public static byte[] HashData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm) { // The classes that call us are sealed and their base class has checked this already. Debug.Assert(data != null); Debug.Assert(count >= 0 && count <= data.Length); Debug.Assert(offset >= 0 && offset <= data.Length - count); Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name)); #if NET5_0_OR_GREATER ReadOnlySpan <byte> source = data.AsSpan(offset, count); return (hashAlgorithm == HashAlgorithmName.SHA256 ? SHA256.HashData(source) : hashAlgorithm == HashAlgorithmName.SHA1 ? SHA1.HashData(source) : hashAlgorithm == HashAlgorithmName.SHA512 ? SHA512.HashData(source) : hashAlgorithm == HashAlgorithmName.SHA384 ? SHA384.HashData(source) : hashAlgorithm == HashAlgorithmName.MD5 ? MD5.HashData(source) : throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithm.Name)); #else using (HashAlgorithm hasher = GetHashAlgorithm(hashAlgorithm)) { return(hasher.ComputeHash(data, offset, count)); } #endif }
private static byte[] GetHashForChannelBinding(X509Certificate2 cert) { Oid signatureAlgorithm = cert.SignatureAlgorithm; switch (signatureAlgorithm.Value) { // RFC 5929 4.1 says that MD5 and SHA1 both upgrade to SHA256 for cbt calculation case "1.2.840.113549.2.5": // MD5 case "1.2.840.113549.1.1.4": // MD5RSA case "1.3.14.3.2.26": // SHA1 case "1.2.840.10040.4.3": // SHA1DSA case "1.2.840.10045.4.1": // SHA1ECDSA case "1.2.840.113549.1.1.5": // SHA1RSA case "2.16.840.1.101.3.4.2.1": // SHA256 case "1.2.840.10045.4.3.2": // SHA256ECDSA case "1.2.840.113549.1.1.11": // SHA256RSA return(SHA256.HashData(cert.RawDataMemory.Span)); case "2.16.840.1.101.3.4.2.2": // SHA384 case "1.2.840.10045.4.3.3": // SHA384ECDSA case "1.2.840.113549.1.1.12": // SHA384RSA return(SHA384.HashData(cert.RawDataMemory.Span)); case "2.16.840.1.101.3.4.2.3": // SHA512 case "1.2.840.10045.4.3.4": // SHA512ECDSA case "1.2.840.113549.1.1.13": // SHA512RSA return(SHA512.HashData(cert.RawDataMemory.Span)); default: throw new ArgumentException(signatureAlgorithm.Value); } }
public unsafe int DoSha512ComputeHash() { const int DataByteCount = 512 / 8; byte * bytes = stackalloc byte[DataByteCount]; SHA512.HashData(_input, new Span <byte>(bytes, DataByteCount)); return(Unsafe.ReadUnaligned <int>(bytes)); }
public static string HashPassword(string password) { var bytes = Encoding.UTF8.GetBytes($"{password}{CommonConstants.PassSalt}"); var hash = SHA512.HashData(bytes); var passwordHash = Convert.ToBase64String(hash); return(passwordHash); }
public static byte[] HashData(HashAlgorithmName hashName, ReadOnlySpan <byte> data) { return(hashName.Name switch { "SHA1" => SHA1.HashData(data), "SHA256" or "HS256" or "RS256" or "ES256" or "PS256" => SHA256.HashData(data), "SHA384" or "HS384" or "RS384" or "ES384" or "PS384" => SHA384.HashData(data), "SHA512" or "HS512" or "RS512" or "ES512" or "PS512" => SHA512.HashData(data), _ => throw new ArgumentOutOfRangeException(nameof(hashName)), });
public async Task AuthPassword() { var passwordHashString = Configuration["AuthKey"]; var passwordHash = Convert.FromBase64String(passwordHashString); if (passwordHash.SequenceEqual(SHA512.HashData(Encoding.UTF8.GetBytes(PasswordToAuth)))) { MemoryCache.Set(BlazorContext.ClientIp, true); await JSRuntime.InvokeVoidAsync("location.reload"); } }
public static byte[] HashData(Stream data, HashAlgorithmName hashAlgorithm) { // The classes that call us are sealed and their base class has checked this already. Debug.Assert(data != null); Debug.Assert(!string.IsNullOrEmpty(hashAlgorithm.Name)); return (hashAlgorithm == HashAlgorithmName.SHA256 ? SHA256.HashData(data) : hashAlgorithm == HashAlgorithmName.SHA1 ? SHA1.HashData(data) : hashAlgorithm == HashAlgorithmName.SHA512 ? SHA512.HashData(data) : hashAlgorithm == HashAlgorithmName.SHA384 ? SHA384.HashData(data) : hashAlgorithm == HashAlgorithmName.MD5 ? MD5.HashData(data) : throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithm.Name)); }
