Using CngCbcAuthenticatedEncryptionSettings on Linux throws exception
Closed this issue · 3 comments
BrennanConroy commented
The following code on Linux causes the exception below
services.AddDataProtection()
.UseCustomCryptographicAlgorithms(new CngCbcAuthenticatedEncryptionSettings()
{
EncryptionAlgorithmKeySize = 256,
EncryptionAlgorithm = "AES",
HashAlgorithm = "SHA512"
});
Unhandled Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.DllNotFoundException: Unable to load DLL 'bcrypt.dll': The specified module could not be found.
(Exception from HRESULT: 0x8007007E)
at Microsoft.AspNetCore.Cryptography.UnsafeNativeMethods.BCryptOpenAlgorithmProvider(BCryptAlgorithmHandle& phAlgorithm, String pszAlgId, String pszImplementation, UInt32 dwFlags)
at Microsoft.AspNetCore.Cryptography.SafeHandles.BCryptAlgorithmHandle.OpenAlgorithmHandle(String algorithmId, String implementation, Boolean hmac)
at Microsoft.AspNetCore.Cryptography.Cng.CachedAlgorithmHandles.GetAesAlgorithm(String chainingMode)
at Microsoft.AspNetCore.Cryptography.WeakReferenceHelpers.GetSharedInstance[T](WeakReference`1& weakReference, Func`1 factory)
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptionSettings.GetSymmetricBlockCipherAlgorithmHandle(ILogger logger)
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptionSettings.CreateAuthenticatedEncryptorInstance(ISecret secret, ILogger logger)
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptionSettings.Validate()
at Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCryptographicAlgorithmsCore(IDataProtectionBuilder builder, IInternalAuthenticatedEncryptionSettings settings)
at WebApplication4.Startup.ConfigureServices(IServiceCollection services)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Microsoft.AspNetCore.Hosting.Startup.ConfigureServicesBuilder.Invoke(Object instance, IServiceCollection exportServices)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at WebApplication4.Program.Main(String[] args)
kevinchalet commented
Isn't this exception the expected behavior?
Trying to use a Windows-specific API like CNG on a Linux machine can't really work. The fact the exception is thrown at the configuration stage (when validating the algorithms) seems to be the right thing to do, IMHO.
BrennanConroy commented
I feel like we should do something like https://github.com/aspnet/DataProtection/blob/dev/src/Microsoft.AspNetCore.DataProtection/XmlEncryption/EncryptedXmlDecryptor.core50.cs