Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AssociatePersistedKey_CAPIviaCNG_RSA failing with WindowsCryptographicException #30007

Closed
ahsonkhan opened this issue Jun 24, 2019 · 6 comments
Closed

AssociatePersistedKey_CAPIviaCNG_RSA failing with WindowsCryptographicException #30007

ahsonkhan opened this issue Jun 24, 2019 · 6 comments
Labels
area-System.Security

Comments

@ahsonkhan
Copy link
Contributor

From dotnet/corefx#38469

https://mc.dot.net/#/user/dotnet-bot/pr~2Fdotnet~2Fcorefx~2Frefs~2Fpull~2F38469~2Fmerge/test~2Ffunctional~2Fcli~2Finnerloop~2F/20190624.21/workItem/System.Security.Cryptography.X509Certificates.Tests/analysis/xunit/System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests~2FAssociatePersistedKey_CAPIviaCNG_RSA(provType:%201,%20keyNumber:%20Exchange)

System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests/AssociatePersistedKey_CAPIviaCNG_RSA(provType: 1, keyNumber: Exchange)
Windows.10.Amd64.ClientRS4.ES.Open-x86-Release

English exception message:
One of the devices connected to the system does not work.

Unhandled Exception of Type Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException
Message :
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Uno de los dispositivos conectados al sistema no funciona.
Stack Trace :
   at Internal.NativeCrypto.CapiHelper.SignValue(SafeProvHandle hProv, SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) in /_/src/System.Security.Cryptography.Csp/src/System/Security/Cryptography/CapiHelper.Windows.cs:line 1214
   at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) in /_/src/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs:line 507
   at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs:line 702
   at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 175
   at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 153
   at System.Security.Cryptography.X509Certificates.RSAPkcs1X509SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm) in /_/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/RSAPkcs1X509SignatureGenerator.cs:line 24
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.RSASha1Pkcs1SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm) in /_/src/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/PrivateKeyAssociationTests.cs:line 573
   at System.Security.Cryptography.X509Certificates.CertificateRequest.Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, Byte[] serialNumber) in /_/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs:line 595
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.AssociatePersistedKey_CAPIviaCNG_RSA(Int32 provType, KeyNumber keyNumber) in /_/src/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/PrivateKeyAssociationTests.cs:line 114
@bartonjs
Copy link
Member

"A device attached to the system is not functioning." (ERROR_GEN_FAILURE)

@bartonjs
Copy link
Member

(If we ended up losing data in the message (or the CAPI/CNG layer), this could have been NTE_BAD_KEYSET_PARAM (0x8009001f vs 0x1f).

@bartonjs
Copy link
Member

I don't see anything in either CAPI or CNG that would produce that code (though I looked at 1903, not 1803), so it's unclear what went wrong. The key handle is still open, so it shouldn't have been finalized out from under us... the "how big is this signature" call (CapiHelpers.Windows.cs:1203) succeeded, then the one for actually signing failed (1214)... so this seems like CAPI got into an internal hiccup state.

Without a Time Travel trace or a viable repro it's hard to be actionable, moving to Future for now.

@msftgits msftgits transferred this issue from dotnet/corefx Feb 1, 2020
@msftgits msftgits added this to the Future milestone Feb 1, 2020
@jkotas
Copy link
Member

jkotas commented Feb 9, 2020

Hit in #31991:

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : A device attached to the system is not functioning.


Stack trace
   at Internal.NativeCrypto.CapiHelper.SignValue(SafeProvHandle hProv, SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) in /_/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/CapiHelper.Windows.cs:line 1200
   at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) in /_/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs:line 507
   at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Csp/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs:line 686
   at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 175
   at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 153
   at System.Security.Cryptography.X509Certificates.RSAPkcs1X509SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/RSAPkcs1X509SignatureGenerator.cs:line 24
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.RSASha1Pkcs1SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/PrivateKeyAssociationTests.cs:line 573
   at System.Security.Cryptography.X509Certificates.CertificateRequest.Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, Byte[] serialNumber) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs:line 595
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.PrivateKeyAssociationTests.AssociatePersistedKey_CAPIviaCNG_RSA(Int32 provType, KeyNumber keyNumber) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/PrivateKeyAssociationTests.cs:line 114

@maryamariyan maryamariyan added the untriaged New issue has not been triaged by the area owner label Feb 23, 2020
@bartonjs bartonjs removed the untriaged New issue has not been triaged by the area owner label Jul 7, 2020
@bartonjs bartonjs mentioned this issue Jul 8, 2020
Closed
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Due to lack of recent activity, this issue has been marked as a candidate for backlog cleanup. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will undo this process.

This process is part of our issue cleanup automation.

@dotnet-policy-service dotnet-policy-service bot added backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity labels Jan 7, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

This issue will now be closed since it had been marked no-recent-activity but received no further activity in the past 14 days. It is still possible to reopen or comment on the issue, but please note that the issue will be locked if it remains inactive for another 30 days.

@dotnet-policy-service dotnet-policy-service bot removed this from the Future milestone Jan 21, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Feb 20, 2025
@dotnet-policy-service dotnet-policy-service bot removed no-recent-activity backlog-cleanup-candidate An inactive issue that has been marked for automated closure. labels Feb 20, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@maryamariyan @ahsonkhan @jkotas @msftgits @bartonjs