Bug 1490494
Summary: | PKCS12: (JSS) upgrade to at least AES and SHA2 (FIPS) [RHEL-7.4.z] | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tom Lavigne <tlavigne> | ||||||
Component: | jss | Assignee: | Fraser Tweedale <ftweedal> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | ||||||
Severity: | urgent | Docs Contact: | Petr Bokoc <pbokoc> | ||||||
Priority: | urgent | ||||||||
Version: | 7.4 | CC: | aakkiang, alee, arubin, cfu, cheimes, edewata, ftweedal, jmagne, mharmsen, msauton, nkinder, pbokoc, rpattath | ||||||
Target Milestone: | rc | Keywords: | ZStream | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | jss-4.4.0-8.el7_4 | Doc Type: | Enhancement | ||||||
Doc Text: |
This update adds the "EncryptedPrivateKeyInfo.createPBES2" method to JSS. This method provides a way to create PKCS #12 files using the PBES2 encryption scheme using modern ciphers and key derivation functions (KDFs). The new method can now be used to encrypt a PrivateKeyInfo datum using PBES2 with PBKDF2 key derivation and caller-specifier cipher.
|
Story Points: | --- | ||||||
Clone Of: | 1490487 | Environment: | |||||||
Last Closed: | 2017-11-30 15:28:58 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1490487 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Tom Lavigne
2017-09-11 18:38:48 UTC
Hi Fraser, Could you help with the test instructions for this bug? A few scenarios I have in mind are: 1. Modify KRA CS.cfg with the following kra.allowEncDecrypt.archival=true kra.allowEncDecrypt.recovery=true 2. Enable only TLS/AES ciphers in server.xml all subsystem instances. 3. Execute pki pkcs12 clis successfully. 4. Enable server-side keygen on TPS with the above KRA. Format/Enroll SCP03 v7 smartcards (this card uses AES for encryption and decryption) when the following params in TKS are set tks.defKeySet.prot3.devKeyType=AES tks.defKeySet.prot3.divers=none tks.defKeySet.prot3.diversVer1Keys=none tks.defKeySet.prot3.masterKeyType=AES tks.defKeySet.nistSP800-108KdfOnKeyVersion=00 tks.defKeySet.nistSP800-108KdfUseCuidAsKdd=true These tests would be done with certificates on HSM and FIPS enabled environment. Let me know if the above testing would be a good coverage for this bug. Roshni, 1. Yes, set the `kra.allowEncDecrypt.{archival,recovery}=true`. 2. Then perform a certificate enrolment with archival. 3. Then perform a PKCS #12 recovery of the archive key/cert. 4. Ensure that the PKCS #12 file can be loaded by `pk12util' and/or `pki pkcs12-import'. 5. Inspect the ASN.1 structure of the generated PKCS #12 file to ensure that it is using PBES2 encryption with an AES cipher. You can use a site like http://www.lapo.it/asn1js to parse the content. You will be looking for a section like the following OBJECT IDENTIFIER 1.2.840.113549.1.12.10.1.2 pkcs-12-pkcs-8ShroudedKeyBag (PKCS #12 BagIds) [0] (1 elem) SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.5.13 pkcs5PBES2 (PKCS #5 v2.0) SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.5.12 pkcs5PBKDF2 (PKCS #5 v2.0) SEQUENCE (4 elem) OCTET STRING (16 byte) ED809848CD429FEE11BC3689686D7D6B INTEGER 2000 INTEGER 32 SEQUENCE (1 elem) OBJECT IDENTIFIER 1.2.840.113549.2.7 hmacWithSHA1 (RSADSI digestAlgorithm) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.16.840.1.101.3.4.1.42 aes256-CBC (NIST Algorithm) OCTET STRING (16 byte) 30EAC12C4E7EB5DCF35F3174EB3689D1 Which will prove that the PKCS #12 file is using AES encryption. After a synchronous recovery, pki pkcs12-import and pk12util imports were successful: [root@nocp1 pki-ca-Sep18]# pki -d certsdb -c SECret.123 pkcs12-import --pkcs12-file getPk12 --pkcs12-password SECret.123 --------------- Import complete --------------- [root@nocp1 pki-ca-Sep18]# certutil -L -d certsdb/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI UID=testuser1,O=Token Key User u,u,u root@nocp1 pki-ca-Sep18]# pk12util -i getPk12 -d certdb/ Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL [root@nocp1 pki-ca-Sep18]# certutil -L -d certdb/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI UID=testuser1,O=Token Key User u,u,u After an asynchronous recovery of the key, pk12util import was successful but pki pkcs12-import was failing (not sure if I am doing something wrong [root@nocp1 pki-ca-Sep18]# certutil -D -d certsdb/ -n "UID=testuser1,O=Token Key User" [root@nocp1 pki-ca-Sep18]# certutil -L -d