forked from pool/s390-tools
Accepting request 970173 from home:markkp:branches:Base:System
- Added the following patches for bsc#1198285: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch The certificate verification of check_hostkeydoc is too strict and doesn't match the checking performed by genprotimg. - Added the following patch for bsc#1198284: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch When re-enciphering the identity key and/or wrapping key of the zkey KMIP plugin via 'zkey kms reencipher', the operation completes without an error, but the secure keys are left un-reenciphered. OBS-URL: https://build.opensuse.org/request/show/970173 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=131
This commit is contained in:
parent
d545b2adf4
commit
efbf0ee8b4
@ -0,0 +1,271 @@
|
|||||||
|
Subject: [PATCH] [BZ 197604] genprotimg: remove DigiCert root CA pinning
|
||||||
|
From: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||||
|
|
||||||
|
Description: genprotimg/check_hostkeydoc: cert. verification is too strict
|
||||||
|
Symptom: Verification failures will occur for newer host key documents
|
||||||
|
Problem: The certificate verification of check_hostkeydoc is too strict
|
||||||
|
and doesn't match the checking performed by genprotimg. This
|
||||||
|
applies to the OU field in the issuer DN of the host key
|
||||||
|
document. As a consequence verification failures will occur for
|
||||||
|
host key documents issued for hardware generations newer than
|
||||||
|
IBM z15.
|
||||||
|
|
||||||
|
DigiCert is the CA issuing the signing certificate for Secure
|
||||||
|
Execution host key documents. This certificate is used for the
|
||||||
|
verification of the host key document validity. Recently,
|
||||||
|
DigiCert has changed the root CA certificate used for issuance
|
||||||
|
of the signing certificates. As genprotimg is checking the CA
|
||||||
|
serial, the verification of the chain of trust will fail. As a
|
||||||
|
workaround, it is possible to disable certificate verification,
|
||||||
|
but this is not recommended because it makes it easier to
|
||||||
|
provide a fake host key document. Since the previously issued
|
||||||
|
host key documents are expiring in April 2022, it is necessary
|
||||||
|
to fix genprotimg to accept the newly issued host key
|
||||||
|
documents.
|
||||||
|
Solution: Relax the certificate verification
|
||||||
|
Reproduction: Use a new host key document
|
||||||
|
Upstream-ID: 78b053326c504c0535b5ec1c244ad7bb5a1df29d
|
||||||
|
Problem-ID: 197604
|
||||||
|
|
||||||
|
Upstream-Description:
|
||||||
|
|
||||||
|
genprotimg: remove DigiCert root CA pinning
|
||||||
|
|
||||||
|
Remove the DigiCert root CA pinning. The root CA used for the chain of trust can
|
||||||
|
change in the future therefore let's remove this check. If someone wants to
|
||||||
|
enforce the usage of a specific root CA it can be selected by the genprotimg
|
||||||
|
command line option `--root-ca $CA`. Make it transparent to the user which root
|
||||||
|
CA is actually being used by printing the subject name of the root CA to stdout
|
||||||
|
in verbose mode.
|
||||||
|
|
||||||
|
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||||
|
Acked-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
||||||
|
Reviewed-and-tested-by: Nico Boehr <nrb@linux.ibm.com>
|
||||||
|
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||||||
|
|
||||||
|
|
||||||
|
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||||
|
Index: s390-tools-service/genprotimg/man/genprotimg.8
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/man/genprotimg.8
|
||||||
|
+++ s390-tools-service/genprotimg/man/genprotimg.8
|
||||||
|
@@ -87,7 +87,7 @@ CRLs. Optional.
|
||||||
|
.TP
|
||||||
|
\fB\-\-root\-ca\fR=\fI\,FILE\/\fR
|
||||||
|
Specifies the root CA certificate for the verification. If omitted,
|
||||||
|
-the DigiCert root CA certificate installed on the system is used. Use
|
||||||
|
+the system wide root CAs installed on the system is used. Use
|
||||||
|
this only if you trust the specified certificate. Optional.
