(WebCrypto / HTTPServer) : Use stream size for secure checksum + Endianess fix.

GitHubProUser67 · GitHubProUser67 · commit b167014319af · 2024-06-15T20:04:02.000+02:00
diff --git a/BackendServices/CyberBackendLibrary/Crypto/WebCrypto.cs b/BackendServices/CyberBackendLibrary/Crypto/WebCrypto.cs
@@ -405,7 +405,7 @@ public static class WebCrypto
                     .InitiateCTRBuffer(Convert.FromBase64String(Encoding.UTF8.GetString(ByteArrayToDecrypt).Replace("<Secure>", string.Empty).Replace("</Secure>", string.Empty)), Convert.FromBase64String(AccessKey), IV);
         }
 
-        public static string? ProcessSecureCheckum(byte[] inputData, uint initialValue)
+        public static string? ProcessSecureCheckum(byte[] inputData, long initialValue)
         {
             byte currentByte = 0;
             int DataIndex = 0;
@@ -416,7 +416,7 @@ public static class WebCrypto
 
             do
             {
-                currentByte = (byte)(inputData[DataIndex] ^ BitConverter.SingleToInt32Bits(tempFloat));
+                currentByte = (byte)(inputData[DataIndex] ^ BitConverter.SingleToInt32Bits(!BitConverter.IsLittleEndian ? EndianTools.EndianUtils.EndianSwap(tempFloat) : tempFloat));
                 CheckSumBytes[DataIndex] = currentByte;
                 tempFloat = (ChecksumFloatBox[currentByte]) / 
                             (float)(((uint)(ChecksumByteBox[(uint)tempFloat & 0xFF]) << 0x10) |
diff --git a/WebServers/HTTPServer/HttpProcessor.cs b/WebServers/HTTPServer/HttpProcessor.cs
@@ -1106,6 +1106,8 @@ private static void WriteResponse(Stream stream, HttpRequest? request, HttpRespo
                     {
                         string EtagMD5 = ComputeStreamChecksum(response.ContentStream);
 
+                        response.ContentStream.Position = 0;
+
                         if (!string.IsNullOrEmpty(request.Method) && request.Method == "OPTIONS")
                         {
                             response.Headers.Add("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With");
@@ -1704,6 +1706,8 @@ private static void Handle_LocalFile_Stream(Stream stream, HttpRequest request,
                     {
                         string EtagMD5 = ComputeStreamChecksum(response.ContentStream);
 
+                        response.ContentStream.Position = 0;
+
                         if (request.Headers.TryGetValue("If-None-Match", out string? value1) && value1.Equals(EtagMD5))
                         {
                             response.Headers.Clear();
@@ -1977,13 +1981,11 @@ private static string ComputeStreamChecksum(Stream input)
 
             byte[] bytes = MD5.Create().ComputeHash(input);
 
-            input.Position = 0;
-
             StringBuilder builder = new();
             for (int i = 0; i < bytes.Length; i++)
                 builder.Append(bytes[i].ToString("x2"));
 
-            return builder.ToString() + $":{WebCrypto.ProcessSecureCheckum(bytes, 0x5BCD9F0F)}";
+            return builder.ToString() + $":{WebCrypto.ProcessSecureCheckum(bytes, input.Length)}";
         }
 
 #if NET7_0_OR_GREATER

Original file line number	Diff line number	Diff line change
`@@ -405,7 +405,7 @@ public static class WebCrypto`
`405`	`405`	`.InitiateCTRBuffer(Convert.FromBase64String(Encoding.UTF8.GetString(ByteArrayToDecrypt).Replace("<Secure>", string.Empty).Replace("</Secure>", string.Empty)), Convert.FromBase64String(AccessKey), IV);`
`406`	`406`	`}`
`407`	`407`
`408`		`- public static string? ProcessSecureCheckum(byte[] inputData, uint initialValue)`
	`408`	`+ public static string? ProcessSecureCheckum(byte[] inputData, long initialValue)`
`409`	`409`	`{`
`410`	`410`	`byte currentByte = 0;`
`411`	`411`	`int DataIndex = 0;`
`@@ -416,7 +416,7 @@ public static class WebCrypto`
`416`	`416`
`417`	`417`	`do`
`418`	`418`	`{`
`419`		`- currentByte = (byte)(inputData[DataIndex] ^ BitConverter.SingleToInt32Bits(tempFloat));`
	`419`	`+ currentByte = (byte)(inputData[DataIndex] ^ BitConverter.SingleToInt32Bits(!BitConverter.IsLittleEndian ? EndianTools.EndianUtils.EndianSwap(tempFloat) : tempFloat));`
`420`	`420`	`CheckSumBytes[DataIndex] = currentByte;`
`421`	`421`	`tempFloat = (ChecksumFloatBox[currentByte]) /`
`422`	`422`	`(float)(((uint)(ChecksumByteBox[(uint)tempFloat & 0xFF]) << 0x10) \|`
Original file line number	Diff line number	Diff line change
`@@ -1106,6 +1106,8 @@ private static void WriteResponse(Stream stream, HttpRequest? request, HttpRespo`
`1106`	`1106`	`{`
`1107`	`1107`	`string EtagMD5 = ComputeStreamChecksum(response.ContentStream);`
`1108`	`1108`
	`1109`	`+ response.ContentStream.Position = 0;`
	`1110`	`+`
`1109`	`1111`	`if (!string.IsNullOrEmpty(request.Method) && request.Method == "OPTIONS")`
`1110`	`1112`	`{`
`1111`	`1113`	`response.Headers.Add("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With");`
`@@ -1704,6 +1706,8 @@ private static void Handle_LocalFile_Stream(Stream stream, HttpRequest request,`
`1704`	`1706`	`{`
`1705`	`1707`	`string EtagMD5 = ComputeStreamChecksum(response.ContentStream);`
`1706`	`1708`
	`1709`	`+ response.ContentStream.Position = 0;`
	`1710`	`+`
`1707`	`1711`	`if (request.Headers.TryGetValue("If-None-Match", out string? value1) && value1.Equals(EtagMD5))`
`1708`	`1712`	`{`
`1709`	`1713`	`response.Headers.Clear();`
`@@ -1977,13 +1981,11 @@ private static string ComputeStreamChecksum(Stream input)`
`1977`	`1981`
`1978`	`1982`	`byte[] bytes = MD5.Create().ComputeHash(input);`
`1979`	`1983`
`1980`		`- input.Position = 0;`
`1981`		`-`
`1982`	`1984`	`StringBuilder builder = new();`
`1983`	`1985`	`for (int i = 0; i < bytes.Length; i++)`
`1984`	`1986`	`builder.Append(bytes[i].ToString("x2"));`
`1985`	`1987`
`1986`		`- return builder.ToString() + $":{WebCrypto.ProcessSecureCheckum(bytes, 0x5BCD9F0F)}";`
	`1988`	`+ return builder.ToString() + $":{WebCrypto.ProcessSecureCheckum(bytes, input.Length)}";`
`1987`	`1989`	`}`
`1988`	`1990`
`1989`	`1991`	`#if NET7_0_OR_GREATER`