Skip to content

Commit

Permalink
Allow higher iteration counts for PBES2
Browse files Browse the repository at this point in the history
  • Loading branch information
@vcsjones
vcsjones authored Jul 22, 2020
1 parent 90a31ee commit 8ddc945
Show file tree
Hide file tree
Showing 6 changed files with 299 additions and 13 deletions.
16 changes: 3 additions & 13 deletions src/libraries/Common/src/System/Security/Cryptography/PasswordBasedEncryption.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -863,7 +863,7 @@ private static unsafe int Pkcs12PbeDecrypt(
algorithmIdentifier.Parameters.Value,
AsnEncodingRules.BER);

int iterationCount = NormalizeIterationCount(pbeParameters.IterationCount);
int iterationCount = NormalizeIterationCount(pbeParameters.IterationCount, IterationLimit);
Span<byte> iv = stackalloc byte[cipher.BlockSize / 8];
Span<byte> key = stackalloc byte[cipher.KeySize / 8];
ReadOnlySpan<byte> saltSpan = pbeParameters.Salt.Span;
Expand Down Expand Up @@ -1070,19 +1070,9 @@ internal static void WritePbeAlgorithmIdentifier(
writer.PopSequence();
}

internal static int NormalizeIterationCount(uint iterationCount)
{
if (iterationCount == 0 || iterationCount > IterationLimit)
{
throw new CryptographicException(SR.Argument_InvalidValue);
}

return (int)iterationCount;
}

internal static int NormalizeIterationCount(int iterationCount)
internal static int NormalizeIterationCount(int iterationCount, int? iterationLimit = null)
{
if (iterationCount <= 0 || iterationCount > IterationLimit)
if (iterationCount <= 0 || (iterationLimit.HasValue && iterationCount > iterationLimit.Value))
{
throw new CryptographicException(SR.Argument_InvalidValue);
}
Expand Down
41 changes: 41 additions & 0 deletions ...Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -562,6 +562,47 @@ public static void DecryptPkcs12WithBytes()
}
}

[Fact]
public static void DecryptPkcs12PbeTooManyIterations()
{
// pbeWithSHAAnd3-KeyTripleDES-CBC with 600,001 iterations
byte[] high3DesIterationKey = Convert.FromBase64String(@"
MIIBezAlBgoqhkiG9w0BDAEDMBcEEDH/8QAPoG1utiuJkzA4u4kCAwknwQSCAVD9BOoJTlihH9zP
0AmAXtBa7fjJGnq4tZBJSYmJbNxszTSvM3tEkzyiqFWd6Ptm9bf0cOybad2LXIWnrtlIclGD0ibH
earAf1YvAIBFlbDXfVF8v5//XL2R1d8kcp4fqTVKdRunTSvPS0rIFP5Mrfj89WacHO3HQOB6UMMT
ZYSdI3qZj+6Rlo0a7/MEO23Y0zR9XLdUhyra+UixzVi05VslPoWn1dsFksbklwtV+IRJ9biMjCta
8fr3uqHmtb57121dA3p4A2dya8bgcHOJlMPsYxJ012GV4twULSyaZz6hXOzVh3AL5uLlrzSkV7ZQ
dkOGlpaaJkhGKtkfxRe82w3ZXhuLsVt3vPciDbbF5hIDf8JX7X1aANq5Ka9Tcs3Lyd/FVdkceqn7
KaC843/LqYiSNoD7rBPpSpkyLtldwhqc7o2Wz7tyb1Oj8WF47AJD5OI=");

using (DSA key = DSAFactory.Create())
{
Assert.ThrowsAny<CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey("test", high3DesIterationKey, out _));
}
}

