Require CFB8 for persisted CNG keys in CFB mode #55615
Conversation
This changes AesCng and TripleDESCng to require the feedback size to be set to '8' when in CFB mode and using a persisted CNG key. Prior to this change, BasicSymmetricCipherNCrypt ignored the feedback size which resulted in CFB8 always being used, even if the FeedbackSize was set to another value. However, when padding was applied, the padding size would be padded to the feedback size. In the case of AesCng, this would mean it would be encrypted with CFB8 and padded as if it were CFB128. This changes the implementation so that the feedback size is required to be set to 8 for persisted keys. No change is made for ephemeral keys.
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue DetailsThis changes Prior to this change, It was also determined that persisted CNG keys also do not support setting the feedback size, so that gives us the only option to throw. This changes the implementation so that the feedback size is required to be set to 8 for persisted keys. No change is made for ephemeral keys. Developers that are impacted by this change can work around this by setting the As noted in the issue, this breaking change will have a small impact. Closes #55477.
|
| // | ||
| // The delegate must instantiate a new CngKey, based on a new underlying NCryptKeyHandle, each time is called. | ||
| // | ||
| public BasicSymmetricCipherNCrypt(Func<CngKey> cngKeyFactory, CipherMode cipherMode, int blockSizeInBytes, byte[]? iv, bool encrypting, int feedbackSizeInBytes, int paddingSize) |
There was a problem hiding this comment.
We can't do anything with the feedback size here, so stop accepting it so new callers don't assume it does anything.
| { | ||
| using (SymmetricAlgorithm alg = persistedFunc(keyName)) | ||
| { | ||
| alg.Mode = CipherMode.CFB; |
There was a problem hiding this comment.
The positive "it works with CFB8" tests were added in the CFB one-shot PR. #55480
vcsjones
added
the
breaking-change
ghost
added
the
needs-breaking-change-doc-created
|
Tagging @dotnet/compat for awareness of the breaking change. |
|
This should get an outerloop run once the changes look good and innerloop looks reasonable. |
vcsjones
force-pushed
the
persisted-cfb-cng-feedback-size
branch
from
9474b27 to
88ac833
Compare
| Link="CommonTest\System\Security\Cryptography\AlgorithmImplementations\RSA\SignVerify.netcoreapp.cs" /> | ||
| <Compile Condition="'$(TargetsWindows)' == 'true'" Include="AesCngTests.cs" /> | ||
| <Compile Condition="'$(TargetsWindows)' == 'true'" Include="TripleDESCngTests.cs" /> | ||
| <Compile Include="$(CommonTestPath)System\Security\Cryptography\AlgorithmImplementations\TripleDES\TripleDESContractTests.cs" |
There was a problem hiding this comment.
Turns out we were never running these contract tests under CNG.
I would have bet some sum of money that this test already existed... but I couldn't find it, so I added one. If the CFB8-but-block-length-padded tests are duplicate I would be happy to remove them. |
src/libraries/System.Security.Cryptography.Cng/src/System/Security/Cryptography/AesCng.cs
Show resolved
Hide resolved
|
Thanks for continuing to be quite speedy, @vcsjones! |
|
/azp run runtime-libraries-coreclr outerloop |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
All failures appear unrelated. |
I concur. |
|
Documentation issue opened: dotnet/docs#26326 |
bartonjs
removed
the
needs-breaking-change-doc-created
2 participants
This changes
AesCngandTripleDESCngto require the feedback size to be set to '8' when in CFB mode and using a persisted CNG key.Prior to this change,
BasicSymmetricCipherNCryptignored the feedback size which resulted in CFB8 always being used, even if the FeedbackSize was set to another value. However, when padding was applied, the padding size would be padded to the feedback size. In the case of AesCng, this would mean it would be encrypted with CFB8 and padded as if it were CFB128.It was also determined that persisted CNG keys also do not support setting the feedback size, so that gives us the only option to throw.
This changes the implementation so that the feedback size is required to be set to 8 for persisted keys. No change is made for ephemeral keys.
Developers that are impacted by this change can work around this by setting the
FeedbackSizeto 8, since that is how it is actually encrypted. Even though it was padded with additional padding, it will be handled by the decryption since this was actually the behavior of .NET Framework (it was always padded to the block size). So the decryption handles the extra padding already, and encryption will start producing smaller ciphertexts since it will contain at most one byte of padding.As noted in the issue, this breaking change will have a small impact.
Closes #55477.