Gemstone.Security
Builds access control lists for users given a collection of rules.
Type of the identifier for users.
Type of resources being accessed by users.
Creates a new instance of the class.
Adds an allow rule to the access control list.
Function that returns the list of resources to be allowed.
The builder, for chaining.
Adds a deny rule to the access control list.
Function that returns the list of resources to be denied.
The builder, for chaining.
Adds an allow rule to the access control list.
Function that returns the list of resources that are not included in the rule.
The builder, for chaining.
Adds a deny rule to the access control list.
Function that returns the list of resources that are not included in the rule.
The builder, for chaining.
Creates an access control list for the given identity.
The identity of the user the list applies to.
The access control list for the given identity.
Represents an access control list that can be used to
determine whether a user has access to a given resource.
The type of resource the user is accessing.
Indicates whether the user has access to the given resource.
The resource to check for access
True if the user has access, false otherwise
Represents a builder for access control lists.
Type of the identifier for users.
Type of resources being accessed by users.
Adds an allow rule to the access control list.
Function that returns the list of resources to be allowed.
The builder, for chaining.
Adds a deny rule to the access control list.
Function that returns the list of resources to be denied.
The builder, for chaining.
Adds an allow rule to the access control list.
Function that returns the list of resources that are not included in the rule.
The builder, for chaining.
Adds a deny rule to the access control list.
Function that returns the list of resources that are not included in the rule.
The builder, for chaining.
Creates an access control list for the given identity.
The identity of the user the list applies to.
The access control list for the given identity.
Annotation to assign an access type to an action on
a resource represented by a class, method, property, etc.
Creates a new instance of the class.
The name of the resource
Creates a new instance of the class.
The type of permission required to access the resource
Creates a new instance of the class.
The name of the resource
The type of permission required to access the resource
Extension methods for the class.
Gets the name of the resource, falling back on data from the controller action descriptor.
The list of attributes defining resource access requirements in ascending order of precedence
The descriptor providing info about the controller being accessed
The name of the resource.
Gets the type of access required to access the resource.
The list of attributes defining resource access requirements in ascending order of precedence
The HTTP method used to access the resource
The access level requirements.
This method will never return or .
If no access type is explicitly specified by any ,
or if is explicitly specified,
then it will determine the appropriate level of access based on the .
Gets the type of access required to access the resource.
The list of attributes defining resource access requirements in ascending order of precedence
The access level requirements.
This method will never return .
If no access type is explicitly specified by any ,
then it will return instead.
Represents the default access types that can apply to a resource.
Create a new instance of the resource.
Read information about existing resources.
Update information associated with existing resources.
Delete a resource from existence.
A level of access that cannot be satisfied.
The default level of access, as defined by the resource type.
No resource access type was explicitly specified.
Extension methods for resource access.
Determines whether the user has access to a given resource.
The user who is requesting access
The type of resource being requested
The identity of the requested resource
The level of access requested
A value indicating whether permission is granted or denied.
is not one of:
Represents a builder for Gemstone authentication.
Adds a claim for users with a matching claim.
The identity of the authentication provider
Users with this claim will receive the assigned claim
The claim to be assigned to users
The authentication builder.
Extensions for the authentication builder.
Adds the Gemstone authentication runtime to the services collection.
The collection of services
The collection of services.
Adds the Gemstone authentication runtime to the services collection.
The collection of services
Method to configure the runtime
The collection of services.
Represents a provider of claims for an authentication provider.
Gets the identity of the user represented by the principal.
The principal that represents the user
The user's identity.
Get the types of claims supported by the authentication provider.
The types of claims supported by the authentication provider.
Find claims that can be returned by the authentication provider.
The type of claim to search for
Text used to narrow the results for the search for claims
A collection of claims matching the search text.
The claim type is not supported
Search text can include asterisks as wildcards.
To include a literal asterisk, use backslash as the escape character.
A literal backslash can be escaped by another backslash.
Any other character escaped by a backslash matches the character;
the backslash will be removed.
