Bug 54567 – UMC expects RSA cryptography, breaks with EC (EllipticCurve)

Bug 54567 - UMC expects RSA cryptography, breaks with EC (EllipticCurve)


Summary:	UMC expects RSA cryptography, breaks with EC (EllipticCurve)

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UMC (Generic)
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:	https://www.globalsign.com/de-de/blog...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-03-19 11:19 CET by Philipp Hahn
Modified:	2022-04-21 15:15 CEST (History)
CC List:	6 users (show)

See Also:	47700
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:	Yes
Ticket number:	2022031521000887
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2022-03-19 11:19:47 CET

15.03.22 12:19:51.800  MAIN        ( WARN    ) : Startup of SAML2.0 service provider failed:
Traceback (most recent call last):
  File "/usr/sbin/univention-management-console-web-server", line 1199, in reload
    cls.SP = Saml2Client(config_file=cls.configfile, identity_cache=cls.identity_cache % (PORT,), state_cache=cls.state_cache)
  File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 99, in __init__
    Entity.__init__(self, "sp", config, config_file, virtual_organization)
  File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 128, in __init__
    self.config = config_factory(entity_type, config_file)
  File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 545, in config_factory
    conf = SPConfig().load_file(filename)
  File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 379, in load_file
    mod = self._load(config_file)
  File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 373, in _load
    return import_module(tail)
  File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
  File "/usr/share/univention-management-console/saml/sp.py", line 110, in <module>
    tmpfile.write(get_cert())
  File "/usr/share/univention-management-console/saml/sp.py", line 41, in get_cert
    if public_key_compare(public_cert_key, public_key):
  File "/usr/share/univention-management-console/saml/sp.py", line 27, in public_key_compare
    return pn1.e == pn2.e and pn1.n == pn2.n
AttributeError: 'EllipticCurvePublicNumbers' object has no attribute 'e'

```


Neben der klassischen RSA-Verschlüsselung gibt es auch noch andere Public/Private-Key-Verfahren: Während RSA auf dem mathematisch schweren Problem der Primfaktorzerlegung beruht, beruhen "Elliptische Kurven" (EC) auf einem geometrischen Problem. Sie haben den Vorteil, das die verwendeten Schlüssel deutlich kleiner sind: 224 statt 2048 bit etc.
Da e sich um ein anderes mathematischen Problem handelt sind die Parameter auch andere: Bei RSA sind es der Exponent `e`, 2 Primzahlen `p` und `q` und deren Produkt `n:=p*q`; `e` und `n` bilden zusammen den öffentliche Teil des Schlüssels. Der Code in `saml/sp.py` geht also davon aus, das er einen RSA-Schlüssel bekommt.
Bekommen tut er aber einen EC-Schlüssel, woraufhin das `EllipticCurvePublicNumbers` hinweist.
Das kommt aus `univention-management-console-web-server`, was also die falsche Annahme macht, das es *nur RSA* gibt und ist nicht auf EC (und andere Verfahren) vorbereitet.

/usr/share/univention-management-console/saml/sp.py:24
> def public_key_compare(key1, key2):
>         pn1 = key1.public_numbers()
>         pn2 = key2.public_numbers()
>         return pn1.e == pn2.e and pn1.n == pn2.n

Comment 1 Ingo Steuwer

2022-04-20 16:34:21 CEST

Do we have more information about this issue?

- is it a product default that E

Comment 2 Ingo Steuwer

2022-04-20 16:37:30 CEST

(In reply to Ingo Steuwer from comment #1) -- completed:

Do we have more information about this issue? 

- is it a product default that EC is used beside RSA? (does it affect all customers or only those who changed the configuration)

- what are the consequences, what part of UCS does not work?


The linked ticket isn't really helpfull as the error message in this bug is an accidental find unrealted to the support issue in the ticket.

Comment 4 Philipp Hahn

2022-04-21 15:00:37 CEST

(In reply to Ingo Steuwer from comment #2)
> Do we have more information about this issue? 
> 
> - is it a product default that EC is used beside RSA? (does it affect all
> customers or only those who changed the configuration)

*Internally* UCS still uses RSA certificates, which are creates by the respective "ucsCA" per domain and is only accepted *internally* - unless you manually distribute and import the ucs-root-ca.crt to *any* client.

This does not scale and is a serious issue as soon as as you expose any (UCS) service (https, imaps, smatps, ldaps, …) to *public*: you have to acquire a certificate from one of the public CAs — LetsEncrypt is one alternative. Most of them still default to RSA, but you can get an EC on request.


Configuring a custom certificate is *not* documented in the manual <https://docs.software-univention.de/handbuch-5.0.html> or any extended manual, but we have this *supported* article <https://help.univention.com/t/using-your-own-ssl-certificates/38>.
AFAIK it is used by many customers and configuring a global certificate is a MUST.

> - what are the consequences, what part of UCS does not work?

Currently you cannot use ECC or ECDSA for SAML e.g Apache2. ECC is a NIST standard since 2011, 

openssl ecparam -name prime256v1 -out ecparams.pem
FQHN="$(hostname -f)" DOM="$(dnsdomainname)"
openssl req -new -sha256 -nodes -newkey ec:ecparams.pem -keyout my_ecc.key -out my_ecc.csr -subj "/C=DE/ST=Bremen/L=Bremen/O=Univention GmbH/OU=Software Engineering/CN=$FQHN/emailAddress=root@$DOM" -addext "subjectAltName = DNS:$FQHN,DNS:ucs-sso.$DOM"
univention-certificate sign -request my_ecc.csr -days 365
ucr set {,saml/}apache2/ssl/{ca=/etc/univention/ssl/ucsCA/CAcert.pem,certificate=/etc/univention/ssl/$FQHN/cert.pem,key=/root/my_ecc.key}
systemctl restart apache2.service univention-saml.service
python2 /usr/share/univention-management-console/saml/sp.py
> Traceback (most recent call last):
>   File "/usr/share/univention-management-console/saml/sp.py", line 110, in <module>
>     tmpfile.write(get_cert())
>   File "/usr/share/univention-management-console/saml/sp.py", line 41, in get_cert
>     if public_key_compare(public_cert_key, public_key):
>   File "/usr/share/univention-management-console/saml/sp.py", line 27, in public_key_compare
>     return pn1.e == pn2.e and pn1.n == pn2.n
> AttributeError: 'EllipticCurvePublicNumbers' object has no attribute 'e'

What I currently do not understand: That code is reading the certificate from "/etc/univention/ssl/$FQHN/cert.pem", which is the path uses by our INTERNAL ucaCA; if an user configures external certificates they should use a DIFFERENT path; my example above re-creates the host CA and EXPLICITLY REUSES the FQHN, so it is expected to use and overwrite the previous certificate. So to me it looks like the customer REPLACED out ucsCA certificate instead of putting the external certificate at an alternative location and configuring it.

Nevertheless UMC should now crash on ECC certificates and should handle it.

Comment 5 Florian Best

2022-04-21 15:15:33 CEST

Sidenote: This was introduces in Bug #47700 git:0259bb2e22c2486113f63d209282e3cbe7df5ec9