Implementation of the RFC 9579, PBMAC1 in PKCS#12

beldmit · Jul 30, 2024 · 433c635 · 433c635
1 parent 07e4d7f
commit 433c635
Show file tree

Hide file tree

Showing 7 changed files with 394 additions and 47 deletions.
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
@@ -70,7 +70,7 @@ typedef enum OPTION_choice {
     OPT_NAME, OPT_CSP, OPT_CANAME,
     OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
     OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE,
-    OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST,
+    OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, OPT_PBMAC1_PBKDF2, OPT_PBMAC1_PBKDF2_MD,
 #ifndef OPENSSL_NO_DES
     OPT_LEGACY_ALG
 #endif
@@ -147,6 +147,8 @@ const OPTIONS pkcs12_options[] = {
 #endif
     {"macalg", OPT_MACALG, 's',
      "Digest algorithm to use in MAC (default SHA256)"},
+    {"pbmac1_pbkdf2", OPT_PBMAC1_PBKDF2, '-', "Use PBMAC1 with PBKDF2 instead of MAC"},
+    {"pbmac1_pbkdf2_md", OPT_PBMAC1_PBKDF2_MD, 's', "Digest to use for PBMAC1 KDF (default SHA256)"},
     {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"},
     {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
     {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"},
@@ -170,14 +172,14 @@ int pkcs12_main(int argc, char **argv)
     int use_legacy = 0;
 #endif
     /* use library defaults for the iter, maciter, cert, and key PBE */
-    int iter = 0, maciter = 0;
+    int iter = 0, maciter = 0, pbmac1_pbkdf2 = 0;
     int macsaltlen = PKCS12_SALT_LEN;
     int cert_pbe = NID_undef;
     int key_pbe = NID_undef;
     int ret = 1, macver = 1, add_lmk = 0, private = 0;
     int noprompt = 0;
     char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
-    char *passin = NULL, *passout = NULL, *macalg = NULL;
+    char *passin = NULL, *passout = NULL, *macalg = NULL, *pbmac1_pbkdf2_md = NULL;
     char *cpass = NULL, *mpass = NULL, *badpass = NULL;
     const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL, *prog;
     int noCApath = 0, noCAfile = 0, noCAstore = 0;
@@ -283,6 +285,12 @@ int pkcs12_main(int argc, char **argv)
         case OPT_MACALG:
             macalg = opt_arg();
             break;
+        case OPT_PBMAC1_PBKDF2:
+            pbmac1_pbkdf2 = 1;
+            break;
+        case OPT_PBMAC1_PBKDF2_MD:
+            pbmac1_pbkdf2_md = opt_arg();
+            break;
         case OPT_CERTPBE:
             if (!set_pbe(&cert_pbe, opt_arg()))
                 goto opthelp;
@@ -700,10 +708,20 @@ int pkcs12_main(int argc, char **argv)
         }
 
