IETF Logo Mail Archive

Re: [lamps] draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 06 August 2021 01:10 UTC

Return-Path: <prvs=7852eedb6a=uri@ll.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C1CC3A152D for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 18:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id firT2ylkq9TE for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 18:10:54 -0700 (PDT)
Received: from llmx3.ll.mit.edu (llmx3.ll.mit.edu [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28F563A1528 for <spasm@ietf.org>; Thu, 5 Aug 2021 18:10:53 -0700 (PDT)
Received: from LLE2K16-HYBRD01.mitll.ad.local (LLE2K16-HYBRD01.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 1761Ao7j030531; Thu, 5 Aug 2021 21:10:50 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=wBcK48nP1E5V3cG0gtlDvoWalTn4VtjGAtiW7XW/quZkL704qvOHIZ+ChJWvE/T1kK3PWmoqZccxbtz5dbKMh5eIcO+e9EFDAkXH7v4HsupAkc762f/jU1ogrKgHXaD1vwNfM74RjWLMn+nkr9OARWqXy28gDXOFkFVEMVeHmkBDEV9rsvQT5HMf+DNfYRVTHmiRfQMmctW50TLC9eZzKcMftVgPUqcM8NGnY25BG0P9dnOoA3+y5ARbcaiQxUeMM1MOXgVqiyoG8Rj3H2x3mxOpfBzm+z6qI5lAwvfTjyHXZRdZRagFIGKiJMBL+4zNwHNO+owuH0+vQiCLD+UOPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QBPEwZaWJUHEMcI8On+SLxoLzEauaCunNBcsVaH1U+c=; b=dLtXJpJNoVs3sBCs1VKcIGAnwXcheSE5lN5sSUlqModIS3XQt7BlNDcN7L8ejh/3NJDdEmiKfDEj0siWZlMwmezDiPYn8uxdDc415cyV2mUHbgDPlmHYsPuFC8VhtPU9NF4delaDmSO54xy+DxQKXJpzqy8MeidbN0lKZY92DhjLreWURbClYcZFqNbcD25rEUZ3pJfXZGqdrsXQWcppDCd5V+XrNj/wThkj+x83Au1t3ny/D0672I+Pm0aOTbZ82WSSQhm0V8mwN5VNK+UiHSloFNUT4mtPzPECs/1zGXUNBiro87OvOn91pOpiOW+oE5+NuLYGc6+R4nv486U5aQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)
Thread-Index: AQHXhNAH7j97rn/mLk+L5HJAqzqW96tbnMqAgADw7ICAAU3ZAIABR6MAgAA0LoCAAbQVgIAAu9UAgACTwgCAABGTAIABILMAgACQVACAAZLhAP//wo6A
Date: Fri, 06 Aug 2021 01:10:46 +0000
Message-ID: <C6B70B01-0C4E-4A97-9853-CC872E776770@ll.mit.edu>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <87mtpy3zkl.fsf@fifthhorseman.net> <CAErg=HFvQ=5jN+BoDL-W33iYxHoPULov4TEzqYf9nONbtnANJQ@mail.gmail.com> <87a6lw4syd.fsf@fifthhorseman.net> <87lf5f2y73.fsf@fifthhorseman.net>
In-Reply-To: <87lf5f2y73.fsf@fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: fifthhorseman.net; dkim=none (message not signed) header.d=none;fifthhorseman.net; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 21f863a2-3433-4252-47b2-08d9587705af
x-ms-traffictypediagnostic: CY1P110MB0821:
x-microsoft-antispam-prvs: <CY1P110MB0821A490D57C0573F27E022390F39@CY1P110MB0821.