Support PBMAC1 usage in PKCS#12
- Support PBMAC1 usage in PKCS#12
This allows usage of PBMAC1 as the MAC to verify a PKCS#12 structure, following draft-ietf-lamps-pkcs12-pbmac1[1]. While the MAC verification is transparent, the generation requires a new API gnutls_pkcs12_generate_mac3 to be used with the GNUTLS_PKCS12_USE_PBMAC1 flag.
certtool has also been extended with the --pbmac1 option, which can be used in combination with --to-p12.
Signed-off-by: Daiki Ueno ueno@gnu.org
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Daiki Ueno