Use hash/hmac one shots in NTLM (#70857)

Co-authored-by: N Stephen Toub <stoub@microsoft.com>

Use hash/hmac one shots in NTLM (#70857)
Co-authored-by: N Stephen Toub <stoub@microsoft.com>
5fc5c68d · Kevin Jones · GitHub · 1b87ff9e · 5fc5c68d
隐藏空白更改
内联并排

Showing with 10 addition and 21 deletion

src/libraries/Common/src/System/Net/NTAuthentication.Managed.cs ...braries/Common/src/System/Net/NTAuthentication.Managed.cs +10 -21

未找到文件。
--- a/src/libraries/Common/src/System/Net/NTAuthentication.Managed.cs
+++ b/src/libraries/Common/src/System/Net/NTAuthentication.Managed.cs
@@ -444,14 +444,10 @@ private static void makeNtlm2Hash(string domain, string userName, ReadOnlySpan<c
            {
                Encoding.Unicode.GetBytes(password, pwBytes);
                MD4.HashData(pwBytes, pwHash);
+                // strangely, user is upper case, domain is not.
-                using (var hmac = IncrementalHash.CreateHMAC(HashAlgorithmName.MD5, pwHash))
+                byte[] blob = Encoding.Unicode.GetBytes(string.Concat(userName.ToUpperInvariant(), domain));
-                {
+                int written = HMACMD5.HashData(pwHash, blob, hash);
-                    // strangely, user is upper case, domain is not.
+                Debug.Assert(written == HMACMD5.HashSizeInBytes);
-                    byte[] blob = Encoding.Unicode.GetBytes(string.Concat(userName.ToUpperInvariant(), domain));
-                    hmac.AppendData(blob);
-                    hmac.GetHashAndReset(hash);
-                }
            }
            finally
            {
@@ -502,16 +498,12 @@ private unsafe void WriteChannelBindingHash(Span<byte> hashBuffer)
            {
                IntPtr cbtData = _channelBinding.DangerousGetHandle();
                int cbtDataSize = _channelBinding.Size;
+                int written = MD5.HashData(new Span<byte>((void*)cbtData, cbtDataSize), hashBuffer);
-                using (var md5 = IncrementalHash.CreateHash(HashAlgorithmName.MD5))
+                Debug.Assert(written == MD5.HashSizeInBytes);
-                {
-                    md5.AppendData(new Span<byte>((void *)cbtData, cbtDataSize));
-                    md5.GetHashAndReset(hashBuffer);
-                }
            }
            else
            {
-                hashBuffer.Fill(0);
+                hashBuffer.Clear();
            }
        }
@@ -716,12 +708,9 @@ private static byte[] DeriveKey(ReadOnlySpan<byte> exportedSessionKey, ReadOnlyS
            Debug.Assert(flags.HasFlag(Flags.NegotiateSign) && flags.HasFlag(Flags.NegotiateKeyExchange));
            // Derive session base key
-            Span<byte> sessionBaseKey = stackalloc byte[16];
+            Span<byte> sessionBaseKey = stackalloc byte[HMACMD5.HashSizeInBytes];
-            using (var hmacSessionKey = IncrementalHash.CreateHMAC(HashAlgorithmName.MD5, ntlm2hash))
+            int sessionKeyWritten = HMACMD5.HashData(ntlm2hash, responseAsSpan.Slice(response.NtChallengeResponse.PayloadOffset, 16), sessionBaseKey);
-            {
+            Debug.Assert(sessionKeyWritten == HMACMD5.HashSizeInBytes);
-                hmacSessionKey.AppendData(responseAsSpan.Slice(response.NtChallengeResponse.PayloadOffset, 16));
-                hmacSessionKey.GetHashAndReset(sessionBaseKey);
-            }
            // Encrypt exportedSessionKey with sessionBaseKey
            using (RC4 rc4 = new RC4(sessionBaseKey))