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4Xq1+Ol2x4kJU97n1mSvTt8Fq7tsWisRlr/2GhOkBHLaf72VHJSzlu3pRQJ4ykCJFscqppiovWeSL6GMjdz9b+RrP4eYCcfiebJHpxonnYh1XGK0VpucJuUhzvRttbUDXVO/utjP4mUr+KL23UV29a7nu6M8/piWl76qvhHaBYmgnKUG1rGhVbUgwOT0weqCPrQgRkSg0kT7W3uyfVRvJgz/6AKG87YpfIkDLgjAi6hn7k9z+wi+lcN+UNqLz3dOY2VBpwvbgCy67lmlr7aL3wL+tcqjkioQQjbfAe6plI5k6bNE2KnBuLRqi+oB18AThiD9CYd2o3HFtmYPRv5Qqyn67G1xj39OfsBLnIZqe5s7NSQLpejUoAXkz2PUxlaKbYzlyUIRwzS50PySvAn1GcSj1wNVsvB283Oe3Wt5sc+GatDS0XnPPbFKbc6XFviX+P5qS6aKcFpWIoDBaC4ELWq931ANDhoIyEOXm6xLTqUrH8kxpZrytNuYbdn4Px+yu9Ko8rTavNw31ACnFtC1KBXI9K+eVCSJ+pQfJ33zyvSokxEPhhFFtWrRaFRRrEziCio4AX+tJsx174XQNteHOqZO0GxQb7I3djbFpURq6KDSz2wei/okdK8+WBd9HVoKWz6si5IY87tm9o4GcaYhlHpns7hhlejrQtEFPz63utWE97MHhc22BU+zXmY5ibs1YZO0YXnTt/8qyeAoJopgxtrhN93nL96PxZ4Vxe8hdGava4mp1Hr+phy32EhHQNyv1Uo0M2zx1lNG7OZn5NTqLd+mWa8wz5ePbAADhZVb+SsmTGFYAWeAgax6h2G5duYv
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0677.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(6486002)(8676002)(33656002)(6506007)(8936002)(76116006)(26005)(186003)(99936003)(2616005)(2906002)(66946007)(66476007)(6512007)(66616009)(83380400001)(86362001)(66446008)(64756008)(71200400001)(66556008)(498600001)(5660300002)(75432002)(110136005)(38070700005)(122000001)(38100700002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AcWEDuf/OMapdPVkgBh2VRL0/5Gj+yJdMQyejc4o4gqOTIPaQhG6SCHuYJLpI9JIToLOOEouDTWFYSrb1KJr+HVUPmUpOP0Bwd5Sw2RW1MeYqmgc9kC/PSY4gZIAMaDST9VK75dtsilMTKbvtYLnvyZ6aPKJdSlZ+fo4T/cjOIbhiR90wptn6twJ1zfu2dmYY0NaWm5EpWrV5XtfbfLfFItmDAgphgyB6TvmCncD9Ia/9MJGYd8Dsvn8gaXpZJ0MdeUxLWbz731zrMSA5ZhYB45bLwgY0Rn03c4dxKOves6WrKr/LfkJFTPC2iTPYhycj4G8X6dLVTX98Nytqc3mKwFYp6z5kyUFup1u1faIFcKw38sG3MZqsPypvz8ceeN8Gdapgqr9UUOpUlPWgC5HRr2D6pEWZ2doct1T6QKYq6t/11HeXBkZk34B1WIXK0B4qumy9hJPKpY6HlE3yjEsbEhWyu7NfR5WLTn9A9JRuba8QPO3sVmIR3bor+AngHZGam+F4mwNk+saNE2//wWBsT15fokkMz9RByfVUDqcvwZkN8OTzaroHmOkzRx+JTZSqJbLGDkXMeNIaEHEAfWiFxf8gtcsu/MnUXNjDDUUeepK5ZI3DlO1hvhT3Np0u/aL4eeoRux74WZigybxGV1gh5RJ1d1j56PnUBYAA/wuCCGVBQdxvsLgeQObRNX3mdpEaf/rQztkHqXMwlovkdw2tITUQlrGFeBX3B/TDXhR9StOji8FiE72Azh7Uuu7tskT6gVuMSBHRCuAjFwUsV/wAWhIrwdP7RKuhb1yRjAbOpM+yBtXZ9DeolTk8NQ/RMQLQpOPhrcO9Jj2+mpBEsezhqpq6VNwC0CsYJ1ovtgvusxr/PCESn+UYJPeWWwD1+lMoG3hr9GVY6gHuErVKTPNtPF1cok7tp/yn+k6fUt6F46JwruMDWCQuEeiyH0tlfMPZcqGEvzTgXXVeBUJWEm68i2gDeZjx6K3fhbYOlF7BUAiC0dFKwpEThBkIBx+3RzJ2TZAyApD0hlXEtULRnlV1OXuShgeqZMm4DhCQGSv52a7Nc4RfArys7ipRIj3SCZsGcOvZiMUuxdiY+eGFYuQR/Ob3v0btJr+NZC9WVHHMrYXEdgOGlT1Y6iK8nA8mZ7/XumSK/tWYABbn9psInooUYXIz4AxiFO7enEjtlHw6jml4M++aWCKTvc2JZR0M+uS0awxw1wofnMuSZZzOyNf7sZOWv4DHmu3jUvlurHrcC/yGFk2BYr6lU15poW/QatT
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3711042645_1132719165"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0677.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 21f863a2-3433-4252-47b2-08d9587705af
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2021 01:10:46.7132 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0821
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-05_11:2021-08-05, 2021-08-05 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2108060005
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/kvF7j4EYyp5icQgRrJLA6AGrwpc>
Subject: Re: [lamps] draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2021 01:10:59 -0000