|
||||||
|
.TP
|
||||||
|
\fB\-\-no-verify\fR
|
||||||
|
Index: s390-tools-service/genprotimg/src/include/pv_crypto_def.h
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/src/include/pv_crypto_def.h
|
||||||
|
+++ s390-tools-service/genprotimg/src/include/pv_crypto_def.h
|
||||||
|
@@ -29,9 +29,6 @@
|
||||||
|
*/
|
||||||
|
#define PV_CERTS_SECURITY_LEVEL 2
|
||||||
|
|
||||||
|
-/* SKID for DigiCert Assured ID Root CA */
|
||||||
|
-#define DIGICERT_ASSURED_ID_ROOT_CA_SKID "45EBA2AFF492CB82312D518BA7A7219DF36DC80F"
|
||||||
|
-
|
||||||
|
union ecdh_pub_key {
|
||||||
|
struct {
|
||||||
|
uint8_t x[80];
|
||||||
|
Index: s390-tools-service/genprotimg/src/pv/pv_args.c
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/src/pv/pv_args.c
|
||||||
|
+++ s390-tools-service/genprotimg/src/pv/pv_args.c
|
||||||
|
@@ -111,7 +111,7 @@ static gint pv_args_validate_options(PvA
|
||||||
|
g_strv_length(args->untrusted_cert_paths) == 0)) {
|
||||||
|
g_set_error(
|
||||||
|
err, PV_PARSE_ERROR, PR_PARSE_ERROR_MISSING_ARGUMENT,
|
||||||
|
- _("Either specify the IBM Z signing key and (DigiCert) intermediate CA certificate\n"
|
||||||
|
+ _("Either specify the IBM Z signing key and intermediate CA certificate\n"
|
||||||
|
"by using the '--cert' option, or use the '--no-verify' flag to disable the\n"
|
||||||
|
"host-key document verification completely (at your own risk)."));
|
||||||
|
return -1;
|
||||||
|
Index: s390-tools-service/genprotimg/src/pv/pv_image.c
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/src/pv/pv_image.c
|
||||||
|
+++ s390-tools-service/genprotimg/src/pv/pv_image.c
|
||||||
|
@@ -304,9 +304,10 @@ static gint pv_img_hostkey_verify(GSList
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Load all untrusted certificates (e.g. IBM Z signing key and
|
||||||
|
- * DigiCert intermediate CA) that are required to establish a chain of
|
||||||
|
- * trust starting from the host-key document up to the root CA (if not
|
||||||
|
- * otherwise specified that's the DigiCert Assured ID Root CA).
|
||||||
|
+ * intermediate CA) that are required to establish a chain of trust
|
||||||
|
+ * starting from the host-key document up to the root CA (if not
|
||||||
|
+ * otherwise specified that can be one of the system wide installed
|
||||||
|
+ * root CAs, e.g. DigiCert).
|
||||||
|
*/
|
||||||
|
untrusted_certs_with_path = load_certificates(untrusted_cert_paths, err);
|
||||||
|
if (!untrusted_certs_with_path)
|
||||||
|
@@ -341,9 +342,8 @@ static gint pv_img_hostkey_verify(GSList
|
||||||
|
* For this we must check:
|
||||||
|
*
|
||||||
|
* 1. Can a chain of trust be established ending in a root CA
|
||||||
|
- * 2. Is the correct root CA ued? It has either to be the
|
||||||
|
- * 'DigiCert Assured ID Root CA' or the root CA specified via
|
||||||
|
- * command line.
|
||||||
|
+ * 2. Is the correct root CA used? It has either to be a system CA
|
||||||
|
+ * or the root CA specified via command line.
|
||||||
|
*/
|
||||||
|
for (gint i = 0; i < sk_X509_num(ibm_signing_certs); ++i) {
|
||||||
|
X509 *ibm_signing_cert = sk_X509_value(ibm_signing_certs, i);
|
||||||
|
@@ -364,17 +364,12 @@ static gint pv_img_hostkey_verify(GSList
|
||||||
|
if (verify_cert(ibm_signing_cert, ctx, err) < 0)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
- /* Verify the build chain of trust chain. If the user passes a
|
||||||
|
- * trusted root CA on the command line then the check for the
|
||||||
|
- * Subject Key Identifier (SKID) is skipped, otherwise let's
|
||||||
|
- * check if the SKID meets our expectation.
