Skip to content

Commit 216f6ee

Browse files
vcsjonesvcsjones
authored
Skip RC2 encrypted PKCS12 files on Android for iteration counting (#88854)
1 parent 3aae244 commit 216f6ee

File tree

3 files changed

+62
-14
lines changed

3 files changed

+62
-14
lines changed

src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
using System.Collections.Generic;
77
using System.Linq;
88
using System.Security.Cryptography.X509Certificates;
9+
using Test.Cryptography;
910
using Xunit;
1011

1112
namespace System.Security.Cryptography.X509Certificates.Tests
@@ -18,7 +19,7 @@ public class PfxIterationCountTests_CustomAppDomainDataLimit
1819

1920
[ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
2021
[MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))]
21-
public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit(string name, bool usesPbes2, byte[] blob, long iterationCount)
22+
public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
2223
{
2324
_ = iterationCount;
2425
_ = blob;
@@ -28,6 +29,11 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNo
2829
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
2930
}
3031

32+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
33+
{
34+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
35+
}
36+
3137
RemoteExecutor.Invoke((certName) =>
3238
{
3339
AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -2);
@@ -41,7 +47,7 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNo
4147

4248
[ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
4349
[MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountExceedingDefaultLimit_MemberData), MemberType = typeof(PfxIterationCountTests))]
44-
public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount)
50+
public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
4551
{
4652
_ = password;
4753
_ = iterationCount;
@@ -52,6 +58,11 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLi
5258
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
5359
}
5460

61+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
62+
{
63+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
64+
}
65+
5566
RemoteExecutor.Invoke((certName) =>
5667
{
5768
AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -2);
@@ -65,7 +76,7 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLi
6576

6677
[ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
6778
[MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))]
68-
public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws(string name, bool usesPbes2, byte[] blob, long iterationCount)
79+
public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
6980
{
7081
_ = iterationCount;
7182
_ = blob;
@@ -75,6 +86,11 @@ public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultL
7586
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
7687
}
7788

89+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
90+
{
91+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
92+
}
93+
7894
RemoteExecutor.Invoke((certName) =>
7995
{
8096
AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", 0);
@@ -88,7 +104,7 @@ public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultL
88104

89105
[ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
90106
[MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountExceedingDefaultLimit_MemberData), MemberType = typeof(PfxIterationCountTests))]
91-
public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefaultLimit(string name, string password, bool usesPbes2, byte[] blob, long iterationCount)
107+
public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefaultLimit(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
92108
{
93109
_ = password;
94110
_ = blob;
@@ -99,6 +115,11 @@ public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefault
99115
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
100116
}
101117

118+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
119+
{
120+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
121+
}
122+
102123
RemoteExecutor.Invoke((certName) =>
103124
{
104125
AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -1);

src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs

Lines changed: 31 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,18 @@ public abstract partial class PfxIterationCountTests
2222

2323
[ConditionalTheory]
2424
[MemberData(nameof(GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData))]
25-
public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool usesPbes2, byte[] blob, long iterationCount)
25+
public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
2626
{
2727
if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported)
2828
{
2929
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
3030
}
3131

32+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
33+
{
34+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
35+
}
36+
3237
if (PfxTests.IsPkcs12IterationCountAllowed(iterationCount, PfxTests.DefaultIterations))
3338
{
3439
X509Certificate cert = Import(blob);
@@ -38,7 +43,7 @@ public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool uses
3843

3944
[ConditionalTheory]
4045
[MemberData(nameof(GetCertsWith_IterationCountExceedingDefaultLimit_MemberData))]
41-
public void Import_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount)
46+
public void Import_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
4247
{
4348
_ = password;
4449
_ = iterationCount;
@@ -48,19 +53,29 @@ public void Import_IterationCountLimitExceeded_Throws(string name, string passwo
4853
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
4954
}
5055

56+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
57+
{
58+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
59+
}
60+
5161
CryptographicException ce = Assert.Throws<CryptographicException>(() => Import(blob));
5262
Assert.Contains("2233907", ce.Message);
5363
}
5464

5565
[ConditionalTheory]
5666
[MemberData(nameof(GetCertsWith_IterationCountExceedingDefaultLimit_MemberData))]
57-
public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name, string password, bool usesPbes2, byte[] blob, long iterationCount)
67+
public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
5868
{
5969
if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported)
6070
{
6171
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
6272
}
6373

