From 9fd115708c91543580b75d24ea30621b7e45f0dc Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Fri, 8 Jul 2022 11:27:59 +0200
Subject: [PATCH] Set "supportedCMSTypes" to SHA-512/256 with RSA

Resolves: rhbz#2068935
Signed-off-by: Julien Rische <jrische@redhat.com>
---
 ...asonable-supportedCMSTypes-in-PKINIT.patch | 188 ++++++++++++++++++
 krb5.spec                                     |   8 +-
 2 files changed, 195 insertions(+), 1 deletion(-)
 create mode 100644 Set-reasonable-supportedCMSTypes-in-PKINIT.patch

diff --git a/Set-reasonable-supportedCMSTypes-in-PKINIT.patch b/Set-reasonable-supportedCMSTypes-in-PKINIT.patch
new file mode 100644
index 0000000..6e87e04
--- /dev/null
+++ b/Set-reasonable-supportedCMSTypes-in-PKINIT.patch
@@ -0,0 +1,188 @@
+From dea9421ccdbe5c8f63aae85341a8f091c6019407 Mon Sep 17 00:00:00 2001
+From: Julien Rische <jrische@redhat.com>
+Date: Wed, 1 Jun 2022 18:02:04 +0200
+Subject: [PATCH] Set reasonable supportedCMSTypes in PKINIT
+
+The PKINIT client uses AuthPack.supportedCMSTypes to let the KDC know
+the algorithms it supports for verification of the CMS data signature.
+(The MIT krb5 KDC currently ignores this list, but other
+implementations use it.)
+
+Replace 3DES with sha512WithRSAEncryption and sha256WithRSAEncryption.
+
+[ghudson@mit.edu: simplified code and used appropriate helpers; edited
+commit message]
+
+ticket: 9066 (new)
+---
+ src/plugins/preauth/pkinit/Makefile.in        |  4 +-
+ src/plugins/preauth/pkinit/pkinit_clnt.c      |  8 ++++
+ ...nit_kdf_constants.c => pkinit_constants.c} | 24 ++++++++++++
+ src/plugins/preauth/pkinit/pkinit_crypto.h    | 16 ++++++++
+ .../preauth/pkinit/pkinit_crypto_openssl.c    | 39 +++++++++++++++++++
+ 5 files changed, 89 insertions(+), 2 deletions(-)
+ rename src/plugins/preauth/pkinit/{pkinit_kdf_constants.c => pkinit_constants.c} (76%)
+
+diff --git a/src/plugins/preauth/pkinit/Makefile.in b/src/plugins/preauth/pkinit/Makefile.in
+index d20fb18a8..97aaded03 100644
+--- a/src/plugins/preauth/pkinit/Makefile.in
++++ b/src/plugins/preauth/pkinit/Makefile.in
+@@ -18,7 +18,7 @@ STLIBOBJS= \
+ 	pkinit_srv.o \
+ 	pkinit_lib.o \
+ 	pkinit_clnt.o \
+-	pkinit_kdf_constants.o \
++	pkinit_constants.o \
+ 	pkinit_profile.o \
+ 	pkinit_identity.o \
+ 	pkinit_matching.o \
+@@ -29,7 +29,7 @@ SRCS= \
+ 	$(srcdir)/pkinit_srv.c \
+ 	$(srcdir)/pkinit_lib.c \
+ 	$(srcdir)/pkinit_kdf_test.c \
+-	$(srcdir)/pkinit_kdf_constants.c \
++	$(srcdir)/pkinit_constants.c \
+ 	$(srcdir)/pkinit_clnt.c \
+ 	$(srcdir)/pkinit_profile.c \
+ 	$(srcdir)/pkinit_identity.c \
+diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
+index a385da7c3..2817cc213 100644
+--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
+@@ -212,6 +212,14 @@ pkinit_as_req_create(krb5_context context,
+     auth_pack.clientPublicValue = &info;
+     auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids;
+ 
++    /* add List of CMS algorithms */
++    retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
++                                           reqctx->cryptoctx,
++                                           reqctx->idctx, &cmstypes);
++    auth_pack.supportedCMSTypes = cmstypes;
++    if (retval)
++        goto cleanup;
++
+     switch(protocol) {
+     case DH_PROTOCOL:
+         TRACE_PKINIT_CLIENT_REQ_DH(context);
+diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_constants.c b/src/plugins/preauth/pkinit/pkinit_constants.c
+similarity index 76%
+rename from src/plugins/preauth/pkinit/pkinit_kdf_constants.c
+rename to src/plugins/preauth/pkinit/pkinit_constants.c
+index 1604f1670..1832e8f7b 100644
+--- a/src/plugins/preauth/pkinit/pkinit_kdf_constants.c
++++ b/src/plugins/preauth/pkinit/pkinit_constants.c
+@@ -57,3 +57,27 @@ krb5_data const * const supported_kdf_alg_ids[] = {
+     &sha512_id,
+     NULL
+ };
++
++/* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840)
++ * rsadsi(113549) pkcs(1) 1 11 */
++static char sha256WithRSAEncr_oid[9] = {
++    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b
++};
++/* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840)
++ * rsadsi(113549) pkcs(1) 1 13 */
++static char sha512WithRSAEncr_oid[9] = {
++    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d
++};
++
++const krb5_data sha256WithRSAEncr_id = {
++    KV5M_DATA, sizeof(sha256WithRSAEncr_oid), sha256WithRSAEncr_oid
++};
++const krb5_data sha512WithRSAEncr_id = {
