Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
dotNET Platform
runtime
提交
a95da1bf
R
runtime
项目概览
dotNET Platform
/
runtime
大约 1 年 前同步成功
通知
1
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
runtime
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
a95da1bf
编写于
6月 07, 2021
作者:
K
Kevin Jones
提交者:
GitHub
6月 07, 2021
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use HMAC one-shot where appropriate
上级
a82c357b
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
64 addition
and
33 deletion
+64
-33
src/libraries/Common/src/System/Security/Cryptography/HashOneShotHelpers.cs
...on/src/System/Security/Cryptography/HashOneShotHelpers.cs
+42
-0
src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj
...rithms/src/System.Security.Cryptography.Algorithms.csproj
+2
-0
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/HKDF.cs
...raphy.Algorithms/src/System/Security/Cryptography/HKDF.cs
+2
-6
src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixExportProvider.cs
.../src/Internal/Cryptography/Pal.Unix/UnixExportProvider.cs
+18
-27
未找到文件。
src/libraries/Common/src/System/Security/Cryptography/HashOneShotHelpers.cs
0 → 100644
浏览文件 @
a95da1bf
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
using
System.Diagnostics
;
namespace
System.Security.Cryptography
{
[
System
.
Diagnostics
.
CodeAnalysis
.
SuppressMessage
(
"Microsoft.Security"
,
"CA5350"
,
Justification
=
"Weak algorithms are used as instructed by the caller"
)]
[
System
.
Diagnostics
.
CodeAnalysis
.
SuppressMessage
(
"Microsoft.Security"
,
"CA5351"
,
Justification
=
"Weak algorithms are used as instructed by the caller"
)]
internal
static
class
HashOneShotHelpers
{
public
static
int
MacData
(
HashAlgorithmName
hashAlgorithm
,
ReadOnlySpan
<
byte
>
key
,
ReadOnlySpan
<
byte
>
source
,
Span
<
byte
>
destination
)
{
if
(
hashAlgorithm
==
HashAlgorithmName
.
SHA256
)
{
return
HMACSHA256
.
HashData
(
key
,
source
,
destination
);
}
else
if
(
hashAlgorithm
==
HashAlgorithmName
.
SHA1
)
{
return
HMACSHA1
.
HashData
(
key
,
source
,
destination
);
}
else
if
(
hashAlgorithm
==
HashAlgorithmName
.
SHA512
)
{
return
HMACSHA512
.
HashData
(
key
,
source
,
destination
);
}
else
if
(
hashAlgorithm
==
HashAlgorithmName
.
SHA384
)
{
return
HMACSHA384
.
HashData
(
key
,
source
,
destination
);
}
else
if
(
hashAlgorithm
==
HashAlgorithmName
.
MD5
)
{
return
HMACMD5
.
HashData
(
key
,
source
,
destination
);
}
throw
new
CryptographicException
(
SR
.
Format
(
SR
.
Cryptography_UnknownHashAlgorithm
,
hashAlgorithm
.
Name
));
}
}
}
src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj
浏览文件 @
a95da1bf
...
...
@@ -126,6 +126,8 @@
Link="Common\System\Security\Cryptography\EccKeyFormatHelper.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\KeyBlobHelpers.cs"
Link="Common\System\Security\Cryptography\KeyBlobHelpers.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\HashOneShotHelpers.cs"
Link="Common\System\Security\Cryptography\HashOneShotHelpers.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\KeyFormatHelper.cs"
Link="Common\System\Security\Cryptography\KeyFormatHelper.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\KeySizeHelpers.cs"
...
...
src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/HKDF.cs
浏览文件 @
a95da1bf
...
...
@@ -67,12 +67,8 @@ public static int Extract(HashAlgorithmName hashAlgorithmName, ReadOnlySpan<byte
private
static
void
Extract
(
HashAlgorithmName
hashAlgorithmName
,
int
hashLength
,
ReadOnlySpan
<
byte
>
ikm
,
ReadOnlySpan
<
byte
>
salt
,
Span
<
byte
>
prk
)
{
Debug
.
