fixes #13056 -- added support for SHA+RC4 PKCS#8 encryption (#13057)

alex · web-flow · commit 1dbc5e07c6b0 · 2025-06-09T16:35:16.000-07:00
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
@@ -67,6 +67,8 @@ Asymmetric ciphers
 * ``asymmetric/PKCS8/rsa-rc2-cbc-effective-key-length.pem`` a PKCS8 encoded key
   encrypted with ``RC2-CBC`` with the ``effectiveKeyLength`` parameter set to
   258. This is an invalid key.
+* ``asymmetric/PKCS8/enc-ec-sha1-128-rc4.pem`` a PKCS8 encoded ECDSA P-256 key
+  encrypted with ``pbeWithSHA1And128BitRC4``. The password is ``password``.
 
 
 Custom asymmetric vectors
diff --git a/src/rust/cryptography-key-parsing/Cargo.toml b/src/rust/cryptography-key-parsing/Cargo.toml
@@ -16,4 +16,4 @@ cryptography-crypto = { path = "../cryptography-crypto" }
 cryptography-x509 = { path = "../cryptography-x509" }
 
 [lints.rust]
-unexpected_cfgs = { level = "warn", check-cfg = ['cfg(CRYPTOGRAPHY_IS_LIBRESSL)', 'cfg(CRYPTOGRAPHY_IS_BORINGSSL)', 'cfg(CRYPTOGRAPHY_OSSLCONF, values("OPENSSL_NO_RC2"))', 'cfg(CRYPTOGRAPHY_IS_AWSLC)'] }
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(CRYPTOGRAPHY_IS_LIBRESSL)', 'cfg(CRYPTOGRAPHY_IS_BORINGSSL)', 'cfg(CRYPTOGRAPHY_OSSLCONF, values("OPENSSL_NO_RC2", "OPENSSL_NO_RC4"))', 'cfg(CRYPTOGRAPHY_IS_AWSLC)'] }
diff --git a/src/rust/cryptography-key-parsing/src/pkcs8.rs b/src/rust/cryptography-key-parsing/src/pkcs8.rs
@@ -213,6 +213,14 @@ pub fn parse_encrypted_private_key(
             openssl::hash::MessageDigest::sha1(),
             &params,
         )?,
+        #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_RC4"))]
+        AlgorithmParameters::PbeWithShaAnd128BitRc4(params) => pkcs12_pbe_decrypt(
+            epki.encrypted_data,
+            password,
+            openssl::symm::Cipher::rc4(),
+            openssl::hash::MessageDigest::sha1(),
+            &params,
+        )?,
         AlgorithmParameters::Pbes2(params) => {
             let (cipher, iv) = match params.encryption_scheme.params {
                 AlgorithmParameters::DesEde3Cbc(ref iv) => {
diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs
@@ -167,6 +167,8 @@ pub enum AlgorithmParameters<'a> {
 
     #[defined_by(oid::PBE_WITH_MD5_AND_DES_CBC)]
     PbeWithMd5AndDesCbc(PbeParams),
+    #[defined_by(oid::PBE_WITH_SHA_AND_128_BIT_RC4)]
+    PbeWithShaAnd128BitRc4(Pkcs12PbeParams<'a>),
     #[defined_by(oid::PBE_WITH_SHA_AND_3KEY_TRIPLEDES_CBC)]
     PbeWithShaAnd3KeyTripleDesCbc(Pkcs12PbeParams<'a>),
     #[defined_by(oid::PBE_WITH_SHA_AND_40_BIT_RC2_CBC)]
diff --git a/src/rust/cryptography-x509/src/oid.rs b/src/rust/cryptography-x509/src/oid.rs
@@ -155,6 +155,8 @@ pub const PBKDF2_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1,
 pub const PBE_WITH_MD5_AND_DES_CBC: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 1, 5, 3);
 pub const SCRYPT_OID: asn1::ObjectIdentifier = asn1::oid!(1, 3, 6, 1, 4, 1, 11591, 4, 11);
 
+pub const PBE_WITH_SHA_AND_128_BIT_RC4: asn1::ObjectIdentifier =
+    asn1::oid!(1, 2, 840, 113549, 1, 12, 1, 1);
 pub const PBE_WITH_SHA_AND_3KEY_TRIPLEDES_CBC: asn1::ObjectIdentifier =
     asn1::oid!(1, 2, 840, 113549, 1, 12, 1, 3);
 pub const PBE_WITH_SHA_AND_40_BIT_RC2_CBC: asn1::ObjectIdentifier =
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
@@ -11,7 +11,7 @@
 import pytest
 
 from cryptography.hazmat.bindings._rust import openssl as rust_openssl
-from cryptography.hazmat.decrepit.ciphers.algorithms import _DES, RC2
+from cryptography.hazmat.decrepit.ciphers.algorithms import _DES, ARC4, RC2
 from cryptography.hazmat.primitives.asymmetric import (
     dsa,
     ec,
@@ -552,6 +552,21 @@ def test_load_pkcs8_rc2_cbc_effective_key_length(self):
         with pytest.raises(ValueError):
             load_pem_private_key(data, password=b"password")
 
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            ARC4(b"\x00" * 16), None
+        ),
+        skip_message="Does not support RC4",
+    )
+    def test_load_pkcs8_rc4_sha1_128bit(self):
+        key = load_vectors_from_file(
+            os.path.join("asymmetric", "PKCS8", "enc-ec-sha1-128-rc4.pem"),
+            lambda f: load_pem_private_key(f.read(), password=b"password"),
+            mode="rb",
+        )
+        assert isinstance(key, ec.EllipticCurvePrivateKey)
+        assert isinstance(key.curve, ec.SECP256R1)
+
     def test_load_pkcs8_aes_192_cbc(self):
         key = load_vectors_from_file(
             os.path.join("asymmetric", "PKCS8", "rsa-aes-192-cbc.pem"),
diff --git a/vectors/cryptography_vectors/asymmetric/PKCS8/enc-ec-sha1-128-rc4.pem b/vectors/cryptography_vectors/asymmetric/PKCS8/enc-ec-sha1-128-rc4.pem
@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIGrMBwGCiqGSIb3DQEMAQEwDgQIprjt98myskECAggABIGKdJJyNgMqiLL0EWI3
+ZVto6g9msWT2ovpySiGxZyoUDfFrqfBuHY4IqwL/PYr9La1u/F/VuP5DRLf47YWp
+iwfxc6sYedBU85f0c14Ha2Yc6hUEakCbQEzCqEg8RmJ2oDETbTO9STlMyk9ou8XV
+7hdRkBqKNj3RIdgf01Aj5t8YmYsrKTx9VUDBpij0
+-----END ENCRYPTED PRIVATE KEY-----
