Movatterモバイル変換

Skip to content

dotnet/runtimePublic

NotificationsYou must be signed in to change notification settings
Fork5.1k
Star16.6k

Refactor Rfc2898DeriveBytes to support spans#71888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged

vcsjones merged 2 commits intodotnet:mainfromvcsjones:pbkdf2-managed-less-alloc

Jul 12, 2022

Merged

Refactor Rfc2898DeriveBytes to support spans#71888

vcsjones merged 2 commits intodotnet:mainfromvcsjones:pbkdf2-managed-less-alloc

Jul 12, 2022

Conversation

vcsjones

Copy link

Member

vcsjones commentedJul 9, 2022

Since the managedRfc2898DeriveBytes is used to implement the one-shots on some platforms, this changes the internals of it to better support spans.

I took this approach as an alternative to a pure one-shot managed PBKDF2 implementation to use as much existing, battle tested code as possible to increase the chances that it will be taken in time for .NET 7.

I investigated using the native PBKDF2 capabilities for Android and determined that unfortunately Android's APIs are not suitable for our needs for two reasons. First, it requires API Level 26 for SHA2 PBKDF2, which means we would still need the managed fallback since we support older Android versions. Second, it operates entirely onChar[] passwords, notByte[]. We can't feed arbitrary bytes in to Java character arrays.

@vcsjones

Refactor Rfc2898DeriveBytes to support spans

dce3860

@ghost

ghost added the area-System.Security label

@ghost

ghost assignedvcsjones

@ghost

Copy link

ghost commentedJul 9, 2022

Tagging subscribers to this area: @dotnet/area-system-security,@vcsjones
See info inarea-owners.md if you want to be subscribed.

Issue Details

Since the managedRfc2898DeriveBytes is used to implement the one-shots on some platforms, this changes the internals of it to better support spans.

I took this approach as an alternative to a pure one-shot managed PBKDF2 implementation to use as much existing, battle tested code as possible to increase the chances that it will be taken in time for .NET 7.

I investigated using the native PBKDF2 capabilities for Android and determined that unfortunately Android's APIs are not suitable for our needs for two reasons. First, it requires API Level 26 for SHA2 PBKDF2, which means we would still need the managed fallback since we support older Android versions. Second, it operates entirely onChar[] passwords, notByte[]. We can't feed arbitrary bytes in to Java character arrays.

Author:	vcsjones
Assignees:	-
Labels:	`area-System.Security`
Milestone:	-

bartonjs

bartonjs reviewed

View reviewed changes

...ibraries/System.Security.Cryptography/src/System/Security/Cryptography/Rfc2898DeriveBytes.cs OutdatedShow resolvedHide resolved

@vcsjones

Code review feedback

14973c7

bartonjs

bartonjs approved these changes

View reviewed changes

@vcsjones

Copy link

MemberAuthor

vcsjones commentedJul 12, 2022

WASM failures are#71986. Merging.

@vcsjones

vcsjones merged commitc7613b6 intodotnet:main

@vcsjones

vcsjones deleted the pbkdf2-managed-less-alloc branch

July 12, 2022 02:11

stephentoub

stephentoub reviewed

View reviewed changes

...ibraries/System.Security.Cryptography/src/System/Security/Cryptography/Rfc2898DeriveBytes.csShow resolvedHide resolved

@runfoapp

runfoappbot mentioned this pull request

System.Runtime.InteropServices.JavaScript.Tests.JSImportExportTest.JSImportObject#71990

Closed

@ghost

ghost locked asresolvedand limited conversation to collaborators

Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.

Labels

area-System.Security

3 participants

@vcsjones

@stephentoub

@bartonjs

[8]ページ先頭

©2009-2025 Movatter.jp