann ich die Latenz bei der Initialisierung und Aufrufdauer meiner Java-Lambda-Funktion verringern?
AWS OFFICIALAktualisiert vor 3 Jahren
Unterstützen Classic Load Balancers, Application Load Balancers und Network Load Balancers die Wiederaufnahme von SSL/TLS-Sitzungen?
AWS OFFICIALAktualisiert vor einem Jahr
Wie verwende ich AWS SAM, um eine von Lambda unterstützte, benutzerdefinierte Ressource in Java für CloudFormation zu erstellen?
AWS OFFICIALAktualisiert vor einem Jahr
Wie behebe ich die Fehler „ClassNotFoundException“ und „NoSuchMethodError“ einer Java-Lambda-Funktion?
AWS OFFICIALAktualisiert vor 2 Jahren