sm: Support more HMAC algos in the pkcs#12 parser.

* sm/minip12.c (oid_hmacWithSHA1): New.  Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.

* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.

* tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/cms/samplekeys/Description-p12: Add this one.
* tests/cms/Makefile.am (EXTRA_DIST): Ditto.
--

This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.

GnuPG-bug-id: 6536

1 files changed, 10 insertions, 2 deletions

diff --git a/sm/t-minip12.c b/sm/t-minip12.c
index de6b7e5cc..bf3177ea0 100644
--- a/sm/t-minip12.c
+++ b/sm/t-minip12.c
@@ -559,13 +559,21 @@ run_one_test (const char *name, const char *desc, const char *pass,
   else if (!certexpected && certstr)
     printresult ("FAIL: %s - no certs expected but got one\n", name);
   else if (certexpected && certstr && strcmp (certexpected, certstr))
-    printresult ("FAIL: %s - certs not as expected\n", name);
+    {
+      printresult ("FAIL: %s - certs not as expected\n", name);
+      inf ("cert(exp)=%s", certexpected);
+      inf ("cert(got)=%s", certstr? certstr:"[null]");
+    }
   else if (keyexpected && !resulthash)
     printresult ("FAIL: %s - expected key but got none\n", name);
   else if (!keyexpected && resulthash)
     printresult ("FAIL: %s - key not expected but got one\n", name);
   else if (keyexpected && resulthash && strcmp (keyexpected, resulthash))
-    printresult ("FAIL: %s - keys not as expected\n", name);
+    {
+      printresult ("FAIL: %s - keys not as expected\n", name);
+      inf ("key(exp)=%s", keyexpected);
+      inf ("key(got)=%s", resulthash? resulthash:"[null]");
+    }
   else
     {
       printresult ("PASS: %s\n", name);