Extension methods for setting up an .
Adds an authentication provider as a singleton service.
The type of authentication provider to be instantiated as the singleton instance
The collection of services
The identity of the authentication provider
The collection of services.
Adds an authentication provider as a singleton service.
The collection of services
The identity of the authentication provider
The provider instance to be added as the singleton service
The collection of services.
Adds the authentication provider as a singleton service.
The collection of services
The identity of the authentication provider
Factory function used to instantiating the singleton instance
The collection of services.
Loads an icon from embedded resources associated with the authentication provider.
The provider which is visually represented by the icon
The icon associated with the provider.
Supported file types are jpg, png, gif, svg, and webp.
For a hypothetical ExampleProvider in the Gemstone.Example namespace,
the embedded resource name for a jpg icon would be Gemstone.Example.ExampleProvider.jpg.
Expect that icons will be rendered in an approximately square space, 32 pixels tall.
Therefore, a good target size would be 32x32, but it can be a bit wider or narrower.
Represents a provider of runtime configuration for Gemstone authentication.
Gets the list of identities for active authentication provider.
The list of provider identities.
Assigns claims to the user represented by the principal.
Identity of the user's authentication provider
The principal that represents the user
The list of claims assigned to the user.
Represents the provider of setup data for Gemstone authentication.
Gets the list of provider identities defined in the setup data.
The list of provider identities.
Gets a list of mappings between claims provided by the authentication
provider and claims assigned to users with matching claims.
The identity of the authentication provider
The list of mappings between provider claims and assigned claims.
Represents a type of claim that an authentication provider can make about a user.
Gets an identity value that represents the claim type.
Gets a human-readable alias for the claim type.
Gets a sentence-long description of the claim type.
Represents a claim that can be returned by an authentication provider.
Gets the value of the claim.
Gets a human-readable text description of the claim.
Gets a sentence-long description of the claim.
Options for the class.
The claimType used to identify the user uniquely.
The Authority to use when making OpenIdConnect calls.
Identifier for the client application.
Secret used to authenticate the client application.
The space-separated list of permissions to request.
Provides information about claims available to the OAuth authentication provider.
Options to configure the
Provides information about claims available to the OAuth authentication provider.
Options to configure the
Group SID
FQDN (group@domain.com)
Empty
Creates a new instance of the class.
Defines the settings used to configure the in the Configuration File.
Defines extensions for setting up the .
The identity used by default if one is not provided.
Adds the OAuth authentication provider as a singleton service using the default identity and options.
The collection of services
The collection of services.
Adds the OAuth authentication provider as a singleton service using the default identity and given options.
The collection of services
The options used to configure the authentication provider
The collection of services.
Adds the OAuth authentication provider as a transient service using the default identity and configured options.
The collection of services
Method invoked to configure the authentication provider
The collection of services.
Adds the OAuth authentication provider as a singleton service using the given identity and default options.
The collection of services
The identity of the authentication provider
The collection of services.
Adds the OAuth authentication provider as a singleton service using the given identity and options.
The collection of services
The identity of the authentication provider
The options used to configure the authentication provider
The collection of services.
Adds the OAuth authentication provider as a transient service using the given identity and configured options.
The collection of services
The identity of the authentication provider
Method invoked to configure the authentication provider
The collection of services.
Options for the class.
Root path from which LDAP searches should be performed.
Flag to indicate whether the UI will also search local Users and Groups.
Provides information about claims available to the Windows authentication provider.
Options to configure the
Provides information about claims available to the Windows authentication provider.
Options to configure the
Group SID
FQDN (group@domain.com)
Empty
Creates a new instance of the class.
Pattern:
\\\\.|[()\\0]
Explanation:
○ Match with 2 alternative expressions, atomically.
○ Match a sequence of expressions.
○ Match an empty string.
○ Match any character other than '\n'.
○ Match a character in the set [\0()].
Defines extensions for setting up the .
The identity used by default if one is not provided.
