Vault: Migrate to RSA-OAEP

PKCS#1 v1.5 padding support has been removed as it will not be allowed in FIPS mode after 2023.
None of the FIPS certified modules in RHEL will support it as a FIPS approved mechanism.

This commit migrates PKCS#1 v1.5 padding to RSA-OAEP. Mew installations of KRA will use RSA-OAEP
as default key wrapping algorithm. Upgrade will also provoke enabling the new algo.

Fixes: https://pagure.io/freeipa/issue/9191

Signed-off-by: Francisco Trivino <ftrivino@redhat.com>

install/share/ipaca_default.ini

@@ -164,3 +164,6 @@ pki_audit_signing_subject_dn=cn=KRA Audit,%(ipa_subject_base)s
 # We will use the dbuser created for the CA.
 pki_share_db=True
 pki_share_dbuser_dn=uid=pkidbuser,ou=people,o=ipaca
+
+# default KRA padding
+pki_use_oaep_rsa_keywrap=True

ipaclient/plugins/vault.py

@@ -706,23 +706,37 @@ def _do_internal(self, algo, transport_cert, raise_unexpected,
                      *args, **options):
         public_key = transport_cert.public_key()
 
-        # wrap session key with transport certificate
+        # wrap session key with transport certificate using OAEP padding
         wrapped_session_key = public_key.encrypt(
             algo.key,
-            padding.PKCS1v15()
+            padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                algorithm=hashes.SHA256(),
+                label=None
+            )
         )
         options['session_key'] = wrapped_session_key
 
         name = self.name + '_internal'
         try:
             # ipalib.errors.NotFound exception can be propagated
+            # Try OAEP padding
             return self.api.Command[name](*args, **options)
         except (errors.InternalError,
                 errors.ExecutionError,
                 errors.GenericError):
-            _kra_config_cache.remove(self.api.env.domain)
-            if raise_unexpected:
-                raise
+            # If the OAEP attempt fails, fall back to PKCS1v15 padding
+            try:
+                wrapped_session_key = public_key.encrypt(
+                    algo.key,
+                    padding.PKCS1v15()
+                )
+                options['session_key'] = wrapped_session_key
+                return self.api.Command[name](*args, **options)
+            except Exception as e:
+                _kra_config_cache.remove(self.api.env.domain)
+                if raise_unexpected:
+                    raise e
         return None
 
     def internal(self, algo, transport_cert, *args, **options):

ipaserver/install/krainstance.py

@@ -284,6 +284,18 @@ def enable_ephemeral(self):
 
         # A restart is required
 
+    def enable_oaep_wrap_algo(self):
+        """
+        Enable KRA OAEP key wrap algorithm
+        """
+        with installutils.stopped_service('pki-tomcatd', 'pki-tomcat'):
+            directivesetter.set_directive(
+                self.config,
+                'keyWrap.useOAEP',
+                'true', quotes=False, separator='=')
+
+        # A restart is required
+
     def update_cert_config(self, nickname, cert):
         """
         When renewing a KRA subsystem certificate the configuration file

ipaserver/install/server/upgrade.py

@@ -1794,6 +1794,17 @@ def upgrade_configuration():
             else:
                 logger.info('ephemeralRequest is already enabled')
 
+            logger.info('[Ensuring KRA OAEP key wrap algo is enabled]')
+            value = directivesetter.get_directive(
+                paths.KRA_CS_CFG_PATH,
+                'keyWrap.useOAEP',
+                separator='=')
+            if value is None or value.lower() != 'true':
+                logger.info('Use the OAEP key wrap algo')
+                kra.enable_oaep_wrap_algo()
+            else:
+                logger.info('OAEP key wrap algo is already enabled')
+
     # several upgrade steps require running CA.  If CA is configured,
     # always run ca.start() because we need to wait until CA is really ready
     # by checking status using http