Bug 1384147
| Summary: | PKCS#12 export illogically fails with some PBE algorithms [rhel-7] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Stanislav Zidek <szidek> |
| Component: | nss | Assignee: | Daiki Ueno <dueno> |
| Status: | CLOSED ERRATA | QA Contact: | Alicja Kario <hkario> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | hkario, kdudka, kengert, nmavrogi, nss-nspr-maint, qe-baseos-security, rrelyea, szidek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nss-3.28.3-5.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1384107 | Environment: | |
| Last Closed: | 2017-08-01 16:47:42 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1384107 | ||
| Bug Blocks: | 1020868, 1492845 | ||
|
Description
Stanislav Zidek
2016-10-12 16:24:52 UTC
Using: cat >ciphers <<_EOF SEED-CBC IDEA_CBC RC2-40-CBC DES-40-CBC DES-ECB DES-CBC RC4 RC4-40 RC4-56 NULL cipher ChaCha20-Poly1305 _EOF I'm getting: # cat good DES-CBC # cat good-key SEED-CBC RC4 # cat good-overall IDEA-CBC NULL cipher But with -C 'DES-CBC', OpenSSL can't perform decryption (-c 'DES-CBC' works) With -C 'RC4', pk12util crashes. with IDEA-CBC and all the names staring with "PKCS", the certificate is actually NOT encrypted Softoken code should be in nss-softokn-3.28.3-4.el7 Daiki, do you think it's still possible to get this fixed for 7.4.0 ? (In reply to Hubert Kario from comment #7) > with IDEA-CBC and all the names staring with "PKCS", the certificate is > actually NOT encrypted The latter is a problem in the test itself; the cipher names do not match any of the defined ones and thus encryption is skipped. The correct names of those ciphers are: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4 PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4 PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC PKCS #5 Password Based Encryption with MD2 and DES-CBC PKCS #5 Password Based Encryption with MD5 and DES-CBC PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Also, IDEA-CBC is not allowed in: https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/pkcs12/p12plcy.c#20 (In reply to Daiki Ueno from comment #11) > (In reply to Hubert Kario from comment #7) > > with IDEA-CBC and all the names staring with "PKCS", the certificate is > > actually NOT encrypted > > The latter is a problem in the test itself; the cipher names do not match > any of the defined ones and thus encryption is skipped. > > The correct names of those ciphers are: > > PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4 > PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4 > PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC > PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC > PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC > PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC > PKCS #5 Password Based Encryption with MD2 and DES-CBC > PKCS #5 Password Based Encryption with MD5 and DES-CBC > PKCS #5 Password Based Encryption with SHA-1 and DES-CBC those are not the names in pk12util man page and I'm quite sure those were the names that did work previously, so that change would indicate a regression... > Also, IDEA-CBC is not allowed in: > https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/pkcs12/ > p12plcy.c#20 then it should report it as such and not continue with file creation Speaking of man page, - DES-CBC - RC2-CBC - DES-EDE3-CBC - AES-128-CBC are described as "Symmetric CBC ciphers for PKCS#5 V2". Now, use of AES-128-CBC will create a file that uses PBES2 encryption with PBKDF2 and AES-128-CBC cipher. Use of DES-EDE3-CBC will create a file that uses PBES1 scheme with OID of pbeWithSHA1And3-KeyTripleDES-CBC. That is _not_ a cipher that was defined in PKCS#5 v2.0. PBES1 with 3DES was defined in PKCS#12 v1.1 not PKCS#12 v2.0 (I don't think v2.0 exists...). So, honestly, I'm quite confused about both the naming, the actual meaning of those names and their explanation... (In reply to Hubert Kario from comment #13) > Speaking of man page, > - DES-CBC > - RC2-CBC > - DES-EDE3-CBC > - AES-128-CBC > are described as "Symmetric CBC ciphers for PKCS#5 V2". > > Now, use of AES-128-CBC will create a file that uses PBES2 encryption with > PBKDF2 and AES-128-CBC cipher. Use of DES-EDE3-CBC will create a file that > uses PBES1 scheme with OID of pbeWithSHA1And3-KeyTripleDES-CBC. That is > _not_ a cipher that was defined in PKCS#5 v2.0. PBES1 with 3DES was defined > in PKCS#12 v1.1 not PKCS#12 v2.0 (I don't think v2.0 exists...). Talking only about the protocols (rfc2898,rfc7292) it is a bit confusing. You can use 3DES with PKCS#12 under the PKCS#5 (PBES2) OIDs or under the PKCS#12 OIDs. So NSS does not support IDEA, but you should not get the key in pkcs #12 files on export. pk12util should return an error. Export with SHA-2 PBKDF2 and low iteration counts is tracked in bug 1462312. Issues with exporting using obsolete algorithms in tracked in bug 1462318. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1977 |