Page MenuHome GnuPG
Create Task
Maniphest T6536

Extend P12 parser for ShroudedKeyBag inside a CertBag
Closed, ResolvedPublic
Actions

Description

This is yet another variant of PKCS#12 encoding BS. No public sample yet.

Revisions and Commits

rG GnuPG
rG5601f5db9862 gpgsm: Improvements for NDEF in the pkcs#12 parser
rG9976285ff065 sm: Support more HMAC algos in the pkcs#12 parser.
rG24b3a5a5794d sm: Support more HMAC algos in the pkcs#12 parser.
rGbb157044a044 sm: Improve the octet string cramming for pkcs#12
rGc1f78634ec39 sm: Improve the octet string cramming for pkcs#12
rGa6dad932f429 sm: Complete rewrite of the PKCS#12 parser
rG5f694dc0be99 sm: Adding missing stuff to the PKCS#12 parser rewrite.
rG101433dfb42b sm: Major rewrite of the PKCS#12 parser

Related Objects

Event Timeline

werner triaged this task as Normal priority.Jun 14 2023, 12:36 PM
werner created this task.
werner added a project: Bug Report.Jun 14 2023, 12:39 PM
werner moved this task from Backlog to WiP on the gnupg24 board.Jun 22 2023, 9:21 AM
werner added a comment.Jun 28 2023, 5:33 PM

Partly done for 2.4. The cram-octet-string stuff is missing, though.

werner added a commit: rG101433dfb42b: sm: Major rewrite of the PKCS#12 parser.Jun 28 2023, 5:37 PM
werner added a commit: rG5f694dc0be99: sm: Adding missing stuff to the PKCS#12 parser rewrite..Jun 29 2023, 6:04 PM
werner moved this task from WiP to QA on the gnupg24 board.Jun 29 2023, 6:05 PM
werner edited projects, added gnupg24 (gnupg-2.4.3); removed gnupg24.Jul 4 2023, 2:45 PM

This was tested by me against the actual sample and the sample is now part of our internal regression test suite.

werner mentioned this in T6509: Release GnuPG 2.4.3.Jul 4 2023, 4:57 PM
werner moved this task from Backlog to WiP on the gnupg22 board.Jul 5 2023, 2:23 PM
werner changed the task status from Open to Testing.Jul 5 2023, 2:30 PM
werner moved this task from WiP to QA on the gnupg22 board.
werner added a commit: rGa6dad932f429: sm: Complete rewrite of the PKCS#12 parser.Jul 5 2023, 2:30 PM
werner edited projects, added gnupg22 (gnupg-2.2.42); removed gnupg22.Jul 5 2023, 2:31 PM

Same for the backport to 2.2 which uses the same test suite.

ebo added a subscriber: ebo.EditedSep 18 2023, 3:11 PM

With Gpg4win-4.2.1-beta31 I can no longer import the secret part of the edward.tester@demo.gnupg.com.p12 Testkey. Error is "Invalid object".

werner added a commit: rGc1f78634ec39: sm: Improve the octet string cramming for pkcs#12.Oct 5 2023, 10:25 AM
werner added a comment.Oct 5 2023, 10:26 AM

Okay, I found and fixed the import problem in 2.4 and will backport this to 2.2

werner added a commit: rGbb157044a044: sm: Improve the octet string cramming for pkcs#12.Oct 5 2023, 10:36 AM
werner edited projects, added gnupg24; removed gnupg24 (gnupg-2.4.3).Oct 5 2023, 10:39 AM
werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 5 2023, 10:42 AM
werner mentioned this in T6253: GpgSM: Backport ECC support to 2.2.Oct 5 2023, 11:30 AM
werner added a commit: rG24b3a5a5794d: sm: Support more HMAC algos in the pkcs#12 parser..Oct 6 2023, 11:17 AM
werner added a commit: rG9976285ff065: sm: Support more HMAC algos in the pkcs#12 parser..Oct 6 2023, 11:23 AM
werner added a commit: rG5601f5db9862: gpgsm: Improvements for NDEF in the pkcs#12 parser.Oct 10 2023, 11:42 AM
ebo added a comment.Oct 17 2023, 3:51 PM

With VS-Desktop-3.1.90.246-Beta I can not import the secret part of the edward.tester@demo.gnupg.com.p12 Testkey (ECC brainpool).
I do not see any error message.

werner added a comment.Oct 24 2023, 2:16 PM

Now fixed in 2.2 and 2.4 (commits rG08f0b9ea2e955209d467f1ff624bf7abd10ae7ac and rG7661d2fbc6eb533016df63a86ec3e35bf00cfb1f). See also T6752

lecris added a subscriber: lecris.Oct 25 2023, 3:44 PM

Would love to test this, but I can't seem to compile this project, getting stuck at The system does not provide a working iconv function. Is there a Fedora based dockerfile or equivalent where I could build it? Here is the reference Fedora source. I have tried to hack it and build from a gitarchive, but I am still encountering issues No rule to make target 'audit-events.h', needed by 'all'. Stop.

Are there any CIs that validate the project that I could reference?

ebo closed this task as Resolved.Oct 30 2023, 3:36 PM
ebo claimed this task.

works, the secret part is now imported, too, tested with VS-Desktop-3.1.90.258-Beta

ebo reopened this task as Testing.Oct 30 2023, 3:36 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Nov 9 2023, 3:27 PM
werner mentioned this in T6307: Release GnuPG 2.2.42.Nov 28 2023, 4:59 PM
zablockil mentioned this in T6940: gpgsm: .p12 AES-256-CBC support.Jan 15 2024, 6:43 PM
werner closed this task as Resolved.Jan 24 2024, 11:40 AM
werner moved this task from QA to gnupg-2.4.4 on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.4); removed gnupg24.

Closing because we believe things are fixed and our test suite confirms that. Feel free to -reopen in case your own file does not import with 2.4.4.

werner mentioned this in T6578: Release GnuPG 2.4.4.Jan 25 2024, 11:37 AM
werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM