From 24b3a5a5794db4bb69b38a1df099d5e59cccf2b3 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 6 Oct 2023 10:57:12 +0200
Subject: sm: Support more HMAC algos in the pkcs#12 parser.

* sm/minip12.c (oid_hmacWithSHA1): New.  Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.

* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.

* tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/cms/samplekeys/Description-p12: Add this one.
* tests/cms/Makefile.am (EXTRA_DIST): Ditto.
--

This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.

GnuPG-bug-id: 6536
---
 tests/cms/Makefile.am                                 |   1 +
 tests/cms/samplekeys/Description-p12                  |   6 ++++++
 tests/cms/samplekeys/nistp256-openssl-self-signed.p12 | Bin 0 -> 1232 bytes
 3 files changed, 7 insertions(+)
 create mode 100644 tests/cms/samplekeys/nistp256-openssl-self-signed.p12

(limited to 'tests')

diff --git a/tests/cms/Makefile.am b/tests/cms/Makefile.am
index d5d753902..b43fb1c91 100644
--- a/tests/cms/Makefile.am
+++ b/tests/cms/Makefile.am
@@ -100,6 +100,7 @@ EXTRA_DIST = $(XTESTS) $(KEYS) $(CERTS) $(TEST_FILES) \
              samplekeys/t5793-openssl.pfx \
              samplekeys/t5793-test.pfx \
              samplekeys/edward.tester@demo.gnupg.com.p12 \
+	     samplekeys/nistp256-openssl-self-signed.p12 \
              samplemsgs/pwri-sample.cbc.p7m \
              samplemsgs/pwri-sample.cbc-2.p7m \
              samplemsgs/pwri-sample.gcm.p7m \
diff --git a/tests/cms/samplekeys/Description-p12 b/tests/cms/samplekeys/Description-p12
index 6fbbd82cf..a73998fac 100644
--- a/tests/cms/samplekeys/Description-p12
+++ b/tests/cms/samplekeys/Description-p12
@@ -39,4 +39,10 @@ Pass: abc,123456
 Cert: ff810b9281a43c394aa138e9c7fd4c0193216fa6
 Key:  94c6d0b067370a8f2a09ae43cfe8d700bbd61e75
 
+Name: nistp256-openssl-self-signed.p12
+Desc: OpenSSL generated self-signed nistp256 key+cert
+Pass: abc
+Cert: 5cea0c5bf09ccd92535267c662fc098f6c81c27e
+Key:  3cb2fba95d1976df69eb7aa8c65ac5354e15af32
+
 # eof #
diff --git a/tests/cms/samplekeys/nistp256-openssl-self-signed.p12 b/tests/cms/samplekeys/nistp256-openssl-self-signed.p12
new file mode 100644
index 000000000..9eeebdae3
Binary files /dev/null and b/tests/cms/samplekeys/nistp256-openssl-self-signed.p12 differ
-- 
cgit v1.2.3