Adds the windows authentication provider as a singleton service using the default identity and options.
The collection of services
The collection of services.
Adds the windows authentication provider as a singleton service using the default identity and given options.
The collection of services
The options used to configure the authentication provider
The collection of services.
Adds the windows authentication provider as a transient service using the default identity and configured options.
The collection of services
Method invoked to configure the authentication provider
The collection of services.
Adds the windows authentication provider as a singleton service using the given identity and default options.
The collection of services
The identity of the authentication provider
The collection of services.
Adds the windows authentication provider as a singleton service using the given identity and options.
The collection of services
The identity of the authentication provider
The options used to configure the authentication provider
The collection of services.
Adds the windows authentication provider as a transient service using the given identity and configured options.
The collection of services
The identity of the authentication provider
Method invoked to configure the authentication provider
The collection of services.
Argon2 Hashing of passwords.
Argon2 Hashing of passwords.
Represents an Argon2 password hashing algorithm.
Argon2 Hashing of passwords.
Argon2 Hashing of passwords.
Argon2 Hashing of passwords.
Argon2 Hashing of passwords.
Does a Blake2 hash with the ability to truncate or extend the hash to any length.
The buffer to fill with the hash.
What to hash.
The Argon2 block size in bytes.
The number of 8-byte words in an Argon2 block.
The number of bytes hashed in initializing Argon2.
Bytes required in the buffer passed into the method.
Number of synchronization points between lanes per pass.
C# has a limit of 0X7FEFFFFF elements per array (0x7FFFFFC7 per byte array). The blocks are
1024 bytes long, the elements are 8 bytes (ulong). This gives 0X7FEFFFFF / 128 blocks per
C# array.
Initializes a new instance of the class.
The configuration to use.
Gets the blocks.
Gets the number of memory blocks, (*).
Gets the number of memory blocks per segment. This value gets
derived from the memory cost. The memory cost value is a request
for that number of blocks. If that request is less than (2 *
) times the number of lanes requested,
it is first bumped up to that amount. Then, it may be reduced to
fit on a times the number of lanes
requested boundary.
Gets the number of memory blocks per lane. * .
Perform the hash.
The hash bytes.
Zero sensitive memories and dispose of resources.
Hash the given password to an Argon2 hash string.
Contains all the information used to create the hash returned.
The Argon2 hash of the given password.
Hash the given password to an Argon2 hash string.
The password to hash. Gets UTF-8 encoded before hashing.
The secret to use in creating the hash.
The time cost to use. Defaults to 3.
The target memory cost to use. Defaults to 65536 (65536 * 1024 = 64MB). for detail on calculating the actual memory
used from this value.
The parallelism to use. Default to 1 (single threaded).
Data-dependent, data-independent, or hybrid. Defaults to hybrid
(as recommended for password hashing).
The length of the hash in bytes. Note, the string returned base-64
encodes this with other parameters so the resulting string is
significantly longer.
The Argon2 hash of the given password.
Hash the given password to an Argon2 hash string.
The password to hash. Gets UTF-8 encoded before hashing.
The secret to use in creating the hash. UTF-8 encoded before hashing. May be null. A
string.Empty is treated the same as null.
The time cost to use. Defaults to 3.
The target memory cost to use. Defaults to 65536 (65536 * 1024 = 64MB). for detail on calculating the actual memory
used from this value.
The parallelism to use. Default to 1 (single threaded).
Data-dependent, data-independent, or hybrid. Defaults to hybrid
(as recommended for password hashing).
The length of the hash in bytes. Note, the string returned base-64
encodes this with other parameters so the resulting string is
significantly longer.
The Argon2 hash of the given password.
Hash the given password to an Argon2 hash string.
The password to hash. Gets UTF-8 encoded before hashing.
The time cost to use. Defaults to 3.
The target memory cost to use. Defaults to 65536 (65536 * 1024 = 64MB). for detail on calculating the actual memory
used from this value.