|
||||||
|
+ /* If there is a chain of trust using either the provided root
|
||||||
|
+ * CA on the command line or a system wide trusted root CA.
|
||||||
|
*/
|
||||||
|
- if (!root_ca_path &&
|
||||||
|
- check_chain_parameters(X509_STORE_CTX_get0_chain(ctx),
|
||||||
|
- get_digicert_assured_id_root_ca_skid(),
|
||||||
|
- err) < 0) {
|
||||||
|
+ if (check_chain_parameters(X509_STORE_CTX_get0_chain(ctx),
|
||||||
|
+ err) < 0)
|
||||||
|
goto error;
|
||||||
|
- }
|
||||||
|
|
||||||
|
ibm_signing_crls = store_ctx_find_valid_crls(ctx, ibm_signing_cert, err);
|
||||||
|
if (!ibm_signing_crls) {
|
||||||
|
@@ -588,7 +583,7 @@ PvImage *pv_img_new(PvArgs *args, const
|
||||||
|
g_warning(_("host-key document verification is disabled. Your workload is not secured."));
|
||||||
|
|
||||||
|
if (args->root_ca_path)
|
||||||
|
- g_warning(_("A different root CA than the default DigiCert root CA is selected. Ensure that this root CA is trusted."));
|
||||||
|
+ g_warning(_("The root CA is selected through the command line. Ensure that this root CA is trusted."));
|
||||||
|
|
||||||
|
ret->comps = pv_img_comps_new(EVP_sha512(), EVP_sha512(), EVP_sha512(), err);
|
||||||
|
if (!ret->comps)
|
||||||
|
Index: s390-tools-service/genprotimg/src/utils/crypto.c
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/src/utils/crypto.c
|
||||||
|
+++ s390-tools-service/genprotimg/src/utils/crypto.c
|
||||||
|
@@ -1079,8 +1079,8 @@ int store_set_verify_param(X509_STORE *s
|
||||||
|
g_abort();
|
||||||
|
|
||||||
|
/* The maximum depth level of the chain of trust for the verification of
|
||||||
|
- * the IBM Z signing key is 2, i.e. IBM Z signing key -> (DigiCert)
|
||||||
|
- * intermediate CA -> (DigiCert) root CA
|
||||||
|
+ * the IBM Z signing key is 2, i.e. IBM Z signing key -> intermediate CA
|
||||||
|
+ * -> root CA
|
||||||
|
*/
|
||||||
|
X509_VERIFY_PARAM_set_depth(param, 2);
|
||||||
|
|
||||||
|
@@ -1267,46 +1267,38 @@ static int security_level_to_bits(int le
|
||||||
|
return security_bits[level];
|
||||||
|
}
|
||||||
|
|
||||||
|
-static ASN1_OCTET_STRING *digicert_assured_id_root_ca;
|
||||||
|
-
|
||||||
|
-const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void)
|
||||||
|
-{
|
||||||
|
- pv_crypto_init();
|
||||||
|
- return digicert_assured_id_root_ca;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
/* Used for the caching of the downloaded CRLs */
|
||||||
|
static GHashTable *cached_crls;
|
||||||
|
|
||||||
|
void pv_crypto_init(void)
|
||||||
|
{
|
||||||
|
- if (digicert_assured_id_root_ca)
|
||||||
|
+ if (cached_crls)
|
||||||
|
return;
|
||||||
|
-
|
||||||
|
cached_crls = g_hash_table_new_full(g_str_hash, g_str_equal, g_free,
|
||||||
|
(GDestroyNotify)X509_CRL_free);
|
||||||
|
- digicert_assured_id_root_ca = s2i_ASN1_OCTET_STRING(
|
||||||
|
- NULL, NULL, DIGICERT_ASSURED_ID_ROOT_CA_SKID);
|
||||||
|
}
|
||||||
|
|
||||||
|
void pv_crypto_cleanup(void)
|
||||||
|
{
|
||||||
|
- if (!digicert_assured_id_root_ca)
|
||||||
|
+ if (!cached_crls)
|
||||||
|
return;
|
||||||
|
g_clear_pointer(&cached_crls, g_hash_table_destroy);
|
||||||
|
- g_clear_pointer(&digicert_assured_id_root_ca, ASN1_OCTET_STRING_free);
|
||||||
|
}
|
||||||
|
|
||||||
|
gint check_chain_parameters(const STACK_OF_X509 *chain,
|
||||||
|
- const ASN1_OCTET_STRING *skid, GError **err)
|
||||||
|
+ GError **err)
|
||||||
|
{
|
||||||
|
- const ASN1_OCTET_STRING *ca_skid = NULL;
|
||||||
|
+ const X509_NAME *ca_x509_subject = NULL;
|
||||||
|
+ g_autofree gchar *ca_subject = NULL;
|
||||||
|
gint len = sk_X509_num(chain);
|
||||||
|
X509 *ca = NULL;
|
||||||
|
|
||||||
|
- g_assert(skid);
|
||||||
