New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.NET Core 3.1 RSA decryption with 3k certificates failed on Linux environments due to OAEP padding #71607
Comments
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones Issue DetailsDescriptionWhile running our en/decryption test with .Net Core 3.1 we stepped into an Issue on Linux environments. When using 3k certificate key sizes and Aes256Sha256RsaPss security policy(RsaPaddingMode.OaepSha256), decryption failed with "Error occurred while decoding OAEP padding". On Windows or .Net 6 on Linux everything is working fine. Reproduction StepsEncrypt message with rsa cryptoprovider with 3k certificate and RSAEncryptionPadding.OaepSHA256 on Linux and .Net 3.1 Expected behaviorMessage will be decrypted Actual behaviorDecryption fails with "Error occurred while decoding OAEP padding" Regression?No response Known WorkaroundsNo response Configuration
Other informationNo response
|
Interestingly, a 4096-bit key works, 3072 does not. Bisecting, it looks like this was fixed for .NET 6 by 6aa4d59 in #50063. Small repro. (Fails in .NET Core 3.1 and .NET 5, passes in .NET 6) using RSA rsa = RSA.Create(3072);
byte[] encrypted = rsa.Encrypt(new byte[] { 1, 2 ,3 }, RSAEncryptionPadding.OaepSHA256);
byte[] decrypted = rsa.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA256);
Assert.Equal(new byte[] { 1, 2, 3}, decrypted); @bartonjs does anything ring a bell here? If anything, it seems at least there is an opportunity to test OAEP encryption using different key sizes. |
That change would have moved us off of the managed implementation of OAEP, so there must be a logic bug there. (Which would mean other SHA-2 OAEPs would fail, but SHA-1 probably works) |
Makes sense. I can take a look at this since presumably the managed implementation is still used on other platforms. |
So, to summarize, this is a bug that affects key sizes that are not a power-of-two. 2048 and 4096 keys are powers of two, while 3072 is not.
Some PRs have been opened for potential servicing, but are still not approved: that's up to the team that decides if issues meet the servicing requirements. |
Thanks to @vcsjones that information helps us how to handle this. |
@jeffhandley following up re being in last 6 month phase of 3.1 lifecycle. |
The issue as submitted does not describe enough impact to support backporting this to .NET Core 3.1. @Maxyeah, if this issue is substantially impacting a production application (as opposed to tests), you don't have a workaround, and you can't immediately move to .NET 6.0, please let us know more of that context for us to reconsider. We have approved the fix for port to 6.0. |
I believe this issue has been resolved then.
I'm going to close this, but @Maxyeah if you would like to re-open it to further discuss the 3.1 fix as @jeffhandley indicated please feel free to do so. |
Description
While running our en/decryption test with .Net Core 3.1 we stepped into an Issue on Linux environments.
When using 3k certificate key sizes and Aes256Sha256RsaPss security policy(RsaPaddingMode.OaepSha256), decryption failed with "Error occurred while decoding OAEP padding".
On Windows or .Net 6 on Linux everything is working fine.
Are there any known restrictions?
Reproduction Steps
Encrypt message with rsa cryptoprovider with 3k certificate and RSAEncryptionPadding.OaepSHA256 on Linux and .Net 3.1
Decrypt message with rsa cryptoprovider with 3k certificate and RSAEncryptionPadding.OaepSHA256 on Linux and .Net 3.1
Expected behavior
Message will be decrypted
Actual behavior
Decryption fails with "Error occurred while decoding OAEP padding"
Regression?
No response
Known Workarounds
No response
Configuration
Other information
No response
The text was updated successfully, but these errors were encountered: