RFE: Support RC2 PBE in iPhoneSimulator's SecPKCS12Import implementation

Originator:landon.j.fuller
Number:rdar://7090030 Date Originated:24-Jul-2009 10:26 AM
Status:Duplicate/7037049 Resolved:04-Aug-2009 10:25 AM
Product:iPhone SDK Product Version:3.0
Classification:Serious Bug Reproducible:Always
 
24-Jul-2009 10:26 AM Landon Fuller:
Summary: 
The simulator implementation of SecurityFramework's SecPKCS12Import function fails on valid PKCS12 files that work with both OpenSSL and the iPhoneOS SecurityFramework.

The function returns errSecDecode.

Steps to Reproduce:
Attempt to load a valid pkcs12 keystore using the SecPKCS12Import function.

Expected Results:
Works on both device and simulator.

Actual Results:
On the device, the pkcs12 file is loaded successfully. On the simulator, errSecDecode is returned. 

Notes:
I've attached a simple reproduction case. If run on the device, the pkcs12 items will be printed to the console. On the simulator, PKCS12 load fails, and the following is printed:

2009-07-24 10:20:08.155 pkcs12import[3199:20b] Failed to read valid pkcs12 certificate: Unable to decode the provided data. (-26275)

Comments

Duplicate Bug

Apple closed this bug as a duplicate of rdar://7037049

By landon.j.fuller at Oct. 8, 2009, 1:05 a.m. (reply...)

I've run into the same bug. And I concur that the simulator is the cuprit.

By hasseily at Sept. 7, 2009, 12:55 p.m. (reply...)

After tracing through the implementation, this appears to be due to a lack of RC2 support in the Mac OS X CCCrypt() implementation, which is called via SecPKCS12Import -> pkcsDecrypt -> CCCrypt.

A PKCS12 file encrypted with RC4 works as expected.

Specifically, the following PKCS#12 standard PBE algorithms are unsupported when using the iPhone Simulator:

  • pbeWithSHAAnd128BitRC2-CBC
  • pbewithSHAAnd40BitRC2-CBC

Please consider this bug an RFE for simulator support of the PKCS#12 standard RC2 algorithms (title adjusted).

By landon.j.fuller at July 24, 2009, 8:17 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!