-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows CNG virtualization-based security #102495
base: main
Are you sure you want to change the base?
Conversation
Note regarding the
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
src/libraries/System.Security.Cryptography/tests/CngKeyTests.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/tests/System/Security/Cryptography/PlatformSupport.cs
Outdated
Show resolved
Hide resolved
CngKeyCreationParameters cngCreationParameters, | ||
string keySuffix = null, | ||
[CallerMemberName] string testName = null, | ||
params CngProperty[] additionalParameters) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like this constructor, because if additionalParameters
are provided then it modifies cngCreationParameters
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on usages later, I expect you're using this class because the dispose deletes the key.
To me, that means this class should just be renamed to SelfDeletingCngKey
or CngSelfDeletingKey
, or even CngKeyWrapper
. If need be for preview 6 deadline reasons, this can be done as a followup. But we shouldn't have a name "PlatformProvider" for a thing that we're extending to work with other providers.
This ctor should be removed, and replaced with a static method for using the software KSP. E.g. public static SelfDeletingCngKey CreateSoftwareKey
, which takes whatever options you need. That'll probably require making a private ctor that takes the prebuilt CngKeyCreationParameters; leave the existing one alone.
In an ideal world (but perhaps not a time constrained one), the existing public ctor would also be removed and replaced with a CreatePlatformKey
(or some suitable name) with parameters that look like the current ctor.
using (CngPlatformProviderKey key = new CngPlatformProviderKey( | ||
CngAlgorithm.ECDsaP256, | ||
new CngKeyCreationParameters() | ||
{ | ||
Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are you using CngPlatformProviderKey
for a software KSP key?
Fixes: #102492
One of the Windows 11 builds has added framework to help secure Windows keys with virtualization-based security (VBS). With this new capability, keys can be protected from admin-level key theft attacks with negligible effect on performance, reliability, or scale.
Blog post:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/advancing-key-protection-in-windows-using-vbs/ba-p/4050988
Win API:
https://learn.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptcreatepersistedkey
The proposal is to extend existing
CngKeyCreationOptions
API to include the new flags.API Proposal
Example usage