Address- Investigate and fix CA installation is failing in exporting …

…the admin certificate at pk12util command in FIPS mode. https://issues.redhat.com/browse/RHCS-5222 The fix to follow addresses the part of the above issue with respect to how PKI through JSS creates p12 files. This patch modifies the procedure to include higher rated algs for things such as the MAC of the entire PFX and the HMAC and possible algs allowed when creating the encrypted private key info blob to place in the private key safe bag. Currently we support our own version of PK11_ExportEncryptedPrivKeyInfoV2 that , to this point has served two purposes: 1. Allow us to use the new AES key wrap KWP algs. 2. In the case of fips mode, we have added a routine that moves a key between slots when needed, which doesn't currently work in the current nss routine. The fix implements changes that alows the routine to support the various AES_CBC enc algs as well as KWP. KWP is called by the pki kra when creating p12 files, if so configured to do so. Alternatively we have a pkcs12 related comand utility that specifies AES_256_CBC. The fix to JSS simply upgrades some defaults at this point. If we want to get more involved, we could also modify the cmd line tools to be able to specify the algs in question through params.
dogtagpki · Aug 7, 2024 · 3bd0dfc · 3bd0dfc
1 parent 2e9695e
commit 3bd0dfc
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 28 deletions.
diff --git a/base/src/main/java/org/mozilla/jss/pkcs12/PFX.java b/base/src/main/java/org/mozilla/jss/pkcs12/PFX.java
@@ -11,7 +11,9 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+
 import java.security.DigestException;
+import java.security.NoSuchAlgorithmException;
 
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NotInitializedException;
@@ -28,10 +30,12 @@
 import org.mozilla.jss.asn1.Tag;
 import org.mozilla.jss.crypto.JSSSecureRandom;
 import org.mozilla.jss.crypto.PBEAlgorithm;
+import org.mozilla.jss.crypto.DigestAlgorithm;
 import org.mozilla.jss.crypto.TokenException;
 import org.mozilla.jss.pkcs7.ContentInfo;
 import org.mozilla.jss.pkcs7.DigestInfo;
 import org.mozilla.jss.pkix.cert.Certificate;
+import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
 import org.mozilla.jss.pkix.primitive.Attribute;
 import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
 import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
@@ -211,11 +215,14 @@ public PFX( AuthenticatedSafes authSafes ) {
      */
     public void computeMacData(Password password,
             byte[] salt, int iterationCount)
-        throws NotInitializedException, DigestException,
+        throws NotInitializedException, DigestException,NoSuchAlgorithmException,
         TokenException, CharConversionException
     {
+
+        //Make this alg the default mac alg.
+        AlgorithmIdentifier algID = new AlgorithmIdentifier(DigestAlgorithm.SHA256.toOID());
         macData = new MacData( password, salt, iterationCount,
-                ASN1Util.encode(authSafes) );
+                ASN1Util.encode(authSafes), algID );
     }
 
 

diff --git a/native/src/main/native/org/mozilla/jss/pkcs11/PK11Store.c b/native/src/main/native/org/mozilla/jss/pkcs11/PK11Store.c
@@ -794,28 +794,22 @@ Java_org_mozilla_jss_pkcs11_PK11Store_getEncryptedPrivateKeyInfo(
         goto finish;
     }
 
-    // export the epki
-    epki = PK11_ExportEncryptedPrivKeyInfo(
-        slot, algTag, pwItem, privk, iterations, NULL /*wincx*/);
-    if (epki == NULL) {
-	    //try our own version for the new AES KWP algs.
-
-	epki = JSS_ExportEncryptedPrivKeyInfoV2(
+    // Call our JSS version of the  newer V2 version of PK11_ExportEncryptedPrivateKeyInfoV2
+    epki = JSS_ExportEncryptedPrivKeyInfoV2(
                    slot,
-        algTag,     /* PBE algorithm to encrypt the  key with */
-        SEC_OID_UNKNOWN,     /* Encryption algorithm to Encrypt the key with */
-        SEC_OID_UNKNOWN,     /* Hash algorithm for PRF */
-        pwItem,      /* password for PBE encryption */
-        privk, /* encrypt this private key */
-        iterations,        /* interations for PBE alg */
-        NULL);
-
-	if(epki == NULL) {
-            JSS_throwMsgPrErr(
+       algTag,     /* PBE algorithm to encrypt the  key with */
+       SEC_OID_UNKNOWN,     /* Encryption algorithm to Encrypt the key with */
+       SEC_OID_HMAC_SHA256, /* Hash algorithm for PRF, make this upgraded to SHA256, we can make configurable in future. */
+       pwItem,      /* password for PBE encryption */
+       privk, /* encrypt this private key */
+       iterations,        /* interations for PBE alg */
+       NULL);
+
+    if(epki == NULL) {
+        JSS_throwMsgPrErr(
                 env, TOKEN_EXCEPTION, "Failed to export EncryptedPrivateKeyInfo");
             goto finish;
 	}
-    }
 