++    KV5M_DATA, sizeof(sha512WithRSAEncr_oid), sha512WithRSAEncr_oid
++};
++
++krb5_data const * const supported_cms_algs[] = {
++    &sha512WithRSAEncr_id,
++    &sha256WithRSAEncr_id,
++    NULL
++};
+diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h
+index 1f9868351..f38a77093 100644
+--- a/src/plugins/preauth/pkinit/pkinit_crypto.h
++++ b/src/plugins/preauth/pkinit/pkinit_crypto.h
+@@ -380,6 +380,18 @@ krb5_error_code server_process_dh
+ 	unsigned int *server_key_len_out);		/* OUT
+ 		    receives length of DH secret key */
+ 
++/*
++ * this functions takes in crypto specific representation of
++ * supportedCMSTypes and creates a list of
++ * krb5_algorithm_identifier
++ */
++krb5_error_code create_krb5_supportedCMSTypes
++       (krb5_context context,                          /* IN */
++       pkinit_plg_crypto_context plg_cryptoctx,        /* IN */
++       pkinit_req_crypto_context req_cryptoctx,        /* IN */
++       pkinit_identity_crypto_context id_cryptoctx,    /* IN */
++       krb5_algorithm_identifier ***supportedCMSTypes); /* OUT */
++
+ /*
+  * this functions takes in crypto specific representation of
+  * trustedCertifiers and creates a list of
+@@ -617,6 +629,10 @@ extern const size_t  krb5_pkinit_sha512_oid_len;
+  */
+ extern krb5_data const * const supported_kdf_alg_ids[];
+ 
++/* CMS signature algorithms supported by this implementation, in order of
++ * decreasing preference. */
++extern krb5_data const * const supported_cms_algs[];
++
+ krb5_error_code
+ crypto_encode_der_cert(krb5_context context, pkinit_req_crypto_context reqctx,
+ 		       uint8_t **der_out, size_t *der_len);
+diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+index 2a6ef4aaa..41a7464b5 100644
+--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -5582,6 +5582,45 @@ cleanup:
+     return retval;
+ }
+ 
++krb5_error_code
++create_krb5_supportedCMSTypes(krb5_context context,
++                              pkinit_plg_crypto_context plg_cryptoctx,
++                              pkinit_req_crypto_context req_cryptoctx,
++                              pkinit_identity_crypto_context id_cryptoctx,
++                              krb5_algorithm_identifier ***algs_out)
++{
++    krb5_error_code ret;
++    krb5_algorithm_identifier **algs = NULL;
++    size_t i, count;
++
++    *algs_out = NULL;
++
++    /* Count supported OIDs and allocate list (including null terminator). */
++    for (count = 0; supported_cms_algs[count] != NULL; count++);
++    algs = k5calloc(count + 1, sizeof(*algs), &ret);
++    if (algs == NULL)
++        goto cleanup;
++
++    /* Add an algorithm identifier for each OID, with no parameters. */
++    for (i = 0; i < count; i++) {
++        algs[i] = k5alloc(sizeof(*algs[i]), &ret);
++        if (algs[i] == NULL)
++            goto cleanup;
++        ret = krb5int_copy_data_contents(context, supported_cms_algs[i],
++                                         &algs[i]->algorithm);
++        if (ret)
++            goto cleanup;
++        algs[i]->parameters = empty_data();
++    }
++
++    *algs_out = algs;
++    algs = NULL;
++
++cleanup:
++    free_krb5_algorithm_identifiers(&algs);
++    return ret;
++}
++
+ krb5_error_code
+ create_krb5_trustedCertifiers(krb5_context context,
+                               pkinit_plg_crypto_context plg_cryptoctx,
+-- 
+2.35.3
+
diff --git a/krb5.spec b/krb5.spec
index 5134b7a..ee8f670 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -42,7 +42,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.19.1
-Release: %{?zdpd}21%{?dist}
+Release: %{?zdpd}22%{?dist}
 
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@@ -97,6 +97,7 @@ Patch32: Add-configure-variable-for-default-PKCS-11-module.patch
 Patch33: downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch
 Patch34: krb5-krad-remote.patch
 Patch35: krb5-krad-larger-attrs.patch
+Patch36: Set-reasonable-supportedCMSTypes-in-PKINIT.patch
 
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@@ -654,6 +655,11 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Fri Jul 08 2022 Julien Rische <jrische@redhat.com> - 1.19.1-22
+- Restore "supportedCMSTypes" attribute in PKINIT preauth requests
+- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
+- Resolves: rhbz#2068935
+
 * Thu Jun 23 2022 Julien Rische <jrische@redhat.com> - 1.19.1-21
 - Fix libkrad client cleanup
 - Allow use of larger RADIUS attributes in krad library