Change CRMFPopClient to use AES-KeyWrap with padding

Also made a couple of small changes to WrappingParams.
* Set the wrapIV to null when AES KeyWrap is used.  Trying to unpack
  the PKIArchiveOptions package with this IV set to null fails.
* removed superfluous this modifiers.

Added a parameter KEY_WRAP_PARAMETER_SET which is set in /etc/pki/pki.conf.
If this parameter is set to 0, we will use the old DES3 algorithms.  This
can be set by clients talking to old servers.

CRMFPopClient has the ability to automatically submit requests to
a CA.  In this case, we shouldcontact the server and determine the
version using InfoClient, and choose the algorithm accordingly.
We will implement this in a separate patch.

Change-Id: Ib4a99545cb59b62a96c272311595e96dda10979e

3 files changed, 86 insertions, 37 deletions

diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
index c0b607308..e9b55221c 100644
--- a/base/common/share/etc/pki.conf
+++ b/base/common/share/etc/pki.conf
@@ -44,3 +44,19 @@ export SSL_DEFAULT_CIPHERS
 # To disable a cipher, specify a "-" sign in front of the cipher name or ID.
 SSL_CIPHERS=""
 export SSL_CIPHERS
+
+# Key wrapping parameter set
+# This parameter specifies the encryption and key wrapping algorithms to use
+# when storing secrets in the KRA, or creating CRMF data using CRMFPopClient.
+#
+# Parameter sets are:
+# O: (legacy, for interacting with pre-10.4 servers)
+#    Encryption Algorithm: DES3_CBC
+#    Padding: PKCS#1.5 Padding
+#    Key Wrapping: DES3_CBC_PAD
+# 1: AES (default for 10.4+ servers)
+#    Encryption Algorithm: AES_128_CBC
+#    Padding: PKCS#1.5 Padding
+#    Key Wrapping: AES KeyWrap with Padding
+KEY_WRAP_PARAMETER_SET=1
+export KEY_WRAP_PARAMETER_SET
diff --git a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
index 670185666..5e53bee67 100644
--- a/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
+++ b/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
@@ -544,27 +544,20 @@ public class CRMFPopClient {
             String algorithm,
             KeyPair keyPair,
             Name subject) throws Exception {
+        EncryptionAlgorithm encryptAlg = null;
+        String keyset = System.getenv("KEY_WRAP_PARAMETER_SET");
 
-        byte[] iv = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
-        IVParameterSpec ivps = new IVParameterSpec(iv);
-
-        AlgorithmIdentifier aid;
-        if (algorithm.equals("rsa")) {
-            aid = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv));
-
-        } else if (algorithm.equals("ec")) {
-            aid = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.10045.2.1"), new OCTET_STRING(iv));
-
+        if ((keyset != null) && (keyset.equalsIgnoreCase("0"))) {
+            // talking to an old server?
+            encryptAlg = EncryptionAlgorithm.DES3_CBC;
         } else {
-            throw new Exception("Unknown algorithm: " + algorithm);
+            encryptAlg = EncryptionAlgorithm.AES_128_CBC;
         }
 
-        WrappingParams params = new WrappingParams(
-                SymmetricKey.DES3, KeyGenAlgorithm.DES3, 168,
-                KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD,
-                KeyWrapAlgorithm.DES3_CBC_PAD, ivps, ivps);
+        byte[] iv = CryptoUtil.getNonceData(encryptAlg.getIVLength());
+        AlgorithmIdentifier aid = getAlgorithmId(algorithm, encryptAlg, iv);
+        WrappingParams params = getWrappingParams(encryptAlg, iv);
 
-        // TODO(alee) check the cast on the third argument
         PKIArchiveOptions opts = CryptoUtil.createPKIArchiveOptions(
                 token,
                 transportCert.getPublicKey(),
@@ -583,6 +576,37 @@ public class CRMFPopClient {
         return new CertRequest(new INTEGER(1), certTemplate, seq);
     }
 
+    private WrappingParams getWrappingParams(EncryptionAlgorithm encryptAlg, byte[] wrapIV) throws Exception {
+        if (encryptAlg.getAlg().toString().equalsIgnoreCase("AES")) {
+            return new WrappingParams(
+                SymmetricKey.AES, KeyGenAlgorithm.AES, 128,
+                KeyWrapAlgorithm.RSA, encryptAlg,
+                KeyWrapAlgorithm.AES_KEY_WRAP_PAD, null, null);
+        } else if (encryptAlg.getAlg().toString().equalsIgnoreCase("DESede")) {
+            return new WrappingParams(
+                    SymmetricKey.DES3, KeyGenAlgorithm.DES3, 168,
+                    KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD,
+                    KeyWrapAlgorithm.DES3_CBC_PAD,
+                    new IVParameterSpec(wrapIV), new IVParameterSpec(wrapIV));
+        } else {
+            throw new Exception("Invalid encryption algorithm");
+        }
+    }
+
+    private AlgorithmIdentifier getAlgorithmId(String algorithm, EncryptionAlgorithm encryptAlg, byte[] iv)
+            throws Exception {
+        AlgorithmIdentifier aid;
+        if (algorithm.equals("rsa")) {
+            aid = new AlgorithmIdentifier(encryptAlg.toOID(), new OCTET_STRING(iv));
+        } else if (algorithm.equals("ec")) {
+            // TODO(alee) figure out what this should be for ECC
+            aid = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.10045.2.1"), new OCTET_STRING(iv));
+        } else {
+            throw new Exception("Unknown algorithm: " + algorithm);
+        }
+        return aid;
+    }
+
     public OCTET_STRING createIDPOPLinkWitness() throws Exception {
 
