Clean up Windows 7 specific logic in Cryptographic features

[vcsjones]

Since Windows 7 and 8.0 will not be supported soon, there are a number of places in S.S.Cryptography where we have Windows-version specific logic for 7 and 8.

A few off the top of my head:

• The Windows PBKDF2 one-shots have logic for Windows 7 using BCryptDeriveKeyPBKDF2 instead of BCryptKeyDerivation

  runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Pbkdf2Implementation.Windows.cs

  Line 19 in 99e58d5

  private static readonly bool s_useKeyDerivation = OperatingSystem.IsWindowsVersionAtLeast(6, 2);

• Windows 7 only supports CFB8 for 3DES and AES. Not block-size aligned CFB like AES-CFB128 and 3DES-CFB64. The tests themselves could be made unconditional.

• There may be areas to clean up around supported EC curves. Windows 10+ supports explicit and brainpool curves.

• Hashing handles cases of non-reusable instances on Windows 7 in CNG:

  runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/HashProviderCng.cs

  Line 38 in 0f149b7

  // Win7 won't set hHash to a valid handle, Win8+ will; and both will set _hHash.

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Since Windows 7 and 8.1 will not be supported soon, there are a number of places in S.S.Cryptography where we have Windows-version specific logic for 7 and 8.

A few off the top of my head:

• The Windows PBKDF2 one-shots have logic for Windows 7 using BCryptDeriveKeyPBKDF2 instead of BCryptKeyDerivation

  runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Pbkdf2Implementation.Windows.cs

  Line 19 in 99e58d5

  private static readonly bool s_useKeyDerivation = OperatingSystem.IsWindowsVersionAtLeast(6, 2);

• Windows 10+ supports pseudo handles. We can remove places that open cached algorithm instances and use pseudo handles exclusively wherever we are checking PseudoHandlesSupported

  runtime/src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptAlgPseudoHandle.cs

  Line 28 in 57bfe47

  internal static bool PseudoHandlesSupported { get; } = OperatingSystem.IsWindowsVersionAtLeast(10, 0, 0);

• Windows 7 only supports CFB8 for 3DES and AES. Not block-size aligned CFB like AES-CFB128 and 3DES-CFB64. The tests themselves could be made unconditional.

• There may be areas to clean up around supported EC curves. Windows 10+ supports explicit and brainpool curves.

Author:	vcsjones
Assignees:	-
Labels:	area-System.Security
Milestone:	Future

[teo-tsirpanis]

I was thinking the same when I saw the announcement. Marking it up-for-grabs, if no one else is interested, I will do it at a later time.

Windows Server 2012 R2 will still be supported under ESUs, so the Windows 8-specific logic should not be removed.

[danmoseley]

Likely worth a separate pass at some point through the whole tree looking for Windows 7 specific code that can be removed.

[richlander]

I updated the link in your issue @vcsjones. The cross-issue linking doesn't work (where the link shows on on the other side) on locked issues, so I used the dotnet/core issue instead. I never realized that before.

[MichalPetryka]

According to dotnet/core#7556 (comment), this should be put on hold and revisited with .NET 8.

[vcsjones]

This currently has a milestone of "Future". Nothing will be done until a final decision has been made for either .NET 8 or any other timeline if it gets adjusted again in the future.

[vcsjones]

Closing this out since it will be unactionable for the foreseeable future.

[richlander]

@jeffschwMSFT