Bug 38712 - Mono 4.3 Cryptography.ProtectedData fails to decrypt data from Mono 4.2
Summary: Mono 4.3 Cryptography.ProtectedData fails to decrypt data from Mono 4.2
Status: VERIFIED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: Mono.Security (show other bugs)
Version: master
Hardware: PC Mac OS
: Highest blocker
Target Milestone: (C7)
Assignee: Alexis Christoforides
URL:
Depends on:
Blocks:
 
Reported: 2016-02-12 13:02 UTC by Matt Ward
Modified: 2016-04-14 20:52 UTC (History)
7 users (show)

Tags: c7regression
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
VERIFIED FIXED

Description Matt Ward 2016-02-12 13:02:02 UTC
Data encrypted by System.Security.Cryptography.ProtectedData with Mono 4.2.2 (explicit/996df3c Wed Jan 20 00:19:48 EST 2016) cannot be decrypted by Mono 4.3.2 (mono-4.3.2-branch/a02ad3a Wed Feb 10 02:56:11 EST 2016). You will see an exception:

System.Security.Cryptography.CryptographicException: Data unprotection failed. ---> System.Security.Cryptography.CryptographicException: Invalid data.

Example code to encrypt/decrypt is available from:

https://github.com/mrward/nuget/blob/2.8.7-monodevelop/src/Core/Utility/EncryptionUtility.cs

The above is from NuGet and is used by Xamarin Studio when saving passwords for NuGet package sources.

One way to reproduce this is to use Xamarin Studio with Mono 4.2 and add a new package source in Preferences - NuGet - Sources. Add a new package source, specify a name, url, username and password. Closing the preferences dialog will save the password encrypted in ~/.config/NuGet/NuGet.Config. Then close Xamarin Studio, install Mono 4.3, and re-open Xamarin Studio. If you now go into preferences you will see the package source is gone. In the IDE logs (Help - Open Log Directory) there will be the following error reported.

Unable to read NuGet.config file.
System.Security.Cryptography.CryptographicException: Data unprotection failed. ---> System.Security.Cryptography.CryptographicException: Invalid data.
  at Mono.Security.Cryptography.ManagedProtection.Unprotect (System.Byte[] encryptedData, System.Byte[] optionalEntropy, DataProtectionScope scope) [0x00299] in /private/tmp/source-mono-4.3.2/bockbuild-xamarin/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Security/Mono.Security.Cryptography/ManagedProtection.cs:231 
  at System.Security.Cryptography.ProtectedData.Unprotect (System.Byte[] encryptedData, System.Byte[] optionalEntropy, DataProtectionScope scope) [0x00030] in /private/tmp/source-mono-4.3.2/bockbuild-xamarin/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Security/System.Security.Cryptography/ProtectedData.cs:91 
  --- End of inner exception stack trace ---
  at System.Security.Cryptography.ProtectedData.Unprotect (System.Byte[] encryptedData, System.Byte[] optionalEntropy, DataProtectionScope scope) [0x0004a] in /private/tmp/source-mono-4.3.2/bockbuild-xamarin/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Security/System.Security.Cryptography/ProtectedData.cs:95 
  at NuGet.EncryptionUtility.DecryptString (System.String encryptedString) <0x1c0e2fe8 + 0x0002f> in <filename unknown>:0 
  at NuGet.PackageSourceProvider.ReadCredential (System.String sourceName) <0x1c0e2840 + 0x001a3> in <filename unknown>:0 
  at NuGet.PackageSourceProvider.ReadPackageSource (NuGet.SettingValue setting, Boolean isEnabled) <0x1c0e26e0 + 0x0007f> in <filename unknown>:0 
  at NuGet.PackageSourceProvider.LoadPackageSources () <0x1c0e1a50 + 0x0042b> in <filename unknown>:0 
  at ICSharpCode.PackageManagement.RegisteredPackageSourceSettings.ReadPackageSources () [0x00007] in /Users/builder/data/lanes/2693/bb74ff46/source/monodevelop/main/src/addins/MonoDevelop.PackageManagement/MonoDevelop.PackageManagement/RegisteredPackageSourceSettings.cs:118 
  at ICSharpCode.PackageManagement.RegisteredPackageSourceSettings.TryReadPackageSources () [0x00003] in /Users/builder/data/lanes/2693/bb74ff46/source/monodevelop/main/src/addins/MonoDevelop.PackageManagement/MonoDevelop.PackageManagement/RegisteredPackageSourceSettings.cs:105
Comment 1 Matt Ward 2016-02-18 18:34:28 UTC
We have had this problem before with Mono 4.2 - bug #31199

https://bugzilla.xamarin.com/show_bug.cgi?id=31199

The fixes are linked to in bug #31199
Comment 2 Peter Collins 2016-02-18 18:37:12 UTC
As Matt mentioned, I was seeing this on a few test environments in the early mono 4.2.x versions, and can now again reproduce with Mono JIT compiler version 4.3.2 (mono-4.3.2-branch/dd8adb3.
Comment 3 PJ 2016-02-19 14:42:24 UTC
Discussed with Matt and Alexis, this is not going to block our first Alpha release.
Comment 4 Peter Collins 2016-03-23 17:44:56 UTC
Aay progress on this? I think this needs to be resolved before we can go to Beta.
Comment 6 Alexis Christoforides 2016-04-14 19:47:51 UTC
This should be fixed on master and mono-4.4.0-branch (53608c43f22d2c43035c9cc49c0565d27041ca05)

Relevant commit is in referencesource: https://github.com/mono/referencesource/commit/bdc49ae88c237a57efe6a34697cab48935319897
Comment 7 Peter Collins 2016-04-14 20:52:40 UTC
NuGet restore is again working for me using mono-4.4.0/53608c43.