SharpHash - Full hashing library

[ron4fun]

SharpHash is a C# hashing library that provides a fluent interface for computing hashes and checksums of strings, files, streams, bytearrays and untyped data to mention but a few.

It also supports Incremental Hashing, Cloning and NullDigest.

Available Algorithms
----------------------------------------

Hashes
----------------------------------------
Cyclic Redundancy Checks

• All CRC Variants from CRC3 to CRC64

Checksums

• Adler32

Non-Cryptographic Hash Functions
----------------------------------------

32 bit hashes

• AP
• BKDR
• Bernstein
• Bernstein1
• DEK
• DJB
• ELF
• FNV
• FNV1a
• JS
• Jenkins3
• Murmur2
• MurmurHash3_x86_32
• OneAtTime
• PJW
• RS
• Rotating
• SDBM
• ShiftAndXor
• SuperFast
• XXHash32

64 bit hashes

• FNV64
• FNV1a64
• Murmur2_64
• SipHash2_4
• XXHash64

128 bit hashes

• MurmurHash3_x86_128
• MurmurHash3_x64_128

Cryptographic Hash Functions
----------------------------------------

• MD2
• MD4
• MD5
• SHA-0
• SHA-1
• SHA-2 (224, 256, 384, 512, 512-224, 512-256)
• GOST 34.11-94
• GOST R 34.11-2012 (AKA Streebog) (256, 512)
• Grindahl (256, 512)
• HAS160
• RIPEMD (128, 256, 256, 320)
• Tiger (128, 160, 192 (Rounds 3, 4, 5))
• Tiger2 (128, 160, 192 (Rounds 3, 4, 5))
• Snefru (128, 256)
• Haval (128, 160, 192, 224, 256 (Rounds 3, 4, 5))
• Panama
• RadioGatun (RadioGatun32, RadioGatun64)
• WhirlPool
• Blake2B (160, 256, 384, 512)
• Blake2S (128, 160, 224, 256)
• SHA-3 (224, 256, 384, 512)
• Keccak (224, 256, 288, 384, 512)

Key Derivation Functions
----------------------------------------

Password Hashing Schemes (Password Based Key Derivation Functions)

----------------------------------------

• PBKDF2
• Argon2 (2i, 2d and 2id variants)
• Scrypt

MAC
----------------------------------------

• HMAC (all supported hashes)
• KMAC (KMAC128, KMAC256)

XOF (Extendable Output Function)
----------------------------------------

• Shake (Shake-128, Shake-256)
• CShake (CShake-128, CShake-256)
• Blake2X (Blake2XS, Blake2XB)
• KMACXOF (KMAC128XOF, KMAC256XOF)

Check out the repo:

ron4fun/SharpHash

SharpHash is a C# hashing library which provides an easy to use interface for computing hashes and checksums of data. It also supports state based (incremental) hashing. - ron4fun/SharpHash

github.com

 

[Skydiver]

Really? How are we supposed to trust this library for secure hash implementations if something as basic as toUpper() is incorrect?

See Converters.toUpper():

        public unsafe static void toUpper(ref byte[] value)
        {
            if (value == null) return;

            for (int i = 0; i < value.Length; i++)
            {
                char c = (char)value[i];
                value[i] = (byte)char.ToLower(c);
            } // end for

        } // end function toUpper

 

[ron4fun]

Really? How are we supposed to trust this library for secure hash implementations if something as basic as toUpper() is incorrect?

See Converters.toUpper():

        public unsafe static void toUpper(ref byte[] value)
        {
            if (value == null) return;

            for (int i = 0; i < value.Length; i++)
            {
                char c = (char)value[i];
                value[i] = (byte)char.ToLower(c);
            } // end for

        } // end function toUpper

first of all, thanks for your response.
as regards the error you specified, it was a typo one. ?
Also, you can trust the library because there are appropriate test vectors for all supported hashes.

Regards.

 

[Skydiver]

I would say your test coverage is lacking considering that the code for this method is one among one of the first few commits into your repository from what I can see in the git log.

