Closed Bug 1694689 Opened 4 years ago Closed 4 years ago

Firefox should use optionally allow the use of modern algorithms in PKCS#12 files by default

Categories

(Core :: Security: PSM, task, P5)

Product:
Core
Component:
Security: PSM
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
91 Branch
Tracking Flags:
Tracking Status
firefox91 --- fixed

People

(Reporter: jhorak, Assigned: jhorak)

References

Details

Attachments

(3 files, 1 obsolete file)

pkcs12-aes3.patch
5.60 KB, patch
rrelyea
: feedback+
Details | Diff | Splinter Review
Bug 1694689 Add userpref to use AES-128-CBC and AES_256_CBC for the exported certificates; r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1694689 Use own implementation of NSS ASCIIConversionFunction to allow passing passwords in utf8; r=keeler
48 bytes, text/x-phabricator-request
Details | Review

[Kind of lost about component, please check if you know more]
I was asked to implement the usage of newer encryption methods for the PKCS#12 export to file:
https://bugzilla.redhat.com/show_bug.cgi?id=1764205

From the report: The file should use AES-128-CBC with PBKDF2 and SHA-256.

Reproduction:

  1. Preferences/View certificates/Your Certificates/Backup...

Expected to get similar ouput:

$ openssl pkcs12 -passin pass: -passout pass: -in exported_cert.p12 -out /dev/null -info -noout
MAC: sha256, Iteration 600000
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-128-CBC, Iteration 600000, PRF hmacWithSHA256
Certificate bag
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-128-CBC, Iteration 600000, PRF hmacWithSHA256

AFAICT this lives in nsPKCS12Blob::ExportToFile in security/manager/ssl/nsPKCS12Blob.cpp

Assignee: bwilson → nobody
Component: CA Certificate Compliance → Security: PSM
Product: NSS → Core
QA Contact: bwilson
Version: trunk → unspecified
Assignee: nobody → bbeurdouche
Severity: -- → N/A
Status: NEW → ASSIGNED
Priority: -- → P5

Note: There are interop concerns with other products regarding changing the default. That doesn't mean it shouldn't be done, but is something to be aware of and communicate intentionality.

e.g. Windows intentionally calls it "not backwards compatible" (because it generally doesn't work pre-Win 10), as covered at https://twitter.com/rmhrisk/status/1115029625296416769 and https://unmitigatedrisk.com/?p=543

It should be done slowly, but AES has been supported for a while now. We should check with several existing uses to make sure they work. We doe need to start moving off of older algorithms, though.

bob

Adding functional patch for feedback, do you think it's ready for review?

Attachment #9211036 - Flags: feedback?(rrelyea)

It looks good, the only thing I would do would check the firefox sources and see where they may already be calling SEC_PKCS12EnableCipher. It might be in the prefs system. I'm pretty sure they must already be calling it, otherwise importing 3DES encrypted keys would fail.

Comment on attachment 9211036 [details] [diff] [review] pkcs12-aes3.patch Review of attachment 9211036 [details] [diff] [review]: ----------------------------------------------------------------- feedback was given in comment 5, clearing the feedback flag.
Attachment #9211036 - Flags: feedback?(rrelyea) → feedback+

Hm, it seems that SEC_PKCS12EnableCipher is no longer needed for the nightly: https://searchfox.org/mozilla-central/source/security/manager/ssl/nsNSSComponent.cpp#2735. So it seems that the changes for import is not needed on nightly. For ESR I need to do that change: https://searchfox.org/mozilla-esr78/source/security/manager/ssl/nsNSSComponent.cpp#2634

Dana, could you please give some feedback to: https://phabricator.services.mozilla.com/D110220#3615919 and Bob's comment. Thanks.

Flags: needinfo?(dkeeler)

Responded in phabricator.

Flags: needinfo?(dkeeler)
Assignee: bbeurdouche → nobody
Status: ASSIGNED → NEW

Set the 'security.pki.export-cert-with-new-crypto' preference to true if user wants to backup
own certificates to the file using AES-128-CBC and SHA-256 algorithms.

Assignee: nobody → jhorak
Status: NEW → ASSIGNED
Attachment #9212447 - Attachment is obsolete: true
Attachment #9226311 - Attachment description: Bug 1694689 Use own implementation of NSS ASCIIConversionFunction to allow passing passwors in utf8; r=keeler → Bug 1694689 Use own implementation of NSS ASCIIConversionFunction to allow passing passwords in utf8; r=keeler
Attachment #9224788 - Attachment description: Bug 1694689 Use AES-128-CBC with PBKDF2 and SHA-256 for the exported certificates; r=rrelyea → Bug 1694689 Add userpref to use AES-128-CBC and AES_256_CBC for the exported certificates; r=keeler
Pushed by archaeopteryx@coole-files.de: https://hg.mozilla.org/integration/autoland/rev/2c342d57939b Add userpref to use AES-128-CBC and AES_256_CBC for the exported certificates; r=keeler https://hg.mozilla.org/integration/autoland/rev/b37e735f374f Use own implementation of NSS ASCIIConversionFunction to allow passing passwords in utf8; r=keeler

https://hg.mozilla.org/mozilla-central/rev/2c342d57939b
https://hg.mozilla.org/mozilla-central/rev/b37e735f374f

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox91: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
Duplicate of this bug: 1900468

The work here didn't change the default, but introduced the option to use modern algorithms.

I want to change the bug subject to reflect that, and will file a separate bug to request changing the default.

Summary: Firefox should use modern algorithms in PKCS#12 files by default → Firefox should use optionally allow the use of modern algorithms in PKCS#12 files by default
Blocks: 1900619
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: