From b16956b856e9bb8ffa8d2cd356f4120b36ebe6e9 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 6 Apr 2017 13:27:56 +1000
Subject: [PATCH] KRA: use AES in PKCS #12 recovery for encrypted keys

The KRA has two private key recovery code paths: one dealing with
keys wrapped to the storage key, and one dealing with symmetrically
encrypted keys.  Each has a separate function for constructing a
PKCS #12 file for the recovered key.

This commit updates the PKCS #12 generation for encrypted keys to
use AES encryption.  From the KRA recovery process we start with a
byte[] of PrivateKeyInfo.  The previous procedure used
EncryptedPrivateKeyInfo.createPBE(), the encryption algorithm being
PBEAlgorithm.PBE_SHA1_DES3_CBC.  This commit changes the procedure
to use AES, using the new EncryptedPrivateKeyInfo.createPBES2() JSS
method and AES_128_CBC_PAD.

The old codepath is retained and selected by the kra.legacyPKCS12
CMS config.  It is needed if the token/HSM does not support the
CKM_PKCS5_PBKD2 PKCS #11 mechanism.

Fixes: https://pagure.io/dogtagpki/issue/2664

Change-Id: Ie292147caab357679b2be5cf3b6cd739e5bed8e0
(cherry picked from commit ae97f21bf8d2ec83a410127872dd196a46f9dbbd)
---
 base/kra/src/com/netscape/kra/RecoveryService.java | 24 +++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
index 023eb8093..a7d639208 100644
--- a/base/kra/src/com/netscape/kra/RecoveryService.java
+++ b/base/kra/src/com/netscape/kra/RecoveryService.java
@@ -648,18 +648,36 @@ public class RecoveryService implements IService {
             SEQUENCE safeContents = new SEQUENCE();
             PasswordConverter passConverter = new
                     PasswordConverter();
-            byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
             PrivateKeyInfo pki = (PrivateKeyInfo)
                     ASN1Util.decode(PrivateKeyInfo.getTemplate(),
                             priData);
-            ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
+            EncryptedPrivateKeyInfo epki = null;
+
+            boolean legacyP12 =
+                CMS.getConfigStore().getBoolean("kra.legacyPKCS12", true);
+
+            if (legacyP12) {
+                /* legacy mode may be required e.g. when token/HSM
+                 * does not support CKM_PKCS5_PBKD2 mechanism */
+                byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
+                epki = EncryptedPrivateKeyInfo.createPBE(
                     PBEAlgorithm.PBE_SHA1_DES3_CBC,
                     pass, salt, 1, passConverter, pki);
+            } else {
+                epki = EncryptedPrivateKeyInfo.createPBES2(
+                    16, // saltLen
+                    2000, // kdfIterations
+                    EncryptionAlgorithm.AES_128_CBC_PAD,
+                    pass,
+                    passConverter,
+                    pki);
+            }
+
             SET keyAttrs = createBagAttrs(
                     x509cert.getSubjectDN().toString(),
                     localKeyId);
             SafeBag keyBag = new SafeBag(
-                    SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
+                    SafeBag.PKCS8_SHROUDED_KEY_BAG, epki,
                     keyAttrs); // ??
 
             safeContents.addElement(keyBag);
-- 
2.13.5