Bug 12303 - System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.11
Summary: System.Security.Cryptography.CryptographicException: Unsupported hash algorit...
Status: RESOLVED FIXED
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll ()
Version: 6.2.x
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Sebastien Pouliot
URL:
Depends on:
Blocks:
 
Reported: 2013-05-20 09:31 UTC by Rebex.NET
Modified: 2013-05-22 09:26 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
the certificate which can be used to reproduce the issue (1.01 KB, application/x-x509-ca-cert)
2013-05-20 09:31 UTC, Rebex.NET
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Rebex.NET 2013-05-20 09:31:43 UTC
Created attachment 3993 [details]
the certificate which can be used to reproduce the issue

There is CryptographicException (unsupported hash algorithm) when trying to build certificate which uses SHA512 RSA algorithm.

Here is a code to reproduce this issue (on iOS device):


using MonoTouch.Foundation;
using MonoTouch.UIKit;

using System.Security.Cryptography.X509Certificates;
using System;

namespace Repro
{
	public class Application
	{
		static void Main (string[] args)
		{
			UIApplication.Main (args, null, "AppDelegate");
		}
	}

	[Register ("AppDelegate")]
	public partial class AppDelegate : UIApplicationDelegate
	{
		UIWindow window;

		public override bool FinishedLaunching (UIApplication app, NSDictionary options)
		{
			window = new UIWindow (UIScreen.MainScreen.Bounds);
			window.RootViewController = new UIViewController();
			window.MakeKeyAndVisible ();

			X509Certificate2 cert = new X509Certificate2("rebex-sha256.cer");
			X509Chain chain = new X509Chain (false);

			try
			{
				chain.Build(cert);
			}
			catch(Exception ex)
			{
				new UIAlertView("Error in Mono.", ex.ToString(), null, "OK", null).Show();
			}

			return true;
		}
	}
}

Complete stack trace:

System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.11
  at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x000b4] in /Developer/MonoTouch/Source/mono/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs:511 
  at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x0001c] in /Developer/MonoTouch/Source/mono/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs:522 
  at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x0000f] in /Developer/MonoTouch/Source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:702 
  at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00085] in /Developer/MonoTouch/Source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:530 
  at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00093] in /Developer/MonoTouch/Source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:506 
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0001f] in /Developer/MonoTouch/Source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:115 
  --- End of inner exception stack trace ---
Comment 1 Sebastien Pouliot 2013-05-21 09:06:01 UTC
For X.509 certificates the SHA2 algorithms are, right now, only supported on Mono 3.x (which means Xamarin.iOS 6.3.x).

The code is being updated (including support for RIPEMD160 certificates [1]). Once that's completed I'll look if I can backport this into mono 2.10 (which would add support for them in Xamarin.iOS 6.2.x).

[1] bug #11703
Comment 2 Sebastien Pouliot 2013-05-22 09:02:38 UTC
Fixed in cb7798f30e27d6cc7a802de8c38c030d581ddf9d (master)
QA: unit test added
It should be available in the next maintenance (non-hotfix) release after 6.2.6.
Comment 3 Rebex.NET 2013-05-22 09:26:14 UTC
Thank you!