dotnet
diff --git a/‎src/System.Security.Cryptography.Algorithms/src/Internal/Cryptography/HashProvider.cs renamed to ‎src/Common/src/Internal/Cryptography/HashProvider.cs
Lines changed: 8 additions & 1 deletion b/‎src/System.Security.Cryptography.Algorithms/src/Internal/Cryptography/HashProvider.cs renamed to ‎src/Common/src/Internal/Cryptography/HashProvider.cs
Lines changed: 8 additions & 1 deletion
diff --git a/‎src/Common/src/Internal/Cryptography/HashProviderCng.cs
Lines changed: 147 additions & 0 deletions b/‎src/Common/src/Internal/Cryptography/HashProviderCng.cs
Lines changed: 147 additions & 0 deletions
diff --git a/‎src/Common/src/Interop/Windows/BCrypt/BCryptAlgorithmCache.cs
Lines changed: 69 additions & 0 deletions b/‎src/Common/src/Interop/Windows/BCrypt/BCryptAlgorithmCache.cs
Lines changed: 69 additions & 0 deletions
diff --git a/‎src/Common/src/Interop/Windows/BCrypt/Cng.cs
Lines changed: 0 additions & 66 deletions b/‎src/Common/src/Interop/Windows/BCrypt/Cng.cs
Lines changed: 0 additions & 66 deletions
diff --git a/‎src/Common/src/Interop/Windows/BCrypt/Interop.BCryptCloseAlgorithmProvider.cs
Lines changed: 16 additions & 0 deletions b/‎src/Common/src/Interop/Windows/BCrypt/Interop.BCryptCloseAlgorithmProvider.cs
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/Common/src/Interop/Windows/BCrypt/Interop.BCryptCreateHash.cs
Lines changed: 25 additions & 0 deletions b/‎src/Common/src/Interop/Windows/BCrypt/Interop.BCryptCreateHash.cs
Lines changed: 25 additions & 0 deletions
diff --git a/‎src/Common/src/Interop/Windows/BCrypt/Interop.BCryptDestroyHash.cs
Lines changed: 16 additions & 0 deletions b/‎src/Common/src/Interop/Windows/BCrypt/Interop.BCryptDestroyHash.cs
Lines changed: 16 additions & 0 deletions
@@ -9,7 +9,7 @@ namespace Internal.Cryptography
     //
     // This abstract class represents a reusable hash object and can wrap a CNG or WinRT hash object.
     //
-    internal abstract class HashProvider
+    internal abstract class HashProvider : IDisposable
     {
         // Adds new data to be hashed. This can be called repeatedly in order to hash data from incontiguous sources.
         public void AppendHashData(byte[] data, int offset, int count)
@@ -41,6 +41,13 @@ public void AppendHashData(byte[] data, int offset, int count)
         // Returns the length of the byte array returned by FinalizeHashAndReset.
         public abstract int HashSizeInBytes { get; }
 
+        // Releases any native resources and keys used by the HashProvider.
+        public void Dispose()
+        {
+            Dispose(true);
+            GC.SuppressFinalize(this);
+        }
+
         // Releases any native resources and keys used by the HashProvider.
         public abstract void Dispose(bool disposing);
     }
 
@@ -0,0 +1,147 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Security.Cryptography;
+
+using Microsoft.Win32.SafeHandles;
+using NTSTATUS = Interop.BCrypt.NTSTATUS;
+using BCryptOpenAlgorithmProviderFlags = Interop.BCrypt.BCryptOpenAlgorithmProviderFlags;
+using BCryptCreateHashFlags = Interop.BCrypt.BCryptCreateHashFlags;
+
+namespace Internal.Cryptography
+{
+    //
+    // Provides hash services via the native provider (CNG). 
+    //
+    internal sealed class HashProviderCng : HashProvider
+    {
+        //
+        //   - "hashAlgId" must be a name recognized by BCryptOpenAlgorithmProvider(). Examples: MD5, SHA1, SHA256.
+        //
+        //   - "key" activates MAC hashing if present. If null, this HashProvider performs a regular old hash.
+        //
+        public HashProviderCng(string hashAlgId, byte[] key)
+        {
+            BCryptOpenAlgorithmProviderFlags dwFlags = BCryptOpenAlgorithmProviderFlags.None;
+            if (key != null)
+            {
+                _key = key.CloneByteArray();
+                dwFlags |= BCryptOpenAlgorithmProviderFlags.BCRYPT_ALG_HANDLE_HMAC_FLAG;
+            }
+
+            _hAlgorithm = Interop.BCrypt.BCryptAlgorithmCache.GetCachedBCryptAlgorithmHandle(hashAlgId, dwFlags);
+
+            SafeBCryptHashHandle hHash = null;
+            NTSTATUS ntStatus = Interop.BCrypt.BCryptCreateHash(_hAlgorithm, out hHash, IntPtr.Zero, 0, key, key == null ? 0 : key.Length, BCryptCreateHashFlags.BCRYPT_HASH_REUSABLE_FLAG);
+            if (ntStatus == NTSTATUS.STATUS_INVALID_PARAMETER)
+            {
+                // If we got here, we're running on a downlevel OS (pre-Win8) that doesn't support reusable CNG hash objects. Fall back to creating a 
+                // new HASH object each time.