[Fact]
public static void ReadWriteDsa1024EncryptedPkcs8_Pbes2HighIterations()
{
// pkcs5PBES2 hmacWithSHA256 aes128-CBC with 600,001 iterations
ReadBase64EncryptedPkcs8(@"
MIIBtjBgBgkqhkiG9w0BBQ0wUzAyBgkqhkiG9w0BBQwwJQQQ+ZTlQ9PG0lKomeY4b7lpZgIDCSfB
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDoHELpGkGH/pPcq1/id3l4BIIBUHF74QMFkUdy
XZiUndRy+u2d5KNct89WYj8b3Fb7/VTZQwWRfoIZbC2Of769SMvd2R1ViWNG/ZPX7gxZ2keHFiNL
v/Dj6sNdfFGDF8RyPGOzFQSYu/PYteCHMCh4cYtLQqaGARbKQ1R46dfSyBgQ8IFh9Mnz7T57wSSt
Af3nJkTjfvS28hjtErrufv0XrLCy95+K/fX80GicWuAsC/sLDbbMiiKWzOlLhug4uX5/gSRM3Oqy
LGssZuyeza1fTIgU8NjijYQ/kJJUwEWjjn1PA7BWtDWYaqG5wLyz6z50S6pbpLRelvxV5s9dX1Yq
aylTdOmNGHG+7yEVFQ+sgvJJVIG9mz+YP9tBbzm65UvbzPrXSvNldgm2XUF0Z8LZMRqrurKLYjLE
+TA4wBPaTRUeF0/9Sgk7MXcKHEjhG+OlTP9MExv6Wq3mIREamzu+EtVcPg==",
"test",
new PbeParameters(
PbeEncryptionAlgorithm.Aes128Cbc,
HashAlgorithmName.SHA256,
600_001),
DSATestData.GetDSA1024Params());
}

private static void ReadBase64EncryptedPkcs8(
string base64EncPkcs8,
string password,
Expand Down
35 changes: 35 additions & 0 deletions ...s/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -951,6 +951,41 @@ public void DecryptPkcs12WithBytes()
}
}

[Fact]
public void DecryptPkcs12PbeTooManyIterations()
{
// pbeWithSHAAnd3-KeyTripleDES-CBC with 600,001 iterations
byte[] high3DesIterationKey = Convert.FromBase64String(@"
MIG6MCUGCiqGSIb3DQEMAQMwFwQQWOZyFrGwhyGTEd2nbKuLSQIDCSfBBIGQCgPLkx0OwmK3lJ9o
VAdJAg/2nvOhboOHciu5I6oh5dRkxeDjUJixsadd3uhiZb5v7UgiohBQsFv+PWU12rmz6sgWR9rK
V2UqV6Y5vrHJDlNJGI+CQKzOTF7LXyOT+EqaXHD+25TM2/kcZjZrOdigkgQBAFhbfn2/hV/t0TPe
Tj/54rcY3i0gXT6da/r/o+qV");

using (T key = CreateKey())
{
Assert.ThrowsAny<CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey("test", high3DesIterationKey, out _));
}
}

[Fact]
public void ReadWriteEc256EncryptedPkcs8_Pbes2HighIterations()
{
// pkcs5PBES2 hmacWithSHA256 aes128-CBC with 600,001 iterations
ReadWriteBase64EncryptedPkcs8(@"
MIH1MGAGCSqGSIb3DQEFDTBTMDIGCSqGSIb3DQEFDDAlBBA+rne0bUkwr614vLfQkwO4AgMJJ8Ew
DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEIm3c9r5igQ9Vlv1mKTZYp0EgZC8KZfmJtfYmsl4
Z0Dc85ugFvtFHVeRbcvfYmFns23WL3gpGQ0mj4BKxttX+WuDk9duAsCslNLvXFY7m3MQRkWA6QHT
A8DiR3j0l5TGBkErbTUrjmB3ftvEmmF9mleRLj6qEYmmKdCV2Tfk1YBOZ2mpB9bpCPipUansyqWs
xoMaz20Yx+2TSN5dSm2FcD+0YFI=",
"test",
new PbeParameters(
PbeEncryptionAlgorithm.Aes128Cbc,
HashAlgorithmName.SHA256,
600_001),
EccTestData.GetNistP256ReferenceKey());
}

private void ReadWriteBase64EncryptedPkcs8(
string base64EncryptedPkcs8,
string password,
Expand Down
73 changes: 73 additions & 0 deletions ...Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1248,6 +1248,79 @@ public static void DecryptPkcs12WithBytes()
}
}

