AndroidTacticalAssaultKit-CIV icon indicating copy to clipboard operation
AndroidTacticalAssaultKit-CIV copied to clipboard
verified publisher icon deptofdefense

Issue importing PKCS12 file w/ sha256 MAC

Open tkuester opened this issue 3 years ago • 4 comments

I am using a script to generate SSL certificates + P12 files for a python COT Router. Recently, ATAK has started rejecting the certificates, and I believe this to be due to a change in which hashing algorithm is used for building the p12 files.

Some evidence:

Logs from ATAK v4.6.1.4 (729e20e8)[playstore] on Android 12 rejecting a new certificate

2022-07-04T13:57:38.694Z [CertificateManagerBase]: Exception in loadCertificate!
java.io.IOException: error constructing MAC: java.security.InvalidKeyException: No installed provider supports this key: com.android.org.bouncycastle.jcajce.PKCS12Key
     at com.android.org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(PKCS12KeyStoreSpi.java:852)

It appears that the error is caused when constructing the MAC, which is unsupported by the provider.

Examining the new certificate with OpenSSL 3.0.2

$ openssl pkcs12 -info -in JENNY-cd5465a1-d41a-4896-bd45-f343f2e6e953.p12 -nodes
Enter Import Password:
MAC: sha256, Iteration 1
MAC length: 32, salt length: 8

Examining the old certificate (using OpenSSL 1.1.1)

$ openssl pkcs12 -info -in JENNAY-9ba72a48-ebfc-4e5f-bf45-e5c3a42c0285.p12 -nodes
Enter Import Password:
MAC: sha1, Iteration 1
MAC length: 20, salt length: 8

I've noticed that the MAC has changed from sha1 to sha256, and the length has changed from 20 to 32. I suspect that BouncyCastle isn't able to handle the new hashing algorithm. I did check to see if I can ask my python library to specify sha1 as an algorithm, but regrettably that is not exposed to the user.

This may be an upstream vendor issue with Android's BouncyCastle library. Is BouncyCastle being bundled with ATAK? Or is the application using the Host OS's version?

tkuester avatar Jul 04 '22 14:07 tkuester

Bouncy Castle is not being bundled with ATAK. That being said, we can look into generating a comparable certificate and importing it into ATAK. Can you provide the command line parameters used to generate the certificate?

bisgroves avatar Jul 06 '22 11:07 bisgroves

I can, but I could also provide a certificate bundle here!

Manual Generation

If you have an existing PEM file, this should create a similar certificate, though I don't actually use this tool. Specifcying -macalg sha256 is also redundant as it is the default for my version of OpenSSL, but you can also specify -macalg sha1.

$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
$ openssl pkcs12 -export -in CLIENT.pem -out CLIENT.p12 -macalg sha256

Using taky (see attached)

$ takyctl build_client --dump_pem JENNY
$ openssl pkcs12 -info -in JENNY-08a081f0-d117-4b9f-9c17-d9e350a55871.p12 -nodes
Enter Import Password: <atakatak>
MAC: sha256, Iteration 1
MAC length: 32, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

I have uploaded the credentials ZIP file here.

$ sha256sum JENNY.zip 
d6294198108542633dd088385d03aefd8c01163c818a3672ebc6f1c7276096f3  JENNY.zip

tkuester avatar Jul 06 '22 23:07 tkuester

Your report seems to indicate this certificate used to work. I have just worked back to 4.4 and have not seen the data package JENNY work. I also tried Android 12 and Android 9. Can you confirm what version OS and Application this worked on?

bisgroves avatar Jul 07 '22 11:07 bisgroves

Hey! Sorry, I think I was unclear in my initial report.

Historically, taky has generated client datapackages on a wide variety of systems and use cases that both ATAK and WinTAK accepted. This has been true across numerous client OS's, client application versions, and hosting server environments.

But, after upgrading to Ubuntu 22.04, client datapackages generated by the same process started to be rejected by ATAK. (I have not yet tested with WinTAK). The process to build the package has not changed, other than the OpenSSL version changing.

The certificate package I sent you was generated on Ubuntu 22.04. I believe the package is valid, and the only reason it is rejected is that Bouncy Castle doesn't know how to handle P12 files with a sha256 MAC. If you would like, I can also send you a client data package from the old system that was known to import without issue.

On Thu, Jul 7, 2022 at 7:34 AM bisgroves @.***> wrote:

Your report seems to indicate this certificate used to work. I have just worked back to 4.4 and have not seen the data package JENNY work. I also tried Android 12 and Android 9. Can you confirm what version OS and Application this worked on?

— Reply to this email directly, view it on GitHub https://github.com/deptofdefense/AndroidTacticalAssaultKit-CIV/issues/224#issuecomment-1177464287, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQVTM43ZEDWHK7QQNJGNVLVS26C5ANCNFSM52TOWABQ . You are receiving this because you authored the thread.Message ID: @.*** com>

tkuester avatar Jul 07 '22 17:07 tkuester