System.PlatformNotSupportedException' occurred in System.Security.Cryptography.Algorithms.dll

[jkotas]

From @furoraest on August 30, 2018 17:44

Hope this is the right repo for this problem:

When trying to export from ECDiffieHellman to ECDiffieHellmanPublicKey.ToByteArray() the exception rises:
Exception has occurred: CLR/System.PlatformNotSupportedException
An exception of type 'System.PlatformNotSupportedException' occurred in System.Security.Cryptography.Algorithms.dll but was not handled in user code: 'Operation is not supported on this platform.' at System.Security.Cryptography.ECDiffieHellmanImplementation.ECDiffieHellmanOpenSslPublicKey.ToByteArray()

.NET Core SDK (reflecting any global.json):
Version: 2.1.401
Commit: 91b1c13032

Runtime Environment:
OS Name: ubuntu
OS Version: 18.04
OS Platform: Linux
RID: ubuntu.18.04-x64
Base Path: /usr/share/dotnet/sdk/2.1.401/

Host (useful for support):
Version: 2.1.3
Commit: 124038c13e

.NET Core SDKs installed:
2.1.401 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.3 [/usr/share/dotnet/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.3 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.3 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

When looking at the data stucture the value of ECDH key is presented as type:
Microsoft.Win32.SafeHandles.SafeEcKeyHandle

Perhaps this is the problem?
Method description lists net core 2.0 and 2.1
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecdiffiehellmanpublickey.tobytearray?view=netframework-4.7.2

Best regards

Copied from original issue: dotnet/coreclr#19767

[IcanBENCHurCAT]

Trying to look into this (so I can learn a bit more), but haven't found anything definitive yet.

I see the ECDiffieHellmanSecurityTransforms will throw this exception when calling ExportExplicitParameters. I see this function being called in plenty of tests that I assume have run on a Linux machine before.

I'm assuming that there is another class that finishes this implementation that I am not seeing. I see there is a factory object that should be doing this, but I am missing some symbols to look further. Working on getting this project to build, and then I will dig deeper if nobody else has.

[bartonjs]

ECDiffieHellmanPublicKey.ToByteArray() doesn't have a (standards-)defined export format. The version used by ECDiffieHellmanPublicKeyCng is Windows-specific, and only works for NIST P-256 (secp256r1), NIST P-384 (secp384r1), and NIST P-521 (secp521r1).

To create a copy of a key you should use the ExportParameters() method to obtain the rich ECParameters object; which can then be sent through ECDiffieHellman.Create(ECParameters) and the PublicKey property of that object be read to get back a second instance of ECDiffieHellmanPublicKey.

[danmoseley]

is there something we can do to make the exception more helpful?

[bartonjs]

@danmosemsft I'm not sure that a resource string of "This method is only available on Windows" would really help. If we ever made the Roslyn analyzer to warn about methods like this, and this didn't already get added, we should add it there. But I don't know what precedent we have other than just throw a default PNSE.

[danmoseley]

@bartonjs I guess I was thinking that the message could potentially say something like "To create a copy of a key you should use the ExportParameters() method to obtain the rich ECParameters object; which can then be sent through ECDiffieHellman.Create(ECParameters) and the PublicKey property of that object be read to get back a second instance of ECDiffieHellmanPublicKey."

(I don't know)

[furoraest]

Main problem was to get serialized output from (public) key....
I am very new on .net core architecture but seems there are more similar cases where platform is not supported... Rewriting some base classes would bad idea/ too much work?

[filipnavara]

@furoraest The problem is that the subset of algorithms and parameters supported on Windows and Unix (using OpenSSL) is different. The format of the output BLOB returned by ToByteArray is internal representation used by Windows, which doesn't necessarily support all algorithms supported on Unix.

It would be possible to implement certain subset, but it's likely not worth it since the code for loading the byte array and re-creating it uses *Cng class, which is Windows specific and would thus need a user code modification anyway.

You may be interested in the new APIs in #22020, particularly ExportSubjectPublicKeyInfo.

[furoraest]

Thank You for hints, it helped me develop platform-independent code and get it done without CNG.
Since I discovered the ECParameters capability (fourtunately it consists the D (private key) and Q(public key) part which are readable and therefore derivable to other formats), there are various ways to around - unfortunately currently there are much handwork for converting (like importing public keys as byte arrays and convert them to ECParameters, no direct method to derive public key straightforward from imported private key etcetc.)
Anyway, I wait to see when the new API will be out, much can be resolved by that.
Still, lot of things need to be done with the crypto part yet, I would like to see full Inferno and new API support included, the old BouncyCastle is clumsy and I hear in some enterprises forbidden, also some compatibility with "industry standard" (like java KeyAgreement) would be also much appreciated.
Thank You for explanations, I think its safe to close it now.