KRA: use AES in PKCS #12 recovery for wrapped keys

The KRA has two private key recovery code paths: one dealing with keys wrapped to the storage key, and one dealing with symmetrically encrypted keys. Each has a separate function for constructing a PKCS #12 file for the recovered key. This commit updates the PKCS #12 generation for wrapped keys to use AES encryption. The JSS PBE facility is not expressive enough to handle PBES2 encryption, which is necessary for many algorithms including AES, so we now use CryptoStore.getEncryptedPrivateKeyInfo. Part of: https://pagure.io/dogtagpki/issue/2610 Change-Id: Iba67f15642338316e4a6d09f78504327e8853b85 (cherry picked from commit 8e663b6)
dogtagpki · Apr 30, 2017 · 012718d · 012718d
1 parent 118f648
commit 012718d
Showing 1 changed file with 13 additions and 11 deletions.
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
@@ -31,13 +31,15 @@
 
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.asn1.ASN1Util;
+import org.mozilla.jss.asn1.ANY;
 import org.mozilla.jss.asn1.ASN1Value;
 import org.mozilla.jss.asn1.BMPString;
 import org.mozilla.jss.asn1.OCTET_STRING;
 import org.mozilla.jss.asn1.SEQUENCE;
 import org.mozilla.jss.asn1.SET;
 import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.crypto.PBEAlgorithm;
+import org.mozilla.jss.crypto.EncryptionAlgorithm;
 import org.mozilla.jss.crypto.PrivateKey;
 import org.mozilla.jss.pkcs12.AuthenticatedSafes;
 import org.mozilla.jss.pkcs12.CertBag;
@@ -484,20 +486,20 @@ public void createPFX(IRequest request, Hashtable<String, Object> params,
             SEQUENCE safeContents = new SEQUENCE();
             PasswordConverter passConverter = new
                     PasswordConverter();
-            Random ran = new SecureRandom();
-            byte[] salt = new byte[20];
-            ran.nextBytes(salt);
 
-            ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-                    PBEAlgorithm.PBE_SHA1_DES3_CBC,
-                    pass, salt, 1, passConverter, priKey, ct);
-            CMS.debug("RecoverService: createPFX() EncryptedPrivateKeyInfo.createPBE() returned");
-            if (key == null) {
-                CMS.debug("RecoverService: createPFX() key null");
-                throw new EBaseException("EncryptedPrivateKeyInfo.createPBE() failed");
+            byte[] epkiBytes = ct.getCryptoStore().getEncryptedPrivateKeyInfo(
+                /* NSS has a bug that causes any AES CBC encryption
+                 * to use AES-256, but AlgorithmID contains chosen
+                 * alg.  To avoid mismatch, use AES_256_CBC. */
+                passConverter, pass, EncryptionAlgorithm.AES_256_CBC, 0, priKey);
+            CMS.debug("RecoverService: createPFX() getEncryptedPrivateKeyInfo() returned");
+            if (epkiBytes == null) {
+                CMS.debug("RecoverService: createPFX() epkiBytes null");
+                throw new EBaseException("getEncryptedPrivateKeyInfo returned null");
             } else {
-                CMS.debug("RecoverService: createPFX() key not null");
+                CMS.debug("RecoverService: createPFX() epkiBytes not null");
             }
+            ASN1Value key = new ANY(epkiBytes);
 
             SET keyAttrs = createBagAttrs(
                     x509cert.getSubjectDN().toString(),