Closed Bug 1268143 Opened 8 years ago Closed 7 years ago

pk12util can't import PKCS#12 files with SHA-256 MAC

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Version:
3.23
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hkario, Assigned: ueno)

Details

(Keywords: good-first-bug)

Attachments

(2 files, 1 obsolete file)

proposed patch v2
6.62 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
nss-pkcs12-sha2-v2-style-fixes.patch
6.56 KB, patch
KaiE
: review+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160304160129

Steps to reproduce:

1. openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch
2. openssl pkcs12 -export -out bundle.p12 -in localhost.crt -caname server-cert -nokeys -passout pass:RedHatEnterpriseLinux7.1 -certpbe PBE-SHA1-3DES -macalg sha256
3. pk12util -l bundle.p12 -W RedHatEnterpriseLinux7.1 -v


Actual results:

pk12util: PKCS12 decode not verified: error -12285: Unknown code ___P 3
pk12util: PKCS12 decode not verified: error -12285: Unknown code ___P 3


Expected results:

Certificate printed
Is this an enhancement request, or a regression report?
Status: UNCONFIRMED → NEW
Ever confirmed: true
I don't know if it ever worked, I haven't tested old versions to see if they ever supported it.

It may be a feature request.
Attached patch proposed patch (obsolete) — Splinter Review 
For simplicity, it doesn't implement the truncated versions of SHA-512 (SHA-512/224 and SHA-512/256), which require additional OIDs and PKCS#11 mechanisms.
Attachment #8803332 - Flags: review?(rrelyea)
This doesn't look right to start with. Daiki, what PBEs are you implementing? Aren't these PKCS #5 v2 PBE's? If so PKCS #5 v2 does this completely differently from PKCS #12 and PKCS #5 v1, where the encryption and mach are handled in separate oids.
Comment on attachment 8803332 [details] [diff] [review]
proposed patch

Review of attachment 8803332 [details] [diff] [review]:
-----------------------------------------------------------------

So I think the direction here is wrong. All the new oids should be PKCS #5 v2 oids. Since this is just the softoken changes, it's hard to see where the rest of the code is using this (to see if we are really using PKCS #5 v1 or v2 effectively).

bob

::: lib/util/pkcs11n.h
@@ +240,5 @@
>  #define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
> +#define CKM_NETSCAPE_PBE_SHA224_HMAC_KEY_GEN 0x8000000cUL
> +#define CKM_NETSCAPE_PBE_SHA256_HMAC_KEY_GEN 0x8000000dUL
> +#define CKM_NETSCAPE_PBE_SHA384_HMAC_KEY_GEN 0x8000000eUL
> +#define CKM_NETSCAPE_PBE_SHA512_HMAC_KEY_GEN 0x8000000fUL

If we need new netescape oids, they should be out of the netscape 'space'. The 0x8000000xxx oids are very old and should be depricated.

Ideally we should get the new oids in the PKCS #11 group space by writing a PKCS #11 spec for those mechanisms.
Attachment #8803332 - Flags: review?(rrelyea) → review-
(In reply to Robert Relyea from comment #4)
> This doesn't look right to start with. Daiki, what PBEs are you
> implementing? Aren't these PKCS #5 v2 PBE's?

No, they are really PKCS #12 PBE's, where the SHA-2 profile was added in v1.1:
https://tools.ietf.org/html/rfc7292#appendix-B.2

> > +#define CKM_NETSCAPE_PBE_SHA512_HMAC_KEY_GEN 0x8000000fUL
> 
> If we need new netescape oids, they should be out of the netscape 'space'.
> The 0x8000000xxx oids are very old and should be depricated.

Okay, I will change those to CKM_NSS_*.
 
> Ideally we should get the new oids in the PKCS #11 group space by writing a
> PKCS #11 spec for those mechanisms.

Yes, but in PKCS #12 v1.1, the use of PKCS #5 v2.1 is still preferred, and I am not sure if it is worth adding those SHA-2 algorithms to the PKCS #11 standard.

On the other hand, the implementation is merely for interoperability with other software like OpenSSL's pkcs12 tool.
Moved those mechanism definitions under the NSS vendor space and added comments for clarification.
Attachment #8803332 - Attachment is obsolete: true
Attachment #8805118 - Flags: review?(rrelyea)
Comment on attachment 8805118 [details] [diff] [review]
proposed patch v2

Review of attachment 8805118 [details] [diff] [review]:
-----------------------------------------------------------------

::: lib/util/pkcs11n.h
@@ +225,5 @@
> +/* Additional PKCS #12 PBE algorithms defined in v1.1 */
> +#define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29)
> +#define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30)
> +#define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31)
> +#define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32)

Thanks!
Attachment #8805118 - Flags: review?(rrelyea) → review+
Assignee: nobody → dueno
Is this ready for checkin?
Yes Kai, this one is ready for checkin.

bob
I have rebased the patch against the master so it applies cleanly.  The only changes from v2 are style fixes.
Attachment #8818202 - Flags: review?(kaie)
Comment on attachment 8818202 [details] [diff] [review]
nss-pkcs12-sha2-v2-style-fixes.patch

I confirm the changes from the previous patch are only in style and context.

I started an NSS try build:
https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=8e8ded73dca1f32a1d954b2060d05cf358676a2e

If that works, we can commit it.
Attachment #8818202 - Flags: review?(kaie) → review+
https://hg.mozilla.org/projects/nss/rev/6d66c2c24e4d
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.29
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: