Using CngCbcAuthenticatedEncryptionSettings on Linux throws exception

Question

Using CngCbcAuthenticatedEncryptionSettings on Linux throws exception

Closed this issue 8 years ago · 3 comments

The following code on Linux causes the exception below

services.AddDataProtection()
.UseCustomCryptographicAlgorithms(new CngCbcAuthenticatedEncryptionSettings()
    {
        EncryptionAlgorithmKeySize = 256,
        EncryptionAlgorithm = "AES",
        HashAlgorithm = "SHA512"
    });

Unhandled Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.DllNotFoundException: Unable to load DLL 'bcrypt.dll': The specified module could not be found.
 (Exception from HRESULT: 0x8007007E)
   at Microsoft.AspNetCore.Cryptography.UnsafeNativeMethods.BCryptOpenAlgorithmProvider(BCryptAlgorithmHandle& phAlgorithm, String pszAlgId, String pszImplementation, UInt32 dwFlags)
   at Microsoft.AspNetCore.Cryptography.SafeHandles.BCryptAlgorithmHandle.OpenAlgorithmHandle(String algorithmId, String implementation, Boolean hmac)
   at Microsoft.AspNetCore.Cryptography.Cng.CachedAlgorithmHandles.GetAesAlgorithm(String chainingMode)
   at Microsoft.AspNetCore.Cryptography.WeakReferenceHelpers.GetSharedInstance[T](WeakReference`1& weakReference, Func`1 factory)
   at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptionSettings.GetSymmetricBlockCipherAlgorithmHandle(ILogger logger)
   at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptionSettings.CreateAuthenticatedEncryptorInstance(ISecret secret, ILogger logger)
   at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptionSettings.Validate()
   at Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCryptographicAlgorithmsCore(IDataProtectionBuilder builder, IInternalAuthenticatedEncryptionSettings settings)
   at WebApplication4.Startup.ConfigureServices(IServiceCollection services)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Microsoft.AspNetCore.Hosting.Startup.ConfigureServicesBuilder.Invoke(Object instance, IServiceCollection exportServices)
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
   at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
   at WebApplication4.Program.Main(String[] args)

danroth27 commented 8 years ago

@blowdart

Answer 1 · 2016-05-11T19:52:45.000Z

Isn't this exception the expected behavior?

Trying to use a Windows-specific API like CNG on a Linux machine can't really work. The fact the exception is thrown at the configuration stage (when validating the algorithms) seems to be the right thing to do, IMHO.

Answer 2 · 2016-05-13T14:45:35.000Z

I feel like we should do something like https://github.com/aspnet/DataProtection/blob/dev/src/Microsoft.AspNetCore.DataProtection/XmlEncryption/EncryptedXmlDecryptor.core50.cs