System.Security.Cryptography.Rsa.Tests.EncryptDecrypt_Array.RsaCryptRoundtrip_OaepSHA1 test failure

[ViktorHofer]

Build: https://dev.azure.com/dnceng/public/_build/results?buildId=1739587&view=ms.vss-test-web.build-test-results-tab&runId=47047408&resultId=166605&paneView=debug

Configuration: net7.0-windows-Debug-x64-CoreCLR_release-(Windows.Nano.1809.Amd64.Open)windows.10.amd64.serverrs5.open@mcr.microsoft.com/dotnet-buildtools/prereqs:nanoserver-1809-helix-amd64-08e8e40-20200107182504

    System.Security.Cryptography.Rsa.Tests.EncryptDecrypt_Array.RsaCryptRoundtrip_OaepSHA1 [FAIL]
      System.Security.Cryptography.CryptographicException : Cryptography_OAEPDecoding
      Stack Trace:
        /_/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CapiHelper.Windows.cs(842,0): at System.Security.Cryptography.CapiHelper.DecryptKey(SafeCapiKeyHandle safeKeyHandle, Byte[] encryptedData, Int32 encryptedDataLength, Boolean fOAEP, Byte[]& decryptedData)
        /_/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs(278,0): at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
        /_/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs(614,0): at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] data, RSAEncryptionPadding padding)
        /_/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs(15,0): at System.Security.Cryptography.Rsa.Tests.EncryptDecrypt_Array.Decrypt(RSA rsa, Byte[] data, RSAEncryptionPadding padding)
        /_/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs(333,0): at System.Security.Cryptography.Rsa.Tests.EncryptDecrypt.RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, Boolean expectSuccess)
        /_/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs(303,0): at System.Security.Cryptography.Rsa.Tests.EncryptDecrypt.RsaCryptRoundtrip_OaepSHA1()
           at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor)
        /_/src/coreclr/System.Private.CoreLib/src/System/Reflection/RuntimeMethodInfo.CoreCLR.cs(383,0): at System.Reflection.RuntimeMethodInfo.InvokeNonEmitUnsafe(Object obj, IntPtr* arguments, Span`1 argsForTemporaryMonoSupport, BindingFlags invokeAttr)

Runfo Tracking Issue: system.security.cryptography.rsa.tests.encryptdecrypt_array.rsacryptroundtrip_oaepsha1

Build	Definition	Kind	Run Name	Console	Core Dump	Test Results	Run Client
1740715	runtime	PR 67677	net7.0-windows-Debug-x64-CoreCLR_release-Windows.10.Amd64.Server2022.ES.Open	console.log			runclient.py
1739587	runtime	PR 68575	net7.0-windows-Debug-x64-CoreCLR_release-(Windows.Nano.1809.Amd64.Open)windows.10.amd64.serverrs5.open@mcr.microsoft.com/dotnet-buildtools/prereqs:nanoserver-1809-helix-amd64-08e8e40-20200107182504	console.log			runclient.py

Build Result Summary

Day Hit Count	Week Hit Count	Month Hit Count
0	0	2

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Build: https://dev.azure.com/dnceng/public/_build/results?buildId=1739587&view=ms.vss-test-web.build-test-results-tab&runId=47047408&resultId=166605&paneView=debug

Configuration: net7.0-windows-Debug-x64-CoreCLR_release-(Windows.Nano.1809.Amd64.Open)windows.10.amd64.serverrs5.open@mcr.microsoft.com/dotnet-buildtools/prereqs:nanoserver-1809-helix-amd64-08e8e40-20200107182504

    System.Security.Cryptography.Rsa.Tests.EncryptDecrypt_Array.RsaCryptRoundtrip_OaepSHA1 [FAIL]
      System.Security.Cryptography.CryptographicException : Cryptography_OAEPDecoding
      Stack Trace:
        /_/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CapiHelper.Windows.cs(842,0): at System.Security.Cryptography.CapiHelper.DecryptKey(SafeCapiKeyHandle safeKeyHandle, Byte[] encryptedData, Int32 encryptedDataLength, Boolean fOAEP, Byte[]& decryptedData)
        /_/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs(278,0): at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
        /_/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs(614,0): at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] data, RSAEncryptionPadding padding)
        /_/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs(15,0): at System.Security.Cryptography.Rsa.Tests.EncryptDecrypt_Array.Decrypt(RSA rsa, Byte[] data, RSAEncryptionPadding padding)
        /_/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs(333,0): at System.Security.Cryptography.Rsa.Tests.EncryptDecrypt.RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, Boolean expectSuccess)
        /_/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs(303,0): at System.Security.Cryptography.Rsa.Tests.EncryptDecrypt.RsaCryptRoundtrip_OaepSHA1()
           at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor)
        /_/src/coreclr/System.Private.CoreLib/src/System/Reflection/RuntimeMethodInfo.CoreCLR.cs(383,0): at System.Reflection.RuntimeMethodInfo.InvokeNonEmitUnsafe(Object obj, IntPtr* arguments, Span`1 argsForTemporaryMonoSupport, BindingFlags invokeAttr)

Author:	ViktorHofer
Assignees:	-
Labels:	area-System.Security, untriaged
Milestone:	-

[danmoseley]

Are lines like this intended to be loading a resource string? Shouldn't they be using strongly typed resources?

runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CapiHelper.Windows.cs

Line 842 in a49958b

throw new CryptographicException("Cryptography_OAEPDecoding");

[ViktorHofer]

Yes, that's most likely a bug. It should be SR.Cryptography_OAEPDecoding instead. Does the Cryptography_OAEPDecoding resource string even exist?

[danmoseley]

There are others, eg 4 lines above.

[bartonjs]

Probably just a porting error from NetFX. This looks like code that was a CLR QCall that got rewritten to managed during the transition to Core.

[vcsjones]

Since we've seen this before, it appears it was previously determined that this is the CAPI equivalent of #29683.

[danmoseley]

For the strings, these are the errors that grep finds within System.Crypto:

Searching 690 files for "new\s+\w+Exception\("" (regex)

C:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\CapiHelper.Windows.cs:
  838:                         throw new CryptographicException("Cryptography_OAEP_XPPlus_Only");
  842:                         throw new CryptographicException("Cryptography_OAEPDecoding");

C:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\DSA.Xml.cs:
  133:                     throw new ArgumentNullException("inArray");

C:\git\runtime\src\libraries\System.Security.Cryptography\src\System\Security\Cryptography\RSACryptoServiceProvider.Windows.cs:
   58:                 throw new ArgumentOutOfRangeException("dwKeySize", "ArgumentOutOfRange_NeedNonNegNum");

C:\git\runtime\src\libraries\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigBase64Transform.cs:
   62:             if (inputStream == null) throw new ArgumentException("obj");

(At one point we had considered an analyzer that would flag Argument*Exception when the first parameter was the name of a method parameter like this.)

[jakobbotsch]

Closing as per @vcsjones's comment above (that issue already has blocking label).