Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ECDsa] Falls back to use BouncyCastle if BCL (Mono) doesn't support #1461

Merged
merged 16 commits into from
Aug 31, 2024

Conversation

scott-xu
Copy link
Collaborator

@scott-xu scott-xu commented Aug 3, 2024

Fixes #1406

@Rob-Hague
Copy link
Collaborator

Rob-Hague commented Aug 23, 2024

Can we use this for .NET Framework (4.6.2) as well? So that we have 2 implementations instead of 3.

Instead of the isMono check, can we wrap the ECDsa.Create(parameter) call in a try-catch and then fall back to BouncyCastle? That should capture all the cases where it doesn't work, and still allow using the BCL if later versions of mono support it.

@scott-xu scott-xu marked this pull request as draft August 24, 2024 00:28
@scott-xu
Copy link
Collaborator Author

@Rob-Hague @WojciechNagorski Could you please help re-trigger the CI? Or would you mind granting me permission for Appveyor?

@scott-xu scott-xu marked this pull request as ready for review August 24, 2024 08:49
@Rob-Hague
Copy link
Collaborator

I suppose what I meant was, can we delete the custom CNG implementation so we just have (1) The normal BCL implementation with ECDsa; and if that is not supported then (2) The BouncyCastle implementation

Currently, this does not fix #1406 because #1406 does not use the .NET Framework target (probably .NET Standard instead). You can see that because the failure is on ECDsa.Create which is only called under #if !NETFRAMEWORK

@Rob-Hague
Copy link
Collaborator

I suppose what I meant was, can we delete the custom CNG implementation so we just have (1) The normal BCL implementation with ECDsa; and if that is not supported then (2) The BouncyCastle implementation

Since that would cause all .NET Framework applications to use BouncyCastle, that is probably not exactly what we want.

I'm finding it difficult to read and understand what implementation is used when. I think we want:

  1. If ECDsa.Create(ECParameters) is supported, use that
  2. Otherwise, if running on Windows, use CNG
  3. Otherwise, use BouncyCastle

But that does complicate the testing situation...

@scott-xu
Copy link
Collaborator Author

I suppose what I meant was, can we delete the custom CNG implementation so we just have (1) The normal BCL implementation with ECDsa; and if that is not supported then (2) The BouncyCastle implementation

Since that would cause all .NET Framework applications to use BouncyCastle, that is probably not exactly what we want.

I'm finding it difficult to read and understand what implementation is used when. I think we want:

  1. If ECDsa.Create(ECParameters) is supported, use that
  2. Otherwise, if running on Windows, use CNG
  3. Otherwise, use BouncyCastle

But that does complicate the testing situation...

Not sure if anybody uses Mono at Windows... I propose below logic:

  1. If NET, use ECDsa.Create(ECParameters) without fallback
  2. Otherwise if NETStandard or NET47 above, use ECDsa.Create(ECParameters) and falls back to BouncyCastle
  3. Otherwise if NET462, use CNG and falls back to BouncyCastle

@scott-xu scott-xu marked this pull request as draft August 24, 2024 11:49
@Rob-Hague
Copy link
Collaborator

I think we are proposing the same thing, so if it's easy to follow in the code, then sounds good

@scott-xu scott-xu changed the title Use BouncyCastle ECDsa when runtime is Mono [ECDsa] Falls back to use BouncyCastle if runtime does not support Aug 24, 2024
@scott-xu scott-xu marked this pull request as ready for review August 24, 2024 14:28
@scott-xu
Copy link
Collaborator Author

scott-xu commented Aug 24, 2024

We don't have NET47 as target framework. (Should we? ECDsa.Create(ECParameters) supports .NET Framework 4.7 onwards, see https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecdsa.create?view=net-8.0#system-security-cryptography-ecdsa-create(system-security-cryptography-ecparameters))

Here's current simplified logic:

  • !NET -> Use BouncyCastle as a fallback
  • FRAMEWORK -> Use CNG

@scott-xu
Copy link
Collaborator Author

We don't have NET47 as target framework. (Should we? ECDsa.Create(ECParameters) supports .NET Framework 4.7 onwards, see https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecdsa.create?view=net-8.0#system-security-cryptography-ecdsa-create(system-security-cryptography-ecparameters))

Here's current simplified logic:

  • !NET -> Use BouncyCastle as a fallback
  • FRAMEWORK -> Use CNG

Update:

  • !NET -> Use BouncyCastle as a fallback
  • NET462 -> Use CngKey

@scott-xu scott-xu changed the title [ECDsa] Falls back to use BouncyCastle if runtime does not support [ECDsa] Falls back to use BouncyCastle if BCL (Mono) does not support Aug 24, 2024
@scott-xu scott-xu changed the title [ECDsa] Falls back to use BouncyCastle if BCL (Mono) does not support [ECDsa] Falls back to use BouncyCastle if BCL (Mono) doesn't support Aug 24, 2024
@Rob-Hague
Copy link
Collaborator

Yeah probably makes sense

Is there a way to use the "Impl" pattern here that we have used in other places?

@scott-xu
Copy link
Collaborator Author

Is there a way to use the "Impl" pattern here that we have used in other places?

I tried, but it's a little bit different with others. Anyway it's good to separate into different files.

@Rob-Hague
Copy link
Collaborator

I iterated on it a bit and tested with a few different configurations. Will just wait for confirmation from mono...

@Rob-Hague Rob-Hague merged commit fe827a5 into sshnet:develop Aug 31, 2024
1 check failed
@scott-xu scott-xu deleted the bc_ecdsa branch September 1, 2024 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

SSH.Net 2024.0.0 works for UWP but does not work for Android and iOS
2 participants