I wonder if Keychain Access would accept SHA256 MAC.

Because it would be nicer if we could stick with SHA2, not encumbering the stack with SHA1 code (and some implementations might have a requirement to exclude "unblessed" algorithms).

TNX
--
Regards,
Uri
 
There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare
 

On 8/5/21, 21:05, "Spasm on behalf of Daniel Kahn Gillmor" <spasm-bounces@ietf.org on behalf of dkg@fifthhorseman.net> wrote:

    I've just published draft-ietf-lamps-samples-05 after figuring out what
    i needed to do to make Keychain Access accept the PKCS#12 objects.

    The necessary change was to make the PKCS#12 MAC
    (https://www.rfc-editor.org/rfc/rfc7292.html#appendix-A) use SHA1
    instead of SHA512.

    I have no idea why Keychain Access would fail when the MAC is SHA512
    instead.  I have not yet experimented with other digests with Keychain
    Access.

    Before I figured out that this specifically was the issue, i modified
    the certficate generation code in GnuTLS to account for all the
    divergences i could account for that were *not* due to indefinite
    encoding.

    This included these two differences:

    On Wed 2021-08-04 20:48:42 -0400, Daniel Kahn Gillmor wrote:

    >  a) The order of the certificates and encrypted pkcs8 blobs might
    >     matter.
    >
    >  b) The absence of the friendlyName on bob.p12[bag[1]] might matter.

    And all the rest here:

     c) the PKCS-8 keys in the original bob.p12 contain a PKCS#8 Provable
        Seed attribute (1.3.6.1.4.1.2312.18.8.1) to indicate their origin,
        but the laundered form does not retain those attributes.

     d) the original bob.p12 file has a separate bag with just the
        certification authority cert in it, whereas bob.laundered.p12 has
        the CA's cert prepended to both EE bags.

     e) embedded PKCS-8 encryption uses different choices for password-based
        key derivation (both use:
         - laundered: 16 octet salt, 600000 iterations
         - bin: 8 octet salt, 5126 iterations

     f) cert bags use different encryption choices:
         - laundered: PKCS12-RC2-40-SHA1 (1.2.840.113549.1.12.1.6),
           16-octet salt and 6000000 iterations
         - bin: PKCS12-3DES-SHA1 (1.2.840.113549.1.12.1.3),
           8-octet salt and 5301 iterations

     g) overall MAC parameters:
         - laundered:  16-octet salt and 600000 iterations;
         - bin:         8-octet salt and 10240 iterations

    There is a tremendous amount of multidimensional flexibility in the
    PKCS#12 spec, so i thought it might be worthwhile to publicly note all
    the different axes of permutation that i considered before landing on
    the quirk specific to this particular implementation.

    Anyway, i think this particular issue has been resolved for the draft.
    I'll follow up in a separate thread about what i think remains for the
    WG here.

        --dkg

v2.23.0 | Report a Bug | By Email