The parallelism to use. Defaults to 1 (single threaded).
Data-dependent, data-independent, or hybrid. Defaults to hybrid
(as recommended for password hashing).
The length of the hash in bytes. Note, the string returned base-64
encodes this with other parameters so the resulting string is
significantly longer.
The Argon2 hash of the given password.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The configuration that contains the values used to created .
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify.
The secret hashed into the password.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify.
The secret hashed into the password.
The number of threads to use. Setting this to a higher number than
the "p=" parameter in the string doesn't
cause even more parallelism.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify.
The number of threads to use. Setting this to a higher number than
the "p=" parameter in the string doesn't
cause even more parallelism.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify. This gets UTF-8 encoded.
The secret used in the creation of . UTF-8 encoded to create the byte-buffer actually used in the verification.
May be null for no secret. string.Empty is treated as null.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify. This gets UTF-8 encoded.
The secret used in the creation of . UTF-8 encoded to create the byte-buffer actually used in the verification.
May be null for no secret. string.Empty is treated as null.
The number of threads to use. Setting this to a higher number than
the "p=" parameter in the string doesn't
cause even more parallelism.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify. This gets UTF-8 encoded.
True on success; false otherwise.
Verify the given Argon2 hash as being that of the given password.
The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
The password to verify. This gets UTF-8 encoded.
The number of threads to use. Setting this to a higher number than
the "p=" parameter in the string doesn't
cause even more parallelism.
True on success; false otherwise.
Compare two ZeroedBuffers without leaking timing information.
The first ZeroedBuffer to compare.
The second ZeroedBuffer to compare.
true if left and right have the same values for Length and the same contents; otherwise, false.
Uses System.Security.Cryptography.CryptographicOperations.FixedTimeEquals()
when available; otherwise implements a similar algorithm.
Holds configuration needed to perform an Argon2 hash.
Gets or sets the Argon2 version used in the password hash. Defaults to
. (0x13).
Gets or sets the Argon2 type. Default to hybrid.
Gets or sets the hash length to output. Minimum of 4. Default 32.
Gets or sets the password to hash.
Gets or sets the salt used in the password hash. If non-null, must be at least 8 bytes.
Gets or sets the secret used in the password hash.
Gets or sets the associated data used in the password hash.
Gets or sets the time cost used in the password hash. Minimum of 1. Defaults to 3.
This is the number of iterations to perform. There are attacks on the
. with less than
three iterations (if I'm reading the paper correctly). So, use a value
greater than 3 here if you are not using .
.
Gets or sets the memory cost used in the password hash. Minimum of 1. Defaults to 65536.
This translates into a target count of memory blocks to use for hashing. A memory block
is 1024 bytes so the default 65536 is for a 64MB hash.
If this value is less than 2**,
than 2** will be used.
If this value is not a multiple of *, then it is rounded down to a multiple of *.
Gets or sets the lanes used in the password hash. Minimum of 1. Defaults to 4.
This describes the maximum parallelism that can be achieved. Each "lane" can
be processed individually in its own thread. Setting
to a value greater than one when there is more than one lane will allow the
use of multiple cores to speed up hashing.
Gets or sets the threads used in the password hash. Minimum of 1. Defaults to 1.
This value makes no difference in the result. A value greater than one causes that
many threads to get spawned to do the work on top of the main thread that orchestrates
which thread does what work.
defines the maximum parallelism that can be achieved. Setting
to a value greater than will not result
in more than threads running.
Gets or sets a value indicating whether to clear the password as
soon as it is no longer needed.
If true and the configuration has a password, the configuration
cannot be used more than once without resetting the password
(unless you want an all zero password).
Gets or sets a value indicating whether to clear the secret as
soon as it is no longer needed.
If true and the configuration has a secret, the configuration
cannot be used more than once without resetting the secret
(unless you want an all zero secret).
Argon2 can hash in two different ways, data-dependent and data-independent.
From the Argon2 paper:
Argon2 has two variants: Argon2d [data-dependent] and Argon2i [data-independent].
