HttpClient: Client certificate authentication with smart cards when not using Signature Algorithm: rsa_pkcs1_sha1 (0x0201)

[romerod]

Description

A http request with HttpClient fails when the client certificate is stored on a smart card and the available signature algorithms in the TLS 1.2 Certifcate request doesn't contain rsa_pkcs1_sha1.

An HttpRequestException (The SSL connection could not be established, see inner exception), Inner Exception: Win32Exception (The client and server cannot communicate, because they do not possess a common algorithm. or The Local Security Authority cannot be contacted) is thrown.

The code to create a request:
var myCertificate = GetCertificate();
var requestHandler = new HttpClientHandler();
requestHandler.ClientCertificates.Add(myCertificate);
requestHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls12;
requestHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
requestHandler.ServerCertificateCustomValidationCallback = (_, _, _, _) => true;
var client = new HttpClient(requestHandler);
var url = "https://localhost:56232/test.txt";
var response = client.GetAsync(url).Result;

I've analyzed multiple use cases and came to the following conclusion:

Weak Signature Algorithms (OpenSsl Server 1.X.X)	Strong Signature Algoritms (OpenSsl Server 3.X.X)
rsa_pkcs1_sha512 (0x0601)	ecdsa_secp256r1_sha256 (0x0403)
SHA512 DSA (0x0602)	ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)	ecdsa_secp521r1_sha512 (0x0603)
rsa_pkcs1_sha384 (0x0501)	ed25519 (0x0807)
SHA384 DSA (0x0502)	ed448 (0x0808)
ecdsa_secp384r1_sha384 (0x0503)	ecdsa_brainpoolP256r1tls13_sha256 (0x081a)
rsa_pkcs1_sha256 (0x0401)	ecdsa_brainpoolP384r1tls13_sha384 (0x081b)
SHA256 DSA (0x0402)	ecdsa_brainpoolP512r1tls13_sha512 (0x081c)
ecdsa_secp256r1_sha256 (0x0403)	rsa_pss_pss_sha256 (0x0809)
SHA224 RSA (0x0301)	rsa_pss_pss_sha384 (0x080a)
SHA224 DSA (0x0302)	rsa_pss_pss_sha512 (0x080b)
SHA224 ECDSA (0x0303)	rsa_pss_rsae_sha256 (0x0804)
rsa_pkcs1_sha1 (0x0201)	rsa_pss_rsae_sha384 (0x0805)
SHA1 DSA (0x0202)	rsa_pss_rsae_sha512 (0x0806)
ecdsa_sha1 (0x0203)	rsa_pkcs1_sha256 (0x0401)
	rsa_pkcs1_sha384 (0x0501)
	rsa_pkcs1_sha512 (0x0601)
	SHA224 ECDSA (0x0303)
	SHA224 RSA (0x0301)
	SHA224 DSA (0x0302)
	SHA256 DSA (0x0402)
	SHA384 DSA (0x0502)
	SHA512 DSA (0x0602)

App	Certificate Location	Signature Algorithms	SA in Certificate Verify (TLS 1.2 Handshake)	Success
Console	Certificate retrieved from PFX	Weak Signature Algorithms	rsa_pkcs1_sha1	✔️
Console	Certificate Store *1	Weak Signature Algorithms	rsa_pkcs1_sha1	✔️
Console	SmartCard *2	Weak Signature Algorithms	rsa_pkcs1_sha1	✔️
Console	Certificate retrieved from PFX	Strong Signature Algorithms	rsa_pss_rsae_sha256	✔️
Console	Certificate Store *1	Strong Signature Algorithms	rsa_pss_rsae_sha256	✔️
Console	SmartCard *2	Strong Signature Algorithms	failure	❌
Console	SmartCard *2	rsa_pkcs1_sha256	failure	❌
Edge	SmartCard *2	Strong Signature Algorithms	rsa_pkcs1_sha256 (0x0401)	✔️

*1 Microsoft Platform Crypto Provider
*2 Microsoft Base Smart Card Crypto Provider

See attached wireshark of failed call.

failed_called.zip

Reproduction Steps

1. Create a virtual smartcard:
   tpmvscmgr create /name "MyVirtualSmartCard" /pin prompt /adminkey random /generate
2. Import the pfx to the virtual smart card:

Ensure that the registry settings for the Cryptographic Service Provider (CSP) or Key Storage Provider (KSP) are correctly configured to allow the import of private keys. Double-check that the following registry values are set

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider]
"AllowPrivateSignatureKeyImport"=dword:00000001
"AllowPrivateExchangeKeyImport"=dword:00000001

Make sure to only have one smartcard connected.
certutil -user -csp "Microsoft Base Smart Card Crypto Provider" -importpfx client_cert.pfx

3. Restart "Certificate Propagation Service" to make sure the Certificate "Client" is available in the local user certificates

4. Import ca-cert.pem in My certificates.

5. Extract the certificates from the zip file

OpenSslTest.zip

7. Download the text file in the same directory.

test.txt

8. Run open-ssl in the same directory
   docker run -v .\:/data -p 56232:443 alpine/openssl s_server -accept 443 -key /data/server-key.pem -cert /data/server-cert.pem -CAfile /data/ca-cert.pem -cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -Verify 1 -no_tls1_3 -WWW -pass pass:dummy

9. Execute the test program:

TestStrongSignatureCall.zip

As stated above the same program works if the certificate is loaded from the pfx directly or imported in the certificate store directly.

Expected behavior

Successfull connection

Actual behavior

An HttpRequestException (The SSL connection could not be established, see inner exception), Inner Exception: Win32Exception (The client and server cannot communicate, because they do not possess a common algorithm. or The Local Security Authority cannot be contacted) is thrown.

Regression?

No

Known Workarounds

None

Configuration

.NET 8.0
Windows 10
x64
Same behavior with .NET 4.8

Other information

No response

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.