Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1446786

Summary: PKCS12: upgrade to at least AES and SHA2 (FIPS)
Product: Red Hat Enterprise Linux 7 Reporter: Matthew Harmsen <mharmsen>
Component: pki-coreAssignee: Fraser Tweedale <ftweedal>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: urgent Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: urgent    
Version: 7.4CC: alee, arubin, cfu, cheimes, edewata, ftweedal, jmagne, mharmsen, msauton, nkinder, pasik, pbokoc, rpattath
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Certificate System can now create PKCS #12 files using PBES2 with PBKDF2 key derivation This update enhances Certificate System and adds support for AES encryption of private keys recovered from the Key Recovery Authority (KRA), when token-based key recovery is disabled. Specifically, when AES encryption is enabled, exported PKCS #12 files containing the recovered key uses the PKCS #5 version 2.0 Password-Based Cryptography Specification version 2 (PBES2) with Password-Based Key Derivation Function 2 (PBKDF2) key derivation and AES 128 encryption. Using PBES2 with PBKDF2 makes the files created by Certificate System more secure.
 Story Points: ---
Clone Of:
: 1490241 1490487 (view as bug list) Environment:
Last Closed: 2018-04-10 16:58:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1490241, 1490487, 1490489    

Description Matthew Harmsen 2017-04-28 22:05:47 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/dogtagpki/issue/2664

This bug should address upgrade of the crypto and hashing mechanisms
implementing PKCS12. It will involve JSS, and/or CS server, and/or client(s)
when the system is in FIPS mode.
Comment 2 Matthew Harmsen 2017-04-28 22:08:08 UTC 
Hi Christina,

Ade has reviewed my PKCS #12 AES patches for CC effort (thanks Ade!)
We have one main area where we need your feedback (https://pagure.io/dogtagpki/issue/2610).

The KRA PKCS #12 recovery process for encrypted (cf. wrapped) keys
previously performed the encryption and assembled the
EncryptedPrivateKeyInfo structure in a rather "manual" way (~80
LOC). In my patch to convert this code path to use AES encrypted, I
take an alternative (and much fewer LOC) approach: importing the
private key to the internal key storage token, as a temporary
key, and then invoking the same routine as is used for the wrapped
key case.

Our question: is this fine to do when the system is in FIPS mode?
The assumption is that the internal crypto token is always available
and that it can do raw (unencrypted) private key import, and
wrapping private keys to a symmetric key, while in FIPS mode. We
just need to check this assumption.

The gerrit review of the patch involved is here:
https://review.gerrithub.io/#/c/359027/

Thanks,
Fraser
Comment 3 Christina Fu 2017-05-25 21:42:49 UTC 
Fraser, I think in terms of security, that looks fine.  However, I do not know if in FIPS mode there would be an issue or not.  That's something you can try.  You could just turn on fips mode for the nss token without having to set the whole system in fips mode.
The code looks fine otherwise.
Comment 4 Christina Fu 2017-05-25 21:44:58 UTC 
(In reply to Christina Fu from comment #3)
> Fraser, I think in terms of security, that looks fine.  However, I do not
> know if in FIPS mode there would be an issue or not.  That's something you
> can try.  You could just turn on fips mode for the nss token without having
> to set the whole system in fips mode.
> The code looks fine otherwise.

you can do it like this:
modutil -fips true -dbdir location-of-your-nss-database
then restart the server.
Comment 5 Fraser Tweedale 2017-06-02 06:14:59 UTC 
OK, so the current patch DOES NOT work in FIPS mode :(

Hopefully it is something simple and will not require major rework.
Comment 6 Fraser Tweedale 2017-06-07 06:14:43 UTC 
Reworked patch pushed to Gerrit for review:

  https://review.gerrithub.io/#/c/359027/

See also patches for NSS on which the updated Dogtag
patch depends:

  https://bugzilla.mozilla.org/show_bug.cgi?id=1370778
Comment 7 Fraser Tweedale 2017-09-09 06:00:13 UTC 
Upstream JSS Check-ins:

cfu checked-in the following changes provided by ftweedal:

changeset:   2204:87dca07f7529
tag:         tip
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:56:04 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2203:b3b653faef84
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:53:36 2017 -0700
summary:     bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2202:0b8a6e84b6c7
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:50:21 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2201:d39e9b373798
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:32:32 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2200:890216599f21
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:21:22 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2199:bada1409d2bb
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:15:29 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2198:3629b598a9ce
user:        Fraser Tweedale<ftweedale>
date:        Fri Sep 08 11:09:23 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -


Upstream pki check-in:

commit ae97f21bf8d2ec83a410127872dd196a46f9dbbd
Author: Fraser Tweedale <ftweedal>
Date:   Thu Apr 6 13:27:56 2017 +1000

    KRA: use AES in PKCS #12 recovery for encrypted keys
Comment 10 Roshni 2017-12-07 16:25:36 UTC 
[root@nocp1 pki-kra-Dec6]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.5.1
Release     : 4.el7
Architecture: noarch
Install Date: Thu 30 Nov 2017 10:10:20 AM EST
Group       : System Environment/Daemons
Size        : 2360514
License     : GPLv2
Signature   : RSA/SHA256, Tue 28 Nov 2017 10:33:09 PM EST, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-4.el7.src.rpm
Build Date  : Tue 28 Nov 2017 09:17:20 PM EST
Build Host  : ppc-035.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

Verification steps as explained in https://bugzilla.redhat.com/show_bug.cgi?id=1490487#c5
Comment 15 errata-xmlrpc 2018-04-10 16:58:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0925