+                ResetHashObject();
+            }
+            else if (ntStatus != NTSTATUS.STATUS_SUCCESS)
+            {
+                throw Interop.BCrypt.CreateCryptographicException(ntStatus);
+            }
+            else
+            {
+                _hHash = hHash;
+                _reusable = true;
+            }
+
+            unsafe
+            {
+                int cbSizeOfHashSize;
+                int hashSize;
+                ntStatus = Interop.BCrypt.BCryptGetProperty(hHash, Interop.BCrypt.BCryptPropertyStrings.BCRYPT_HASH_LENGTH, &hashSize, sizeof(int), out cbSizeOfHashSize, 0);
+                if (ntStatus != NTSTATUS.STATUS_SUCCESS)
+                    throw Interop.BCrypt.CreateCryptographicException(ntStatus);
+                _hashSize = hashSize;
+            }
+            return;
+        }
+
+        public sealed override void AppendHashDataCore(byte[] data, int offset, int count)
+        {
+            unsafe
+            {
+                fixed (byte* pRgb = data)
+                {
+                    NTSTATUS ntStatus = Interop.BCrypt.BCryptHashData(_hHash, pRgb + offset, count, 0);
+                    if (ntStatus != NTSTATUS.STATUS_SUCCESS)
+                        throw Interop.BCrypt.CreateCryptographicException(ntStatus);
+                }
+            }
+        }
+
+        public sealed override byte[] FinalizeHashAndReset()
+        {
+            byte[] hash = new byte[_hashSize];
+            NTSTATUS ntStatus = Interop.BCrypt.BCryptFinishHash(_hHash, hash, hash.Length, 0);
+            if (ntStatus != NTSTATUS.STATUS_SUCCESS)
+                throw Interop.BCrypt.CreateCryptographicException(ntStatus);
+
+            ResetHashObject();
+            return hash;
+        }
+
+        public sealed override void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                DestroyHash();
+                if (_key != null)
+                {
+                    byte[] key = _key;
+                    _key = null;
+                    Array.Clear(key, 0, key.Length);
+                }
+            }
+        }
+
+        public sealed override int HashSizeInBytes
+        {
+            get
+            {
+                return _hashSize;
+            }
+        }
+
+        private void ResetHashObject()
+        {
+            if (_reusable)
+                return;
+            DestroyHash();
+
+            SafeBCryptHashHandle hHash;
+            NTSTATUS ntStatus = Interop.BCrypt.BCryptCreateHash(_hAlgorithm, out hHash, IntPtr.Zero, 0, _key, _key == null ? 0 : _key.Length, BCryptCreateHashFlags.None);
+            if (ntStatus != NTSTATUS.STATUS_SUCCESS)
+                throw Interop.BCrypt.CreateCryptographicException(ntStatus);
+
+            _hHash = hHash;
+        }
+
+        private void DestroyHash()
+        {
+            SafeBCryptHashHandle hHash = _hHash;
+            _hHash = null;
+            if (hHash != null)
+            {
+                hHash.Dispose();
+            }
+
+            // Not disposing of _hAlgorithm as we got this from a cache. So it's not ours to Dispose().
+        }
+
+        private readonly SafeBCryptAlgorithmHandle _hAlgorithm;
+        private SafeBCryptHashHandle _hHash;
+        private byte[] _key;
+        private readonly bool _reusable;
+
+        private readonly int _hashSize;
+    }
+}
+
+
@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Collections.Generic;
+using System.Security.Cryptography;
+
+using Microsoft.Win32.SafeHandles;
+
+internal partial class Interop
+{
+    internal partial class BCrypt
+    {
+        internal static class BCryptAlgorithmCache
+        {
+            /// <summary>
+            ///     Return a SafeBCryptAlgorithmHandle of the desired algorithm and flags. This is a shared handle so do not dispose it!
+            /// </summary>
+            public static SafeBCryptAlgorithmHandle GetCachedBCryptAlgorithmHandle(string hashAlgorithmId, BCryptOpenAlgorithmProviderFlags flags)
+            {
+                // There aren't that many hash algorithms around so rather than use a LowLevelDictionary and guard it with a lock,
+                // we'll use a simple list. To avoid locking, we'll recreate the entire list each time an entry is added and replace it atomically.
