Provide a way to export PKCS12 in a way compatible with major OS (closes #7293)

Author: schwabe

docs/hazmat/primitives/asymmetric/serialization.rst

@@ -1002,6 +1002,16 @@ Serialization Encryption Types
 
     :param bytes password: The password to use for encryption.
 
+.. class:: PKCS12CompatibilityEncryption(password)
+
+    Encrypt using 3DES and SHA1 for a given key.
+    This is an option that should be only used to allow exporting PKCS12
+    to devices/software that does not support stronger encryption of PKCS12
+    like macOS 15.x or Android 12.
+
+    :param bytes password: The password to use for encryption.
+
+
 .. class:: NoEncryption
 
     Do not encrypt.

src/cryptography/hazmat/backends/openssl/backend.py

@@ -2247,6 +2247,7 @@ def serialize_key_and_certificates_to_pkcs12(
             nid_key = -1
             pkcs12_iter = 0
             mac_iter = 0
+            mac_alg = self._ffi.NULL
         elif isinstance(
             encryption_algorithm, serialization.BestAvailableEncryption
         ):
@@ -2261,6 +2262,17 @@ def serialize_key_and_certificates_to_pkcs12(
             # Did we mention how lousy PKCS12 encryption is?
             mac_iter = 1
             password = encryption_algorithm.password
+            mac_alg = self._ffi.NULL
+        elif isinstance(encryption_algorithm, serialization.PKCS12CompatibilityEncryption):
+            # This is currently mostly identical with BestAvailableEncryption but
+            # is meant to stay 3DES/SHA1 to be able to support things like Android <= 12/13
+            # and other operating systems like macOS 15 that do not support anything stronger
+            nid_cert = self._lib.NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+            nid_key = self._lib.NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+            mac_iter = 1
+            pkcs12_iter = 20000
+            password = encryption_algorithm.password
+            mac_alg = self._evp_md_non_null_from_algorithm(hashes.SHA1)
         else:
             raise ValueError("Unsupported key encryption type")
 
@@ -2310,6 +2322,9 @@ def serialize_key_and_certificates_to_pkcs12(
                     0,
                 )
 
+                if self._lib.Cryptography_HAS_PKCS12_SET_MAC and mac_alg != self._ffi.NULL:
+                    self._lib.PKCS12_set_mac(p12, password_buf, -1, self._ffi.NULL, 0, mac_iter, mac_alg)
+
         self.openssl_assert(p12 != self._ffi.NULL)
         p12 = self._ffi.gc(p12, self._lib.PKCS12_free)
 

src/cryptography/hazmat/primitives/_serialization.py

@@ -51,5 +51,15 @@ def __init__(self, password: bytes):
         self.password = password
 
 
+class PKCS12CompatibilityEncryption(KeySerializationEncryption):
+    """"
+    Provides the most compatible encryption using 3DES and SHA1 for PKCS12.
+    """
+    def __init__(self, password):
+        if not isinstance(password, bytes) or len(password) == 0:
+            raise ValueError("Password must be 1 or more bytes.")
+
+        self.password = password
+
 class NoEncryption(KeySerializationEncryption):
     pass

src/cryptography/hazmat/primitives/serialization/__init__.py

@@ -5,6 +5,7 @@
 
 from cryptography.hazmat.primitives._serialization import (
     BestAvailableEncryption,
+    PKCS12CompatibilityEncryption,
     Encoding,
     KeySerializationEncryption,
     NoEncryption,
@@ -41,5 +42,6 @@
     "ParameterFormat",
     "KeySerializationEncryption",
     "BestAvailableEncryption",
+    "PKCS12CompatibilityEncryption",
     "NoEncryption",
 ]

tests/hazmat/primitives/test_pkcs12.py

@@ -341,6 +341,7 @@ class TestPKCS12Creation:
         ("algorithm", "password"),
         [
             (serialization.BestAvailableEncryption(b"password"), b"password"),
+            (serialization.PKCS12CompatibilityEncryption(b"password"), b"password"),
             (serialization.NoEncryption(), None),
         ],
     )