forked from dotnet/android
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Xamarin.Android.Build.Tasks] use CRC64 over SHA1 and MD5
Context: dotnet#1580 Bump to xamarin/java.interop/master@397013ed Changes: dotnet/java-interop@be6048e...397013e Use of MD5 results in an inability to use Xamarin.Android on FIPS-enabled machines, because when the **System cryptography: [Use FIPS compliant algorithms][0] for encryption, hashing, and signing** setting is enabled on Windows: !['Use Fips compliant algorithms' setting][1] then the `System.Security.Cryptography.MD5.Create()` method will throw `InvalidOperationException`. In order to support FIPS-enabled machines, use a 64-bit [Cyclic redundancy check][2] algorithm (CRC64) to instead generate the Java package names, e.g. `crc64aae7d955a89b38db.Name` and `crc64217c8705f00a5054.Name`. A simple implementation using a lookup table will suffice for our purposes, ported to C# from: https://github.com/gityf/crc/blob/8045f50ba6e4193d4ee5d2539025fef26e613c9f/crc/crc64.c The use of CRC64 avoids the use of MD5, thus permitting execution on FIPS-enabled Windows machines, and also results in *shorter* directory names -- as the Java package name is a directory name -- which helps reduce Windows `MAX_PATH` issues. ~~ Changes so far ~~ All usage of `MD5.Create()` or `new SHA1Managed()` have been either: * Switched to use `new Crc64()` * Used `Files.HashString` if more appropriate Calls to `jarsigner` now use: -sigalg SHA256withRSA -digestalg SHA-256 The previous default can be restored via `$(AndroidApkSigningAlgorithm)` and `$(AndroidApkDigestAlgorithm)` MSBuild properties. [0]: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing [1]: https://user-images.githubusercontent.com/24926263/38981221-7e0bf7c4-43dc-11e8-8f16-9b6d284a55fb.PNG [2]: https://en.wikipedia.org/wiki/Cyclic_redundancy_check
- Loading branch information
1 parent
a8b8c81
commit 180a75d
Showing
22 changed files
with
123 additions
and
139 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule Java.Interop
updated
from be6048 to 397013
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.