Support PBMAC1 usage in PKCS#12

Review changes
Download
Patches
Plain diff

Daiki Ueno requested to merge dueno/gnutls:wip/dueno/pkcs12-pbmac1 into master Apr 30, 2024

Overview 19
Commits 5
Pipelines 13
Changes 26

Support PBMAC1 usage in PKCS#12

This allows usage of PBMAC1 as the MAC to verify a PKCS#12 structure, following draft-ietf-lamps-pkcs12-pbmac1[1]. While the MAC verification is transparent, the generation requires a new API gnutls_pkcs12_generate_mac3 to be used with the GNUTLS_PKCS12_USE_PBMAC1 flag.

certtool has also been extended with the --pbmac1 option, which can be used in combination with --to-p12.

https://datatracker.ietf.org/doc/draft-ietf-lamps-pkcs12-pbmac1/

Signed-off-by: Daiki Ueno ueno@gnu.org

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated / NEWS entry present (for non-trivial changes)
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited May 05, 2024 by Daiki Ueno

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking