Throw ObjectDisposedException for AES-CCM on Android

vcsjones · web-flow · commit 2cce720e9c38 · 2022-10-07T21:16:23.000-04:00
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesCcm.Android.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesCcm.Android.cs
@@ -9,14 +9,16 @@ namespace System.Security.Cryptography
 {
     public sealed partial class AesCcm
     {
-        private byte[] _key;
+        private byte[]? _key;
 
         public static bool IsSupported => true;
 
         [MemberNotNull(nameof(_key))]
         private void ImportKey(ReadOnlySpan<byte> key)
         {
-            _key = key.ToArray();
+            // Pin the array on the POH so that the GC doesn't move it around to allow zeroing to be more effective.
+            _key = GC.AllocateArray<byte>(key.Length, pinned: true);
+            key.CopyTo(_key);
         }
 
         private void EncryptCore(
@@ -26,6 +28,8 @@ private void EncryptCore(
             Span<byte> tag,
             ReadOnlySpan<byte> associatedData = default)
         {
+            CheckDisposed();
+
             // Convert key length to bits.
             using (SafeEvpCipherCtxHandle ctx = Interop.Crypto.EvpCipherCreatePartial(GetCipher(_key.Length * 8)))
             {
@@ -109,6 +113,8 @@ private void DecryptCore(
             Span<byte> plaintext,
             ReadOnlySpan<byte> associatedData)
         {
+            CheckDisposed();
+
             using (SafeEvpCipherCtxHandle ctx = Interop.Crypto.EvpCipherCreatePartial(GetCipher(_key.Length * 8)))
             {
                 if (ctx.IsInvalid)
@@ -180,9 +186,16 @@ private static IntPtr GetCipher(int keySizeInBits)
             };
         }
 
+        [MemberNotNull(nameof(_key))]
+        private void CheckDisposed()
+        {
+            ObjectDisposedException.ThrowIf(_key is null, this);
+        }
+
         public void Dispose()
         {
             CryptographicOperations.ZeroMemory(_key);
+            _key = null;
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -9,14 +9,16 @@ namespace System.Security.Cryptography`
`9`	`9`	`{`
`10`	`10`	`public sealed partial class AesCcm`
`11`	`11`	`{`
`12`		`- private byte[] _key;`
	`12`	`+ private byte[]? _key;`
`13`	`13`
`14`	`14`	`public static bool IsSupported => true;`
`15`	`15`
`16`	`16`	`[MemberNotNull(nameof(_key))]`
`17`	`17`	`private void ImportKey(ReadOnlySpan<byte> key)`
`18`	`18`	`{`
`19`		`- _key = key.ToArray();`
	`19`	`+ // Pin the array on the POH so that the GC doesn't move it around to allow zeroing to be more effective.`
	`20`	`+ _key = GC.AllocateArray<byte>(key.Length, pinned: true);`
	`21`	`+ key.CopyTo(_key);`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`private void EncryptCore(`
`@@ -26,6 +28,8 @@ private void EncryptCore(`
`26`	`28`	`Span<byte> tag,`
`27`	`29`	`ReadOnlySpan<byte> associatedData = default)`
`28`	`30`	`{`
	`31`	`+ CheckDisposed();`
	`32`	`+`
`29`	`33`	`// Convert key length to bits.`
`30`	`34`	`using (SafeEvpCipherCtxHandle ctx = Interop.Crypto.EvpCipherCreatePartial(GetCipher(_key.Length * 8)))`
`31`	`35`	`{`
`@@ -109,6 +113,8 @@ private void DecryptCore(`
`109`	`113`	`Span<byte> plaintext,`
`110`	`114`	`ReadOnlySpan<byte> associatedData)`
`111`	`115`	`{`
	`116`	`+ CheckDisposed();`
	`117`	`+`
`112`	`118`	`using (SafeEvpCipherCtxHandle ctx = Interop.Crypto.EvpCipherCreatePartial(GetCipher(_key.Length * 8)))`
`113`	`119`	`{`
`114`	`120`	`if (ctx.IsInvalid)`
`@@ -180,9 +186,16 @@ private static IntPtr GetCipher(int keySizeInBits)`
`180`	`186`	`};`
`181`	`187`	`}`
`182`	`188`
	`189`	`+ [MemberNotNull(nameof(_key))]`
	`190`	`+ private void CheckDisposed()`
	`191`	`+ {`
	`192`	`+ ObjectDisposedException.ThrowIf(_key is null, this);`
	`193`	`+ }`
	`194`	`+`
`183`	`195`	`public void Dispose()`
`184`	`196`	`{`
`185`	`197`	`CryptographicOperations.ZeroMemory(_key);`
	`198`	`+ _key = null;`
`186`	`199`	`}`
`187`	`200`	`}`
`188`	`201`	`}`