+                //
+                // This does mean that on occasion, racing threads may create two handles of the same type, but this is ok.
+    
+                // Latch the _cache value into a local so we aren't disrupted by concurrent changes to it.
+                Entry[] cache = _cache;
+                foreach (Entry entry in cache)
+                {
+                    if (entry.HashAlgorithmId == hashAlgorithmId && entry.Flags == flags)
+                        return entry.Handle;
+                }
+    
+                SafeBCryptAlgorithmHandle safeBCryptAlgorithmHandle;
+                NTSTATUS ntStatus = Interop.BCrypt.BCryptOpenAlgorithmProvider(out safeBCryptAlgorithmHandle, hashAlgorithmId, null, flags);
+                if (ntStatus != NTSTATUS.STATUS_SUCCESS)
+                    throw Interop.BCrypt.CreateCryptographicException(ntStatus);
+    
+                Entry[] newCache = new Entry[cache.Length + 1];
+                Entry newEntry = new Entry(hashAlgorithmId, flags, safeBCryptAlgorithmHandle);
+                Array.Copy(cache, newCache, cache.Length);
+                newCache[newCache.Length - 1] = newEntry;
+    
+                // Atomically overwrite the cache with our new cache. It's possible some other thread raced to add a new entry with us - if so, one of the new entries
+                // will be lost and the next guy that requests it will have to allocate it again. That's considered acceptable collateral damage.
+                _cache = newCache;
+                return newEntry.Handle;
+            }
+    
+            private static volatile Entry[] _cache = Array.Empty<Entry>();
+    
+            private struct Entry
+            {
+                public Entry(string hashAlgorithmId, BCryptOpenAlgorithmProviderFlags flags, SafeBCryptAlgorithmHandle handle)
+                    : this()
+                {
+                    HashAlgorithmId = hashAlgorithmId;
+                    Flags = flags;
+                    Handle = handle;
+                }
+    
+                public string HashAlgorithmId { get; private set; }
+                public BCryptOpenAlgorithmProviderFlags Flags { get; private set; }
+                public SafeBCryptAlgorithmHandle Handle { get; private set; }
+            }
+        }
+    }
+}
@@ -77,58 +77,6 @@ public static SafeAlgorithmHandle BCryptOpenAlgorithmProvider(String pszAlgId, S
             return hAlgorithm;
         }
 
-        public static SafeHashHandle BCryptCreateHash(this SafeAlgorithmHandle hAlgorithm, byte[] pbSecret, int dwFlags)
-        {
-            SafeHashHandle hHash = null;
-            NTSTATUS ntStatus = Interop.BCryptCreateHash(hAlgorithm, out hHash, IntPtr.Zero, 0, pbSecret, pbSecret == null ? 0 : pbSecret.Length, dwFlags);
-            if (ntStatus != NTSTATUS.STATUS_SUCCESS)
-                throw CreateCryptographicException(ntStatus);
-            return hHash;
-        }
-
-        public static SafeHashHandle BCryptTryCreateReusableHash(this SafeAlgorithmHandle hAlgorithm, byte[] pbSecret)
-        {
-            const int BCRYPT_HASH_REUSABLE_FLAG = 0x00000020;
-
-            SafeHashHandle hHash = null;
-            NTSTATUS ntStatus = Interop.BCryptCreateHash(hAlgorithm, out hHash, IntPtr.Zero, 0, pbSecret, pbSecret == null ? 0 : pbSecret.Length, BCRYPT_HASH_REUSABLE_FLAG);
-            if (ntStatus == NTSTATUS.STATUS_INVALID_PARAMETER)
-                return null;  // Pre-Win8 OS's do not support BCRYPT_HASH_REUSABLE_FLAG.