         String secretValue = "testing";
diff --git a/base/util/src/netscape/security/util/WrappingParams.java b/base/util/src/netscape/security/util/WrappingParams.java
index e73832638..ab7868097 100644
--- a/base/util/src/netscape/security/util/WrappingParams.java
+++ b/base/util/src/netscape/security/util/WrappingParams.java
@@ -54,7 +54,7 @@ public class WrappingParams {
         KeyWrapAlgorithm wrap = null;
         if (wrapName != null) {
             wrap = KeyWrapAlgorithm.fromString(wrapName);
-            this.payloadWrapAlgorithm = wrap;
+            payloadWrapAlgorithm = wrap;
         }
 
         switch (encrypt.getAlg().toString()) {
@@ -64,21 +64,21 @@ public class WrappingParams {
             // We are going to assume AES-128-PAD
             encrypt = EncryptionAlgorithm.AES_128_CBC_PAD;
 
-            this.skType = SymmetricKey.AES;
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.AES;
-            if (wrap == null) this.payloadWrapAlgorithm = KeyWrapAlgorithm.AES_KEY_WRAP_PAD;
+            skType = SymmetricKey.AES;
+            skKeyGenAlgorithm = KeyGenAlgorithm.AES;
+            if (wrap == null) payloadWrapAlgorithm = KeyWrapAlgorithm.AES_KEY_WRAP_PAD;
             break;
         case "DESede":
-            this.skType = SymmetricKey.DES3;
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
-            this.skWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
-            if (wrap == null) this.payloadWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
+            skType = SymmetricKey.DES3;
+            skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
+            skWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
+            if (wrap == null) payloadWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
             break;
         case "DES":
-            this.skType = SymmetricKey.DES;
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES;
-            this.skWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
-            if (wrap == null) this.payloadWrapAlgorithm = KeyWrapAlgorithm.DES_CBC_PAD;
+            skType = SymmetricKey.DES;
+            skKeyGenAlgorithm = KeyGenAlgorithm.DES;
+            skWrapAlgorithm = KeyWrapAlgorithm.DES3_CBC_PAD;
+            if (wrap == null) payloadWrapAlgorithm = KeyWrapAlgorithm.DES_CBC_PAD;
             break;
         default:
             throw new NoSuchAlgorithmException("Invalid algorithm");
@@ -86,14 +86,23 @@ public class WrappingParams {
 
         this.skLength = encrypt.getKeyStrength();
         if (priKeyAlgo.equals("EC")) {
-            this.skWrapAlgorithm = KeyWrapAlgorithm.AES_ECB;
+            skWrapAlgorithm = KeyWrapAlgorithm.AES_ECB;
         } else {
-            this.skWrapAlgorithm = KeyWrapAlgorithm.RSA;
+            skWrapAlgorithm = KeyWrapAlgorithm.RSA;
         }
 
-        this.payloadEncryptionAlgorithm = encrypt;
-        this.payloadEncryptionIV = encryptIV;
-        this.payloadWrappingIV = wrapIV;
+        payloadEncryptionAlgorithm = encrypt;
+        payloadEncryptionIV = encryptIV;
+
+        if (payloadWrapAlgorithm == KeyWrapAlgorithm.AES_KEY_WRAP_PAD) {
+            // TODO(alee) Hack -- if we pass in null for the iv in the
+            // PKIArchiveOptions, we fail to decode correctly when parsing a
+            // CRMFPopClient request.
+
+            payloadWrappingIV = null;
+        } else {
+            payloadWrappingIV = wrapIV;
+        }
     }
 
     public SymmetricKey.Type getSkType() {
@@ -120,13 +129,13 @@ public class WrappingParams {
         // JSS mapping is not working.  Lets just do something brain-dead to
         // handle the cases we expect.
         if (algName.equalsIgnoreCase("AES")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.AES;
+            skKeyGenAlgorithm = KeyGenAlgorithm.AES;
         } else if (algName.equalsIgnoreCase("DES")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES;
+            skKeyGenAlgorithm = KeyGenAlgorithm.DES;
         } else if (algName.equalsIgnoreCase("DESede")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
+            skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
         } else if (algName.equalsIgnoreCase("DES3")) {
-            this.skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
+            skKeyGenAlgorithm = KeyGenAlgorithm.DES3;
         }
     }