Description
Secrets that are protected in <=10.0.5 cannot be unprotected in 10.0.6.
Unless I've gotten something wrong, this will likely cause major outages to everyone who accepts this patch (for which there is a high severity security advisory to do so: GHSA-37gx-xxp4-5rgx).
Reproduction Steps
I've uploaded a reproduction here: https://github.com/nth-commit/microsoft-aspnetcore-dataprotection-bug
Run ./run-repro.sh and note that it fails.
Expected behavior
A secret protected by 10.0.5 should be able to be unprotected by 10.0.6
Actual behavior
A secret protected by 10.0.5 cannot be unprotected by 10.0.6. Throws:
System.Security.Cryptography.CryptographicException: The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning
at Microsoft.AspNetCore.DataProtection.Managed.ManagedAuthenticatedEncryptor.CalculateAndValidateMac(Byte[] payloadArray, Int32 ivOffset, Int32 macOffset, Int32 eofOffset, ReadOnlySpan`1 validationSubkey, Byte[] validationSubkeyArray)
at Microsoft.AspNetCore.DataProtection.Managed.ManagedAuthenticatedEncryptor.Decrypt(ArraySegment`1 protectedPayload, ArraySegment`1 additionalAuthenticatedData)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.DataProtection.DataProtectionCommonExtensions.Unprotect(IDataProtector protector, String protectedData)
Regression?
Yes.
Known Workarounds
No response
Configuration
No response
Other information
No response