X509Certificate2/CommonCrypto: Unable to open PKCS#12 files with no password and valid MAC

[qmfrederik]

If you have a PKCS#12 file which is not protected with a password, and which does have a MAC entry, opening the file will work on Windows and Linux but fails on Mac (which use CommonCrypto).

This is a regression on macOS as this worked with .NET Core 1.x (when using OpenSSL) and no longer works with .NET Core 2.0.

The following unit test reproduces the behavior:

using System;
using System.Security.Cryptography.X509Certificates;
using Xunit;

namespace temp
{
  public class UnitTest1
  {
    [Fact]
    public void Test1()
    {
      var cert = new X509Certificate("my_pkcs12.pfx");
      Assert.NotNull(cert);
    }
  }
}

The test passes on Windows & Linux but fails on macOS with the following error message:

Failed   certs.UnitTest1.Test1
Error Message:
 Interop+AppleCrypto+AppleCommonCryptoCryptographicException : MAC verification failed during PKCS12 import (wrong password?)
Stack Trace:
   at Interop.AppleCrypto.X509ImportCertificate(Byte[] bytes, X509ContentType contentType, SafePasswordHandle importPassword, SafeKeychainHandle keychain, Boolean exportable, SafeSecIdentityHandle& identityHandle)
   at Internal.Cryptography.Pal.CertificatePal.FromBlob(Byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName)
   at certs.UnitTest1.Test1() in /Users/quamotion/scratch/certs/UnitTest1.cs:line 12

my_pkcs12.pfx can be generated using the following script, use an empty password when prompted:

openssl genrsa -out my_key.key 2048
openssl req -new -key my_key.key -out my_request.csr
openssl x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_cert.crt -inkey my_key.key -out my_pkcs12.pfx -name "my-name"

This is not the same as #18254, that one was about p12 stores where the MAC is absent; in this case there is a valid MAC.

[qmfrederik]

/cc @bartonjs

[qmfrederik]

@bartonjs Is this a known compatibility issue?
From what I can gather, it's not listed at cross-platform-cryptography.md, so wanted to make sure.

[qmfrederik]

As a FYI for others who may hit the same issue, here's code that may act as a workaround based on BouncyCastle.

Pkcs12Store store = new Pkcs12Store();;

using (Stream stream = File.OpenRead(filename))
{
    store.Load(stream, new char[] {});
}

var keyAlias = store.Aliases.Cast<string>().SingleOrDefault(a => store.IsKeyEntry(a));

var key = (RsaPrivateCrtKeyParameters)store.GetKey(keyAlias).Key;
var bouncyCertificate = store.GetCertificate(keyAlias).Certificate;

var certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate(bouncyCertificate));
var parameters = DotNetUtilities.ToRSAParameters(key);

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();  
rsa.ImportParameters(parameters);

certificate = RSACertificateExtensions.CopyWithPrivateKey(certificate, rsa);

return certificate;

[kae]

Is any triage planned on this issue?

At least bug/non bug decision

[danmoseley]

cc @bartonjs ..

[bartonjs]

Based on testing I did in the past, Apple cannot read a PFX that contains non-encrypted keys. So while this is a bug, it's probably not something that we would work around in .NET without a very compelling argument (like it being a key distribution model by a government CA, or something like that); but rather something which ideally would be resolved by Apple (https://bugreport.apple.com/, for SecItemImport).

What's the scenario here? Where are these PFX files coming from?