Fix blob type in CopyWithPrivateKey for ML-DSA

[PranavSenthilnathan]

On recent Windows insider builds, some ML-DSA tests that used CopyWithPrivateKey were failing with the error below. We export a seed blob, but when we import that blob back into NCrypt we say it's a private key blob. Windows was somehow able to handle this before - maybe it just looked at the magic number number inside the blob instead of the blob type we passed into Import. The fix is just to use the correct blob type.

System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.CheckCopyWithPrivateKey_MLDSA​4ms
Error:
System.Security.Cryptography.CryptographicException : The parameter is incorrect.

Stack trace:
   at System.Security.Cryptography.CngKey.Import(ReadOnlySpan`1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) in D:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\CngKey.Import.cs:line 145
   at System.Security.Cryptography.CngKey.Import(ReadOnlySpan`1 keyBlob, CngKeyBlobFormat format) in D:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\CngKey.Import.cs:line 22
   at System.Security.Cryptography.MLDsaImplementation.<>c__DisplayClass25_0.<CreateEphemeralCng>b__0(ReadOnlySpan`1 keyMaterial) in D:\git\runtime\src\libraries\Common\src\System\Security\Cryptography\MLDsaImplementation.CreateCng.cs:line 29
   at Interop.BCrypt.BCryptExportKey[T](SafeBCryptKeyHandle key, String blobType, ExportKeyCallback`1 callback) in D:\git\runtime\src\libraries\Common\src\Interop\Windows\BCrypt\Interop.BCryptExportKey.cs:line 104
   at System.Security.Cryptography.MLDsaImplementation.CreateEphemeralCng() in D:\git\runtime\src\libraries\Common\src\System\Security\Cryptography\MLDsaImplementation.CreateCng.cs:line 25
   at System.Security.Cryptography.X509Certificates.CertificateHelpers.CopyWithPrivateKey(CertificatePal certificate, MLDsa privateKey) in D:\git\runtime\src\libraries\Common\src\System\Security\Cryptography\X509Certificates\CertificateHelpers.Windows.cs:line 49
   at System.Security.Cryptography.X509Certificates.CertificatePal.CopyWithPrivateKey(MLDsa privateKey) in D:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\X509Certificates\CertificatePal.Windows.PrivateKey.cs:line 195
   at System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey(MLDsa privateKey) in D:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\X509Certificates\X509Certificate2.cs:line 980
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.<>c.<CheckCopyWithPrivateKey_MLDSA>b__31_3(X509Certificate2 cert, MLDsa key) in D:\git\runtime\src\libraries\Common\tests\System\Security\Cryptography\X509Certificates\CertificateCreation\PrivateKeyAssociationTests.Shared.cs:line 374
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.CheckCopyWithPrivateKey[TKey](X509Certificate2 cert, X509Certificate2 wrongAlgorithmCert, TKey correctPrivateKey, IEnumerable`1 incorrectKeys, Func`3 copyWithPrivateKey, Func`2 getPublicKey, Func`2 getPrivateKey, Action`2 keyProver) in D:\git\runtime\src\libraries\Common\tests\System\Security\Cryptography\X509Certificates\CertificateCreation\PrivateKeyAssociationTests.Shared.cs:line 740
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.CheckCopyWithPrivateKey_MLDSA() in D:\git\runtime\src\libraries\Common\tests\System\Security\Cryptography\X509Certificates\CertificateCreation\PrivateKeyAssociationTests.Shared.cs:line 365
   at System.RuntimeMethodHandle.InvokeMethod(ObjectHandleOnStack target, Void** arguments, ObjectHandleOnStack sig, BOOL isConstructor, ObjectHandleOnStack result)
   at System.Reflection.MethodBaseInvoker.InterpretedInvoke_Method(Object obj, IntPtr* args) in D:\git\runtime\src\coreclr\System.Private.CoreLib\src\System\Reflection\MethodBaseInvoker.CoreCLR.cs:line 37
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) in D:\git\runtime\src\libraries\System.Private.CoreLib\src\System\Reflection\RuntimeMethodInfo.cs:line 134

[dotnet-policy-service]

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR fixes an inconsistency in the Windows ML-DSA CNG cloning path: when an ML-DSA key has a seed, the code exports a seed blob from BCrypt but previously attempted to import it into CNG using the private key blob format. The change makes the import blob format match the exported blob type.

Changes:

• Update CreateEphemeralCng() to prioritize the seed blob format when _hasSeed is true, aligning CngKeyBlobFormat with the bcryptBlobType used for export.

[vcsjones]

We should backport this.