diff options
author | Jonathan Peppers <jonathan.peppers@gmail.com> | 2019-10-03 18:34:41 +0300 |
---|---|---|
committer | Alexander Köplinger <alex.koeplinger@outlook.com> | 2019-10-03 18:34:41 +0300 |
commit | 9f805dcf8a87f46c0c5ef01e8468e92af2c2ef47 (patch) | |
tree | 86b69de6546e9f363c20ff647bf802d8b95cb689 | |
parent | e9946684f05a4415e370c0298560c09d3c3a6973 (diff) |
[reflect] fix more usage of SHA1Managed for FIPS (#14)
In e9946684, I fixed the usage of `SHA1Managed` that I found from a stack trace while running `mkbundle.exe` on Windows.
I found 3 more usages that needed to be fixed.
-rw-r--r-- | reflect/Emit/AssemblyBuilder.cs | 24 | ||||
-rw-r--r-- | reflect/Writer/ModuleWriter.cs | 114 |
2 files changed, 72 insertions, 66 deletions
diff --git a/reflect/Emit/AssemblyBuilder.cs b/reflect/Emit/AssemblyBuilder.cs index a1ba7177..349dfc1d 100644 --- a/reflect/Emit/AssemblyBuilder.cs +++ b/reflect/Emit/AssemblyBuilder.cs @@ -472,21 +472,23 @@ namespace IKVM.Reflection.Emit private int AddFile(ModuleBuilder manifestModule, string fileName, int flags) { - SHA1Managed hash = new SHA1Managed(); - string fullPath = fileName; - if (dir != null) - { - fullPath = Path.Combine(dir, fileName); - } - using (FileStream fs = new FileStream(fullPath, FileMode.Open, FileAccess.Read)) + using (var hash = SHA1.Create()) { - using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write)) + string fullPath = fileName; + if (dir != null) { - byte[] buf = new byte[8192]; - ModuleWriter.HashChunk(fs, cs, buf, (int)fs.Length); + fullPath = Path.Combine(dir, fileName); + } + using (FileStream fs = new FileStream(fullPath, FileMode.Open, FileAccess.Read)) + { + using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write)) + { + byte[] buf = new byte[8192]; + ModuleWriter.HashChunk(fs, cs, buf, (int)fs.Length); + } } + return manifestModule.__AddModule(flags, Path.GetFileName(fileName), hash.Hash); } - return manifestModule.__AddModule(flags, Path.GetFileName(fileName), hash.Hash); } public void AddResourceFile(string name, string fileName) diff --git a/reflect/Writer/ModuleWriter.cs b/reflect/Writer/ModuleWriter.cs index 1e880d58..8edaecf6 100644 --- a/reflect/Writer/ModuleWriter.cs +++ b/reflect/Writer/ModuleWriter.cs @@ -382,53 +382,55 @@ namespace IKVM.Reflection.Writer private static void StrongName(Stream stream, StrongNameKeyPair keyPair, uint headerLength, uint textSectionFileOffset, uint strongNameSignatureFileOffset, uint strongNameSignatureLength) { - SHA1Managed hash = new SHA1Managed(); - using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write)) + using (var hash = SHA1.Create()) { + using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write)) + { + stream.Seek(0, SeekOrigin.Begin); + byte[] buf = new byte[8192]; + HashChunk(stream, cs, buf, (int)headerLength); + stream.Seek(textSectionFileOffset, SeekOrigin.Begin); + HashChunk(stream, cs, buf, (int)(strongNameSignatureFileOffset - textSectionFileOffset)); + stream.Seek(strongNameSignatureLength, SeekOrigin.Current); + HashChunk(stream, cs, buf, (int)(stream.Length - (strongNameSignatureFileOffset + strongNameSignatureLength))); + } + using (RSA rsa = keyPair.CreateRSA()) + { + RSAPKCS1SignatureFormatter sign = new RSAPKCS1SignatureFormatter(rsa); + byte[] signature = sign.CreateSignature(hash); + Array.Reverse(signature); + if (signature.Length != strongNameSignatureLength) + { + throw new InvalidOperationException("Signature length mismatch"); + } + stream.Seek(strongNameSignatureFileOffset, SeekOrigin.Begin); + stream.Write(signature, 0, signature.Length); + } + + // compute the PE checksum stream.Seek(0, SeekOrigin.Begin); - byte[] buf = new byte[8192]; - HashChunk(stream, cs, buf, (int)headerLength); - stream.Seek(textSectionFileOffset, SeekOrigin.Begin); - HashChunk(stream, cs, buf, (int)(strongNameSignatureFileOffset - textSectionFileOffset)); - stream.Seek(strongNameSignatureLength, SeekOrigin.Current); - HashChunk(stream, cs, buf, (int)(stream.Length - (strongNameSignatureFileOffset + strongNameSignatureLength))); - } - using (RSA rsa = keyPair.CreateRSA()) - { - RSAPKCS1SignatureFormatter sign = new RSAPKCS1SignatureFormatter(rsa); - byte[] signature = sign.CreateSignature(hash); - Array.Reverse(signature); - if (signature.Length != strongNameSignatureLength) + int count = (int)stream.Length / 4; + BinaryReader br = new BinaryReader(stream); + long sum = 0; + for (int i = 0; i < count; i++) { - throw new InvalidOperationException("Signature length mismatch"); + sum += br.ReadUInt32(); + int carry = (int)(sum >> 32); + sum &= 0xFFFFFFFFU; + sum += carry; } - stream.Seek(strongNameSignatureFileOffset, SeekOrigin.Begin); - stream.Write(signature, 0, signature.Length); - } + while ((sum >> 16) != 0) + { + sum = (sum & 0xFFFF) + (sum >> 16); + } + sum += stream.Length; - // compute the PE checksum - stream.Seek(0, SeekOrigin.Begin); - int count = (int)stream.Length / 4; - BinaryReader br = new BinaryReader(stream); - long sum = 0; - for (int i = 0; i < count; i++) - { - sum += br.ReadUInt32(); - int carry = (int)(sum >> 32); - sum &= 0xFFFFFFFFU; - sum += carry; + // write the PE checksum, note that it is always at offset 0xD8 in the file + ByteBuffer bb = new ByteBuffer(4); + bb.Write((int)sum); + stream.Seek(0xD8, SeekOrigin.Begin); + bb.WriteTo(stream); } - while ((sum >> 16) != 0) - { - sum = (sum & 0xFFFF) + (sum >> 16); - } - sum += stream.Length; - - // write the PE checksum, note that it is always at offset 0xD8 in the file - ByteBuffer bb = new ByteBuffer(4); - bb.Write((int)sum); - stream.Seek(0xD8, SeekOrigin.Begin); - bb.WriteTo(stream); } internal static void HashChunk(Stream stream, CryptoStream cs, byte[] buf, int length) @@ -443,21 +445,23 @@ namespace IKVM.Reflection.Writer private static Guid GenerateModuleVersionId(Stream stream) { - SHA1Managed hash = new SHA1Managed(); - using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write)) + using (var hash = SHA1.Create()) { - stream.Seek(0, SeekOrigin.Begin); - byte[] buf = new byte[8192]; - HashChunk(stream, cs, buf, (int)stream.Length); - } - byte[] bytes = new byte[16]; - Buffer.BlockCopy(hash.Hash, 0, bytes, 0, bytes.Length); - // set GUID type to "version 4" (random) - bytes[7] &= 0x0F; - bytes[7] |= 0x40; - bytes[8] &= 0x3F; - bytes[8] |= 0x80; - return new Guid(bytes); + using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write)) + { + stream.Seek(0, SeekOrigin.Begin); + byte[] buf = new byte[8192]; + HashChunk(stream, cs, buf, (int)stream.Length); + } + byte[] bytes = new byte[16]; + Buffer.BlockCopy(hash.Hash, 0, bytes, 0, bytes.Length); + // set GUID type to "version 4" (random) + bytes[7] &= 0x0F; + bytes[7] |= 0x40; + bytes[8] &= 0x3F; + bytes[8] |= 0x80; + return new Guid(bytes); + } } } } |