certsdb/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI [root@nocp1 pki-ca-Sep18]# pki -d certsdb -c SECret.123 pkcs12-import --pkcs12-file getAsyncPk12 --pkcs12-password SECret.123 TokenException: Failed to import EncryptedPrivateKeyInfo to token: (-8126) security library: read-only database. [root@nocp1 pki-ca-Sep18]# certutil -D -d certdb -n "UID=testuser1,O=Token Key User" [root@nocp1 pki-ca-Sep18]# pk12util -i getAsyncPk12 -d certdb/ Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL [root@nocp1 pki-ca-Sep18]# certutil -L -d certdb/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI UID=testuser1,O=Token Key User u,u,u Also after converting the pkcs12 files to ASN, neither of them were showing any aes entries in the output. Let me know if you want to have a look at my file. One more thing that I noticed is the following: [root@nocp1 pki-ca-Sep18]# pki pkcs12-import --pkcs12-file getPk12 --pkcs12-password SECret.123 --------------- Import complete --------------- [root@nocp1 pki-ca-Sep18]# certutil -L -d . certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. [root@nocp1 pki-ca-Sep18]# pki -d certsdb -c SECret.123 pkcs12-import --pkcs12-file getPk12 --pkcs12-password SECret.123 --------------- Import complete --------------- [root@nocp1 pki-ca-Sep18]# certutil -L -d certsdb/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI UID=testuser1,O=Token Key User u,u,u Why didn't the cli fail in the first attempt? Roshni, I'm not sure what causes that "Read-only database" problem. I have encountered it sometimes. I don't think it's related to this change. For the files to use PBES2 encryption you also need to test with the patched pki packages (https://bugzilla.redhat.com/show_bug.cgi?id=1490241). Thanks, Fraser Fraser, I am using the following builds [root@nocp1 ~]# rpm -q pki-ca pki-ca-10.4.1-14.el7_4.noarch [root@nocp1 ~]# rpm -q jss jss-4.4.0-8.el7_4.x86_64 (In reply to Roshni from comment #8) > Fraser, > > I am using the following builds > > [root@nocp1 ~]# rpm -q pki-ca > pki-ca-10.4.1-14.el7_4.noarch > [root@nocp1 ~]# rpm -q jss > jss-4.4.0-8.el7_4.x86_64 Not sure if this will help, but there were some additional changes for PBES2 in the latest update to the errata (see https://bugzilla.redhat.com/show_bug.cgi?id=1492560). While I do not like the name of the bug, and perhaps we should change it, the associated ticket is 'dogtagpki Pagure Issue #2809 - PKCS #12 files incompatible with NSS >= 3.31', You should update your pki-core bits to '10.4.1-15.el7_4' to test using this fix. Roshni, I forgot to mention one important config for the KRA's CS.cfg (sorry!) You need to set: kra.legacyPKCS12=false Add doc text. Hi Fraser, Does the following asn1 output match the expected result? OBJECT IDENTIFIER1.2.840.113549.1.12.10.1.2pkcs-12-pkcs-8ShroudedKeyBag(PKCS #12 BagIds) [0](1 elem) SEQUENCE(2 elem) SEQUENCE(2 elem) OBJECT IDENTIFIER1.2.840.113549.1.5.13pkcs5PBES2(PKCS #5 v2.0) SEQUENCE(2 elem) SEQUENCE(2 elem) OBJECT IDENTIFIER1.2.840.113549.1.5.12pkcs5PBKDF2(PKCS #5 v2.0) SEQUENCE(3 elem) OCTET STRING(16 byte) 55A110D4DB9C892471B5410636BEB20D INTEGER2000 INTEGER16 SEQUENCE(2 elem) OBJECT IDENTIFIER2.16.840.1.101.3.4.1.2aes128-CBC(NIST Algorithm) pkcs12 import was successful only using pk12util, it failing when pki pkcs12-import is used. [root@nocp1 pki-ca-Sep20]# pk12util -i getPk12-new -d certsdb-new Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL [root@nocp1 pki-ca-Sep20]# certutil -L -d . certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. [root@nocp1 pki-ca-Sep20]# certutil -L -d certsdb-new/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI UID=testuser2,O=Token Key User u,u,u [root@nocp1 pki-ca-Sep20]# certutil -D -d certsdb-new -n "UID=testuser2,O=Token Key User" [root@nocp1 pki-ca-Sep20]# pk12util -i getAsyncPk12-new -d certsdb-new Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL [root@nocp1 pki-ca-Sep20]# certutil -L -d certsdb-new/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI UID=testuser2,O=Token Key User u,u,u [root@nocp1 pki-ca-Sep20]# certutil -L -d certsdb-new/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI [root@nocp1 pki-ca-Sep20]# pki -d certsdb-new -c SECret.123 pkcs12-import --pkcs12-file getPk12-new --pkcs12-password SECret.123 TokenException: Failed to import EncryptedPrivateKeyInfo to token: (-8152) The key does not support the requested