|
/* at least one root and one leaf certificate must be defined */
|
||||||
|
- g_assert(len >= 2);
|
||||||
|
+ if (len < 2) {
|
||||||
|
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL,
|
||||||
|
+ _("there must be at least on root and one leaf certificate in the chain of trust"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* get the root certificate of the chain of trust */
|
||||||
|
ca = sk_X509_value(chain, len - 1);
|
||||||
|
@@ -1316,19 +1308,21 @@ gint check_chain_parameters(const STACK_
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ca_skid = X509_get0_subject_key_id(ca);
|
||||||
|
- if (!ca_skid) {
|
||||||
|
- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_MALFORMED_ROOT_CA,
|
||||||
|
- _("malformed root certificate"));
|
||||||
|
+ ca_x509_subject = X509_get_subject_name(ca);
|
||||||
|
+ if (!ca_x509_subject) {
|
||||||
|
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL,
|
||||||
|
+ _("subject of the root CA cannot be retrieved"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ASN1_STRING_cmp(ca_skid, skid) != 0) {
|
||||||
|
- g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_WRONG_CA_USED,
|
||||||
|
- _("expecting DigiCert root CA to be used"));
|
||||||
|
+ ca_subject = X509_NAME_oneline(ca_x509_subject, NULL, 0);
|
||||||
|
+ if (!ca_subject) {
|
||||||
|
+ g_set_error(err, PV_CRYPTO_ERROR, PV_CRYPTO_ERROR_INTERNAL,
|
||||||
|
+ _("subject name of the root CA cannot be retrieved"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ g_info("Root CA used: '%s'", ca_subject);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: s390-tools-service/genprotimg/src/utils/crypto.h
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/src/utils/crypto.h
|
||||||
|
+++ s390-tools-service/genprotimg/src/utils/crypto.h
|
||||||
|
@@ -125,7 +125,6 @@ int check_crl_valid_for_cert(X509_CRL *c
|
||||||
|
gint verify_flags, GError **err);
|
||||||
|
void pv_crypto_init(void);
|
||||||
|
void pv_crypto_cleanup(void);
|
||||||
|
-const ASN1_OCTET_STRING *get_digicert_assured_id_root_ca_skid(void);
|
||||||
|
gint verify_host_key(X509 *host_key, GSList *issuer_pairs,
|
||||||
|
gint verify_flags, int level, GError **err);
|
||||||
|
X509 *load_cert_from_file(const char *path, GError **err);
|
||||||
|
@@ -138,8 +137,7 @@ X509_STORE *store_setup(const gchar *roo
|
||||||
|
int store_set_verify_param(X509_STORE *store, GError **err);
|
||||||
|
X509_CRL *load_crl_by_cert(X509 *cert, GError **err);
|
||||||
|
STACK_OF_X509_CRL *try_load_crls_by_certs(GSList *certs_with_path);
|
||||||
|
-gint check_chain_parameters(const STACK_OF_X509 *chain,
|
||||||
|
- const ASN1_OCTET_STRING *skid, GError **err);
|
||||||
|
+gint check_chain_parameters(const STACK_OF_X509 *chain, GError **err);
|
||||||
|
X509_NAME *c2b_name(const X509_NAME *name);
|
||||||
|
|
||||||
|
STACK_OF_X509 *delete_ibm_signing_certs(STACK_OF_X509 *certs);
|
@ -0,0 +1,102 @@
|
|||||||
|
Subject: [PATCH] [BZ 197604] genprotimg/check_hostkeydoc: relax default issuer check
|
||||||
|
From: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||||
|
|
||||||
|
Description: genprotimg/check_hostkeydoc: cert. verification is too strict
|
||||||
|
Symptom: Verification failures will occur for newer host key documents
|
||||||
|
Problem: The certificate verification of check_hostkeydoc is too strict
|
||||||
|
and doesn't match the checking performed by genprotimg. This
|
||||||
|
applies to the OU field in the issuer DN of the host key
|
||||||
|
document. As a consequence verification failures will occur for
|
||||||
|
host key documents issued for hardware generations newer than
|
||||||
|
IBM z15.
