Octet string splitting breaks PKCS #12 importing in Windows

[pboguslawski]

PKCS#12 created using code from #403 gives us splitted encrypted key payload and splitted encrypted cert payload (1024B boundary):

$ openssl asn1parse -inform der -i -in test.p12 
    0:d=0  hl=4 l=3200 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim:  INTEGER           :03
    7:d=1  hl=4 l=3071 cons:  SEQUENCE          
   11:d=2  hl=2 l=   9 prim:   OBJECT            :pkcs7-data
   22:d=2  hl=4 l=3056 cons:   cont [ 0 ]        
   26:d=3  hl=4 l=3052 prim:    OCTET STRING      [HEX DUMP]:308[...]
 3082:d=1  hl=2 l= 120 cons:  SEQUENCE          
 3084:d=2  hl=2 l=  47 cons:   SEQUENCE          
 3086:d=3  hl=2 l=  11 cons:    SEQUENCE          
 3088:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
 3099:d=3  hl=2 l=  32 prim:    OCTET STRING      [HEX DUMP]:A77[...]
 3133:d=2  hl=2 l=  64 prim:   OCTET STRING      [HEX DUMP]:273[...]
 3199:d=2  hl=2 l=   3 prim:   INTEGER           :0927C0

$ openssl asn1parse -inform der -i -strparse 30 -in test.p12 
    0:d=0  hl=2 l=inf  cons: SEQUENCE          
    2:d=1  hl=2 l=inf  cons:  SEQUENCE          
    4:d=2  hl=2 l=   9 prim:   OBJECT            :pkcs7-encryptedData
   15:d=2  hl=2 l=inf  cons:   cont [ 0 ]        
   17:d=3  hl=2 l=inf  cons:    SEQUENCE          
   19:d=4  hl=2 l=   1 prim:     INTEGER           :00
   22:d=4  hl=2 l=inf  cons:     SEQUENCE          
   24:d=5  hl=2 l=   9 prim:      OBJECT            :pkcs7-data
   35:d=5  hl=2 l= 112 cons:      SEQUENCE          
   37:d=6  hl=2 l=   9 prim:       OBJECT            :PBES2
   48:d=6  hl=2 l=  99 cons:       SEQUENCE          
   50:d=7  hl=2 l=  66 cons:        SEQUENCE          
   52:d=8  hl=2 l=   9 prim:         OBJECT            :PBKDF2
   63:d=8  hl=2 l=  53 cons:         SEQUENCE          
   65:d=9  hl=2 l=  32 prim:          OCTET STRING      [HEX DUMP]:1BE[...]
   99:d=9  hl=2 l=   3 prim:          INTEGER           :0927C0
  104:d=9  hl=2 l=  12 cons:          SEQUENCE          
  106:d=10 hl=2 l=   8 prim:           OBJECT            :hmacWithSHA256
  116:d=10 hl=2 l=   0 prim:           NULL              
  118:d=7  hl=2 l=  29 cons:        SEQUENCE          
  120:d=8  hl=2 l=   9 prim:         OBJECT            :aes-256-cbc
  131:d=8  hl=2 l=  16 prim:         OCTET STRING      [HEX DUMP]:2F1[...]
  149:d=5  hl=2 l=inf  cons:      cont [ 0 ]        
  151:d=6  hl=4 l=1024 prim:       OCTET STRING      [HEX DUMP]:EFC[...]         <<<<<< HERE
 1179:d=6  hl=4 l= 368 prim:       OCTET STRING      [HEX DUMP]:166[...]         <<<<<<
 1551:d=6  hl=2 l=   0 prim:       EOC               
 1553:d=5  hl=2 l=   0 prim:      EOC               
 1555:d=4  hl=2 l=   0 prim:     EOC               
 1557:d=3  hl=2 l=   0 prim:    EOC               
 1559:d=2  hl=2 l=   0 prim:   EOC               
 1561:d=1  hl=4 l=1485 cons:  SEQUENCE          
 1565:d=2  hl=2 l=   9 prim:   OBJECT            :pkcs7-data
 1576:d=2  hl=4 l=1470 cons:   cont [ 0 ]        
 1580:d=3  hl=4 l=1466 prim:    OCTET STRING      [HEX DUMP]:308[...]
 3050:d=1  hl=2 l=   0 prim:  EOC               

