MacOS security framework fails to import RFC 7292 compliant PKCS #12 v1.1 file into keychain using modern cyphers
Originator: | tmoschou | ||
Number: | rdar://FB8988319 | Date Originated: | 2021-02-03 |
Status: | Open | Resolved: | |
Product: | Security Framework | Product Version: | MacOS 10.15.7 |
Classification: | Application Crash | Reproducible: |
Attempts to import a PKCS 12 archive using SHA256 for the MAC when running “security import file.p12 -k ~/Library/Keychains/login.keychain -f pkcs12 -t egg” errors with: “Sorry you entered an invalid password” “security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)” Specifically as per RFC 7292 Appendix A: Message Authentication Codes (MACs) “The hash function HMAC is based on is identified in the MacData, which holds the MAC; for this version of this standard, the hash function can be one of the following: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256 [10].” However it seems only SHA1 is supported (I suspect as this was the only cypher listed at the time in the v1.0 spec). Further it seems the security framework cannot parse encrypted data / shrouded keybag / etc, using PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256 or PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA1 And errors with: “security: SecKeychainItemImport: Unknown format in import” Specifically as per RFC 7292 Appendix B: Deriving Keys and IVs from Passwords and Salt: “Note that this method for password privacy mode is not recommended and is deprecated for new usage. The procedures and algorithms defined in PKCS #5 v2.1 [13] [22] should be used instead. Specifically, PBES2 should be used as encryption scheme, with PBKDF2 as the key derivation function.” Additionally RFC 8018 PKCS #5 v2.1: Appendix D. Revision History of PKCS #5 “* Introduces AES/CBC as an encryption scheme for PBES2 and HMAC with the hash functions SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 as pseudorandom functions for PBKDF2 and message authentication schemes for PBMAC1.” It should be noted that OpenSSL 3 will by default move to AES-256-CBC for the encryption by default for the certificate and private key PBE algorithm instead of the legacy RC2-40 or 3DES. Steps to reproduce: Using either LibreSSL 2.8.3 or OpenSSL 1.1.1h # Generate cert and private key openssl req -x509 -out cert.pem -sha256 -newkey rsa:2048 -keyout key.pem -nodes -subj "/CN=Self Signed Test Cert/" # Generate pkcs12 archive using sha256 hash algorithm for the MAC openssl pkcs12 -export -inkey key.pem -in cert.pem -out file-mac-sha256.p12 -name "My Certificate" -password pass:1234 -macalg sha256 # Generate pkcs12 archive using aes-256-cbc PBES2 for the certs and private keys openssl pkcs12 -export -inkey key.pem -in cert.pem -out file-pbes2-aes256.p12 -name "My Certificate" -password pass:1234 -keypbe aes-256-cbc -certpbe aes-256-cbc # Import with (using password 1234) security import file-mac-sha256.p12 -k ~/Library/Keychains/login.keychain -f pkcs12 -t agg security import file-pbes2-aes256.p12 -k ~/Library/Keychains/login.keychain -f pkcs12 -t agg Expected Results: 1 identity imported. Actual results: (file-mac-sha256.p12) Sorry you entered an invalid password security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?) (file-pbes2-aes256.p12) security: SecKeychainItemImport: Unknown format in import. Note the same error happens when double-clicking on the archives in finder. Attachments: Attached are the test PKCS 12 archives as well as info dump from “openssl pkcs12 -info -in …” as formatted by OpenSSL 1.1.1h.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!