|
||||||
|
|
||||||
|
DigiCert is the CA issuing the signing certificate for Secure
|
||||||
|
Execution host key documents. This certificate is used for the
|
||||||
|
verification of the host key document validity. Recently,
|
||||||
|
DigiCert has changed the root CA certificate used for issuance
|
||||||
|
of the signing certificates. As genprotimg is checking the CA
|
||||||
|
serial, the verification of the chain of trust will fail. As a
|
||||||
|
workaround, it is possible to disable certificate verification,
|
||||||
|
but this is not recommended because it makes it easier to
|
||||||
|
provide a fake host key document. Since the previously issued
|
||||||
|
host key documents are expiring in April 2022, it is necessary
|
||||||
|
to fix genprotimg to accept the newly issued host key
|
||||||
|
documents.
|
||||||
|
Solution: Relax the certificate verification
|
||||||
|
Reproduction: Use a new host key document
|
||||||
|
Upstream-ID: 673ff375d939d3cde674f8f99a62d456f8b1673d
|
||||||
|
Problem-ID: 197604
|
||||||
|
|
||||||
|
Upstream-Description:
|
||||||
|
|
||||||
|
genprotimg/check_hostkeydoc: relax default issuer check
|
||||||
|
|
||||||
|
While the original default issuer's organizationalUnitName (OU)
|
||||||
|
was defined as "IBM Z Host Key Signing Service", any OU ending
|
||||||
|
with "Key Signing Service" is considered legal.
|
||||||
|
|
||||||
|
Let's relax the default issuer check by stripping off characters
|
||||||
|
preceding "Key Signing Service".
|
||||||
|
|
||||||
|
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
||||||
|
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||||
|
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||||||
|
|
||||||
|
|
||||||
|
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
||||||
|
Index: s390-tools-service/genprotimg/samples/check_hostkeydoc
|
||||||
|
===================================================================
|
||||||
|
--- s390-tools-service.orig/genprotimg/samples/check_hostkeydoc
|
||||||
|
+++ s390-tools-service/genprotimg/samples/check_hostkeydoc
|
||||||
|
@@ -23,6 +23,7 @@ BODY_FILE=$(mktemp)
|
||||||
|
ISSUER_DN_FILE=$(mktemp)
|
||||||
|
SUBJECT_DN_FILE=$(mktemp)
|
||||||
|
DEF_ISSUER_DN_FILE=$(mktemp)
|
||||||
|
+CANONICAL_ISSUER_DN_FILE=$(mktemp)
|
||||||
|
CRL_SERIAL_FILE=$(mktemp)
|
||||||
|
|
||||||
|
# Cleanup on exit
|
||||||
|
@@ -30,7 +31,7 @@ cleanup()
|
||||||
|
{
|
||||||
|
rm -f $ISSUER_PUBKEY_FILE $SIGNATURE_FILE $BODY_FILE \
|
||||||
|
$ISSUER_DN_FILE $SUBJECT_DN_FILE $DEF_ISSUER_DN_FILE \
|
||||||
|
- $CRL_SERIAL_FILE
|
||||||
|
+ $CANONICAL_ISSUER_DN_FILE $CRL_SERIAL_FILE
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
@@ -121,20 +122,31 @@ default_issuer()
|
||||||
|
commonName = International Business Machines Corporation
|
||||||
|
countryName = US
|
||||||
|
localityName = Poughkeepsie
