Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 1446786 - PKCS12: upgrade to at least AES and SHA2 (FIPS)
PKCS12: upgrade to at least AES and SHA2 (FIPS)
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.4
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Fraser Tweedale
Asha Akkiangady
Marc Muehlfeld
: ZStream
Depends On:
Blocks: 1490489 1490241 1490487
  Show dependency treegraph
 
Reported: 2017-04-28 18:05 EDT by Matthew Harmsen
Modified: 2018-04-10 12:59 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Certificate System can now create PKCS #12 files using PBES2 with PBKDF2 key derivation This update enhances Certificate System and adds support for AES encryption of private keys recovered from the Key Recovery Authority (KRA), when token-based key recovery is disabled. Specifically, when AES encryption is enabled, exported PKCS #12 files containing the recovered key uses the PKCS #5 version 2.0 Password-Based Cryptography Specification version 2 (PBES2) with Password-Based Key Derivation Function 2 (PBKDF2) key derivation and AES 128 encryption. Using PBES2 with PBKDF2 makes the files created by Certificate System more secure.
Story Points: ---
Clone Of:
: 1490241 1490487 (view as bug list)
Environment:
Last Closed: 2018-04-10 12:58:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0925 None None None 2018-04-10 12:59 EDT

  None (edit)
Description Matthew Harmsen 2017-04-28 18:05:47 EDT
This bug is created as a clone of upstream ticket:
https://pagure.io/dogtagpki/issue/2664

This bug should address upgrade of the crypto and hashing mechanisms
implementing PKCS12. It will involve JSS, and/or CS server, and/or client(s)
when the system is in FIPS mode.
Comment 2 Matthew Harmsen 2017-04-28 18:08:08 EDT
Hi Christina,

Ade has reviewed my PKCS #12 AES patches for CC effort (thanks Ade!)
We have one main area where we need your feedback (https://pagure.io/dogtagpki/issue/2610).

The KRA PKCS #12 recovery process for encrypted (cf. wrapped) keys
previously performed the encryption and assembled the
EncryptedPrivateKeyInfo structure in a rather "manual" way (~80
LOC). In my patch to convert this code path to use AES encrypted, I
take an alternative (and much fewer LOC) approach: importing the
private key to the internal key storage token, as a temporary
key, and then invoking the same routine as is used for the wrapped
key case.

Our question: is this fine to do when the system is in FIPS mode?
The assumption is that the internal crypto token is always available
and that it can do raw (unencrypted) private key import, and
wrapping private keys to a symmetric key, while in FIPS mode. We
just need to check this assumption.

The gerrit review of the patch involved is here:
https://review.gerrithub.io/#/c/359027/

Thanks,
Fraser
Comment 3 Christina Fu 2017-05-25 17:42:49 EDT
Fraser, I think in terms of security, that looks fine.  However, I do not know if in FIPS mode there would be an issue or not.  That's something you can try.  You could just turn on fips mode for the nss token without having to set the whole system in fips mode.
The code looks fine otherwise.
Comment 4 Christina Fu 2017-05-25 17:44:58 EDT
(In reply to Christina Fu from comment #3)
> Fraser, I think in terms of security, that looks fine.  However, I do not
> know if in FIPS mode there would be an issue or not.  That's something you
> can try.  You could just turn on fips mode for the nss token without having
> to set the whole system in fips mode.
> The code looks fine otherwise.

you can do it like this:
modutil -fips true -dbdir location-of-your-nss-database
then restart the server.
Comment 5 Fraser Tweedale 2017-06-02 02:14:59 EDT
OK, so the current patch DOES NOT work in FIPS mode :(

Hopefully it is something simple and will not require major rework.
Comment 6 Fraser Tweedale 2017-06-07 02:14:43 EDT
Reworked patch pushed to Gerrit for review:

  https://review.gerrithub.io/#/c/359027/

See also patches for NSS on which the updated Dogtag
patch depends:

  https://bugzilla.mozilla.org/show_bug.cgi?id=1370778
Comment 7 Fraser Tweedale 2017-09-09 02:00:13 EDT
Upstream JSS Check-ins:

cfu checked-in the following changes provided by ftweedal:

changeset:   2204:87dca07f7529
tag:         tip
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:56:04 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2203:b3b653faef84
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:53:36 2017 -0700
summary:     bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2202:0b8a6e84b6c7
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:50:21 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2201:d39e9b373798
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:32:32 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2200:890216599f21
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:21:22 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2199:bada1409d2bb
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:15:29 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -

changeset:   2198:3629b598a9ce
user:        Fraser Tweedale<ftweedale@redhat.com>
date:        Fri Sep 08 11:09:23 2017 -0700
summary:     Bug 1370778 PBE and padded block cipher enhancements and fixes -


Upstream pki check-in:

commit ae97f21bf8d2ec83a410127872dd196a46f9dbbd
Author: Fraser Tweedale <ftweedal@redhat.com>
Date:   Thu Apr 6 13:27:56 2017 +1000

    KRA: use AES in PKCS #12 recovery for encrypted keys
Comment 10 Roshni 2017-12-07 11:25:36 EST
[root@nocp1 pki-kra-Dec6]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.5.1
Release     : 4.el7
Architecture: noarch
Install Date: Thu 30 Nov 2017 10:10:20 AM EST
Group       : System Environment/Daemons
Size        : 2360514
License     : GPLv2
Signature   : RSA/SHA256, Tue 28 Nov 2017 10:33:09 PM EST, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-4.el7.src.rpm
Build Date  : Tue 28 Nov 2017 09:17:20 PM EST
Build Host  : ppc-035.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

Verification steps as explained in https://bugzilla.redhat.com/show_bug.cgi?id=1490487#c5
Comment 15 errata-xmlrpc 2018-04-10 12:58:29 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0925

Note You need to log in before you can comment on or make changes to this bug.