mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs

   1 //
   2 // System.Collections.SecureHashCodeProvider.cs
   3 //
   4 // Authors:
   5 //   Sergey Chaban (serge@wildwestsoftware.com)
   6 //   Andreas Nahr (ClassDevelopment@A-SoftTech.com)
   7 //   Sebastien Pouliot  <sebastien@ximian.com>
   8 //
   9 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
  10 // Copyright 2012 Xamarin, Inc (http://xamarin.com)
  11 //
  12 // Permission is hereby granted, free of charge, to any person obtaining
  13 // a copy of this software and associated documentation files (the
  14 // "Software"), to deal in the Software without restriction, including
  15 // without limitation the rights to use, copy, modify, merge, publish,
  16 // distribute, sublicense, and/or sell copies of the Software, and to
  17 // permit persons to whom the Software is furnished to do so, subject to
  18 // the following conditions:
  19 //
  20 // The above copyright notice and this permission notice shall be
  21 // included in all copies or substantial portions of the Software.
  22 //
  23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  30 //
  31 using System;
  32 using System.Collections;
  33 using System.Globalization;
  34
  35 namespace System.Web.Util
  36 {
  37         class SecureHashCodeProvider : IHashCodeProvider
  38         {
  39                 static readonly SecureHashCodeProvider singletonInvariant = new SecureHashCodeProvider (CultureInfo.InvariantCulture);
  40                 static SecureHashCodeProvider singleton;
  41                 static readonly object sync = new object ();
  42                 static readonly int seed;
  43
  44                 TextInfo m_text; // must match MS name for serialization
  45
  46                 public static SecureHashCodeProvider Default {
  47                         get {
  48                                 lock (sync) {
  49                                         if (singleton == null) {
  50                                                 singleton = new SecureHashCodeProvider ();
  51                                         } else if (singleton.m_text == null) {
  52                                                 if (!AreEqual (CultureInfo.CurrentCulture, CultureInfo.InvariantCulture))
  53                                                         singleton = new SecureHashCodeProvider ();
  54                                         } else if (!AreEqual (singleton.m_text, CultureInfo.CurrentCulture)) {
  55                                                 singleton = new SecureHashCodeProvider ();
  56                                         }
  57                                         return singleton;
  58                                 }
  59                         }
  60                 }
  61
  62                 public static SecureHashCodeProvider DefaultInvariant {
  63                         get { return singletonInvariant; }
  64                 }
  65
  66                 static SecureHashCodeProvider ()
  67                 {
  68                         // It should be enough to fend off the attack described in
  69                         // https://bugzilla.novell.com/show_bug.cgi?id=739119
  70                         // In order to predict value of the seed, the attacker would have to know the exact time when
  71                         // the server process started and since it's a remote attack, this is next to impossible.
  72                         // Using milliseconds instead of ticks here would make it easier for the attackers since there
  73                         // would only be as many as 1000 possible values
  74                         seed = (int)DateTime.UtcNow.Ticks;
  75                 }
  76
  77                 // Public instance constructor
  78                 public SecureHashCodeProvider ()
  79                 {
  80                         CultureInfo culture = CultureInfo.CurrentCulture;
  81                         if (!AreEqual (culture, CultureInfo.InvariantCulture))
  82                                 m_text = CultureInfo.CurrentCulture.TextInfo;
  83                 }
  84
  85                 public SecureHashCodeProvider (CultureInfo culture)
  86                 {
  87                         if (culture == null)
  88                                 throw new ArgumentNullException ("culture");
  89                         if (!AreEqual (culture, CultureInfo.InvariantCulture))
  90                                 m_text = culture.TextInfo;
  91                 }
  92
  93                 static bool AreEqual (CultureInfo a, CultureInfo b)
  94                 {
  95                         return a.LCID == b.LCID;
  96                 }
  97
  98                 static bool AreEqual (TextInfo info, CultureInfo culture)
  99                 {
 100                         return info.LCID == culture.LCID;
 101                 }
 102
 103                 public int GetHashCode (object obj)
 104                 {
 105                         if (obj == null)
 106                                 throw new ArgumentNullException ("obj");
 107
 108                         string str = obj as string;
 109
 110                         if (str == null)
 111                                 return obj.GetHashCode ();
 112
 113                         int h = seed;
 114                         char c;
 115
 116                         if ((m_text != null) && !AreEqual (m_text, CultureInfo.InvariantCulture)) {
 117                                 str = m_text.ToLower (str);
 118                                 for (int i = 0; i < str.Length; i++) {
 119                                         c = str [i];
 120                                         h = h * 31 + c;
 121                                 }
 122                         } else {
 123                                 for (int i = 0; i < str.Length; i++) {
 124                                         c = Char.ToLower (str [i], CultureInfo.InvariantCulture);
 125                                         h = h * 31 + c;
 126                                 }
 127                         }
 128                         return h;
 129                 }
 130         }
 131 }