|
||||||
|
- organizationalUnitName = IBM Z Host Key Signing Service
|
||||||
|
+ organizationalUnitName = Key Signing Service
|
||||||
|
organizationName = International Business Machines Corporation
|
||||||
|
stateOrProvinceName = New York
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
-verify_issuer_files()
|
||||||
|
+# As organizationalUnitName can have an arbitrary prefix but must
|
||||||
|
+# end with "Key Signing Service" let's normalize the OU name by
|
||||||
|
+# stripping off the prefix
|
||||||
|
+verify_default_issuer()
|
||||||
|
{
|
||||||
|
default_issuer > $DEF_ISSUER_DN_FILE
|
||||||
|
|
||||||
|
- if ! diff $ISSUER_DN_FILE $DEF_ISSUER_DN_FILE
|
||||||
|
+ sed "s/\(^[ ]*organizationalUnitName[ ]*=[ ]*\).*\(Key Signing Service$\)/\1\2/" \
|
||||||
|
+ $ISSUER_DN_FILE > $CANONICAL_ISSUER_DN_FILE
|
||||||
|
+
|
||||||
|
+ if ! diff $CANONICAL_ISSUER_DN_FILE $DEF_ISSUER_DN_FILE
|
||||||
|
then
|
||||||
|
echo Incorrect default issuer >&2 && exit 1
|
||||||
|
fi
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+verify_issuer_files()
|
||||||
|
+{
|
||||||
|
+ verify_default_issuer
|
||||||
|
|
||||||
|
if diff $ISSUER_DN_FILE $SUBJECT_DN_FILE
|
||||||
|
then
|
@ -0,0 +1,103 @@
|
|||||||
|
Subject: [PATCH] [BZ 197605] libseckey: Fix re-enciphering of EP11 secure key
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
|
||||||
|
Description: zkey: Fix re-enciphering of EP11 identity key of KMIP plugin
|
||||||
|
Symptom: When re-enciphering the identity key and/or wrapping key of the
|
||||||
|
zkey KMIP plugin via 'zkey kms reencipher', the operation
|
||||||
|
completes without an error, but the secure keys are left
|
||||||
|
un-reenciphered. A subsequent connection attempt with the KMIP
|
||||||
|
server will fail because the identity key is no longer valid.
|
||||||
|
Problem: The re-enciphered secure key is not copied back into the
|
||||||
|
key token buffer. Also, the the public key part, i.e. the MACed
|
||||||
|
SubjectPublicKeyInfo (SPKI) structure must also be re-
|
||||||
|
enciphered (i.e. re-MACed), since the MAC is calculated with
|
||||||
|
the EP11 master key.
|
||||||
|
Solution: Copy the re-enciphered secure key back into the key toke
|
||||||
|
buffer, and also re-encipher the public key part.
|
||||||
|
Reproduction: Perform a master key change on the EP11 APQNs used with the
|
||||||
|
KMIP plugin.
|
||||||
|
Upstream-ID: 4e2ebe0370d9fb036b7554d5ac5df4418dbe0397
|
||||||
|
Problem-ID: 197605
|
||||||
|
|
||||||
|
Upstream-Description:
|
||||||
|
|
||||||
|
libseckey: Fix re-enciphering of EP11 secure key
|
||||||
|
|
||||||
|
The re-enciphering of EP11 asymmetric secure keys does not work.
|
||||||
|
First, the result of the re-encipher operation of the private key
|
||||||
|
part must be copied back into the user supplied key token buffer.