[Fact]
public static void DecryptPkcs12PbeTooManyIterations()
{
// pbeWithSHAAnd3-KeyTripleDES-CBC with 600,001 iterations
byte[] high3DesIterationKey = Convert.FromBase64String(@"
MIIE8zAlBgoqhkiG9w0BDAEDMBcEELqdfpwjkWlJZnr3xs2n+qACAwknwQSCBMgnZse/OHib1lMC
jBuUdjQCib5+HEBd2PwrjRw8k/i3kOsPeuDRsTMVvqumYpN6frYWLxRSbd3oe7n5D6bxpBrGuhfO
d/98Ustg1BDXPSdJzOyCXjS4nm+pr5ZETXxM8HUISvmpC62mrBJue3JwHVXbpXFepMcy9ywfSfjg
GhNzSYPQwHLFLVHVd3Dcb8mApgVf9aMJIjw9SeE9KQ6PeOk1LXQsoMFf3h/Sap/nuR4M9F/qa9u/
SEtjptJRlRDecXhQLS7su6cjQ/3Z5PQObORlqF2RASOaEYRyrjjvQjH0+ZAIkQ6zyv1PrPpbeT9I
U5Hzlu00hfNyAy3TfR50EqT2jP7D6ugFbvnHoDRx0e3STTgBrfFc1tbdLijnq/rxb4QNBIV70+Kw
QL2mc8CdM/lP4hT4f1vdtgLdRF2gmxndZolveNc5nAheUwqNa8I16OzZnny9090KztJxhGWd57H8
QCvz2mS6z7FANeyo9cTZilHwwErkLUgmoaQXnnrs46VwF8oeH9ZhLiO4W+OfNLm6QvB/e3/inUj/
FZFxnTYCvSeRBTD5YhME+SnyGPbJiHOPJuSIwWXyRpZeg6wmMWfduEeGuThNNSf4Fxm0baFrC6CZ
4+jT0CurP6L4NxLPBafWP7BcA2XCeVQGQd1GT9cX2I1NkRcU7Q2u7oxWKMJaj0OELC+lZTTv6y3Q
x3I96z0Eddm1qfKQr9HQq+i8LXMwSxqNH+LOtdOEA3kqYq4GU6MdPr8Nx1TaGsiwLcz14GqPl3UQ
5so2ZKHZZsa9NSer/fWVaOwmYc50JW3N4jJpDFRjKVFP5GSzLfdTwl9nduM4atu4D9KZthQCwNGC
nEZ1nwGJywmO/XvLWopOMj0cUx2GQYOUV2Hfu93+MriiKjTFEnMcT7B/BOFRpgz4jg4S+6DcHwJh
cpdIvViajQXM3WwpxnVzskAxYNTYGV0aI9ZjrGBD4vZXM1s9hTlAZc41EmTqZlJPNZ75OzKD9LJS
Iot/jiWjJ03+WT8VVqw/mfTSy2apCE3pGGKdde6wlcR/N6JI1+lQahC+0j9yvUCZyqhiiVpcwaOa
dsxxZMJ+DiilMuRXMJCxKvx5kBZTpjuKR/WnKzSE70wgB1ulJE0RkZTYjWSUSf54bHC2XRGZLtfU
sXDcycjA33H+b0cxe25OZNJUTOoFJqji9RqBvzHuAVMXJvZESORMKbl6q47DbWwFvivfweUJNVO+
3fzCcrCfAFLwI0j+KaoVr0Qrfedr7OhVEZ/v57aYidUSl2VIpLmpJTUKRnvZ0rlg/WBauwWH1X4M
u7AExd+aHO8iv0gj+rTg5co0EcOu9i8cbAowg1ZZ1m6zXvHD7fZgE9iamBmklVOQwQXOJO7BCecn
C0ezYU4Ii8uo0fXJOMWkIA7KLGaQxBrxygnFK3A0RKNos7OXiLdB8RGDqjUZyqLUb3z/YisQEX8f
R40NElq8tzOa/TudOpNAqC8mgS25uTm7ws472gUE0z9uvcq1/MgkqE++xgmLAxGUN/l7EHSAmYKG
i33DDR38LaRqG9ho3brf466OkNooBv4MpD5SA63yfooytxOgeuaqbuTzKP/OSRqJNab9wctA9nfJ
gms2YM+honjUS1sXk1zdm/8=");

using (RSA key = RSAFactory.Create())
{
Assert.ThrowsAny<CryptographicException>(
() => key.ImportEncryptedPkcs8PrivateKey("test", high3DesIterationKey, out _));
}
}

