CLR IsEphemeral hinders use of some CNG Providers

[vcsjones]

Consider this:

CngKey.Create(
    CngAlgorithm.Rsa,
    null,
    new CngKeyCreationParameters { Provider = CngProvider.MicrosoftPlatformCryptoProvider });

This will fail with:

Unhandled exception. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Invalid flags specified.
at System.Security.Cryptography.CngKey.set_IsEphemeral(Boolean value)
at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm, String keyName, CngKeyCreationParameters creationParameters)

The Microsoft PCP / TPM provider, and likely other 3rd party CNG Providers, may not support custom properties.

As the get for IsEphemeral correctly calls out:

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKey.StandardProperties.cs

Lines 100 to 102 in 5877e8b

	// Third party Key providers, and Windows PCP KSP won't recognize this property;
	// and Win32 layer does not enforce error return contract.
	// Therefore, they can return whatever error code they think appropriate.

However, generating a key always tries to call the set, and if it fails, throws an exception:

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKey.StandardProperties.cs

Lines 122 to 123 in 5877e8b

	if (errorCode != ErrorCode.ERROR_SUCCESS)
	throw errorCode.ToCryptographicException();

This makes using CngKey.Create or CngKey.Import with some providers difficult to work with.

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Consider this:

CngKey.Create(
    CngAlgorithm.Rsa,
    null,
    new CngKeyCreationParameters { Provider = CngProvider.MicrosoftPlatformCryptoProvider });

This will fail with:

Unhandled exception. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Invalid flags specified.
at System.Security.Cryptography.CngKey.set_IsEphemeral(Boolean value)
at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm, String keyName, CngKeyCreationParameters creationParameters)

The Microsoft PCP / TPM provider, and likely other 3rd party CNG Providers, may not support custom properties.

As the get for IsEphemeral correctly calls out:

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKey.StandardProperties.cs

Lines 100 to 102 in 5877e8b

	// Third party Key providers, and Windows PCP KSP won't recognize this property;
	// and Win32 layer does not enforce error return contract.
	// Therefore, they can return whatever error code they think appropriate.

However, generating a key always tries to call the set, and if it fails, throws an exception:

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKey.StandardProperties.cs

Lines 122 to 123 in 5877e8b

	if (errorCode != ErrorCode.ERROR_SUCCESS)
	throw errorCode.ToCryptographicException();

This makes using CngKey.Create or CngKey.Import with some providers difficult to work with.

Author:	vcsjones
Assignees:	-
Labels:	area-System.Security
Milestone:	-

[vcsjones]

I think the set should continue to throw, however the places where we use it in Create and Import should consider ignoring the exception. Since the expectation is the get will fail anyway, it doesn't matter if the set succeeded in this circumstance or not.

[bartonjs]

I think the set should continue to throw, however the places where we use it in Create and Import should consider ignoring the exception.

Since the set is private, the only differences between the set ignoring the error and the callers eating the exception is the latter allows break on exception to work, and has more code.

A more reasonable change would probably be:

• Make the set ignore the error.
• Make the set also set a field saying it's ephemeral. Then change get_IsEphemeral to something like (if (_isEphemeral != 0) { return _isEphemeral > 0; } before checking the CNG property (which should then memoize the answer).
• Figure out what the Name/UniqueName/etc properties do when called with an ephemeral key that doesn't know it's ephemeral. Consider making them update the ephemeralness.

[samintz]

Yeah, unfortunately there is no easy work-around either. The CngKey() constructor that takes the provider and key handles is private. So I cannot implement my own Import method. And DeriveKeyMaterial() needs to be passed a CngKey. This simple .Net code becomes messy because everything has to be done using p/invoke calls to NCrypt.dll.

CngKey ephKey = CngKey.Import(ephblob, CngKeyBlobFormat.EccPublicBlob, KspKeyController.KspProvider);
priv.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hmac;  
priv.HmacKey = null;  
byte[] prk = priv.DeriveKeyMaterial(ephKey);  

The really strange thing for me anyway, is that it works on Server 2012 R2. But fails in Win10, Server 2016, and Server 2019. This is with the "SafeNet Key Storage Provider".