Bug 58941 - SignatureDescription.CreateDigest() returns null for RSA1.
Summary: SignatureDescription.CreateDigest() returns null for RSA1.
Status: RESOLVED FIXED
Alias: None
Product: Xamarin.Mac
Classification: Desktop
Component: Base Class Libraries ()
Version: unspecified
Hardware: PC Mac OS
: Normal normal
Target Milestone: 15.6
Assignee: Chris Hamons
URL:
Depends on:
Blocks:
 
Reported: 2017-08-22 07:03 UTC by Alexey
Modified: 2017-11-20 21:58 UTC (History)
4 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Repro (347.88 KB, application/zip)
2017-08-23 18:32 UTC, Chris Hamons
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Alexey 2017-08-22 07:03:27 UTC
Application must target Xamarin.Mac Modern (Mobile) framework.
Here is code to reproduce:

string xmlDsigRSASHA1Url = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
SignatureDescription signatureDescription = CryptoConfig.CreateFromName(xmlDsigRSASHA1Url) as SignatureDescription;
if (signatureDescription == null) // Signature description is properly created.
    throw new CryptographicException("SignatureDescription could not be created for the signature algorithm supplied.");
HashAlgorithm hashAlg = signatureDescription.CreateDigest(); // Hash algorithm is not created in Xamarin.Mac.
if (hashAlg == null)
    throw new CryptographicException("Could not create hash algorithm object.");

Note: The same code works properly if run in Xamarin.Android, Xamarin.iOS or if change target framework to Xamarin.Mac Full.
Comment 1 Chris Hamons 2017-08-22 16:46:26 UTC
I understand what is going on. 

Modern is getting the reflection based version of CryptoConfig.cs (since FULL_AOT_RUNTIME is not defined) but is excluding all of the reflection created bits (monotouch_corlib.dll.exclude.sources is being included).

This has always been broken.
Comment 2 Chris Hamons 2017-08-22 18:09:14 UTC
More analysis:

- The linker is disabled so not relevant cause of this bug.
- Add a reference to System.Security did not change behavior
- Our BCL tests are run on XM Full profile right now, which is why we did not see this.
Comment 3 Chris Hamons 2017-08-23 18:32:37 UTC
Created attachment 24382 [details]
Repro
Comment 4 Sebastien Pouliot 2017-08-25 01:48:33 UTC
The problem is that the BCL code was changed so

> System.Security.Cryptography.SHA1Cng

instead of

> System.Security.Cryptography.SHA1CryptoServiceProvider

is returned for that SignatureDescription.

This does not affect XI since it uses hardcoded types (it's not possible to load external/custom code on iOS).

This works for XA because of another change:

https://github.com/mono/mono/blob/master/mcs/class/corlib/System.Security.Cryptography/CryptoConfig.cs#L419

which remaps those algorithms to the one Mono historically provided (no harm done, it's all the same implementation for mono).

@Chris, the same approach (as XA) should be fine for XM. Adding a (non-null) test for each of the string (after L419) will ensure it does not break of other changes like this one happens.
Comment 5 Sebastien Pouliot 2017-08-25 01:58:34 UTC
The workaround is to add those two lines inside your application.

> CryptoConfig.CreateFromName (string.Empty); // make sure it's initialized
> CryptoConfig.AddAlgorithm (typeof (SHA1Managed), "System.Security.Cryptography.SHA1Cng");

The first one might not be needed (no harm) but will avoid an initialization issue (if nothing else called CryptoConfig earlier).

The 2nd register a working (and present in XM) SHA1 implementation for the new name that's being looking for.

There's no harm in having those lines - mono only has one implementation per-platform, e.g. on XM (or XI) SHA1 is always done by CommonCrypto.
Comment 6 Chris Hardy [MSFT] 2017-09-21 14:53:43 UTC
Moving out to 15.6 as the target milestone as there is a workaround for this issue
Comment 7 Chris Hamons 2017-11-16 19:10:55 UTC
https://github.com/mono/mono/pull/6029
Comment 8 Chris Hamons 2017-11-20 21:58:04 UTC
In 2017-10 - https://github.com/mono/mono/pull/6057

Will be fixed in master when we bump and thus in 15.6.