Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix FIPS-mode exceptions on Windows for SHA256 #3774

Merged
merged 1 commit into from
Feb 17, 2023
Merged

Fix FIPS-mode exceptions on Windows for SHA256 #3774

merged 1 commit into from
Feb 17, 2023

Conversation

HebaruSan
Copy link
Member

Background

FIPS stands for Federal Information Processing Standard, and it specifies a list of cryptographic algorithms that are considered secure enough for security:

Windows has a setting to throw exceptions if an application tries to use one of its official crypto objects that isn't FIPS-compliant. (Of course, if you roll your own SHA1 function, it has no idea you've done that.)

CKAN uses hashes to detect corrupted downloads, not for security purposes.

Problem

CKAN users with the FIPS setting enabled report this exception after downloading mods:

Unhandled exception:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.SHA256Managed..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateI
![ScreenShot_20230212113323](https://user-images.githubusercontent.com/10908465/218323959-7acdb83d-5aad-48c2-a8f3-038b49d2b0f0.png)
![image_2023-02-12_113428399](https://user-images.githubusercontent.com/10908465/218323964-03549ba4-4a64-4281-91a7-6cf624ac173f.png)
nstance[T]()
   at CKAN.NetFileCache.GetFileHash[T](String filePath, String hashSuffix, Dictionary`2 cache, IProgress`1 progress)
   at CKAN.NetFileCache.GetFileHashSha256(String filePath, IProgress`1 progress)
   at CKAN.NetModuleCache.Store(CkanModule module, String path, IProgress`1 progress, String description, Boolean move)
   at CKAN.NetAsyncModulesDownloader.ModuleDownloadComplete(Uri url, String filename, Exception error, String etag)
   at CKAN.NetAsyncDownloader.FileDownloadComplete(Int32 index, Exception error, Boolean canceled, String etag)
   at CKAN.NetAsyncDownloader.<>c__DisplayClass20_0.<DownloadModule>b__1(Object sender, AsyncCompletedEventArgs args, String etag)
   at System.Net.WebClient.OnDownloadFileCompleted(AsyncCompletedEventArgs e)
   at CKAN.ResumingWebClient.OnOpenReadCompleted(OpenReadCompletedEventArgs e)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Causes

Apparently using SHA1Managed or SHA256Managed throws this exception if you have FIPS enabled.

This happened once before for SHA1, see #1497 and #1850. At that time the SHA1 code was fixed and the SHA256 code was not touched because the client wasn't using it (in #2243 the client began using SHA256 to validate downloads). Back then SHA1Managed was replaced by SHA1Cng, which #2820 later changed to SHA1CryptoServiceProvider.

CKAN/Core/Net/NetFileCache.cs

Lines 702 to 703 in 98f2836

public string GetFileHashSha1(string filePath, IProgress<long> progress)
=> GetFileHash<SHA1CryptoServiceProvider>(filePath, "sha1", sha1Cache, progress);

Since the exception is thrown for SHA256, which is calculated after SHA1, I take this to mean that SHA1CryptoServiceProvider works without upsetting FIPS.

Changes

Now we use SHA256CryptoServiceProvider. This should suppress the FIPS exception.

Fixes #3773.

@HebaruSan HebaruSan added Bug Something is not working as intended Enhancement New features or functionality Easy This is easy to fix Core (ckan.dll) Issues affecting the core part of CKAN Pull request Windows Issues specific for Windows labels Feb 12, 2023
techman83
techman83 approved these changes Feb 17, 2023
View reviewed changes
Copy link
Member

@techman83 techman83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Easy, LGTM.

@HebaruSan HebaruSan merged commit 1205b95 into KSP-CKAN:master Feb 17, 2023
@HebaruSan HebaruSan deleted the fix/fips-sha256 branch February 17, 2023 04:24
@Gryffen1971
Copy link

Thanks for all of the help! You all are great!
@HebaruSan
@techman83

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@techman83 techman83 techman83 approved these changes

@DasSkelett DasSkelett Awaiting requested review from DasSkelett

Assignees
No one assigned
Labels
Bug Something is not working as intended Core (ckan.dll) Issues affecting the core part of CKAN Easy This is easy to fix Enhancement New features or functionality Windows Issues specific for Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unhandled Exception due to not being apart of the Windows Platform FIPS validated cryptographic algorithms.
3 participants
@HebaruSan @Gryffen1971 @techman83