Closed Bug 1793811 Opened 2 years ago Closed 2 months ago

Implement support for PBMAC1 in PKCS#12

Categories

(NSS :: Libraries, enhancement, P1)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: hkario, Assigned: rrelyea)

References

Details

Attachments

(1 file)

As the original PKCS#12 specification of MAC is not FIPS compatible, we're working on standardisation of the use of PBMAC1 inside PKCS#12 files so that PBKDF2 could be used for HMAC key calculation too.

The proposed draft was adopted by the LAMPS IETF WG this Monday, and I've uploaded the updated document (draft-ietf-lamps-pkcs12-pbmac1-00) today. You can also find the source on https://github.com/tomato42/id-pkcs12-pbmac1 (and the initial draft in https://datatracker.ietf.org/doc/draft-kario-pkcs12-pbmac1/ ).

Severity: -- → S4
Priority: -- → P3
Assignee: nobody → rrelyea
Status: NEW → ASSIGNED

cmd/lib/pk12util.c

  1. Update pk12util to accept HMAC for the hash.
  2. Update pk12util to use HMAC (and thus PBMAC1) by default in FIPS mode.

doc/pk12util.xml
Document that HMAC will create pbmac1 output.

lib/cryptohi/sechash.c
lib/cryptohi/sechash.h
lib/nss/utilwrap.c
lib/util/exports.gyp
lib/util/util.gyp
lib/util/manifest.mn
lib/util/nsshash.c
lib/util/nsshash.h
lib/util/nssutil.def
lib/util/utilrename.h
Move several hash utility functions to util so they can be used in util code that tries to determine if the given function is a hash.

lib/util/secalgid.c
use the common helper functions to identify valid hash oids.

lib/pkcs12/p12d.c
lib/util/secdig.c
move the full mac pbe creation to a helper function in p12local.c

lib/pkcs12/p12e.c

  1. handle the case where we used to only have hash oids, but now have hash or hmac oids (which we use to determine the PRF for PBE, which is an hmac).
  2. move the full mac pbe creation to a hellper function in p12local. This requires generating the secalgid for the digest structure early.
  3. Finish now only needs to add the digest value to complete the secdig structure (mac.safeMac).

lib/pkcs12/p12local.c

  1. make sec_pkcs12_algtag_to_mech work for all known hash algorithms.
  2. add sec_pkcs12_integrity_key to handle all the PBA key generation
    2a. The pba case is determined byt the pkcs5-pbmac1 oid value in the digest algorithm id.
    2b. In the case do our required consistancy checks, convert pw to utf8 (is UCS2 on input), and use PBKeygen togenerate the key.
    2c. In the old case use pbe v1 interfaces to generate the key using the pkcs12 keyen mechanism.

lib/pkcs12/p12local.h
define new mac pbe creation helper function.

tests/tools/tools.sh

  1. Add pbmac1 to the pk12_verify function.
  2. Add tests for HMA Sha-256 and HMAC Sha-512
  3. Add test vectors for rfc below

tests/tools/pbmac1-*
Test files from draft-ietf-lamps-pkcs12-pbmac1 Appendix A.

Severity: S4 → S3
Priority: P3 → P1

Setting severity and priority appropriately. Severity S3 because we won't be able to import new pkcs12 files that handle the new integrity check without it, and Priority 1 because we want this in the next ESR for our next rebase at Red Hat (to start the clock on deprecating the old integrity check as the default).

This patch does not change the default we generate unless we are in FIPS mode (and only in pk12util). Firefox will continue to generate the old integrity check, but will now be able to import the new one.

Blocks: 1894459
Attachment #9380193 - Attachment description: Bug 1793811 Implement support for PBMAC1 in PKCS#12 → Bug 1793811 Implement support for PBMAC1 in PKCS#12 r=bbeurdouche
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: