From f4587cabe7b32f981ce4b8533de76ed6232e479b Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 24 Mar 2021 10:25:00 -0700 Subject: [PATCH 1/7] Use one shot pbkdf2 --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index d6bd494b1c9c..2ff42f020c65 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -55,10 +55,7 @@ private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationP } var passwordBytes = Encoding.UTF8.GetBytes(password); - using (var rfc = new Rfc2898DeriveBytes(passwordBytes, salt, iterationCount, algorithmName)) - { - return rfc.GetBytes(numBytesRequested); - } + return Rfc2898DeriveBytes.Pbkdf2(passwordBytes, salt, iterationCount, algorithmName, numBytesRequested); } } } From d18c3e9c81895576a4ba0ec995eb10b0416499a1 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 24 Mar 2021 10:32:52 -0700 Subject: [PATCH 2/7] Update NetCorePbkdf2Provider.cs --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index 2ff42f020c65..35d130c2ad5d 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -54,8 +54,7 @@ private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationP throw new ArgumentOutOfRangeException(); } - var passwordBytes = Encoding.UTF8.GetBytes(password); - return Rfc2898DeriveBytes.Pbkdf2(passwordBytes, salt, iterationCount, algorithmName, numBytesRequested); + return Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(password), salt, iterationCount, algorithmName, numBytesRequested); } } } From 17b6ec1adda58ce51278b83665afb455ba1f4d25 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Thu, 25 Mar 2021 14:15:44 -0700 Subject: [PATCH 3/7] CR feedback --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index 35d130c2ad5d..15e1e3cd5e82 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -54,7 +54,9 @@ private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationP throw new ArgumentOutOfRangeException(); } - return Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(password), salt, iterationCount, algorithmName, numBytesRequested); + Span bytes = stackalloc byte[password.Length]; + Encoding.UTF8.GetBytes(password.AsSpan(), bytes); + return Rfc2898DeriveBytes.Pbkdf2(bytes, salt, iterationCount, algorithmName, numBytesRequested); } } } From 56d7f85ed79a6afb706cdae516199b0ededda15e Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Thu, 25 Mar 2021 17:30:12 -0700 Subject: [PATCH 4/7] CR feedback --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index 15e1e3cd5e82..3e43eb868419 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -3,6 +3,7 @@ #if NETCOREAPP using System; +using System.Buffers; using System.Diagnostics; using System.Security.Cryptography; using System.Text; @@ -54,8 +55,10 @@ private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationP throw new ArgumentOutOfRangeException(); } - Span bytes = stackalloc byte[password.Length]; - Encoding.UTF8.GetBytes(password.AsSpan(), bytes); + var maxBytes = Encoding.UTF8.GetMaxByteCount(password.Length); + Span bytes = (maxBytes < 256) ? stackalloc byte[maxBytes] : ArrayPool.Shared.Rent(maxBytes); + var byteCount = Encoding.UTF8.GetBytes(password.AsSpan(), bytes); + bytes.Slice(byteCount); return Rfc2898DeriveBytes.Pbkdf2(bytes, salt, iterationCount, algorithmName, numBytesRequested); } } From d54e81f24c87ebb5f6cc5068ba400becd63de15f Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Thu, 25 Mar 2021 17:33:55 -0700 Subject: [PATCH 5/7] Fix --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index 3e43eb868419..9d27f16d0b69 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -56,9 +56,9 @@ private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationP } var maxBytes = Encoding.UTF8.GetMaxByteCount(password.Length); - Span bytes = (maxBytes < 256) ? stackalloc byte[maxBytes] : ArrayPool.Shared.Rent(maxBytes); + Span bytes = (maxBytes > 256) ? ArrayPool.Shared.Rent(maxBytes) : stackalloc byte[256]; var byteCount = Encoding.UTF8.GetBytes(password.AsSpan(), bytes); - bytes.Slice(byteCount); + bytes = bytes.Slice(0, byteCount); return Rfc2898DeriveBytes.Pbkdf2(bytes, salt, iterationCount, algorithmName, numBytesRequested); } } From a3449e7868652d1a14af828330ca7a7675763eda Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 29 Mar 2021 16:24:45 -0700 Subject: [PATCH 6/7] Just use GetBytes for now --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index 9d27f16d0b69..60e7a90576af 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -55,11 +55,7 @@ private static byte[] DeriveKeyImpl(string password, byte[] salt, KeyDerivationP throw new ArgumentOutOfRangeException(); } - var maxBytes = Encoding.UTF8.GetMaxByteCount(password.Length); - Span bytes = (maxBytes > 256) ? ArrayPool.Shared.Rent(maxBytes) : stackalloc byte[256]; - var byteCount = Encoding.UTF8.GetBytes(password.AsSpan(), bytes); - bytes = bytes.Slice(0, byteCount); - return Rfc2898DeriveBytes.Pbkdf2(bytes, salt, iterationCount, algorithmName, numBytesRequested); + return Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(password), salt, iterationCount, algorithmName, numBytesRequested); } } } From 265bc2bda70f3d48b852905af62483b1ad11ed9b Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 29 Mar 2021 16:28:17 -0700 Subject: [PATCH 7/7] Update NetCorePbkdf2Provider.cs --- .../src/PBKDF2/NetCorePbkdf2Provider.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs index 60e7a90576af..35d130c2ad5d 100644 --- a/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs +++ b/src/DataProtection/Cryptography.KeyDerivation/src/PBKDF2/NetCorePbkdf2Provider.cs @@ -3,7 +3,6 @@ #if NETCOREAPP using System; -using System.Buffers; using System.Diagnostics; using System.Security.Cryptography; using System.Text;