[Fact]
public static void ReadWriteRsa2048EncryptedPkcs8_Pbes2HighIterations()
{
// pkcs5PBES2 hmacWithSHA256 aes128-CBC with 600,001 iterations
ReadBase64EncryptedPkcs8(@"
MIIFNjBgBgkqhkiG9w0BBQ0wUzAyBgkqhkiG9w0BBQwwJQQQAx6OUUzmK+vwC7a+OwhXygIDCSfB
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCoLaQQpG01FJnpQdIRq2ioBIIE0MPy/p2uwTnP
mScPxFbrpBiPQHz5PKRjKLCN5JLArsppSz+XSHxfItFUSfBKEE7dYJrEXARmhA8e2roCrZkQnb9o
TX551EivHZhqmd91p6WHYb3ZCDQ6la1JfiuV4aJiJOlG0bDAkzEaiM9m9LE3G0J3Z3ELX+mGEGKD
W+Bz1a9jr204IJQc2VihTFe5t3mujV3X9UFZH3kqOCEreVVmmD64Ea2uDJ6dk3VgGhQ9QLjTDjc5
OSjdfuyuA4gliK/7ibFubtmnVTDSbAm5Excy9tvJqVhejv/wRhfeYZ2rpv3tTLP58WKt25GEmyyV
j86v3LB7DFnnBy4NkLCE55oVe64v/8StyEjEkMxz7Owz/ZW65EccPdk7JHZeBXPXNUdLxk1x40vW
nSRzqhLckfggDwtTCk0kwGUNGBMqr2ezXKrSeO3Qj05dAUvFt9PvbnrVtSnOjFPwx0exiDMUxOFE
Sz63M2tNNAJr43w60DXaIvMMoZ1kF1mwwL5GT+cs3Dn5KFHNLkZ5irIoHAkmKRHplI15Oqr+Ws2n
MUtV9BjDjtYHlwp1s1oFpHr9hu8HHv7QIEvyZbyMdKfPv9PEaNJR0SRhkyave+vl9zHCBhP1H2wU
4fESU1y+cJXZ5WUiJZ5C1wDYWyN5Q2z67Fd4OQXhRwHCeTCZPz3bykpadwlsihCNHrYybfLn61oz
2CswZjBeQuhDmUKWaj87fsNvSEHaEGTDnyLGEzgNb1OuIrqGiT0DvjfRsVED4ZL6jlDKgAaJe+Uq
EMt1UzKmAPeBA/IFOrNPw5B+rgKjVpsCdToX9I9b3cCvKhjxguuggpzkEOF4cdgR2MJk1mqdo7ck
2fI2A5kJx9SuEVL6eKqxyFkPdBMmljKyhomAjdBAIKQ4xt2ojEip7Q9qhmWK3U3meOiIc3qrsM/K
pGDiwH1CHc/0FbHAghiARawXAtzGGyfMXsZkUTAVnEqDfu5uw4pOlv+rm5GLWfLU8p73yc+kVfPR
MdWZI6Ftct0FP/KEibc6VSaENoVRAk+XApadkeFaEUQzFzoU7RhN9FONmnCL8Ui76Kfi1kLAxYJo
rXFQjatiLOAxV50uJSkE1ppmrU1YWHVyC3RkLLnQfq0Ypz9/x7W4PVDfCJQdnCCtOfHL5Qm8fL0l
uE22Y+gPDzoM1BEKvSgmZWTlZrovXwL4u70/nPeaB1HAVUEzsoEMOSSWDkHuhmgiZHUgQwkvzNjA
I3AJk0rl2tGBWdgsDtiiQamkXm0VwubTedIt2vj9h9kJYtUlvkCg7KfKxmTSJUynOyKfI1Mhx3vW
fvni4lYc7KLUEkcNMqNu5AliaPEJQksNNkRiyX7wK5TvA+v9mlqm6Gg7GuJ2oa1DiFf8MUB9CgiJ
pniangzMBkuSd+zvCAo9YAJoyrJoR2ibcWwo4wRSVwYsVF3bB4nB2w1GHQ6HAnPKHSjVDJZyoEh6
TvoFEWjb86tn2BR+qMKqXNBVSrgF2pa06BIs0daHKimYKaU0bnuzE/T+pckJfI0VvWB/Z8jvE1Xy
gpX/dwXfODsj4zcOw4gyP70lDxUWLEPtxhS5Ti0FEuge1XKn3+GOp3clVjGpXKpJTNLsPA/wlqlo
8/ojymwPxe641Pcfa4DsMgfleHnUOEbNZ4je",
"test",
new PbeParameters(
PbeEncryptionAlgorithm.Aes128Cbc,
HashAlgorithmName.SHA256,
600_001),
TestData.RSA2048Params);
}

