[iOS] X509KeyStorageFlags in X509Certificate constructor are ignored

[filipnavara]

The implementation of PKCS#12 certificate loading ignores the flags passed to the constructor. It always imports the key as ephemeral even if asked to persist it which is easy to fix.

The exportable flag is also ignored. It has to be investigated how it should map on iOS. It may control storing keys in the secure enclave. The keychain is per-application storage which greatly reduces the security risk of non-exportable keys actually being exportable.

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

---

The implementation of PKCS#12 certificate loading ignores the flags passed to the constructor. It always imports the key as ephemeral even if asked to persist it which is easy to fix.

The exportable flag is also ignored. It has to be investigated how it should map on iOS. It may control storing keys in the secure enclave. The keychain is per-application storage which greatly reduces the security risk of non-exportable keys actually being exportable.

Author:	filipnavara
Assignees:	-
Labels:	area-System.Security, untriaged
Milestone:	-

[mdh1418]

I might be missing something, but is this resolved by #55425?
It seems like the X509KeyStorageFlags keyStorageFlags are being used now?

runtime/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/StorePal.cs

Line 40 in 6874ef2

bool ephemeralSpecified = keyStorageFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet);

runtime/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/StorePal.cs

Line 56 in 6874ef2

reader.Decrypt(password, ephemeralSpecified);

I'm not very familiar, what is the exportable flag?

[bartonjs]

• The Exportable flag means that the private keys, once imported, can be exported again (e.g. cert.GetRSAPrivateKey().ExportRSAPrivateKey()).
• The PersistKeySet flag means that the intention is to add the certificate to a certificate store, so the private key should be written to a place that it can be used again later.
  • For macOS if PersistKeySet is used we import the cert+key into the default keychain, otherwise we use a temporary keychain.
• The EphemeralKeySet flag means the private key shouldn't ever be written to disk.
  • This isn't supported on macOS because there's no way (at least, there used to not be) to get a SecIdentityRef without putting the key and cert into a keychain, which means the key was written to disk.

On iOS we need to do the appropriate equivalent things. EphemeralKeySet works on iOS, but PersistKeySet and Exportable might need specific support.

macOS version:

runtime/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/AppleCertificatePal.ImportExport.cs

Lines 45 to 53 in 57bfe47

	if ((keyStorageFlags & X509KeyStorageFlags.EphemeralKeySet) == X509KeyStorageFlags.EphemeralKeySet)
	{
	throw new PlatformNotSupportedException(SR.Cryptography_X509_NoEphemeralPfx);
	}
	bool exportable = (keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable;
	bool persist =
	(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet;