From b16956b856e9bb8ffa8d2cd356f4120b36ebe6e9 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 6 Apr 2017 13:27:56 +1000
Subject: [PATCH] KRA: use AES in PKCS #12 recovery for encrypted keys
The KRA has two private key recovery code paths: one dealing with
keys wrapped to the storage key, and one dealing with symmetrically
encrypted keys. Each has a separate function for constructing a
PKCS #12 file for the recovered key.
This commit updates the PKCS #12 generation for encrypted keys to
use AES encryption. From the KRA recovery process we start with a
byte[] of PrivateKeyInfo. The previous procedure used
EncryptedPrivateKeyInfo.createPBE(), the encryption algorithm being
PBEAlgorithm.PBE_SHA1_DES3_CBC. This commit changes the procedure
to use AES, using the new EncryptedPrivateKeyInfo.createPBES2() JSS
method and AES_128_CBC_PAD.
The old codepath is retained and selected by the kra.legacyPKCS12
CMS config. It is needed if the token/HSM does not support the
CKM_PKCS5_PBKD2 PKCS #11 mechanism.
Fixes: https://pagure.io/dogtagpki/issue/2664
Change-Id: Ie292147caab357679b2be5cf3b6cd739e5bed8e0
(cherry picked from commit ae97f21bf8d2ec83a410127872dd196a46f9dbbd)
---
base/kra/src/com/netscape/kra/RecoveryService.java | 24 +++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
index 023eb8093..a7d639208 100644
--- a/base/kra/src/com/netscape/kra/RecoveryService.java
+++ b/base/kra/src/com/netscape/kra/RecoveryService.java
@@ -648,18 +648,36 @@ public class RecoveryService implements IService {
SEQUENCE safeContents = new SEQUENCE();
PasswordConverter passConverter = new
PasswordConverter();
- byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
PrivateKeyInfo pki = (PrivateKeyInfo)
ASN1Util.decode(PrivateKeyInfo.getTemplate(),
priData);
- ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
+ EncryptedPrivateKeyInfo epki = null;
+
+ boolean legacyP12 =
+ CMS.getConfigStore().getBoolean("kra.legacyPKCS12", true);
+
+ if (legacyP12) {
+ /* legacy mode may be required e.g. when token/HSM
+ * does not support CKM_PKCS5_PBKD2 mechanism */
+ byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
+ epki = EncryptedPrivateKeyInfo.createPBE(
PBEAlgorithm.PBE_SHA1_DES3_CBC,
pass, salt, 1, passConverter, pki);
+ } else {
+ epki = EncryptedPrivateKeyInfo.createPBES2(
+ 16, // saltLen
+ 2000, // kdfIterations
+ EncryptionAlgorithm.AES_128_CBC_PAD,
+ pass,
+ passConverter,
+ pki);
+ }
+
SET keyAttrs = createBagAttrs(
x509cert.getSubjectDN().toString(),
localKeyId);
SafeBag keyBag = new SafeBag(
- SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
+ SafeBag.PKCS8_SHROUDED_KEY_BAG, epki,
keyAttrs); // ??
safeContents.addElement(keyBag);
--
2.13.5