public static string GetByteHash(this MemoryOwner <byte> item) { byte[] hashResult = SHA512.HashData(item.Span); return(string.Create(hashResult.Length, hashResult, (state, bytes) => { StringBuilder builder = new(); for (int i = 0; i < bytes.Length; i++) { ref byte b = ref bytes[i]; builder.Append(b.ToString("X2")); } builder.CopyTo(0, state, state.Length); }));
public async Task SetPassword() { if (string.IsNullOrEmpty(PasswordToSet)) { return; } var settingModel = new AppSettingModel { AuthKey = SHA512.HashData(Encoding.UTF8.GetBytes(PasswordToSet)) }; await using var stream = File.OpenWrite("app.json"); await JsonSerializer.SerializeAsync(stream, settingModel); await JSRuntime.InvokeVoidAsync("location.reload"); }
protected override byte[] HashData(Stream source) => SHA512.HashData(source);
private static uint GetPersistentHashCode(string value) { byte[] valueBytes = Encoding.UTF8.GetBytes(value); byte[] hash = SHA512.HashData(valueBytes); return(BinaryPrimitives.ReadUInt32BigEndian(hash)); }
protected override int HashData(ReadOnlySpan <byte> source, Span <byte> destination) => SHA512.HashData(source, destination);
protected override int HashData(Stream source, Span <byte> destination) => SHA512.HashData(source, destination);
protected override byte[] HashData(ReadOnlySpan <byte> source) => SHA512.HashData(source);
protected override byte[] GetHash(string data) => SHA512.HashData(Encoding.UTF8.GetBytes(data));
private static unsafe void FillKeyDerivation( ReadOnlySpan <byte> password, ReadOnlySpan <byte> salt, int iterations, string hashAlgorithmName, Span <byte> destination) { SafeBCryptKeyHandle keyHandle; int hashBlockSizeBytes = GetHashBlockSize(hashAlgorithmName); // stackalloc 0 to let compiler know this cannot escape. Span <byte> clearSpan = stackalloc byte[0]; ReadOnlySpan <byte> symmetricKeyMaterial = stackalloc byte[0]; int symmetricKeyMaterialLength; if (password.IsEmpty) { // CNG won't accept a null pointer for the password. symmetricKeyMaterial = stackalloc byte[1]; symmetricKeyMaterialLength = 0; clearSpan = default; } else if (password.Length <= hashBlockSizeBytes) { // Password is small enough to use as-is. symmetricKeyMaterial = password; symmetricKeyMaterialLength = password.Length; clearSpan = default; } else { // RFC 2104: "The key for HMAC can be of any length (keys longer than B bytes are // first hashed using H). // We denote by B the byte-length of such // blocks (B=64 for all the above mentioned examples of hash functions) // // Windows' PBKDF2 will do this up to a point. To ensure we accept arbitrary inputs for // PBKDF2, we do the hashing ourselves. Span <byte> hashBuffer = stackalloc byte[512 / 8]; // 64 bytes is SHA512, the largest digest handled. int hashBufferSize; switch (hashAlgorithmName) { case HashAlgorithmNames.SHA1: hashBufferSize = SHA1.HashData(password, hashBuffer); break; case HashAlgorithmNames.SHA256: hashBufferSize = SHA256.HashData(password, hashBuffer); break; case HashAlgorithmNames.SHA384: hashBufferSize = SHA384.HashData(password, hashBuffer); break; case HashAlgorithmNames.SHA512: hashBufferSize = SHA512.HashData(password, hashBuffer); break; default: Debug.Fail($"Unexpected hash algorithm '{hashAlgorithmName}'"); throw new CryptographicException(); } clearSpan = hashBuffer.Slice(0, hashBufferSize); symmetricKeyMaterial = clearSpan; symmetricKeyMaterialLength = hashBufferSize; } Debug.Assert(symmetricKeyMaterial.Length > 0); NTSTATUS generateKeyStatus; if (Interop.BCrypt.PseudoHandlesSupported) { fixed(byte *pSymmetricKeyMaterial = symmetricKeyMaterial) { generateKeyStatus = Interop.BCrypt.BCryptGenerateSymmetricKey( (nuint)BCryptAlgPseudoHandle.BCRYPT_PBKDF2_ALG_HANDLE, out keyHandle, pbKeyObject: IntPtr.Zero, cbKeyObject: 0, pSymmetricKeyMaterial, symmetricKeyMaterialLength, dwFlags: 0); } } else { if (s_pbkdf2AlgorithmHandle is null) { NTSTATUS openStatus = Interop.BCrypt.BCryptOpenAlgorithmProvider( out SafeBCryptAlgorithmHandle pbkdf2AlgorithmHandle, Internal.NativeCrypto.BCryptNative.AlgorithmName.Pbkdf2, null, BCryptOpenAlgorithmProviderFlags.None); if (openStatus != NTSTATUS.STATUS_SUCCESS) { pbkdf2AlgorithmHandle.Dispose(); CryptographicOperations.ZeroMemory(clearSpan); throw