Univention Bugzilla – Bug 54567
UMC expects RSA cryptography, breaks with EC (EllipticCurve)
Last modified: 2022-04-21 15:15:33 CEST
15.03.22 12:19:51.800 MAIN ( WARN ) : Startup of SAML2.0 service provider failed: Traceback (most recent call last): File "/usr/sbin/univention-management-console-web-server", line 1199, in reload cls.SP = Saml2Client(config_file=cls.configfile, identity_cache=cls.identity_cache % (PORT,), state_cache=cls.state_cache) File "/usr/lib/python2.7/dist-packages/saml2/client_base.py", line 99, in __init__ Entity.__init__(self, "sp", config, config_file, virtual_organization) File "/usr/lib/python2.7/dist-packages/saml2/entity.py", line 128, in __init__ self.config = config_factory(entity_type, config_file) File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 545, in config_factory conf = SPConfig().load_file(filename) File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 379, in load_file mod = self._load(config_file) File "/usr/lib/python2.7/dist-packages/saml2/config.py", line 373, in _load return import_module(tail) File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module __import__(name) File "/usr/share/univention-management-console/saml/sp.py", line 110, in <module> tmpfile.write(get_cert()) File "/usr/share/univention-management-console/saml/sp.py", line 41, in get_cert if public_key_compare(public_cert_key, public_key): File "/usr/share/univention-management-console/saml/sp.py", line 27, in public_key_compare return pn1.e == pn2.e and pn1.n == pn2.n AttributeError: 'EllipticCurvePublicNumbers' object has no attribute 'e' ``` Neben der klassischen RSA-Verschlüsselung gibt es auch noch andere Public/Private-Key-Verfahren: Während RSA auf dem mathematisch schweren Problem der Primfaktorzerlegung beruht, beruhen "Elliptische Kurven" (EC) auf einem geometrischen Problem. Sie haben den Vorteil, das die verwendeten Schlüssel deutlich kleiner sind: 224 statt 2048 bit etc. Da e sich um ein anderes mathematischen Problem handelt sind die Parameter auch andere: Bei RSA sind es der Exponent `e`, 2 Primzahlen `p` und `q` und deren Produkt `n:=p*q`; `e` und `n` bilden zusammen den öffentliche Teil des Schlüssels. Der Code in `saml/sp.py` geht also davon aus, das er einen RSA-Schlüssel bekommt. Bekommen tut er aber einen EC-Schlüssel, woraufhin das `EllipticCurvePublicNumbers` hinweist. Das kommt aus `univention-management-console-web-server`, was also die falsche Annahme macht, das es *nur RSA* gibt und ist nicht auf EC (und andere Verfahren) vorbereitet. /usr/share/univention-management-console/saml/sp.py:24 > def public_key_compare(key1, key2): > pn1 = key1.public_numbers() > pn2 = key2.public_numbers() > return pn1.e == pn2.e and pn1.n == pn2.n
Do we have more information about this issue? - is it a product default that E
(In reply to Ingo Steuwer from comment #1) -- completed: Do we have more information about this issue? - is it a product default that EC is used beside RSA? (does it affect all customers or only those who changed the configuration) - what are the consequences, what part of UCS does not work? The linked ticket isn't really helpfull as the error message in this bug is an accidental find unrealted to the support issue in the ticket.
(In reply to Ingo Steuwer from comment #2) > Do we have more information about this issue? > > - is it a product default that EC is used beside RSA? (does it affect all > customers or only those who changed the configuration) *Internally* UCS still uses RSA certificates, which are creates by the respective "ucsCA" per domain and is only accepted *internally* - unless you manually distribute and import the ucs-root-ca.crt to *any* client. This does not scale and is a serious issue as soon as as you expose any (UCS) service (https, imaps, smatps, ldaps, …) to *public*: you have to acquire a certificate from one of the public CAs — LetsEncrypt is one alternative. Most of them still default to RSA, but you can get an EC on request. Configuring a custom certificate is *not* documented in the manual <https://docs.software-univention.de/handbuch-5.0.html> or any extended manual, but we have this *supported* article <https://help.univention.com/t/using-your-own-ssl-certificates/38>. AFAIK it is used by many customers and configuring a global certificate is a MUST. > - what are the consequences, what part of UCS does not work? Currently you cannot use ECC or ECDSA for SAML e.g Apache2. ECC is a NIST standard since 2011, openssl ecparam -name prime256v1 -out ecparams.pem FQHN="$(hostname -f)" DOM="$(dnsdomainname)" openssl req -new -sha256 -nodes -newkey ec:ecparams.pem -keyout my_ecc.key -out my_ecc.csr -subj "/C=DE/ST=Bremen/L=Bremen/O=Univention GmbH/OU=Software Engineering/CN=$FQHN/emailAddress=root@$DOM" -addext "subjectAltName = DNS:$FQHN,DNS:ucs-sso.$DOM" univention-certificate sign -request my_ecc.csr -days 365 ucr set {,saml/}apache2/ssl/{ca=/etc/univention/ssl/ucsCA/CAcert.pem,certificate=/etc/univention/ssl/$FQHN/cert.pem,key=/root/my_ecc.key} systemctl restart apache2.service univention-saml.service python2 /usr/share/univention-management-console/saml/sp.py > Traceback (most recent call last): > File "/usr/share/univention-management-console/saml/sp.py", line 110, in <module> > tmpfile.write(get_cert()) > File "/usr/share/univention-management-console/saml/sp.py", line 41, in get_cert > if public_key_compare(public_cert_key, public_key): > File "/usr/share/univention-management-console/saml/sp.py", line 27, in public_key_compare > return pn1.e == pn2.e and pn1.n == pn2.n > AttributeError: 'EllipticCurvePublicNumbers' object has no attribute 'e' What I currently do not understand: That code is reading the certificate from "/etc/univention/ssl/$FQHN/cert.pem", which is the path uses by our INTERNAL ucaCA; if an user configures external certificates they should use a DIFFERENT path; my example above re-creates the host CA and EXPLICITLY REUSES the FQHN, so it is expected to use and overwrite the previous certificate. So to me it looks like the customer REPLACED out ucsCA certificate instead of putting the external certificate at an alternative location and configuring it. Nevertheless UMC should now crash on ECC certificates and should handle it.
Sidenote: This was introduces in Bug #47700 git:0259bb2e22c2486113f63d209282e3cbe7df5ec9