private static void ReadBase64EncryptedPkcs8(
string base64EncPkcs8,
string password,
Expand Down
86 changes: 86 additions & 0 deletions src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12Documents.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,92 @@ internal static class Pkcs12Documents
"21300906052B0E03021A050004148B12EE39C54B03EF4C1B0C2D8A3A9624D629" +
"285A0408E398C69C57E4782102020400").HexToByteArray();

internal static readonly ReadOnlyMemory<byte> HighPbeIterationCount3Des = (
"308209c40201033082098906092a864886f70d010701a082097a04820976" +
"308209723082043006092a864886f70d010706a08204213082041d020100" +
"3082041606092a864886f70d010701301d060a2a864886f70d010c010330" +
"0f04083fd435a905e8b19e02030927c1808203e8d3a24907621301625ce2" +
"f42b8dd0fc0c0ce57d512af3275af385874b01adf017de2a9c6fa5c78c15" +
"729453073d0dbc11e4c9dcc6d01f332bd06a5786962b85dfd4becca62619" +
"efd189ddb4b1abc109983a8cd4c41958a4dcce10e34a70f39b742d892bd6" +
"94a4f2b6fc1b760e08b81fe38b3e9c25cf81acb3e30e59d4608f104fd911" +
"a123b15d0c93a9b96e99f72ad50faac027bdccc121abdeb61e9bec4e6969" +
"08a6480ae693e956fb006213cd9fa5c492665439c5a436d4b5ca8d8f382a" +
"2b54dcc12c6ea3a44b819eb2c85c20a0dfdd623f3235e3b13c6856cd538d" +
"edeeb71bc078d7e8d13b4fad0f809925aa93a7bb288ba07562723580d2e1" +
"d34d83398d31205cf00b8e406898e922f2ac9aa8d0135b268944c17423ce" +
"4887ac3068838b0a5cfadd308d10787aaa24683be495ced256ef4ebd8e16" +
"60b0fe942793ec66c669a273417cf20be43ae7d7c56665803c653b8f00b5" +
"f0963e72d23d0db6a0a0182662f7d88ff832b10498b6d557bb4a8bf2f0cd" +
"8b89e0865102ca9cbe0a5c5eef55530fbdd92389a6911769b870c2a83a0b" +
"c8b6f4afdba398d88d36fc8b1995da29c9b0f437e8959a8fd9a9dec621e9" +
"ee0fb6181b904f936abcdede183e7668e9c09f0d9565c055a3542ebd8414" +
"c96797afdf98f63730bd6840018fb30d974cc5c5bc538b05699ef4119653" +
"ac2189b917ff15409fc449bf72eda1b551bdc7cee240e8b22ac3391ae148" +
"37870aaba99a78b84c47ed2c0788dd60dbc0bfd1498651ba1a8a07f26bb0" +
"0ab4002ca865b45301a38c353a3a1a6c1d7a2b7870770707312e68200f80" +
"9c583595b3c3a7fb9ceed6ef2d2b953d8543d554459a226605757c64f93a" +
"fa6bedeb63f49d9642aedd71f0678f1aa50c3130a2577e73896e6cf5680e" +
"e32c25f615c4578b736193da4b9a1e55371083713bcc84ad4a6665535725" +
"1fffb3656ce306070381b3dabe23dfd22ed1af0ac2c8494a9c98a69db00c" +
"b728b56c6c1acd8518f11541aa75ee62a7bf74140527217279f113c2d737" +
"4e876b9b2624f6f3599a3db16bab5e5b8dd888a2e3fff5c4dc9ddd7ed100" +
"dc2a56ea3c57ad4811cae5fe21e704bb1480768353364a56bc6e7baf0105" +
"d3a3a97e16591257d5e1a06d3d8a3e2e1b7444b240d77de4704cd402f9d3" +
"1b005e799d29d4b139e07e9e0b322f153dff2216e390496025ed85501ca7" +
"83f41063ad3f62f71e2d40856e39f90b74f0b860385083b75fcc34e5e7e4" +
"77e68bc8c8c7ef9f789f85efe9aa170a5e37e43ac42a5d2cc47489d27ee5" +
"03c9a6d19a32c6170643b38c017c31a1d51013f8a86831594432a7c02f80" +
"d656696b5edd6f4d27bc07325b5cfb118b543abc038928f86995fb296630" +
"cbb183d407e8f16b50b2fefd8f21469fc83e45abba920d9a6c88179b023b" +
"3082053a06092a864886f70d010701a082052b0482052730820523308205" +