 

[ron4fun]

That code was never planned to be used in the first place.
It has been removed in the latest commits.
Once again, I do need you to understand that this project is a WIP and aims to be a top notch library in due time.
I appreciate this constructive criticism as it will help me improve the codebase as I work on it. ?
Thanks once again for your insights in the codebase and taking time out to go through it.

Regards.

 

[Skydiver]

It may help if you put that info in the readme. Right now your readme makes thing sound like it is production ready.

Also explaining where the original code came from, as well as the design philosophy/goals may help. I keep wondering why you are not using the .NET Framework's existing HashAlgorithm abstract class, or why your readme is saying that the interfaces fluent, but I'm not seeing an obvious way to chain the interface methods together.

 

[ron4fun]

As to why I am not using the HashAlgorithm abstract class, unfortunately it doesn't provide me with the flexibility I wish to have in the project.
In the future, I might provide a proxy class that will allow users adapt the Hash class to work with the HashAlgorithm class.

 

[Skydiver]

From my reading of the various bits of code, it looks like you ported the HashLib4Pascal to C# (as well as C++ in your other project). If that is true, then you have to comply with the license agreement of the original project. The MIT license for that original project says this:

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

 

[ron4fun]

I have updated the license file appropriately.
Please, take a look to see if its okay.

LICENSE

Regards.

 

[Skydiver]

Not quite... I am not a lawyer, but I don't think that is how "Exhibit B" of the MPL 2.0 is for. Personally, I think that under Exhibit A, you need to acknowledge the original copyright holder since you are make derivative work. I think that it should go under Exhibit A because the MIT license is compatible with the MPL. Exhibit B is meant to be for stuff that is not compatible.

I believe that this is what the phrase "You may add additional accurate notices of copyright ownership." in Exhibit A means -- for you to add the copyrights of the original authors, as well as your own since you are creating a derivative work.

I recommend asking the MPL folks for what is the best way to incorporate MIT licensed code. They will likely have the appropriate legal expertise to help you.

 

[NoUserHere]

Licences are wrote by people in the legal profession, and they often have a play on words which generally enshrines public understanding to be at a minimum when their play on words are grammatically scrupulously written and ordered to read one way in English to you and i, and to a law society, or anyone in a legal profession, it says something completely different. Let me give you a vague concept;

If a legal document states that you must understand the contract which you hereby abide too by agreeing with it. The word understand can mean that you must stand under the contract. In law that would mean you are giving up your rights to be governed by the terms and conditions of that contract to the licensor or licensing body for the principle time you obtain a product or service from them. It was actually some friends of mine who run a legal aid team who put me wide to this stuff many years ago. So you need to be very careful not to infringe on any of the current licences terms and conditions.

These licences have many wordings which constantly uses a play on words to deliberately read as English (often confusingly), but have different legal definitions entirely, and they always seem straight forward, but they're not. My advice to you is not to be asking for legal advice on a forum, especially a programming forum, and to seek the help of your own legal aid and get the opinion of them regarding any contract licences you need to accept in order to acquire, use, edit, redevelop, redistribute a product that was or was not initially yours to begin with. Lastly, your own licence does not cover you or anyone who uses your product legally, nor does it hold any weight legally against another license you choose to ignore while acquiring their work. Unless you comply with All licenses involved, you are breaching rights and possibly infringing on copyrights etc.

 

[ron4fun]

Thanks guys. I am going to look into finding the most suitable license without infringing on anyone's right.

Regards.

 

[NoUserHere]

You're welcome. But I hope you do that by seeking professional legal advice, and nothing else for your sake.

 

[DemarcPoint]

Greetings,

This is a great project; thank you. However I've been looking at PBKDF2 and was wondering if you had any code for a "IsValidPassword" function? Didn't really notice any example coding to verify passwords.

 

[Skydiver]

Huh? It looks like you were just looking to copy and paste some code rather than taking time to understand what PBKDF2 does. Checking to see if a password is valid is simply a matter of checking if the derived key computed from a candidate password matches the derived key that was computed when the real password was entered. So in pseudo-code:

During user registration or change password time:

derivedKey = PBKDF2(..., newPassword, ...);
store derivedKey in database

During user logon:
During user registration or change password time:

derivedKey = PBKDF2(..., password, ...);
search database for matching user and derived key
if no match then password is invalid