[RHEL-4902] [RFE] Add ECDH support for PKINIT (RFC5349) [rhel-9] - Red Hat Issue Tracker

Type: Story
Resolution: Unresolved
Priority: Major
Fix Version/s: rhel-9.6
Affects Version/s: rhel-9.1.0
Component/s: krb5
Labels:

Fixed in Build:
krb5-1.21.1-6.el9
Severity:
None
Epic Link:
FREEIPA-11585
sprint_count:
4

Pool Team:

rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Internal Target Milestone:
26
Story Points:
5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
2024-Q4-Bravo-S7, 2025-Q1-Bravo-S1, 2025-Q1-Bravo-S2, 2025-Q1-Bravo-S3

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/145622
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.Kerberos now supports the Elliptic Curve Diffie-Hellman key agreement algorithm

The Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm for PKINIT, as defined by RFC5349, is now supported. With this update, the `pkinit_dh_min_bits` setting in `krb5.conf`file can now be configured with `P-256`, `P-384`, or `P-521` to use ECDH by default.

Show
.Kerberos now supports the Elliptic Curve Diffie-Hellman key agreement algorithm The Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm for PKINIT, as defined by RFC5349, is now supported. With this update, the `pkinit_dh_min_bits` setting in `krb5.conf`file can now be configured with `P-256`, `P-384`, or `P-521` to use ECDH by default.
Release Note Status:
Done

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2106043

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

MS-PKCA v20211006 (section 2.2)[1] defines the following supported algorithms for PKINIT CMS signature:

md5WithRSAEncryption (since Windows Server 2003)
sha1WithRSAEncryption (newer than Windows Server 2003)
ecdsa-with-sha1/256/384/512 (newer than Windows Server 2008)

Out of this list, ECDSA signatures are the only ones that are still allowed to verify on RHEL9 (SHA-1 and MD5 signatures verification is disallowed by default). We should implement RFC5349[2] in MIT krb5 in order to support PKINIT pre-authentication against Active Directory.

[1] https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-PKCA/%5bMS-PKCA%5d.pdf
[2] https://www.rfc-editor.org/rfc/rfc5349.html