Imported Upstream version 5.10.0.47

Former-commit-id: d0813289fa2d35e1f8ed77530acb4fb1df441bc0
2018-01-24 17:04:36 +00:00
parent 88ff76fe28
commit e46a49ecf1
5927 changed files with 226314 additions and 129848 deletions
--- a/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/Tokens/WindowsUserNameCachingSecurityTokenAuthenticator.cs
+++ b/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/Tokens/WindowsUserNameCachingSecurityTokenAuthenticator.cs
@ -22,7 +22,7 @@ namespace System.ServiceModel.Security.Tokens
    class LogonTokenCache : TimeBoundedCache
    {
        const int lowWaterMarkFactor = 75;
-        const int saltSize = 4;
+        const int saltSize = 256;

        TimeSpan cachedLogonTokenLifetime;
        RNGCryptoServiceProvider random;
@ -99,14 +99,14 @@ namespace System.ServiceModel.Security.Tokens
        public LogonToken(string userName, string password, byte[] salt, ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies)
        {
            this.userName = userName;
-            this.passwordHash = ComputeHash(password, salt);
+            this.passwordHash = ComputeHMACSHA256Hash(password, salt);
            this.salt = salt;
            this.authorizationPolicies = System.IdentityModel.SecurityUtils.CloneAuthorizationPoliciesIfNecessary(authorizationPolicies);
        }

        public bool PasswordEquals(string password)
        {
-            byte[] passwordHash = ComputeHash(password, this.salt);
+            byte[] passwordHash = ComputeHMACSHA256Hash(password, this.salt);
            return CryptoHelper.IsEqual(this.passwordHash, passwordHash);
        }

@ -125,21 +125,11 @@ namespace System.ServiceModel.Security.Tokens
            System.IdentityModel.SecurityUtils.DisposeAuthorizationPoliciesIfNecessary(this.authorizationPolicies);
        }

-        static byte[] ComputeHash(string password, byte[] salt)
+        static byte[] ComputeHMACSHA256Hash(string password, byte[] key)
        {
-            if (String.IsNullOrEmpty(password))
+            using (HMACSHA256 hmac = new HMACSHA256(key))
            {
-                return salt;
-            }
-            byte[] bytes = Encoding.Unicode.GetBytes(password);
-            int saltSize = salt.Length;
-            for (int i = 0; i < bytes.Length; ++i)
-            {
-                bytes[i] ^= salt[i % saltSize];
-            }
-            using (HashAlgorithm hashAlgorithm = CryptoHelper.NewSha1HashAlgorithm())
-            {
-                return hashAlgorithm.ComputeHash(bytes);
+                return hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
            }
        }
    }