Argon2d is faster and uses data-depending memory access, which makes it suitable
for crypto-currencies and applications with no threats from side-channel timing
attacks. Argon2i uses data-independent memory access, which is preferred for
password hashing and password-based key derivation. Argon2i is slower as it
makes more passes over the memory to protect from tradeoff attacks.
Use data-dependent addressing. This is faster but susceptible to
side-channel attacks.
Use data-independent addressing. This is slower and recommended for password
hashing and password-based key derivation.
Use a hybrid of data-dependent and data-independent addressing.
There are two versions, 16 and 19. 19 is 5%-15% slower but fixes a vulnerability
where an attacker could take advantage of short time spans where memory blocks
were not used to reduce the overall memory cost by up to a factor of about 3.5.
For Argon2 versions 1.2.1 or earlier.
For Argon2 version 1.3.
Break a byte array into blocks for Argon2 to use.
The array of blocks broken into
which actually return the values in the original array.
Initializes a new instance of the class.
The arrays to use under the blocks.
Gets the total number of in the .
Gets or sets the element at the specified index.
The element to get or set.
The requested element.
Gets the values from a ulong array. Block lengths are
elements long.
Initializes a new instance of the class.
The array of ulong elements the will use.
The index of the block in the will use. Blocks are
elements long.
Gets or sets the ulong element at the specified index.
The ulong element to get or set.
The requested ulong element.
Copy into this.
The to copy.
XOR with this and store the result into this.
The to XOR.
Copy into every ulong of this.
The value to copy into this.
Extension to decode Argon2 hash strings.
Decodes an Argon2 hash string into an Argon2 class instance.
The configuration to populate with the data found in .
The string to decode.
Loaded with the hash found in ; set to null if
does not contain a hash.
True on success; false otherwise. set to
null on failure.
Expected format:
$argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>[,keyid=<bin>][,data=<bin>][$<bin>[$<bin>]].
where <T> is either 'd' or 'i', <num> is a decimal integer (positive, fits in
an 'unsigned long'), and <bin> is Base64-encoded data (no '=' padding
characters, no newline or whitespace).
The "keyid" is a binary identifier for a key (up to 8 bytes);
"data" is associated data (up to 32 bytes). When the 'keyid'
(resp. the 'data') is empty, then it is omitted from the output.
The last two binary chunks (encoded in Base64) are, in that order,
the salt and the output. Both are optional, but you cannot have an
output without a salt. The binary salt length is between 8 and 48 bytes.
The output length is always exactly 32 bytes.
Decode Base64 chars into bytes.
results stored here.
to decode.
where to start decoding from.
Next position in src to look at.
Decoding stops when a non-Base64 character is encountered. If an
error occurred then -1 is returned; otherwise, the returned index
points to the first non-Base64 character in the source stream.
Decode Base64 chars into bytes.
results stored here.
to decode.
where to start decoding from.
Next position in src to look at.
Decoding stops when a non-Base64 character is encountered. If an
error occurred then -1 is returned; otherwise, the returned index
points to the first non-Base64 character in the source stream.
Decode Base64 chars into bytes.
to decode.
where to start decoding from.
The length of the buffer needed to hold the decoded value.
Decoding stops when a non-Base64 character is encountered. If an
error occurred then -1 is returned; otherwise, the returned index
points to the first non-Base64 character in the source stream.
Convert character c to the corresponding 6-bit value. If
character c is not a Base64 character, then 0xFF (255) is returned.
to convert.
converted value.
Decode decimal integer from with the given prefix .
the decoded value.
the expected prefix.
where to decode from.
where to start decoding.
the next position to look at; -1 on failure.
Decode decimal integer from .
where to decode from.
where to start decoding.
the decoded value.
the next position to look at; -1 on failure.
Extension to encode an Argon2 hash string.
Encodes an Argon2 instance into a string.
To encode.
The hash to put in the encoded string. May be null.