|
||||||
|
Second, the public key part, i.e. the MACed SubjectPublicKeyInfo
|
||||||
|
(SPKI) structure must also be re-enciphered (i.e. re-MACed), since
|
||||||
|
the MAC is calculated with the EP11 master key.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||||||
|
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
libseckey/sk_ep11.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 53 insertions(+)
|
||||||
|
|
||||||
|
--- a/libseckey/sk_ep11.c
|
||||||
|
+++ b/libseckey/sk_ep11.c
|
||||||
|
@@ -1549,6 +1549,59 @@ int SK_EP11_reencipher_key(const struct
|
||||||
|
return -EIO;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ memcpy(blob, lrb.payload, lrb.pllen);
|
||||||
|
+
|
||||||
|
+ /* re-encipher MACed SPKI */
|
||||||
|
+ rb.domain = domain;
|
||||||
|
+ lrb.domain = domain;
|
||||||
|
+
|
||||||
|
+ resp_len = sizeof(resp);
|
||||||
|
+ req_len = ep11.dll_xcpa_cmdblock(req, sizeof(req), XCP_ADM_REENCRYPT,
|
||||||
|
+ &rb, NULL, key_token + hdr->len,
|
||||||
|
+ key_token_length - hdr->len);
|
||||||
|
+ if (req_len < 0) {
|
||||||
|
+ sk_debug(debug, "Failed to build XCP command block");
|
||||||
|
+ return -EIO;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rv = ep11.dll_m_admin(resp, &resp_len, NULL, NULL, req, req_len, NULL,
|
||||||
|
+ 0, ep11_lib->target);
|
||||||
|
+ if (rv != CKR_OK || resp_len == 0) {
|
||||||
|
+ sk_debug(debug, "Command XCP_ADM_REENCRYPT failed. "
|
||||||
|
+ "rc = 0x%lx, resp_len = %ld", rv, resp_len);
|
||||||
|
+ return -EIO;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = ep11.dll_xcpa_internal_rv(resp, resp_len, &lrb, &rv);
|
||||||
|
+ if (rc != 0) {
|
||||||
|
+ sk_debug(debug, "Failed to parse response. rc = %d", rc);
|
||||||
|
+ return -EIO;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rv != CKR_OK) {
|
||||||
|
+ sk_debug(debug, "Failed to re-encrypt the EP11 secure key. "
|
||||||
|
+ "rc = 0x%lx", rv);
|
||||||
|
+ switch (rv) {
|
||||||
|
+ case CKR_IBM_WKID_MISMATCH:
|
||||||
|
+ sk_debug(debug, "The EP11 secure key is currently "
|
||||||
|
+ "encrypted under a different master that does "
|
||||||
|
+ "not match the master key in the CURRENT "
|
||||||
|
+ "master key register of APQN %02X.%04X",
|
||||||
|
+ card, domain);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return -EIO;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (key_token_length - hdr->len != lrb.pllen) {
|
||||||
|
+ sk_debug(debug, "Re-encrypted EP11 secure key size has "
|
||||||
|
+ "changed: org-len: %lu, new-len: %lu",
|
||||||
|
+ hdr->len - sizeof(*hdr), lrb.pllen);
|
||||||
|
+ return -EIO;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy(key_token + hdr->len, lrb.payload, lrb.pllen);
|
||||||
|
+
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
@ -1,3 +1,18 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 11 21:11:48 UTC 2022 - Mark Post <mpost@suse.com>
|
||||||
|
|
||||||
|
- Added the following patches for bsc#1198285:
|
||||||
|
s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
|
||||||
|
s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
|
||||||
|
The certificate verification of check_hostkeydoc is too strict and
|
||||||
|
doesn't match the checking performed by genprotimg.
|
||||||
|
- Added the following patch for bsc#1198284:
|
||||||
|
s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
|
||||||
|
When re-enciphering the identity key and/or wrapping key of the
|
||||||
|
zkey KMIP plugin via 'zkey kms reencipher', the operation
|
||||||
|
completes without an error, but the secure keys are left
|
||||||
|
un-reenciphered.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 4 13:55:43 UTC 2022 - Martin Wilck <mwilck@suse.com>
|
Fri Mar 4 13:55:43 UTC 2022 - Martin Wilck <mwilck@suse.com>
|
||||||
|
|
||||||
|
@ -97,6 +97,9 @@ Patch001: s390-tools-sles15sp4-chreipl-fcp-mpath-don-t-compress-the-manpag
|
|||||||
Patch002: s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch
|
Patch002: s390-tools-sles15sp4-chreipl-fcp-mpath-remove-shebang-from-chreipl-fcp-mp.patch
|
||||||
Patch003: s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch
|
Patch003: s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch
|
||||||
Patch004: s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch
|
Patch004: s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch
|
||||||
|
Patch005: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
|
||||||
|
Patch006: s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
|
||||||
|
Patch007: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
|
||||||
|
|
||||||
# SUSE patches
|
# SUSE patches
|
||||||
Patch900: s390-tools-sles12-zipl_boot_msg.patch
|
Patch900: s390-tools-sles12-zipl_boot_msg.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user