CODEWITHSUNDEEP
c#encryptionkeyprivate
Matthew
Matthew

Reputation: 4607

Application crashes (closes) even though exception is being caught

I have the following code:

public byte[] GenerateSignature(List<string> text_list)
        {
            StringBuilder text_string = new StringBuilder();
            string private_key = "<RSAKeyValue><Modulus>zDYX4tbHSy....";
            byte[] digital_signature = null;

            for (int i = 0; i < text_list.Count; i++)
            {
                text_string.Append(text_list[i]);
            }

            try
            {
                RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
                rsa.FromXmlString(private_key);

                RSAPKCS1SignatureFormatter rsa_form = new RSAPKCS1SignatureFormatter(rsa);
                rsa_form.SetHashAlgorithm("SHA1");

                SHA1Managed sha1 = new SHA1Managed();
                UnicodeEncoding encoding = new UnicodeEncoding();
                byte[] data = encoding.GetBytes(text_string.ToString());
                byte[] hash = sha1.ComputeHash(data);
                digital_signature = rsa_form.CreateSignature(hash);
            }
            catch (Exception)
            {
                digital_signature = Encoding.Unicode.GetBytes("false");
            }
            return digital_signature;
}

Now, if I change a character in the private key, the application crashes and closes on the line rsa.FromXmlString(private_key) even though the code is wrapped in a try catch block. On the other hand, if I set the private key to a meaningless value such as blablabla, the exception is caught and handled gracefully.

Why is the application crashing and closing when I change a single character from the private key? For example, if I change "<RSAKeyValue><Modulus>zDYX4tbHSy...." to "<RSAKeyValue><Modulus>ADYX4tbHSy....", (changed z to A) the application crashes and closes. The application is a Windows Phone application but I guess that should not make a difference.

Update

This is the call stack just before the exception is thrown:

MobileApp.dll!MobileApp.Classes.SignatureMobile.GenerateSignature(System.Collections.Generic.List text_list) Line 38 C# MobileApp.dll!MobileApp.StartPage.Button_LogIn_Click(object sender, System.Windows.RoutedEventArgs e) Line 74 + 0x4 bytes C# System.Windows.dll!System.Windows.Controls.Primitives.ButtonBase.OnClick() + 0x1f bytes System.Windows.dll!System.Windows.Controls.Button.OnClick() + 0x1f bytes
System.Windows.dll!System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs e) + 0x4e bytes
System.Windows.dll!System.Windows.Controls.Control.OnMouseLeftButtonUp(System.Windows.Controls.Control ctrl, System.EventArgs e) + 0xc bytes
System.Windows.dll!MS.Internal.JoltHelper.FireEvent(System.IntPtr unmanagedObj, System.IntPtr unmanagedObjArgs, int argsTypeIndex, int actualArgsTypeIndex, string eventName) + 0x115 bytes [External Code]

Upvotes: 3

Views: 248

Answers (2)

Na Na
Na Na

Reputation: 838

On the other hand, if I set the private key to a meaningless value such as blablabla, the exception is caught and handled gracefully.

that suggests different culture setting

http://msdn.microsoft.com/en-US/library/system.globalization.cultureinfo.aspx

Update: RSA.FromXmlString Method

The FromXmlString initializes an RSA object using key information in an XML string that was generated using the ToXmlString method. The FromXmlString method accepts either an XML string containing a public key or an XML string containing a public and private key.

this method expects valid RSA key. Valid according to specifications:

https://www.rfc-editor.org/rfc/rfc3447#appendix-A.1.1

If you use private key as described no wonder that it generates exception as private key consists both public and private keys. On the other hand meaningless key may be interpreted as a public key only.

Upvotes: 1

Maarten Bodewes
Maarten Bodewes

Reputation: 94058

I think you've just uncovered a bug. I presume that the key value is parsed and then passed on to an underlying native library. The error is not handled gracefully in the underlying library or the wrapper function around it. Note that you've changed the modulus length slightly when you changed the private key from z to A. The modulus size is now different from the key size. This may not have been tested well.

Congratulations :)

Upvotes: 1

Related Questions