         if (maciter != -1) {
-            if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) {
-                BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n");
-                BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n");
-                goto export_end;
+            if (pbmac1_pbkdf2 == 1) {
+                if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
+                                              macsaltlen, maciter,
+                                              macmd, pbmac1_pbkdf2_md)) {
+                    BIO_printf(bio_err, "Error creating PBMAC1\n");
+                    goto export_end;
+                }
+            } else {
+                if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) {
+                    BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n");
+                    BIO_printf(bio_err,
+                               "Use -nomac or -pbmac1_pbkdf2 if PKCS12KDF support not available\n");
+                    goto export_end;
+                }
             }
         }
         assert(private);
@@ -774,11 +792,32 @@ int pkcs12_main(int argc, char **argv)
         X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
         BIO_puts(bio_err, "MAC: ");
         i2a_ASN1_OBJECT(bio_err, macobj);
-        BIO_printf(bio_err, ", Iteration %ld\n",
-                   tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
-        BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
-                   tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
-                   tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
+        if (OBJ_obj2nid(macobj) == NID_pbmac1) {
+            PBKDF2PARAM *pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalgid);
+
+            if (pbkdf2_param == NULL) {
+                BIO_printf(bio_err, ", Unsupported KDF or params for PBMAC1\n");
+            } else {
+                const ASN1_OBJECT *prfobj;
+
+                BIO_printf(bio_err, " using PBKDF2, Iteration %ld\n",
+                           ASN1_INTEGER_get(pbkdf2_param->iter));
+                BIO_printf(bio_err, "Key length: %ld, Salt length: %d\n",
+                           ASN1_INTEGER_get(pbkdf2_param->keylength),
+                           ASN1_STRING_length(pbkdf2_param->salt->value.octet_string));
+                X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf);
+                BIO_printf(bio_err, "PBKDF2 PRF: ");
+                i2a_ASN1_OBJECT(bio_err, prfobj);
+                BIO_printf(bio_err, "\n");
+            }
+            PBKDF2PARAM_free(pbkdf2_param);
+        } else {
+            BIO_printf(bio_err, ", Iteration %ld\n",
+                       tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+            BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
+                       tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
+                       tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
+        }
     }
     if (macver) {
         EVP_KDF *pkcs12kdf;

diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
@@ -35,6 +35,13 @@ ASN1_SEQUENCE(PBKDF2PARAM) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
+ASN1_SEQUENCE(PBMAC1PARAM) = {
+    ASN1_SIMPLE(PBMAC1PARAM, keyDerivationFunc, X509_ALGOR),
+    ASN1_SIMPLE(PBMAC1PARAM, messageAuthScheme, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBMAC1PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBMAC1PARAM)
+
 /*
  * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
  * this is horrible! Extended version to allow application supplied PRF NID

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
@@ -20,6 +20,7 @@
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #include "internal/cryptlib.h"
+#include "internal/nelem.h"
 #include "internal/provider.h"
 #include "internal/core.h"
 #include "crypto/evp.h"
@@ -1185,3 +1186,56 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
                        (void (*)(void *, void *))fn, arg,
                        evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
 }
+
+typedef struct {
+    int md_nid;
+    int hmac_nid;
+} ossl_hmacmd_pair;
+
+static const ossl_hmacmd_pair ossl_hmacmd_pairs[] = {
+    {NID_sha1, NID_hmacWithSHA1},
+    {NID_md5, NID_hmacWithMD5},
+    {NID_sha224, NID_hmacWithSHA224},
+    {NID_sha256, NID_hmacWithSHA256},
+    {NID_sha384, NID_hmacWithSHA384},
+    {NID_sha512, NID_hmacWithSHA512},
+    {NID_id_GostR3411_94, NID_id_HMACGostR3411_94},
+    {NID_id_GostR3411_2012_256, NID_id_tc26_hmac_gost_3411_2012_256},
+    {NID_id_GostR3411_2012_512, NID_id_tc26_hmac_gost_3411_2012_512},
+    {NID_sha3_224, NID_hmac_sha3_224},
+    {NID_sha3_256, NID_hmac_sha3_256},
+    {NID_sha3_384, NID_hmac_sha3_384},
+    {NID_sha3_512, NID_hmac_sha3_512},
+    {NID_sha512_224, NID_hmacWithSHA512_224},
+    {NID_sha512_256, NID_hmacWithSHA512_256}
+};
+
+int ossl_hmac2mdnid(int hmac_nid)
+{
+    int md_nid = NID_undef;
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) {
+        if (ossl_hmacmd_pairs[i].hmac_nid == hmac_nid) {
+            md_nid = ossl_hmacmd_pairs[i].md_nid;
+            break;
+        }
+    }
+
+    return md_nid;
+}
+
+int ossl_md2hmacnid(int md_nid)
+{
+    int hmac_nid = NID_undef;
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) {
+        if (ossl_hmacmd_pairs[i].md_nid == md_nid) {
+            hmac_nid = ossl_hmacmd_pairs[i].hmac_nid;
+            break;
+        }
+    }
+
+    return hmac_nid;
+}