[WSS-711]Introduce a system property "fips.enabled" so that WSS4J can…

[ffang]

… work easier in FIPS mode

[coheigea]

I have a problem with making RSA 1.5 a default as it is not secure, see https://cxf.apache.org/note-on-cve-2011-2487.html

[ffang]

I have a problem with making RSA 1.5 a default as it is not secure, see https://cxf.apache.org/note-on-cve-2011-2487.html

Hi @coheigea ,

Thanks for the feedback!

I made RSA 1.5 as default because for the FIPS security provider

Name: SunPKCS11-NSS-FIPS

there is only

Service Type: Cipher Algorithm RSA/ECB/PKCS1Padding (this is the RSA1_5 for key transport)

And no
RSA/ECB/OAEPPadding

Also in jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java(used in FIPS mode)
There is code like

protected void engineSetPadding(String padding)
            throws NoSuchPaddingException {
        String lowerPadding = padding.toLowerCase(Locale.ENGLISH);
        if (lowerPadding.equals("pkcs1padding")) {
            padType = PAD_PKCS1;
        } else if (lowerPadding.equals("nopadding")) {
            padType = PAD_NONE;
        } else {
            throw new NoSuchPaddingException("Unsupported padding " + padding);
        }
    }

This is why I get

Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
        at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
        at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:181)
        ... 40 more
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPPadding
        at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
        at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
        at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
        ... 41 more

If still use RSA-OAEP as default key transport algos.

I'm double checking this concern from the related specs and asking the JDK expert why OAEPPadding isn't available in FIPS mode JDK/OS.

Best Regards
Freeman

[ffang]

Hi @coheigea ,

Just FYI, after talking to OS and JDK guys who working in related area, I sent a feature request to support OAEP padding for SunPKCS11 security provider.

Cheers
Freeman

[jonas19]

@ffang / @coheigea any planned ETA for merging and releasing this feature?

[ffang]

Hi @jonas19 ,

I'm gonna revisit this issue soon.

Freeman

[jonas19]

Thanks @ffang !
Will this be shipped as a minor release?

Meanwhile, is there a way to use wss4j on a FIPS env?

[ffang]

Hi @coheigea ,

I just pushed another commit.

I think for now to be able to run on FIPS machine/JDK, we need to introduce org.bouncycastle:bc-fips as an optional dependency, which supports RSA-OAEP padding.

So this patch introduces a system propery "fips.enabled", when it is true, we change symEncAlgo from "AES_CBC" to "AES_GCM"(as CBC isn't allowed in FIPS). Also for the JasyptPasswordEncryptor, we change DEFAULT_ALGORITHM from PBEWithMD5AndTripleDES(this isn't allowed in FIPS) to PBEWithHmacSHA512AndAES_256, which requires Random Generator as PKCS11(the default SHA1PRNG isn't allowed in FIPS).

Also there are follow up changes in CXF to reflect this change in WSS4J.

WDYT?

Thanks!
Freeman