|
 |
92a605 |
From b16956b856e9bb8ffa8d2cd356f4120b36ebe6e9 Mon Sep 17 00:00:00 2001
|
|
|
92a605 |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
92a605 |
Date: Thu, 6 Apr 2017 13:27:56 +1000
|
|
|
92a605 |
Subject: [PATCH] KRA: use AES in PKCS #12 recovery for encrypted keys
|
|
|
92a605 |
|
|
|
92a605 |
The KRA has two private key recovery code paths: one dealing with
|
|
|
92a605 |
keys wrapped to the storage key, and one dealing with symmetrically
|
|
|
92a605 |
encrypted keys. Each has a separate function for constructing a
|
|
|
92a605 |
PKCS #12 file for the recovered key.
|
|
|
92a605 |
|
|
|
92a605 |
This commit updates the PKCS #12 generation for encrypted keys to
|
|
|
92a605 |
use AES encryption. From the KRA recovery process we start with a
|
|
|
92a605 |
byte[] of PrivateKeyInfo. The previous procedure used
|
|
|
92a605 |
EncryptedPrivateKeyInfo.createPBE(), the encryption algorithm being
|
|
|
92a605 |
PBEAlgorithm.PBE_SHA1_DES3_CBC. This commit changes the procedure
|
|
|
92a605 |
to use AES, using the new EncryptedPrivateKeyInfo.createPBES2() JSS
|
|
|
92a605 |
method and AES_128_CBC_PAD.
|
|
|
92a605 |
|
|
|
92a605 |
The old codepath is retained and selected by the kra.legacyPKCS12
|
|
|
92a605 |
CMS config. It is needed if the token/HSM does not support the
|
|
|
92a605 |
CKM_PKCS5_PBKD2 PKCS #11 mechanism.
|
|
|
92a605 |
|
|
|
92a605 |
Fixes: https://pagure.io/dogtagpki/issue/2664
|
|
|
92a605 |
|
|
|
92a605 |
Change-Id: Ie292147caab357679b2be5cf3b6cd739e5bed8e0
|
|
|
92a605 |
(cherry picked from commit ae97f21bf8d2ec83a410127872dd196a46f9dbbd)
|
|
|
92a605 |
---
|
|
|
92a605 |
base/kra/src/com/netscape/kra/RecoveryService.java | 24 +++++++++++++++++++---
|
|
|
92a605 |
1 file changed, 21 insertions(+), 3 deletions(-)
|
|
|
92a605 |
|
|
|
92a605 |
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
|
|
|
92a605 |
index 023eb8093..a7d639208 100644
|
|
|
92a605 |
--- a/base/kra/src/com/netscape/kra/RecoveryService.java
|
|
|
92a605 |
+++ b/base/kra/src/com/netscape/kra/RecoveryService.java
|
|
|
92a605 |
@@ -648,18 +648,36 @@ public class RecoveryService implements IService {
|
|
|
92a605 |
SEQUENCE safeContents = new SEQUENCE();
|
|
|
92a605 |
PasswordConverter passConverter = new
|
|
|
92a605 |
PasswordConverter();
|
|
|
92a605 |
- byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
|
|
|
92a605 |
PrivateKeyInfo pki = (PrivateKeyInfo)
|
|
|
92a605 |
ASN1Util.decode(PrivateKeyInfo.getTemplate(),
|
|
|
92a605 |
priData);
|
|
|
92a605 |
- ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
|
|
|
92a605 |
+ EncryptedPrivateKeyInfo epki = null;
|
|
|
92a605 |
+
|
|
|
92a605 |
+ boolean legacyP12 =
|
|
|
92a605 |
+ CMS.getConfigStore().getBoolean("kra.legacyPKCS12", true);
|
|
|
92a605 |
+
|
|
|
92a605 |
+ if (legacyP12) {
|
|
|
92a605 |
+ /* legacy mode may be required e.g. when token/HSM
|
|
|
92a605 |
+ * does not support CKM_PKCS5_PBKD2 mechanism */
|
|
|
92a605 |
+ byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
|
|
|
92a605 |
+ epki = EncryptedPrivateKeyInfo.createPBE(
|
|
|
92a605 |
PBEAlgorithm.PBE_SHA1_DES3_CBC,
|
|
|
92a605 |
pass, salt, 1, passConverter, pki);
|
|
|
92a605 |
+ } else {
|
|
|
92a605 |
+ epki = EncryptedPrivateKeyInfo.createPBES2(
|
|
|
92a605 |
+ 16, // saltLen
|
|
|
92a605 |
+ 2000, // kdfIterations
|
|
|
92a605 |
+ EncryptionAlgorithm.AES_128_CBC_PAD,
|
|
|
92a605 |
+ pass,
|
|
|
92a605 |
+ passConverter,
|
|
|
92a605 |
+ pki);
|
|
|
92a605 |
+ }
|
|
|
92a605 |
+
|
|
|
92a605 |
SET keyAttrs = createBagAttrs(
|
|
|
92a605 |
x509cert.getSubjectDN().toString(),
|
|
|
92a605 |
localKeyId);
|
|
|
92a605 |
SafeBag keyBag = new SafeBag(
|
|
|
92a605 |
- SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
|
|
|
92a605 |
+ SafeBag.PKCS8_SHROUDED_KEY_BAG, epki,
|
|
|
92a605 |
keyAttrs); // ??
|
|
|
92a605 |
|
|
|
92a605 |
safeContents.addElement(keyBag);
|
|
|
92a605 |
--
|
|
|
92a605 |
2.13.5
|
|
|
92a605 |
|