AesFactory.Aes othrows on Linux

Question

AesFactory.Aes othrows on Linux

mvacha opened this issue 5 years ago · 3 comments

AesFactory.Aes by default calls new AesCng(), which throws PlatformNotSupportedException on Linux.

It could call new AesCryptoServiceProvider or new AesManaged() as both of these fallback to OpenSSL on Linux. Problem is neither of those are FIPS compliant on Linux/Mac (dotnet/runtime#26037).

Workaround: replace call to AesFactory.Aes with Aes.Create (but loose FIPS compliance on Linux/Mac).

Answer 1 · 2020-04-08T02:38:01.000Z

@mvacha Thx for reporting this issue. Please review commit 6174f0a, or even test it in your Linux environment.

Answer 2 · 2020-04-21T12:15:47.000Z

I have a similiar problem for Window with .NET Core. The .NET Standard version doesn't seem to work and the workaround won't work aswell cause it's windows.
I think that needs a switch for .netstandard in general:

System.TypeLoadException: Could not load type 'System.Security.Cryptography.AesCng' from assembly 'System.Security.Cryptography.Cng, Version=4.3.3.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.
         at SecurityDriven.Inferno.Cipher.AesFactories.<>c.<.cctor>b__3_1()
         at SecurityDriven.Inferno.Cipher.AesCtrCryptoTransform..ctor(Byte[] key, ArraySegment`1 counterBufferSegment, Func`1 aesFactory)

Answer 3 · 2020-04-21T13:01:41.000Z

@WolfspiritM Can you confirm that the 6174f0a fix will resolve this issue for you?