"1f060b2a864886f70d010c0a0102a08204e7308204e3301d060a2a864886" +
"f70d010c0103300f0408e8dc7d11c3405bae02030927c1048204c0698ab9" +
"d1d3f6a2eab118cf2166f0db512cd132acddbab92807639a08305fde746c" +
"35c512498cd4f656faf165be0f28fafd9f5cbb3b4b3704b16a6de18f7b2f" +
"0950b73db868bec47717b56079c78a3069798e3c40ec6199d55c723c18cd" +
"deb02278c860de652a65f964e6e82a0bd6bc6f94cccad6761dd2afb724db" +
"cecd62eea36b13114f0aa5ea280e4468b433e37b791209cdd7f599ba9dfc" +
"f09c3f9e3781a1ec2712fd24ae8bc75b44e3071331478d112354281b4fe2" +
"4dc3417320514ffcee7e921fac4fb5095aef11e2e60de5f4e51fb3bbf62b" +
"8593502b93e9048d4481ab84a8fa7f9e411a5aa4943d4401f7d8376345d6" +
"eacff571b4e7197eb934640b88d3967651135902f8a4a1ce3f030c68ce24" +
"3616e30eb58d9be9bc256834df10893e88bb1a57948b34b8be8294154492" +
"c84e3e7c931858a48137a8becf5316cb009fe0ed30701952a3b745222d01" +
"b28174896092d2e98e7561bce56a87afe045c4a730380c1e4ed452cdc6d0" +
"c5ddae41d303d0a8ddfecb8b0ee161f13dfc0ebd6b59f923d49e89ac3576" +
"34d16c583865e39b9c0a24f7b7c7baac2cd21cfa77a3342cfd4015a4d4cc" +
"41440d0dc49a9972e2970cffac37f7503d4ec1f546b4144d26802b90b38e" +
"63dc4baec79e439fdfff5133ded301d07fa902790f17ffb471f4f78a5d66" +
"51ac3465f1b8d08060eb5bcc1fe9261176e08bc6c3f6a890614bfd428e9d" +
"04c197241966fa2ce025adc7e89ef3d2384660ef6d05aa1f6d365859f5b3" +
"b3009a8d3f0ee4bf907c6458b6877d63b815b096039603de5a2232588cd5" +
"8c7f1eae5e4bf43495bb208e2b2d9e02ac849c60cc43dab30d5359ec7838" +
"eeb290eb8c98f15b1273c3a82103394175b690b2579ba445a223850a54ef" +
"624e8f481509be45159b5a509d472eaf20248fc30d7945940a3250bd9174" +
"25bc5cae77c3659461fb79fb3a8f09f0f01c49737a6cdb34fa3ca4987bde" +
"2d3e64edd2fc54e86649ba6accc3417764f52f86c67d2aa07869de9191f8" +
"9592d845da1bb23b4bddbd0943fdabd2438e1a5b8dc6ae4a40709a853da9" +
"69a06148045e17ae3b5199d76959f56707770e5b7fe168588c322f4e2afc" +
"05ec72398f3a97a2112729114147613c4578945409295ae9e49c78d6482c" +
"89c4731aa069b4977b66d235830d94d34384ffc0b57460d97fec507d48ff" +
"6da7410d1411926b250fe85e1f7b7260cc2986a2486125d5d9228aa77fb8" +
"a3d4f09ff133d0e58a3878b94c9a0c4fdb0c95a62102aa39f96a15822573" +
"7a40b4f41b3bbe41430d643ae873258a2c8f237de943f9a2c02903ead1cb" +
"9973ad6f39f65f7eb1152aebf1c429db19ecba6d05ed60ec5d4d0bd54222" +
"67d10439876c4cf4966b308c0362cc9b87a94d7de4fee67c2a02f6f6bb0c" +
"b8b9c0dd0fa2163f0039009342476e8e1cb0a5e80bae734ae219322b562c" +
"47eae320687a773c10365e922c9b20e7c3fa1e07ee7b6efdd31bcd1a5cad" +
"a72bf102cbd8d5e193a504d9ce10bbb2c078ce6590276d5bd2136de5a95a" +
"55e11d881ebfb6903df4df5df762833aafb658d7febba3498819dcf2b7af" +
"2e24e4b620b6d91c4d408f86914e15cbb1dfeaea0c1dcf2df85ca4289830" +
"c5a3812e167f75b558fb0c57f9e6864560e81420d7b60de5a554d5dafa11" +
"571868b271733182ea2851de72ce93e353c11bba216990b7181a53c2b3d5" +
"d8e8c019f5f73cdb6a985144ff3125302306092a864886f70d0109153116" +
"04149566f15bed2cb2da568ec392507a9abfcb2920003032302130090605" +
"2b0e03021a05000414c429b968eeca558cc2ec486f89b78c024bdecf2804" +
"087cbeafa8089685a102030927c1").HexToByteArray();

