This is Xamarin's bug tracking system. For product support, please use the support links listed in your Xamarin Account.
Bug 38712 - Mono 4.3 Cryptography.ProtectedData fails to decrypt data from Mono 4.2
Summary: Mono 4.3 Cryptography.ProtectedData fails to decrypt data from Mono 4.2
Status: VERIFIED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: Mono.Security (show other bugs)
Version: master
Hardware: PC Mac OS
: Highest blocker
Target Milestone: (C7)
Assignee: Alexis Christoforides
URL:
Depends on:
Blocks:
 
Reported: 2016-02-12 13:02 UTC by Matt Ward
Modified: 2016-04-14 20:52 UTC (History)
7 users (show)

See Also:
Tags: c7regression
Is this bug a regression?: ---
Last known good build:


Attachments

Description Matt Ward 2016-02-12 13:02:02 UTC
Data encrypted by System.Security.Cryptography.ProtectedData with Mono 4.2.2 (explicit/996df3c Wed Jan 20 00:19:48 EST 2016) cannot be decrypted by Mono 4.3.2 (mono-4.3.2-branch/a02ad3a Wed Feb 10 02:56:11 EST 2016). You will see an exception:

System.Security.Cryptography.CryptographicException: Data unprotection failed. ---> System.Security.Cryptography.CryptographicException: Invalid data.

Example code to encrypt/decrypt is available from:

https://github.com/mrward/nuget/blob/2.8.7-monodevelop/src/Core/Utility/EncryptionUtility.cs

The above is from NuGet and is used by Xamarin Studio when saving passwords for NuGet package sources.

One way to reproduce this is to use Xamarin Studio with Mono 4.2 and add a new package source in Preferences - NuGet - Sources. Add a new package source, specify a name, url, username and password. Closing the preferences dialog will save the password encrypted in ~/.config/NuGet/NuGet.Config. Then close Xamarin Studio, install Mono 4.3, and re-open Xamarin Studio. If you now go into preferences you will see the package source is gone. In the IDE logs (Help - Open Log Directory) there will be the following error reported.

Unable to read NuGet.config file.
System.Security.Cryptography.CryptographicException: Data unprotection failed. ---> System.Security.Cryptography.CryptographicException: Invalid data.
  at Mono.Security.Cryptography.ManagedProtection.Unprotect (System.Byte[] encryptedData, System.Byte[] optionalEntropy, DataProtectionScope scope) [0x00299] in /private/tmp/source-mono-4.3.2/bockbuild-xamarin/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Security/Mono.Security.Cryptography/ManagedProtection.cs:231 
  at System.Security.Cryptography.ProtectedData.Unprotect (System.Byte[] encryptedData, System.Byte[] optionalEntropy, DataProtectionScope scope) [0x00030] in /private/tmp/source-mono-4.3.2/bockbuild-xamarin/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Security/System.Security.Cryptography/ProtectedData.cs:91 
  --- End of inner exception stack trace ---
  at System.Security.Cryptography.ProtectedData.Unprotect (System.Byte[] encryptedData, System.Byte[] optionalEntropy, DataProtectionScope scope) [0x0004a] in /private/tmp/source-mono-4.3.2/bockbuild-xamarin/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Security/System.Security.Cryptography/ProtectedData.cs:95 
  at NuGet.EncryptionUtility.DecryptString (System.String encryptedString) <0x1c0e2fe8 + 0x0002f> in <filename unknown>:0 
  at NuGet.PackageSourceProvider.ReadCredential (System.String sourceName) <0x1c0e2840 + 0x001a3> in <filename unknown>:0 
  at NuGet.PackageSourceProvider.ReadPackageSource (NuGet.SettingValue setting, Boolean isEnabled) <0x1c0e26e0 + 0x0007f> in <filename unknown>:0 
  at NuGet.PackageSourceProvider.LoadPackageSources () <0x1c0e1a50 + 0x0042b> in <filename unknown>:0 
  at ICSharpCode.PackageManagement.RegisteredPackageSourceSettings.ReadPackageSources () [0x00007] in /Users/builder/data/lanes/2693/bb74ff46/source/monodevelop/main/src/addins/MonoDevelop.PackageManagement/MonoDevelop.PackageManagement/RegisteredPackageSourceSettings.cs:118 
  at ICSharpCode.PackageManagement.RegisteredPackageSourceSettings.TryReadPackageSources () [0x00003] in /Users/builder/data/lanes/2693/bb74ff46/source/monodevelop/main/src/addins/MonoDevelop.PackageManagement/MonoDevelop.PackageManagement/RegisteredPackageSourceSettings.cs:105
Comment 1 Matt Ward 2016-02-18 18:34:28 UTC
We have had this problem before with Mono 4.2 - bug #31199

https://bugzilla.xamarin.com/show_bug.cgi?id=31199

The fixes are linked to in bug #31199
Comment 2 Peter Collins 2016-02-18 18:37:12 UTC
As Matt mentioned, I was seeing this on a few test environments in the early mono 4.2.x versions, and can now again reproduce with Mono JIT compiler version 4.3.2 (mono-4.3.2-branch/dd8adb3.
Comment 3 PJ 2016-02-19 14:42:24 UTC
Discussed with Matt and Alexis, this is not going to block our first Alpha release.
Comment 4 Peter Collins 2016-03-23 17:44:56 UTC
Aay progress on this? I think this needs to be resolved before we can go to Beta.
Comment 6 Alexis Christoforides 2016-04-14 19:47:51 UTC
This should be fixed on master and mono-4.4.0-branch (53608c43f22d2c43035c9cc49c0565d27041ca05)

Relevant commit is in referencesource: https://github.com/mono/referencesource/commit/bdc49ae88c237a57efe6a34697cab48935319897
Comment 7 Peter Collins 2016-04-14 20:52:40 UTC
NuGet restore is again working for me using mono-4.4.0/53608c43.

Note You need to log in before you can comment on or make changes to this bug.