SymmetricSecurityKey needs 32 bytes

halter73 · halter73 · commit 4c5ec382f232 · 2024-01-09T16:52:11.000-08:00
- This could also be worked around with an AppContext switch: "Switch.Microsoft.IdentityModel.UnsafeRelaxHmacKeySizeValidation" - See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/IDX10720 for more info
diff --git a/src/SignalR/common/Http.Connections/test/HttpConnectionDispatcherTests.cs b/src/SignalR/common/Http.Connections/test/HttpConnectionDispatcherTests.cs
@@ -13,6 +13,7 @@
 using System.Net.Http;
 using System.Net.WebSockets;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Security.Principal;
 using System.Text;
 using System.Threading;
@@ -2762,7 +2763,7 @@ public async Task ConnectionClosedRequestedTriggeredOnAuthExpiration()
         [InlineData(HttpTransportType.WebSockets)]
         public async Task AuthenticationExpirationSetOnAuthenticatedConnectionWithJWT(HttpTransportType transportType)
         {
-            SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(Guid.NewGuid().ToByteArray());
+            SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(SHA256.HashData(Guid.NewGuid().ToByteArray()));
             JwtSecurityTokenHandler JwtTokenHandler = new JwtSecurityTokenHandler();
 
             using var host = CreateHost(services =>
@@ -2924,7 +2925,7 @@ public async Task AuthenticationExpirationSetOnAuthenticatedConnectionWithCookie
         [InlineData(HttpTransportType.WebSockets)]
         public async Task AuthenticationExpirationUsesCorrectScheme(HttpTransportType transportType)
         {
-            var SecurityKey = new SymmetricSecurityKey(Guid.NewGuid().ToByteArray());
+            var SecurityKey = new SymmetricSecurityKey(SHA256.HashData(Guid.NewGuid().ToByteArray()));
             var JwtTokenHandler = new JwtSecurityTokenHandler();
 
             using var host = CreateHost(services =>
diff --git a/src/SignalR/samples/JwtSample/Startup.cs b/src/SignalR/samples/JwtSample/Startup.cs
@@ -18,7 +18,7 @@ namespace JwtSample
 {
     public class Startup
     {
-        private readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(RandomNumberGenerator.GetBytes(16));
+        private readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(RandomNumberGenerator.GetBytes(32));
         private readonly JwtSecurityTokenHandler JwtTokenHandler = new JwtSecurityTokenHandler();
 
         public void ConfigureServices(IServiceCollection services)
diff --git a/src/SignalR/server/SignalR/test/Startup.cs b/src/SignalR/server/SignalR/test/Startup.cs
@@ -5,6 +5,7 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.IO;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
@@ -18,7 +19,7 @@ namespace Microsoft.AspNetCore.SignalR.Tests
 {
     public class Startup
     {
-        private readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(Guid.NewGuid().ToByteArray());
+        private readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(SHA256.HashData(Guid.NewGuid().ToByteArray()));
         private readonly JwtSecurityTokenHandler JwtTokenHandler = new JwtSecurityTokenHandler();
 
         public void ConfigureServices(IServiceCollection services)

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ namespace JwtSample`
`18`	`18`	`{`
`19`	`19`	`public class Startup`
`20`	`20`	`{`
`21`		`- private readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(RandomNumberGenerator.GetBytes(16));`
	`21`	`+ private readonly SymmetricSecurityKey SecurityKey = new SymmetricSecurityKey(RandomNumberGenerator.GetBytes(32));`
`22`	`22`	`private readonly JwtSecurityTokenHandler JwtTokenHandler = new JwtSecurityTokenHandler();`
`23`	`23`
`24`	`24`	`public void ConfigureServices(IServiceCollection services)`