.net 10 on windows can not parse ecdsa pkcs8 private key correctly

[sometiny]

Description

var cert = X509Certificate2.CreateFromPem(certificate, privateKey);

net 10 on windows: throw exception: System.Security.Cryptography.CryptographicException: Key is not a valid public or private key.

throw by System.Security.Cryptography.ECDiffieHellmanCng.ProcessPkcs8Response

why ECDiffieHellmanCng? should be ECDsa?

when use ExportECPrivateKeyPem export pkcs1 format, it's work fine.

.net 10 on windows can not parse ecdsa pkcs8 private key correctly?

ref code

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

namespace CertDebug;

internal class Program
{
    static void Main(string[] args)
    {

        Create("yourdomain.com", out var certificate, out var privateKey);

        Console.WriteLine(certificate);
        Console.WriteLine(privateKey);

        /*
         * on windows
         * 
         * net8: work fine.
         * net 10: throw exception: System.Security.Cryptography.CryptographicException: Key is not a valid public or private key.
         * throw by System.Security.Cryptography.ECDiffieHellmanCng.ProcessPkcs8Response
         * why ECDiffieHellmanCng? should be ECDsa?
         * 
         * when use ExportECPrivateKeyPem, all work fine.
         * .net 10 on windows can not parse ecdsa pkcs8 private key correctly?
         * 
         * on mac
         * both 2 work fine;
         */
        var cert = X509Certificate2.CreateFromPem(certificate, privateKey);

        Console.WriteLine(cert.Subject);

    }

    private static void Create(string commonName, out string certificate, out string privateKey)
    {
        CertificateRequest req = new(new X500DistinguishedName($"CN={commonName}"), ECDsa.Create(ECCurve.NamedCurves.nistP256), HashAlgorithmName.SHA256);

        var cert = req.CreateSelfSigned(new DateTimeOffset(DateTime.Now), new DateTimeOffset(DateTime.Now + TimeSpan.FromDays(365)));


        certificate = cert.ExportCertificatePem();

        //privateKey = cert.GetECDsaPrivateKey()!.ExportECPrivateKeyPem(); 
        privateKey = cert.GetECDsaPrivateKey()!.ExportPkcs8PrivateKeyPem();


    }
}

Reproduction Steps

ref comment in above code.

Expected behavior

ecdsa private key should be parsed correctly.

Actual behavior

exception throw.

Regression?

.net 8 work fine.
only .net 10 on windows throw exception.

Known Workarounds

No response

Configuration

No response

Other information

No response

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

[sometiny]

in X509Certificate2.cs

.net8 and .net10 have different behiviour when parse ecpublickey.

.net8

.net10

[vcsjones]

This is probably a result of #115249.

ECC keys can be either EC-DH or EC-DSA. We made a change in .NET 10 to prefer loading an ECC key as EC-DH if it can - because CNG keys that are EC-DH can usually be used a EC-DSA as well, assuming the key usage permits it. But a key that is imported as EC-DSA can never be used for EC-DH.

My suspicion is the EC-DSA PKCS#8 export has key usage bits on it though, so it really needs to be imported as EC-DSA. But we are only using the certificate to determine the key usage, not the private key's key attributes.

I can take a look at this.

[vcsjones]

Yeah, the EC-DSA PKCS#8 private key contains an X.509 key usage extension in this case, which causes CNG to reject loading the key for EC-DH.

[sometiny]

Yes, when use ExportPkcs8PrivateKeyPem to export ECDsa private key, it contains a KeyUsage extension with value 0x0080.

temporary solution

using var cert = X509Certificate2.CreateFromPem(certificate);

using var pkey = ECDsa.Create();

pkey.ImportFromPem(privateKey);

using var newCert = cert.CopyWithPrivateKey(pkey);

Console.WriteLine(newCert.Subject);

[vcsjones]

I should have a fix up for this for .NET 11 on Thursday. After we get a fix in for .NET 11 the plan is to open a request to service the fix in to .NET 10.