$ openssl asn1parse -inform der -i -strparse 1614 -in test.p12 
    0:d=0  hl=4 l=1462 cons: SEQUENCE          
    4:d=1  hl=4 l=1458 cons:  SEQUENCE          
    8:d=2  hl=2 l=  11 prim:   OBJECT            :pkcs8ShroudedKeyBag
   21:d=2  hl=4 l=1345 cons:   cont [ 0 ]        
   25:d=3  hl=4 l=1341 cons:    SEQUENCE          
   29:d=4  hl=2 l= 112 cons:     SEQUENCE          
   31:d=5  hl=2 l=   9 prim:      OBJECT            :PBES2
   42:d=5  hl=2 l=  99 cons:      SEQUENCE          
   44:d=6  hl=2 l=  66 cons:       SEQUENCE          
   46:d=7  hl=2 l=   9 prim:        OBJECT            :PBKDF2
   57:d=7  hl=2 l=  53 cons:        SEQUENCE          
   59:d=8  hl=2 l=  32 prim:         OCTET STRING      [HEX DUMP]:835[...]
   93:d=8  hl=2 l=   3 prim:         INTEGER           :0927C0
   98:d=8  hl=2 l=  12 cons:         SEQUENCE          
  100:d=9  hl=2 l=   8 prim:          OBJECT            :hmacWithSHA256
  110:d=9  hl=2 l=   0 prim:          NULL              
  112:d=6  hl=2 l=  29 cons:       SEQUENCE          
  114:d=7  hl=2 l=   9 prim:        OBJECT            :aes-256-cbc
  125:d=7  hl=2 l=  16 prim:        OCTET STRING      [HEX DUMP]:791[...]
  143:d=4  hl=4 l=1223 cons:     OCTET STRING      
  147:d=5  hl=4 l=1024 prim:      OCTET STRING      [HEX DUMP]:4D8[...]        <<<<<< AND HERE
 1175:d=5  hl=3 l= 192 prim:      OCTET STRING      [HEX DUMP]:DF8[...]        <<<<<<
 1370:d=2  hl=2 l=  94 cons:   SET               
 1372:d=3  hl=2 l=  35 cons:    SEQUENCE          
 1374:d=4  hl=2 l=   9 prim:     OBJECT            :localKeyID
 1385:d=4  hl=2 l=  22 cons:     SET               
 1387:d=5  hl=2 l=  20 prim:      OCTET STRING      [HEX DUMP]:5A0[...]
 1409:d=3  hl=2 l=  55 cons:    SEQUENCE          
 1411:d=4  hl=2 l=   9 prim:     OBJECT            :friendlyName
 1422:d=4  hl=2 l=  42 cons:     SET               
 1424:d=5  hl=2 l=  40 prim:      BMPSTRING         

Importing such p12 file in Windows 10 or 11 to OS cert store works unstable - sometimes key+cert is imported fine but sometimes it seems key is not attached to cert (smartcard dialog appears on import, auth using such cert does not work, windows cert console displays cert+key in other certs not personal).

certutil also throws an error when trying to open such p12 file:

>certutil -v -dump C:\mydir\test.p12
Enter PFX password:
Cannot decode object: [...]. 0x80090005 (-2146893819 NTE_BAD_DATA)
CertUtil: -dump command FAILED: 0x80090005 (-2146893819 NTE_BAD_DATA)
[...]

No such problems when importing same file in Firefox or Android.

p12 files produced by Firefox and OpenSSL do not contain splitted octet strings (only prims) and work fine in Windows.

After disabling splitting in pkijs i.e.

-                if (this.encryptedContent.idBlock.isConstructed === false && !parameters.disableSplit) {
+                if (this.encryptedContent.idBlock.isConstructed === false && !parameters.disableSplit && false) {

p12 produced using code #403 contains cert and key as prim not splitted (same like in Firefox and OpenSSL results) and works fine in Windows/certutil (salt must be also reduced like in #300 (comment)).

Please verify and disable splitting octet strings in p12 (and other formats where splitting is not absolutely necessary, i.e. PKCS#8 maybe) for Windows compatibility.