Interop.BCrypt.CreateCryptographicException(openStatus); } // This might race, and that's okay. Worst case the algorithm is opened // more than once, and the ones that lost will get cleaned up during collection. Interlocked.CompareExchange(ref s_pbkdf2AlgorithmHandle, pbkdf2AlgorithmHandle, null); } fixed(byte *pSymmetricKeyMaterial = symmetricKeyMaterial) { generateKeyStatus = Interop.BCrypt.BCryptGenerateSymmetricKey( s_pbkdf2AlgorithmHandle, out keyHandle, pbKeyObject: IntPtr.Zero, cbKeyObject: 0, pSymmetricKeyMaterial, symmetricKeyMaterialLength, dwFlags: 0); } } CryptographicOperations.ZeroMemory(clearSpan); if (generateKeyStatus != NTSTATUS.STATUS_SUCCESS) { keyHandle.Dispose(); throw Interop.BCrypt.CreateCryptographicException(generateKeyStatus); } Debug.Assert(!keyHandle.IsInvalid); ulong kdfIterations = (ulong)iterations; // Previously asserted to be positive. using (keyHandle) fixed(char *pHashAlgorithmName = hashAlgorithmName) fixed(byte *pSalt = salt) fixed(byte *pDestination = destination) { Span <BCryptBuffer> buffers = stackalloc BCryptBuffer[3]; buffers[0].BufferType = CngBufferDescriptors.KDF_ITERATION_COUNT; buffers[0].pvBuffer = (IntPtr)(&kdfIterations); buffers[0].cbBuffer = sizeof(ulong); buffers[1].BufferType = CngBufferDescriptors.KDF_SALT; buffers[1].pvBuffer = (IntPtr)pSalt; buffers[1].cbBuffer = salt.Length; buffers[2].BufferType = CngBufferDescriptors.KDF_HASH_ALGORITHM; buffers[2].pvBuffer = (IntPtr)pHashAlgorithmName; // C# spec: "A char* value produced by fixing a string instance always points to a null-terminated string" buffers[2].cbBuffer = checked ((hashAlgorithmName.Length + 1) * sizeof(char)); // Add null terminator. fixed(BCryptBuffer *pBuffers = buffers) { Interop.BCrypt.BCryptBufferDesc bufferDesc; bufferDesc.ulVersion = Interop.BCrypt.BCRYPTBUFFER_VERSION; bufferDesc.cBuffers = buffers.Length; bufferDesc.pBuffers = (IntPtr)pBuffers; NTSTATUS deriveStatus = Interop.BCrypt.BCryptKeyDerivation( keyHandle, &bufferDesc, pDestination, destination.Length, out uint resultLength, dwFlags: 0); if (deriveStatus != NTSTATUS.STATUS_SUCCESS) { throw Interop.BCrypt.CreateCryptographicException(deriveStatus); } if (destination.Length != resultLength) { Debug.Fail("PBKDF2 resultLength != destination.Length"); throw new CryptographicException(); } } } }
public static byte[] GetHash(string ip, string password) { return(SHA512.HashData(Encoding.UTF8.GetBytes(ip + password))); }
public async Task PublishAsync( IKubernetesObject <V1ObjectMeta> resource, string reason, string message, EventType type = EventType.Normal) { _logger.LogTrace( "Encoding event name with: {resourceName}.{resourceNamespace}.{reason}.{message}.{type}.", resource.Name(), resource.Namespace(), reason, message, type); var eventName = Base32.Rfc4648.Encode( SHA512.HashData( Encoding.UTF8.GetBytes($"{resource.Name()}.{resource.Namespace()}.{reason}.{message}.{type}"))); _logger.LogTrace(@"Search or create event with name ""{name}"".", eventName); var @event = await _client.Get <Corev1Event>(eventName, resource.Namespace()) ?? new Corev1Event { Kind = Corev1Event.KubeKind, ApiVersion = $"{Corev1Event.KubeGroup}/{Corev1Event.KubeApiVersion}", Metadata = new V1ObjectMeta { Name = eventName, NamespaceProperty = resource.Namespace(), Annotations = new Dictionary <string, string> { { "nameHash", "sha512" }, { "nameEncoding", "Base32 / RFC 4648" }, }, }, Type = type.ToString(), Reason = reason, Message = message, ReportingComponent = _settings.Name, ReportingInstance = Environment.MachineName, Source = new V1EventSource { Component = _settings.Name }, InvolvedObject = resource.MakeObjectReference(), FirstTimestamp = DateTime.UtcNow, LastTimestamp = DateTime.UtcNow, Count = 0, }; @event.Count++; @event.LastTimestamp = DateTime.UtcNow; _logger.LogTrace( "Save event with new count {count} and last timestamp {timestamp}", @event.Count, @event.LastTimestamp); await _client.Save(@event); _logger.LogInformation( @"Created or updated event with name ""{name}"" to new count {count} on resource ""{kind}/{name}"".", eventName, @event.Count, resource.Kind, resource.Name()); }