-            if (ntStatus != NTSTATUS.STATUS_SUCCESS)
-                throw CreateCryptographicException(ntStatus);
-            return hHash;
-        }
-
-        public static unsafe void BCryptHashData(this SafeHashHandle hHash, byte* pbInput, int cbInput)
-        {
-            NTSTATUS ntStatus = Interop.BCryptHashData(hHash, pbInput, cbInput, 0);
-            if (ntStatus != NTSTATUS.STATUS_SUCCESS)
-                throw CreateCryptographicException(ntStatus);
-            return;
-        }
-
-        public static byte[] BCryptFinishHash(this SafeHashHandle hHash, int cbHashSize)
-        {
-            byte[] hash = new byte[cbHashSize];
-            NTSTATUS ntStatus = Interop.BCryptFinishHash(hHash, hash, cbHashSize, 0);
-            if (ntStatus != NTSTATUS.STATUS_SUCCESS)
-                throw CreateCryptographicException(ntStatus);
-            return hash;
-        }
-
-        public static int GetHashSizeInBytes(this SafeHashHandle hHash)
-        {
-            unsafe
-            {
-                int cbSizeOfHashSize;
-                int hashSize;
-                NTSTATUS ntStatus = Interop.BCryptGetProperty(hHash, BCryptGetPropertyStrings.BCRYPT_HASH_LENGTH, (byte*)&hashSize, 4, out cbSizeOfHashSize, 0);
-                if (ntStatus != NTSTATUS.STATUS_SUCCESS)
-                    throw CreateCryptographicException(ntStatus);
-                return hashSize;
-            }
-        }
-
         public static SafeKeyHandle BCryptImportKey(this SafeAlgorithmHandle hAlg, byte[] key)
         {
             unsafe
@@ -274,21 +222,8 @@ private static class Interop
             [DllImport(CngDll, CharSet = CharSet.Unicode)]
             public static extern NTSTATUS BCryptOpenAlgorithmProvider(out SafeAlgorithmHandle phAlgorithm, String pszAlgId, String pszImplementation, int dwFlags);
 
-            [DllImport(CngDll, CharSet = CharSet.Unicode)]
-            public static extern NTSTATUS BCryptCreateHash(SafeAlgorithmHandle hAlgorithm, out SafeHashHandle phHash, IntPtr pbHashObject, int cbHashObject, [In, Out] byte[] pbSecret, int cbSecret, int dwFlags);
-
-            [DllImport(CngDll, CharSet = CharSet.Unicode)]
-            public static extern unsafe NTSTATUS BCryptHashData(SafeHashHandle hHash, byte* pbInput, int cbInput, int dwFlags);
-
-            [DllImport(CngDll, CharSet = CharSet.Unicode)]
-            public static extern NTSTATUS BCryptFinishHash(SafeHashHandle hHash, [Out] byte[] pbOutput, int cbOutput, int dwFlags);
-
-            [DllImport(CngDll, CharSet = CharSet.Unicode)]
-            public static extern unsafe NTSTATUS BCryptGetProperty(SafeBCryptHandle hObject, String pszProperty, byte* pbOutput, int cbOutput, out int pcbResult, int dwFlags);
-
             [DllImport(CngDll, CharSet = CharSet.Unicode)]
             public static extern unsafe NTSTATUS BCryptSetProperty(SafeAlgorithmHandle hObject, String pszProperty, String pbInput, int cbInput, int dwFlags);
-
             [DllImport(CngDll, CharSet = CharSet.Unicode)]
             public static extern NTSTATUS BCryptImportKey(SafeAlgorithmHandle hAlgorithm, IntPtr hImportKey, String pszBlobType, out SafeKeyHandle hKey, IntPtr pbKeyObject, int cbKeyObject, byte[] pbInput, int cbInput, int dwFlags);
 
@@ -365,6 +300,5 @@ protected sealed override bool ReleaseHandle()
         [DllImport(Cng.CngDll)]
         private static extern uint BCryptDestroyKey(IntPtr hKey);
     }
-
 }
 
@@ -0,0 +1,16 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+internal partial class Interop
+{
+    internal partial class BCrypt
+    {
+        [DllImport(Libraries.BCrypt, CharSet = CharSet.Unicode)]
+        internal static extern NTSTATUS BCryptCloseAlgorithmProvider(IntPtr hAlgorithm, int dwFlags);
+    }
+}
+
@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+using Microsoft.Win32.SafeHandles;
+
+internal partial class Interop
+{
+    internal partial class BCrypt
+    {
+        [DllImport(Libraries.BCrypt, CharSet = CharSet.Unicode)]
+        internal static extern NTSTATUS BCryptCreateHash(SafeBCryptAlgorithmHandle hAlgorithm, out SafeBCryptHashHandle phHash, IntPtr pbHashObject, int cbHashObject, [In, Out] byte[] pbSecret, int cbSecret, BCryptCreateHashFlags dwFlags);
+
+        [Flags]
+        internal enum BCryptCreateHashFlags : int
+        {
+            None = 0x00000000,
+            BCRYPT_HASH_REUSABLE_FLAG = 0x00000020,
+        }
+    }
+}
+
@@ -0,0 +1,16 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+internal partial class Interop
+{
+    internal partial class BCrypt
+    {
+        [DllImport(Libraries.BCrypt, CharSet = CharSet.Unicode)]
+        internal static extern NTSTATUS BCryptDestroyHash(IntPtr hHash);
+    }
+}
+