operation. [root@nocp1 pki-ca-Sep20]# certutil -L -d certsdb-new/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI pki-ca-Sep20-sec-domain cu,cu,cu [root@nocp1 pki-ca-Sep20]# certutil -L -d certsdb-new/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI [root@nocp1 pki-ca-Sep20]# pki -d certsdb-new -c SECret.123 pkcs12-import --pkcs12-file getAsyncPk12-new --pkcs12-password SECret.123 TokenException: Failed to import EncryptedPrivateKeyInfo to token: (-8152) The key does not support the requested operation. [root@nocp1 pki-ca-Sep20]# certutil -L -d certsdb-new/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI pki-ca-Sep20-sec-domain cu,cu,cu Roshni, did you use the pki-core 10.4.1-15.el7_4 build for testing? (In reply to Fraser Tweedale from comment #13) > Roshni, did you use the pki-core 10.4.1-15.el7_4 build for testing? Yes I am using that build. Roshni, thanks, I am looking into it. The issue is related to token login. I'm not quite sure how it was introduced or how to work around yet, I'm afraid. Still getting to the bottom of it. Roshni, my mistake, I was using `-w` instead of `-c`. I was unable to reproduce the issue. Could you please: - provide the exact steps by which the problematic PKCS #12 file was produced - attach (or email me) the problematic PKCS #12 file Thanks, Fraser (In reply to Fraser Tweedale from comment #17) > Roshni, my mistake, I was using `-w` instead of `-c`. I was unable to > reproduce > the issue. Could you please: > > - provide the exact steps by which the problematic PKCS #12 file was produced 1. set the `kra.allowEncDecrypt.{archival,recovery}=true`. 2. set kra.legacyPKCS12=false 3. enroll a tpsclient token (server side keygen is enabled for TPS) 4. Performed a synchronous and asynchronous recovery on key generated for the encryption cert on the token. 5. pki -d /opt/pki-ca-Sep20/certsdb-new -c client-init 6. pki -d certsdb-new -c SECret.123 pkcs12-import --pkcs12-file getPk12-new --pkcs12-password SECret.123 > > - attach (or email me) the problematic PKCS #12 file Attaching both the p12 files > > Thanks, > Fraser Created attachment 1331458 [details]
p12 generated during synchronous recovery
Created attachment 1331459 [details]
p12 generated during asynchronous recovery
Fraser, Please provide the required information for this bug or let me know if I have to mark this bug to ASSIGNED state. I still did not get around to investigating this, but note that a new build of NSS is available with a PKCS12-related fix. I'd recommend attempting to verify again with latest build of nss. If there are still problems, set it back to ASSIGNED and I'll defer to Matthew and the rest of the CS team to decide whether the whole update should be deferred or whether this change (and others that have not passed QE) should be rolled back. [root@vm-idm-038 certdb]# rpm -qi jss Name : jss Version : 4.4.0 Release : 8.el7_4 Architecture: x86_64 Install Date: Fri 06 Oct 2017 11:47:11 AM EDT Group : System Environment/Libraries Size : 1033434 License : MPLv1.1 or GPLv2+ or LGPLv2+ Signature : (none) Source RPM : jss-4.4.0-8.el7_4.src.rpm Build Date : Tue 12 Sep 2017 01:06:15 PM EDT Build Host : x86-020.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.mozilla.org/projects/security/pki/jss/ Summary : Java Security Services (JSS) [root@vm-idm-038 certdb]# rpm -qi pki-ca Name : pki-ca Version : 10.4.1 Release : 15.el7_4 Architecture: noarch Install Date: Fri 06 Oct 2017 11:47:31 AM EDT Group : System Environment/Daemons Size : 2359450 License : GPLv2 Signature : (none) Source RPM : pki-core-10.4.1-15.el7_4.src.rpm Build Date : Mon 18 Sep 2017 10:00:51 PM EDT Build Host : ppc-016.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ [root@vm-idm-038 certdb]# rpm -qi nss Name : nss Version : 3.28.4 Release : 15.el7_4 Architecture: x86_64 Install Date: Fri 06 Oct 2017 11:26:54 AM EDT Group : System Environment/Libraries Size : 2501961 License : MPLv2.0 Signature : (none) Source RPM : nss-3.28.4-15.el7_4.src.rpm Build Date : Wed 27 Sep 2017 06:05:47 AM EDT Build Host : x86-039.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.mozilla.org/projects/security/pki/nss/ Summary : Network Security Services Verfication steps are in comment 12. The issue specified in comment 12 was not seen with the above nss. Happy day. Thanks Roshni. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3300 |