74+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
75+
{
76+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
77+
}
78+
6479
using (TempFileHolder tempFile = new TempFileHolder(blob))
6580
{
6681
string fileName = tempFile.FilePath;
@@ -99,13 +114,18 @@ internal static void VerifyThrowsCryptoExButDoesNotThrowPfxWithoutPassword(Actio
99114

100115
[ConditionalTheory]
101116
[MemberData(nameof(GetCertsWith_NonNullOrEmptyPassword_MemberData))]
102-
public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount)
117+
public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2)
103118
{
104119
if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported)
105120
{
106121
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
107122
}
108123

124+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
125+
{
126+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
127+
}
128+
109129
CryptographicException ce = Assert.ThrowsAny<CryptographicException>(() => Import(blob));
110130

111131
if (PfxTests.IsPkcs12IterationCountAllowed(iterationCount, PfxTests.DefaultIterations))
@@ -139,7 +159,7 @@ internal static List<PfxInfo> GetCertificates()
139159
certificates.Add(new PfxInfo(
140160
nameof(TestData.Pkcs12WindowsDotnetExportEmptyPassword), "", 6000, false, TestData.Pkcs12WindowsDotnetExportEmptyPassword.HexToByteArray()));
141161
certificates.Add(new PfxInfo(
142-
nameof(TestData.Pkcs12MacosKeychainCreated), null, 4097, false, TestData.Pkcs12MacosKeychainCreated.HexToByteArray()));
162+
nameof(TestData.Pkcs12MacosKeychainCreated), null, 4097, false, TestData.Pkcs12MacosKeychainCreated.HexToByteArray(), usesRC2: true));
143163
certificates.Add(new PfxInfo(
144164
nameof(TestData.Pkcs12BuilderSaltWithMacNullPassword), null, 120000, true, TestData.Pkcs12BuilderSaltWithMacNullPassword.HexToByteArray()));
145165
certificates.Add(new PfxInfo(
@@ -162,23 +182,23 @@ public static IEnumerable<object[]> GetCertsWith_IterationCountNotExceedingDefau
162182
c => c.IterationCount <= DefaultIterationLimit &&
163183
string.IsNullOrEmpty(c.Password)))
164184
{
165-
yield return new object[] { p.Name, p.UsesPbes2, p.Blob, p.IterationCount };
185+
yield return new object[] { p.Name, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 };
166186
}
167187
}
168188

169189
public static IEnumerable<object[]> GetCertsWith_IterationCountExceedingDefaultLimit_MemberData()
170190
{
171191
foreach (PfxInfo p in s_Certificates.Where(c => c.IterationCount > DefaultIterationLimit))
172192
{
173-
yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount };
193+
yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 };
174194
}
175195
}
176196

177197
public static IEnumerable<object[]> GetCertsWith_NonNullOrEmptyPassword_MemberData()
178198
{
179199
foreach(PfxInfo p in s_Certificates.Where(c => !string.IsNullOrEmpty(c.Password)))
180200
{
181-
yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount };
201+
yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 };
182202
}
183203
}
184204
}
@@ -190,14 +210,16 @@ public class PfxInfo
190210
internal long IterationCount { get; set; }
191211
internal bool UsesPbes2 { get; set; }
192212
internal byte[] Blob { get; set; }
213+
internal bool UsesRC2 { get; set; }
193214

194-
internal PfxInfo(string name, string? password, long iterationCount, bool usesPbes2, byte[] blob)
215+
internal PfxInfo(string name, string password, long iterationCount, bool usesPbes2, byte[] blob, bool usesRC2 = false)
195216
{
196217
Name = name;
197218
Password = password;
198219
IterationCount = iterationCount;
199220
UsesPbes2 = usesPbes2;
200221
Blob = blob;
222+
UsesRC2 = usesRC2;
201223
}
202224
}
203225
}

src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -465,7 +465,7 @@ public static void CollectionPerphemeralImport_HasKeyName()
465465

466466
[ConditionalTheory]
467467
[MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))]
468-
public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob, int iterationCount)
468+
public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob, int iterationCount, bool usesRC2)
469469
{
470470
_ = iterationCount;
471471

@@ -477,6 +477,11 @@ public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob
477477
throw new SkipTestException(name + " uses PBES2 which is not supported on this version.");
478478
}
479479

480+
if (usesRC2 && !PlatformSupport.IsRC2Supported)
481+
{
482+
throw new SkipTestException(name + " uses RC2, which is not supported on this platform.");
483+
}
484+
480485
try
481486
{
482487
long count = (long)target(blob);

0 commit comments

Comments
 (0)