     // DER-encode the epki
     if (SEC_ASN1EncodeItem(NULL, &epkiItem, epki,

diff --git a/native/src/main/native/org/mozilla/jss/util/jssutil.c b/native/src/main/native/org/mozilla/jss/util/jssutil.c
@@ -945,7 +945,9 @@ JSS_ExportEncryptedPrivKeyInfoV2(
     SECKEYEncryptedPrivateKeyInfo *epki = NULL;
     PLArenaPool *arena = NULL;
     SECAlgorithmID *algid;
-    SECOidTag pbeAlgTag = SEC_OID_UNKNOWN;
+    // Make this alg set to what the routine sec_pkcs5CreateAlgorithmID sets it to.
+    // From here we can't get to this lower level routine, using PK11_CreatePBEV2AlgorithmID.
+    SECOidTag pbeAlgTag = SEC_OID_PKCS5_PBKDF2;
     SECItem *crypto_param = NULL;
     PK11SymKey *key = NULL;
     PK11SymKey *finalKey = NULL;
@@ -955,7 +957,6 @@ JSS_ExportEncryptedPrivKeyInfoV2(
     CK_MECHANISM_TYPE pbeMechType;
     CK_MECHANISM_TYPE cryptoMechType;
     CK_MECHANISM cryptoMech;
-    SECItem *iv = NULL;
 
     if (!pwitem || !pk) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -964,6 +965,7 @@ JSS_ExportEncryptedPrivKeyInfoV2(
 
     algid = PK11_CreatePBEV2AlgorithmID(pbeAlg, encAlg, prfAlg,
                                         0,iteration , NULL);
+
     if (algid == NULL) {
         return NULL;
     }
@@ -986,6 +988,7 @@ JSS_ExportEncryptedPrivKeyInfoV2(
      * pbe key gen, generate the key in the private key slot so we don't have
      * to move it later */
     pbeMechType = PK11_AlgtagToMechanism(pbeAlgTag);
+
     if (slot != pk->pkcs11Slot) {
         if (PK11_DoesMechanism(pk->pkcs11Slot, pbeMechType)) {
             slot = pk->pkcs11Slot;
@@ -1000,12 +1003,14 @@ JSS_ExportEncryptedPrivKeyInfoV2(
     }
 
     cryptoMechType = PK11_GetPBECryptoMechanism(algid, &crypto_param, pwitem);
+
     if (cryptoMechType == CKM_INVALID_MECHANISM) {
         rv = SECFailure;
         goto loser;
     }
 
     cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType);
+
     cryptoMech.pParameter = crypto_param ? crypto_param->data : NULL;
     cryptoMech.ulParameterLen = crypto_param ? crypto_param->len : 0;
 
@@ -1050,26 +1055,52 @@ JSS_ExportEncryptedPrivKeyInfoV2(
      * pkcs8/pkcs5.
      */
 
-    /* Allocate  a large buffer to make sure we can fit the wrapped key */
-    encBufLen = 16384;
+    encBufLen = 0;
+
+    epki->encryptedData.data = NULL;
+    epki->encryptedData.len = 0; // Just get the len we need
+
+    // Modify behavior for KWP since NULL is not returned for crypto_param
+    // from PK11_GetPBECryptoMechanism. It returns some default 8 byte iv, which is incorrect.
+    int isKeyWrapKWP = 0;
+    if(cryptoMech.mechanism == CKM_AES_KEY_WRAP_KWP) {
+        isKeyWrapKWP = 1;
+    }
+
+    //First call to get get the size.
+    crv = PK11_WrapPrivKey(pk->pkcs11Slot,  finalKey,
+                            pk,  cryptoMech.mechanism,
+                            isKeyWrapKWP ? NULL : crypto_param,  &epki->encryptedData, NULL);
 
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+     }
+
+    // If KWP increase buffer size by 8
+    // The size value from the first PK11_WrapPrivKey does not account for AES_BLOCK_SIZE
+
+    if(isKeyWrapKWP) {
+      epki->encryptedData.len  += 8;
+    }
+
+    encBufLen = epki->encryptedData.len;
     epki->encryptedData.data = PORT_ArenaAlloc(arena, encBufLen);
+
     if (!epki->encryptedData.data) {
         rv = SECFailure;
         goto loser;
     }
-    epki->encryptedData.len = (unsigned int)encBufLen;
 
     if (!epki->encryptedData.len) {
         rv = SECFailure;
         goto loser;
     }
 
     crv = PK11_WrapPrivKey(pk->pkcs11Slot,  finalKey,
-                            pk,  cryptoMechType,
-                           iv,  &epki->encryptedData, NULL);
+                            pk,  cryptoMech.mechanism,
+                            isKeyWrapKWP ? NULL : crypto_param,  &epki->encryptedData, NULL);
 
-  /*  crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, NULL, &encBufLen); */
     if (crv != CKR_OK) {
         rv = SECFailure;
         goto loser;