Assert
(
HashLength
(
hashAlgorithmName
)
==
hashLength
);
using
(
IncrementalHash
hmac
=
IncrementalHash
.
CreateHMAC
(
hashAlgorithmName
,
salt
))
{
hmac
.
AppendData
(
ikm
);
GetHashAndReset
(
hmac
,
prk
);
}
int
written
=
HashOneShotHelpers
.
MacData
(
hashAlgorithmName
,
salt
,
ikm
,
prk
);
Debug
.
Assert
(
written
==
prk
.
Length
,
$"Bytes written is
{
written
}
bytes which does not match output length (
{
prk
.
Length
}
bytes)"
);
}
/// <summary>
...
...
src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixExportProvider.cs
浏览文件 @
a95da1bf
...
...
@@ -475,43 +475,34 @@ private static ArraySegment<byte> EncodeKeys(AsnWriter tmpWriter, SafeBagAsn[] k
return
new
ArraySegment
<
byte
>(
authSafe
,
0
,
authSafeLength
);
}
[
System
.
Diagnostics
.
CodeAnalysis
.
SuppressMessage
(
"Microsoft.Security"
,
"CA5350"
,
Justification
=
"HMACSHA1 is required for compat with other platforms"
)]
private
static
unsafe
byte
[]
MacAndEncode
(
AsnWriter
tmpWriter
,
ReadOnlyMemory
<
byte
>
encodedAuthSafe
,
ReadOnlySpan
<
char
>
passwordSpan
)
{
// Windows/macOS compatibility: Use HMAC-SHA-1,
// other algorithms may not be understood
byte
[]
macKey
=
new
byte
[
20
];
Span
<
byte
>
macSalt
=
stackalloc
byte
[
20
];
Span
<
byte
>
macSpan
=
stackalloc
byte
[
20
];
HashAlgorithmName
hashAlgorithm
=
HashAlgorithmName
.
SHA1
;
const
int
MacSize
=
160
/
8
;
// HMAC-SHA1 is 160 bits.
Span
<
byte
>
macKey
=
stackalloc
byte
[
MacSize
];
Span
<
byte
>
macSalt
=
stackalloc
byte
[
MacSize
];
Span
<
byte
>
macSpan
=
stackalloc
byte
[
MacSize
];
RandomNumberGenerator
.
Fill
(
macSalt
);
fixed
(
byte
*
macKeyPtr
=
macKey
)
{
Span
<
byte
>
macKeySpan
=
macKey
;
Pkcs12Kdf
.
DeriveMacKey
(
passwordSpan
,
hashAlgorithm
,
HashAlgorithmName
.
SHA1
,
s_windowsPbe
.
IterationCount
,
macSalt
,
macKeySpan
);
macKey
);
using
(
IncrementalHash
mac
=
IncrementalHash
.
CreateHMAC
(
hashAlgorithm
,
macKey
))
{
mac
.
AppendData
(
encodedAuthSafe
.
Span
);
int
bytesWritten
=
HMACSHA1
.
HashData
(
macKey
,
encodedAuthSafe
.
Span
,
macSpan
);
if
(!
mac
.
TryGetHashAndReset
(
macSpan
,
out
int
bytesWritten
)
||
bytesWritten
!=
macSpan
.
Length
)
if
(
bytesWritten
!=
MacSize
)
{
Debug
.
Fail
(
$"TryGetHashAndReset wrote
{
bytesWritten
}
of
{
macSpan
.
Length
}
bytes"
);
Debug
.
Fail
(
$"HMACSHA1.HashData wrote
{
bytesWritten
}
of
{
MacSize
}
bytes"
);
throw
new
CryptographicException
();
}
}
CryptographicOperations
.
ZeroMemory
(
macKeySpan
);
}
CryptographicOperations
.
ZeroMemory
(
macKey
);
// https://tools.ietf.org/html/rfc7292#section-4
//
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录