uruk-project / Jwt

JSON Web Token implementation for .Net & .Net Core
MIT License
85 stars 11 forks source link

Operation is not supported on this platform. #514

Closed AtkinsonHD closed 4 years ago

AtkinsonHD commented 4 years ago

When the code hits JwtWriter.WriteTokenString() on a Windows Server 2012 R2, I get the following error but no other information.

Operation is not supported on this platform.

Stack trace doesn't seam to be much help,

The code is running fine on a number of other servers, all server have the "Microsoft .NET Core 5.00 Windows Server Hosting" installed all other functions appear to working fine.

Other Windows server including a 2012 R2 , 2016 and 2019 appear to be fine, any ideas how to narrow this problem down?

ycrumeyrolle commented 4 years ago

It might be probably on cryptography methods, but I do not have Windows 2012 available for reproducing the issue.

The stack trace may help to identify the part that cause this exception.

Your application is targeting net5?

ycrumeyrolle commented 4 years ago

Also what signature algorithm and/or encryption algorithm are you using?

AtkinsonHD commented 4 years ago

It might be probably on cryptography methods, but I do not have Windows 2012 available for reproducing the issue.

The stack trace may help to identify the part that cause this exception.

Your application is targeting net5?

I though it might be the cryptography, I have been forcing updates to machine in question, thinking it might be an outdated cipher suite. I have wrapped some more logging around it, the reason the original stack trace was making no sense was because it was blowing out with an object reference error straight after, as below.

net5.0 (win-x64) also tried (win-x86) , (portable)

Error

Operation is not supported on this platform.

Stack

at System.Runtime.Intrinsics.X86.Aes.KeygenAssist(Vector128`1 value, Byte control)
   at JsonWebToken.Internal.Aes128EncryptionKeys..ctor(ReadOnlySpan`1 key)
   at JsonWebToken.Internal.Aes128BlockEncryptor..ctor(ReadOnlySpan`1 key)
   at JsonWebToken.Internal.AesKeyWrapper..ctor(SymmetricJwk key, EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm)
   at JsonWebToken.SymmetricJwk.CreateKeyWrapper(EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm)
   at JsonWebToken.Jwk.TryGetKeyWrapper(EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm, KeyWrapper& keyWrapper)
   at JsonWebToken.EncryptedJwtDescriptor`1.EncryptToken(ReadOnlySpan`1 payload, IBufferWriter`1 output)
   at JsonWebToken.JweDescriptor`1.Encode(EncodingContext context)
   at JsonWebToken.JwtWriter.WriteToken(JwtDescriptor descriptor, IBufferWriter`1 output)
   at JsonWebToken.JwtWriter.WriteTokenString(JwtDescriptor descriptor)
   at LicensingAuthToken.Controllers.AuthController.Get(String token)

Also what signature algorithm and/or encryption algorithm are you using?

Signature Algorithm is HmacSha256 Encryption Algorithm is Aes128CbcHmacSha256 Key Management Algorithm is Aes128KW

ycrumeyrolle commented 4 years ago

OK I see the problem, but not the root cause. Windows 2012 may not support AES instruction set. However there is a check before using this feature, and it should fallback to the AES Cng implementation, which is available on Windows platforms since Windows 2008.

There is way to force the feature flag via this environment variable: SET COMPlus_EnableAES=0 Can you give try ?

I suspect a bug with System.Runtime.Intrinsics.X86.Aes.IsSupported incorrectly used. I will look on this side and if we can provide an hotfix.

AtkinsonHD commented 4 years ago

There is way to force the feature flag via this environment variable: SET COMPlus_EnableAES=0 Can you give try ?

Tried setting it as an environment system variable in Windows still the same.

ycrumeyrolle commented 4 years ago

Thanks ! The bug is identified, the hotfix should be ready soon.

ycrumeyrolle commented 4 years ago

Fix available on NuGet: https://www.nuget.org/packages/JsonWebToken/

AtkinsonHD commented 4 years ago

Pulled it down earlier, working perfectly now, thank you for the very prompt fix.