C# 将 SecureString 安全地转换为 UTF-8 byte[]
C# convert SecureString to UTF-8 byte[] securely
我正在尝试将 SecureString 转换为 byte[] 的形式,我可以将其固定在 GC 中,并以 UTF-8 格式编码。我已经成功地做到了这一点,但是使用了 UTF-16(默认编码),但是如果 GC 没有机会在某处创建数据的托管副本(数据需要保持安全)。
这是我目前所掌握的(上下文:计算 SecureString 的哈希值的算法)
public static byte[] Hash(this SecureString secureString, HashAlgorithm hashAlgorithm)
{
IntPtr bstr = Marshal.SecureStringToBSTR(secureString);
int length = Marshal.ReadInt32(bstr, -4);
var utf16Bytes = new byte[length];
GCHandle utf16BytesPin = GCHandle.Alloc(utf16Bytes, GCHandleType.Pinned);
byte[] utf8Bytes = null;
try
{
Marshal.Copy(bstr, utf16Bytes, 0, length);
Marshal.ZeroFreeBSTR(bstr);
// At this point I have the UTF-16 byte[] perfectly.
// The next line works at converting the encoding, but it does nothing
// to protect the data from being spread throughout memory.
utf8Bytes = Encoding.Convert(Encoding.Unicode, Encoding.UTF8, utf16Bytes);
return hashAlgorithm.ComputeHash(utf8Bytes);
}
finally
{
if (utf8Bytes != null)
{
for (var i = 0; i < utf8Bytes.Length; i++)
{
utf8Bytes[i] = 0;
}
}
for (var i = 0; i < utf16Bytes.Length; i++)
{
utf16Bytes[i] = 0;
}
utf16BytesPin.Free();
}
}
进行此转换的最佳方法是什么?我是在正确的位置尝试进行转换,还是应该以某种方式更早进行转换?通过完全跳过 UTF-16 byte[] 步骤可以提高内存效率吗?
您是否考虑过在获取哈希后调用 GC.Collect()?
Forces an immediate garbage collection of all generations.
Use this method to try to reclaim all memory that is inaccessible. It performs a blocking garbage collection of all generations.
All objects, regardless of how long they have been in memory, are considered for collection; however, objects that are referenced in managed code are not collected. Use this method to force the system to try to reclaim the maximum amount of available memory.
根据我在您的代码中看到的情况,它不应保留对转换中使用的对象的任何引用。都应该由GC收集和处理。
我找到了一种按照我想要的方式执行此操作的方法。我这里的代码还没有完成(在失败的情况下需要更好的异常处理和内存管理),但这里是:
[DllImport("kernel32.dll")]
static extern void RtlZeroMemory(IntPtr dst, int length);
public unsafe static byte[] HashNew(this SecureString secureString, HashAlgorithm hashAlgorithm)
{
IntPtr bstr = Marshal.SecureStringToBSTR(secureString);
int maxUtf8BytesCount = Encoding.UTF8.GetMaxByteCount(secureString.Length);
IntPtr utf8Buffer = Marshal.AllocHGlobal(maxUtf8BytesCount);
// Here's the magic:
char* utf16CharsPtr = (char*)bstr.ToPointer();
byte* utf8BytesPtr = (byte*)utf8Buffer.ToPointer();
int utf8BytesCount = Encoding.UTF8.GetBytes(utf16CharsPtr, secureString.Length, utf8BytesPtr, maxUtf8BytesCount);
Marshal.ZeroFreeBSTR(bstr);
var utf8Bytes = new byte[utf8BytesCount];
GCHandle utf8BytesPin = GCHandle.Alloc(utf8Bytes, GCHandleType.Pinned);
Marshal.Copy(utf8Buffer, utf8Bytes, 0, utf8BytesCount);
RtlZeroMemory(utf8Buffer, utf8BytesCount);
Marshal.FreeHGlobal(utf8Buffer);
try
{
return hashAlgorithm.ComputeHash(utf8Bytes);
}
finally
{
for (int i = 0; i < utf8Bytes.Length; i++)
{
utf8Bytes[i] = 0;
}
utf8BytesPin.Free();
}
}
它依赖于获取指向原始 UTF-16 字符串和 UTF-8 缓冲区的指针,然后使用 Encoding.UTF8.GetBytes(Char*, Int32, Byte*, Int32) 将转换保持在非托管内存中。
我正在尝试将 SecureString 转换为 byte[] 的形式,我可以将其固定在 GC 中,并以 UTF-8 格式编码。我已经成功地做到了这一点,但是使用了 UTF-16(默认编码),但是如果 GC 没有机会在某处创建数据的托管副本(数据需要保持安全)。
这是我目前所掌握的(上下文:计算 SecureString 的哈希值的算法)
public static byte[] Hash(this SecureString secureString, HashAlgorithm hashAlgorithm)
{
IntPtr bstr = Marshal.SecureStringToBSTR(secureString);
int length = Marshal.ReadInt32(bstr, -4);
var utf16Bytes = new byte[length];
GCHandle utf16BytesPin = GCHandle.Alloc(utf16Bytes, GCHandleType.Pinned);
byte[] utf8Bytes = null;
try
{
Marshal.Copy(bstr, utf16Bytes, 0, length);
Marshal.ZeroFreeBSTR(bstr);
// At this point I have the UTF-16 byte[] perfectly.
