Hi, I am trying to use Cavium in a Java application for two-way SSL handshake. My application is the client application. However when the application runs, the client handshake fails with the following exception:
2022-02-21T18:30:39.152Z java.lang.RuntimeException: com.cavium.cfm2.CFM2Exception: A call to the API getRSAPrivateKeyComponents for size failed with error code ffffffff : Error: new error from underlying FW/SW, might need to upgrade to new SW to decode
2022-02-21T18:30:39.152Z at com.cavium.key.CaviumRSAPrivateKey.populateKeyComponents(CaviumRSAPrivateKey.java:154)
2022-02-21T18:30:39.152Z at com.cavium.key.CaviumRSAPrivateKey.getPrimeP(CaviumRSAPrivateKey.java:82)
2022-02-21T18:30:39.152Z at sun.security.rsa.RSACore.crtCrypt(RSACore.java:168)
2022-02-21T18:30:39.152Z at sun.security.rsa.RSACore.rsa(RSACore.java:122)
2022-02-21T18:30:39.152Z at sun.security.rsa.RSAPSSSignature.engineSign(RSAPSSSignature.java:371)
2022-02-21T18:30:39.152Z at java.security.Signature$Delegate.engineSign(Signature.java:1382)
2022-02-21T18:30:39.152Z at java.security.Signature.sign(Signature.java:698)
2022-02-21T18:30:39.152Z at sun.security.ssl.CertificateVerify$T12CertificateVerifyMessage.<init>(CertificateVerify.java:608)
2022-02-21T18:30:39.152Z at sun.security.ssl.CertificateVerify$T12CertificateVerifyProducer.produce(CertificateVerify.java:760)
2022-02-21T18:30:39.152Z at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
2022-02-21T18:30:39.152Z at sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
2022-02-21T18:30:39.152Z at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
2022-02-21T18:30:39.152Z at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
2022-02-21T18:30:39.152Z at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
2022-02-21T18:30:39.152Z at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
The application adds CaviumProvder at start-up:
Security.addProvider(new com.cavium.provider.CaviumProvider());
My client application also attempts to sign a message using "NONEwithRSA" at the start of the application and successfully verifies the signing using the same key alias.
I have also verified that the user my application is using to authenticate towards CloudHSM is of type CU (Crypto User).
The CloudHSM jar file is cloudhsm-3.1.0.jar.
Please help.