//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//------------------------------------------------------------------------------
namespace System.Web.Security.Cryptography {
using System;
using System.Runtime.CompilerServices;
using System.Security.Cryptography;
using System.Text;
using System.Web.Util;
// Contains helper methods for dealing with cryptographic operations.
internal static class CryptoUtil {
///
/// Similar to Encoding.UTF8, but throws on invalid bytes. Useful for security routines where we need
/// strong guarantees that we're always producing valid UTF8 streams.
///
public static readonly UTF8Encoding SecureUTF8Encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true);
///
/// Converts a byte array into its hexadecimal representation.
///
/// The binary byte array.
/// The hexadecimal (uppercase) equivalent of the byte array.
public static string BinaryToHex(byte[] data) {
if (data == null) {
return null;
}
char[] hex = new char[checked(data.Length * 2)];
for (int i = 0; i < data.Length; i++) {
byte thisByte = data[i];
hex[2 * i] = NibbleToHex((byte)(thisByte >> 4)); // high nibble
hex[2 * i + 1] = NibbleToHex((byte)(thisByte & 0xf)); // low nibble
}
return new string(hex);
}
// Determines if two buffer instances are equal, e.g. whether they contain the same payload. This method
// is written in such a manner that it should take the same amount of time to execute regardless of
// whether the result is success or failure. The modulus operation is intended to make the check take the
// same amount of time, even if the buffers are of different lengths.
//
// !! DO NOT CHANGE THIS METHOD WITHOUT SECURITY
[MethodImpl(MethodImplOptions.NoOptimization)]
public static bool BuffersAreEqual(byte[] buffer1, int buffer1Offset, int buffer1Count, byte[] buffer2, int buffer2Offset, int buffer2Count) {
Debug.ValidateArrayBounds(buffer1, buffer1Offset, buffer1Count);
Debug.ValidateArrayBounds(buffer2, buffer2Offset, buffer2Count);
bool success = (buffer1Count == buffer2Count); // can't possibly be successful if the buffers are of different lengths
for (int i = 0; i < buffer1Count; i++) {
success &= (buffer1[buffer1Offset + i] == buffer2[buffer2Offset + (i % buffer2Count)]);
}
return success;
}
///
/// Computes the SHA256 hash of a given input.
///
/// The input over which to compute the hash.
/// The binary hash (32 bytes) of the input.
public static byte[] ComputeSHA256Hash(byte[] input) {
return ComputeSHA256Hash(input, 0, input.Length);
}
///
/// Computes the SHA256 hash of a given segment in a buffer.
///
/// The buffer over which to compute the hash.
/// The offset at which to begin computing the hash.
/// The number of bytes in the buffer to include in the hash.
/// The binary hash (32 bytes) of the buffer segment.
public static byte[] ComputeSHA256Hash(byte[] buffer, int offset, int count) {
Debug.ValidateArrayBounds(buffer, offset, count);
using (SHA256 sha256 = CryptoAlgorithms.CreateSHA256()) {
return sha256.ComputeHash(buffer, offset, count);
}
}
///
/// Returns an IV that's based solely on the contents of a buffer; useful for generating
/// predictable IVs for ciphertexts that need to be cached. The output value is only
/// appropriate for use as an IV and must not be used for any other purpose.
///
/// This method uses an iterated unkeyed SHA256 to calculate the IV.
/// The input buffer over which to calculate the IV.
/// The requested length (in bits) of the IV to generate.
/// The calculated IV.
public static byte[] CreatePredictableIV(byte[] buffer, int ivBitLength) {
// Algorithm:
// T_0 = SHA256(buffer)
// T_n = SHA256(T_{n-1})
// output = T_0 || T_1 || ... || T_n (as many blocks as necessary to reach ivBitLength)
byte[] output = new byte[ivBitLength / 8];
int bytesCopied = 0;
int bytesRemaining = output.Length;
using (SHA256 sha256 = CryptoAlgorithms.CreateSHA256()) {
while (bytesRemaining > 0) {
byte[] hashed = sha256.ComputeHash(buffer);
int bytesToCopy = Math.Min(bytesRemaining, hashed.Length);
Buffer.BlockCopy(hashed, 0, output, bytesCopied, bytesToCopy);
bytesCopied += bytesToCopy;
bytesRemaining -= bytesToCopy;
buffer = hashed; // next iteration (if it occurs) will operate over the block just hashed
}
}
return output;
}
///
/// Converts a hexadecimal string into its binary representation.
///
/// The hex string.
/// The byte array corresponding to the contents of the hex string,
/// or null if the input string is not a valid hex string.
public static byte[] HexToBinary(string data) {
if (data == null || data.Length % 2 != 0) {
// input string length is not evenly divisible by 2
return null;
}
byte[] binary = new byte[data.Length / 2];
for (int i = 0; i < binary.Length; i++) {
int highNibble = HttpEncoderUtility.HexToInt(data[2 * i]);
int lowNibble = HttpEncoderUtility.HexToInt(data[2 * i + 1]);
if (highNibble == -1 || lowNibble == -1) {
return null; // bad hex data
}
binary[i] = (byte)((highNibble << 4) | lowNibble);
}
return binary;
}
// converts a nibble (4 bits) to its uppercase hexadecimal character representation [0-9, A-F]
private static char NibbleToHex(byte nibble) {
return (char)((nibble < 10) ? (nibble + '0') : (nibble - 10 + 'A'));
}
}
}