internal const string OracleWalletPassword = "123Wallet";
}
}
61 changes: 61 additions & 0 deletions src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12InfoTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,5 +256,66 @@ public static void VerifyMacWithNoMac()

Assert.Throws<InvalidOperationException>(() => info.VerifyMac("hi"));
}

[Theory]
[MemberData(nameof(DecodeWithHighPbeIterationsData))]
public static void DecodeWithHighPbeIterations(
PbeEncryptionAlgorithm encryptionAlgorithm,
HashAlgorithmName hashAlgorithmName,
int iterations)
{
string pw = nameof(CreateAndSealPkcs12);
byte[] data = CreateAndSealPkcs12(encryptionAlgorithm, hashAlgorithmName, iterations);
Pkcs12Info info = Pkcs12Info.Decode(data, out _, skipCopy: true);
info.AuthenticatedSafe.Single().Decrypt(pw);
}

[Fact]
public static void DecodeWithTooManyPbeIterations()
{
const string pw = "test";
Pkcs12Info info = Pkcs12Info.Decode(Pkcs12Documents.HighPbeIterationCount3Des, out _, skipCopy: true);
foreach (Pkcs12SafeContents contents in info.AuthenticatedSafe)
{
if (contents.ConfidentialityMode == Pkcs12ConfidentialityMode.None)
{
continue;
}

Assert.ThrowsAny<CryptographicException>(() => contents.Decrypt(pw));
}
}

public static IEnumerable<object[]> DecodeWithHighPbeIterationsData
{
get
{
yield return new object[] { PbeEncryptionAlgorithm.Aes128Cbc, HashAlgorithmName.SHA256, 700_000 };
yield return new object[] { PbeEncryptionAlgorithm.Aes192Cbc, HashAlgorithmName.SHA256, 700_000 };
yield return new object[] { PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 700_000 };
yield return new object[] { PbeEncryptionAlgorithm.TripleDes3KeyPkcs12, HashAlgorithmName.SHA1, 600_000 };
}
}

private static byte[] CreateAndSealPkcs12(
PbeEncryptionAlgorithm encryptionAlgorithm,
HashAlgorithmName hashAlgorithmName,
int iterations)
{
PbeParameters pbeParameters = new PbeParameters(
encryptionAlgorithm,
hashAlgorithmName,
iterations);

using RSA rsa = RSA.Create();
string pw = nameof(CreateAndSealPkcs12);
Pkcs12Builder builder = new Pkcs12Builder();
Pkcs12SafeContents contents = new Pkcs12SafeContents();
contents.AddShroudedKey(rsa, pw, pbeParameters);
builder.AddSafeContentsEncrypted(contents, pw, pbeParameters);
builder.SealWithMac(pw, hashAlgorithmName, iterations);

return builder.Encode();
}
}
}

0 comments on commit 8ddc945

Please sign in to comment.