// The next line works at converting the encoding, but it does nothing
// to protect the data from being spread throughout memory.
utf8Bytes = Encoding.Convert(Encoding.Unicode, Encoding.UTF8, utf16Bytes);
return hashAlgorithm.ComputeHash(utf8Bytes);
}
finally
{
if (utf8Bytes != null)
{
for (var i = 0; i < utf8Bytes.Length; i++)
{
utf8Bytes[i] = 0;
}
}
for (var i = 0; i < utf16Bytes.Length; i++)
{
utf16Bytes[i] = 0;
}
utf16BytesPin.Free();
}
}
进行此转换的最佳方法是什么?我是在正确的位置尝试进行转换,还是应该以某种方式更早进行转换?通过完全跳过 UTF-16 byte[] 步骤可以提高内存效率吗?
您是否考虑过在获取哈希后调用 GC.Collect()?
Forces an immediate garbage collection of all generations. Use this method to try to reclaim all memory that is inaccessible. It performs a blocking garbage collection of all generations.
All objects, regardless of how long they have been in memory, are considered for collection; however, objects that are referenced in managed code are not collected. Use this method to force the system to try to reclaim the maximum amount of available memory.
根据我在您的代码中看到的情况,它不应保留对转换中使用的对象的任何引用。都应该由GC收集和处理。
我找到了一种按照我想要的方式执行此操作的方法。我这里的代码还没有完成(在失败的情况下需要更好的异常处理和内存管理),但这里是:
[DllImport("kernel32.dll")]
static extern void RtlZeroMemory(IntPtr dst, int length);
public unsafe static byte[] HashNew(this SecureString secureString, HashAlgorithm hashAlgorithm)
{
IntPtr bstr = Marshal.SecureStringToBSTR(secureString);
int maxUtf8BytesCount = Encoding.UTF8.GetMaxByteCount(secureString.Length);
IntPtr utf8Buffer = Marshal.AllocHGlobal(maxUtf8BytesCount);
// Here's the magic:
char* utf16CharsPtr = (char*)bstr.ToPointer();
byte* utf8BytesPtr = (byte*)utf8Buffer.ToPointer();
int utf8BytesCount = Encoding.UTF8.GetBytes(utf16CharsPtr, secureString.Length, utf8BytesPtr, maxUtf8BytesCount);
Marshal.ZeroFreeBSTR(bstr);
var utf8Bytes = new byte[utf8BytesCount];
GCHandle utf8BytesPin = GCHandle.Alloc(utf8Bytes, GCHandleType.Pinned);
Marshal.Copy(utf8Buffer, utf8Bytes, 0, utf8BytesCount);
RtlZeroMemory(utf8Buffer, utf8BytesCount);
Marshal.FreeHGlobal(utf8Buffer);
try
{
return hashAlgorithm.ComputeHash(utf8Bytes);
}
finally
{
for (int i = 0; i < utf8Bytes.Length; i++)
{
utf8Bytes[i] = 0;
}
utf8BytesPin.Free();
}
}
它依赖于获取指向原始 UTF-16 字符串和 UTF-8 缓冲区的指针,然后使用 Encoding.UTF8.GetBytes(Char*, Int32, Byte*, Int32) 将转换保持在非托管内存中。