Add tests for CNG symmetric key algorithm mismatches

56acd2ed · Kevin Jones · GitHub · e10532af · 56acd2ed · 56acd2ed
3 changed file
--- a/src/libraries/System.Security.Cryptography.Cng/tests/AesCngTests.cs
+++ b/src/libraries/System.Security.Cryptography.Cng/tests/AesCngTests.cs
@@ -108,6 +108,15 @@ public static void VerifyUnsupportedFeedbackSizeForPersistedCfb()
                notSupportedFeedbackSizeInBits: 128);
        }

+        [OuterLoop("Creates/Deletes a persisted key, limit exposure to key leaking")]
+        [ConditionalFact(nameof(SupportsPersistedSymmetricKeys))]
+        public static void VerifyRequiresAesCngKey()
+        {
+            SymmetricCngTestHelpers.VerifyMismatchAlgorithmFails(
+                s_cngAlgorithm,
+                keyName => new TripleDESCng(keyName, CngProvider.MicrosoftSoftwareKeyStorageProvider));
+        }
+
        public static bool SupportsPersistedSymmetricKeys
        {
            get { return SymmetricCngTestHelpers.SupportsPersistedSymmetricKeys; }

--- a/src/libraries/System.Security.Cryptography.Cng/tests/SymmetricCngTestHelpers.cs
+++ b/src/libraries/System.Security.Cryptography.Cng/tests/SymmetricCngTestHelpers.cs
@@ -61,7 +61,7 @@ public static class SymmetricCngTestHelpers
            PaddingMode paddingMode,
            int feedbackSizeInBits)
        {
-            byte[] plainBytes = GenerateRandom(plainBytesCount);
+            byte[] plainBytes = RandomNumberGenerator.GetBytes(plainBytesCount);

            using (SymmetricAlgorithm persisted = persistedFunc(keyName))
            using (SymmetricAlgorithm ephemeral = ephemeralFunc())
@@ -195,7 +195,7 @@ public static class SymmetricCngTestHelpers
                    stable.GenerateIV();

                    // Generate (4 * 8) = 32 blocks of plaintext
-                    byte[] plainTextBytes = GenerateRandom(4 * stable.BlockSize);
+                    byte[] plainTextBytes = RandomNumberGenerator.GetBytes(4 * stable.BlockSize);
                    byte[] iv = stable.IV;

                    regenKey.IV = replaceKey.IV = iv;
@@ -348,44 +348,33 @@ public static class SymmetricCngTestHelpers
            }
        }

-        private static bool? s_supportsPersistedSymmetricKeys;
-        internal static bool SupportsPersistedSymmetricKeys
+        internal static void VerifyMismatchAlgorithmFails(
+            CngAlgorithm algorithm,
+            Func<string, SymmetricAlgorithm> createFromKey)
        {
-            get
-            {
-                if (!s_supportsPersistedSymmetricKeys.HasValue)
-                {
-                    // Windows 7 (Microsoft Windows 6.1) does not support persisted symmetric keys
-                    // in the Microsoft Software KSP
-                    s_supportsPersistedSymmetricKeys = !RuntimeInformation.OSDescription.Contains("Windows 6.1");
-                }
+            string keyName = Guid.NewGuid().ToString();

-                return s_supportsPersistedSymmetricKeys.Value;
-            }
-        }
+            // We try to delete the key later which will also dispose of it, so no need
+            // to put this in a using.
+            CngKey cngKey = CngKey.Create(algorithm, keyName);

-        private static readonly Lazy<bool> s_isAdministrator = new Lazy<bool>(
-            () =>
+            try
            {
-                using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
-                {
-                    WindowsPrincipal principal = new WindowsPrincipal(identity);
-                    return principal.IsInRole(WindowsBuiltInRole.Administrator);
-                }
-            });
-
-        internal static bool IsAdministrator => s_isAdministrator.Value;
-
-        internal static byte[] GenerateRandom(int count)
-        {
-            byte[] buffer = new byte[count];
-            using (RandomNumberGenerator rng = RandomNumberGenerator.Create())
+                CryptographicException ce = Assert.Throws<CryptographicException>(() => createFromKey(keyName));
+                Assert.Contains($"'{algorithm.Algorithm}'", ce.Message);
+            }
+            finally
            {
-                rng.GetBytes(buffer);
+                cngKey.Delete();
            }
-            return buffer;
        }

+        // Windows 7 (Microsoft Windows 6.1) does not support persisted symmetric keys
+        // in the Microsoft Software KSP
+        internal static bool SupportsPersistedSymmetricKeys => PlatformDetection.IsWindows8xOrLater;
+
+        internal static bool IsAdministrator => PlatformDetection.IsWindowsAndElevated;
+
        internal static void AssertTransformsEqual(byte[] plainTextBytes, ICryptoTransform decryptor, byte[] encryptedBytes)
        {
            byte[] decrypted = decryptor.TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length);

--- a/src/libraries/System.Security.Cryptography.Cng/tests/TripleDESCngTests.cs
+++ b/src/libraries/System.Security.Cryptography.Cng/tests/TripleDESCngTests.cs
@@ -114,6 +114,15 @@ public static void VerifyUnsupportedFeedbackSizeForPersistedCfb()
                notSupportedFeedbackSizeInBits: 64);
        }

+        [OuterLoop("Creates/Deletes a persisted key, limit exposure to key leaking")]
+        [ConditionalFact(nameof(SupportsPersistedSymmetricKeys))]
+        public static void VerifyRequiresTripleDESCngKey()
+        {
+            SymmetricCngTestHelpers.VerifyMismatchAlgorithmFails(
+                s_cngAlgorithm,
+                keyName => new AesCng(keyName, CngProvider.MicrosoftSoftwareKeyStorageProvider));
+        }
+
        public static bool SupportsPersistedSymmetricKeys
        {
            get { return SymmetricCngTestHelpers.SupportsPersistedSymmetricKeys; }