The encoded Argon2 instance.
Resulting format:
$argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>[,keyid=<bin>][,data=<bin>][$<bin>[$<bin>]].
where <T> is either 'd' or 'i', <num> is a decimal integer (positive, fits in
an 'unsigned long'), and <bin> is Base64-encoded data (no '=' padding
characters, no newline or whitespace).
The "keyid" is a binary identifier for a key (up to 8 bytes);
"data" is associated data (up to 32 bytes). When the 'keyid'
(resp. the 'data') is empty, then it is omitted from the output.
The last two binary chunks (encoded in Base64) are, in that order,
the salt and the output. Both are optional, but you cannot have an
output without a salt. The binary salt length is between 8 and 48 bytes.
The output length is always exactly 32 bytes.
Make an Argon2 B64 string which is an RFC 4648 Base64 string without the trailing '=' padding.
The buffer to convert to a string.
The Argon2 B64 string.
Convenience calls for performing Blake2 hashes.
The output length of the Blake2 hash in bytes.
This is the maximum length buffer a Blake2 hash can produce Blake2
will always hash to this length even when configured to hash to a
shorter value - the final step is to truncate the result.
Note, the length of the expected result is hashed into the result
so the -byte buffer will hold different
values depending on the configured output length. Do not run Blake2
using the default length and then truncate and expect to get the
same result as if you configured Blake2 to produce a shorter
result.
Create a default Blake2 hash.
A that can be converted to a .
Create a Blake2 hash with the given configuration.
The configuration to use.
A that can be converted to a .
Perform a default Blake2 hash on the given buffer.
The buffer to hash.
The byte in the buffer to start hashing.
The number of bytes to hash.
The hash of the buffer.
Perform a default Blake2 hash on the given buffer.
The buffer to hash.
The hash of the buffer.
Perform a Blake2 hash on the given buffer using the given Blake2
configuration.
The buffer to hash.
The configuration to use.
The hash of the buffer.
Configuration for the Blake2 hash.
Initializes a new instance of the class.
Gets or sets the personalization value used in the hash. If not null, must be 16 bytes.
Attempt to set to non-null other than 16 bytes.
Gets or sets the salt value used in the hash. If not null, must be 16 bytes.
Attempt to set to non-null other than 16 bytes.
Gets or sets the key value used in the hash. If not null, must be 128 bytes or shorter.
Blake2 keyed hashing can be used for authentication as a faster and
simpler replacement for HMAC.
Attempt to set greater than 128 bytes.
Gets or sets the output size in bytes. Must be less than or equal to 64.
Blake2 incorporates this value into the hash. The array returned by the
. call will
be this length unless the value is non-null.
If that property is non-null, that buffer gets returned by the . call regardless of
the property. In that case, you can copy the
first bytes of the array to get the value that Blake2 would have
returned.
Gets or sets the output size in bits. Must be a multiple of 8.
Attempt to set to a value not a multiple of 8 bits.
Gets or sets the 64-byte result buffer the Blake2 algorithm will use.
If not null, this is the buffer that will get returned by the
. call
regardless of the value of .
Attempt to set to non-null other than 64 bytes.
The core of the Blake2 hash.
Initializes a new instance of the class.
Convert a big-endian buffer into a .
Buffer holding an 8-byte big-endian ulong.
Offset into the buffer to start reading the ulong.
The parsed ulong.
No checking is done to verify that an 8-byte value can be read from at .
Store a ulong into a byte buffer as big-endian.
The ulong to store.
The buffer to load the 8-byte value into.
The offset to start at in .
No checking is done to validate the buffer can store at .
Initialize the hash.
8-element configuration array.
Update the hash state.
Data to use to update the hash state.
Index of the first byte in to use.
Number of bytes in to use.
Compute the hash.
Loaded with the hash.
.
Compute the hash.
Loaded with the hash.
True to signal the last node of a layer in tree-hashing mode; false otherwise.
.
Return the hash.
The 64-byte hash.
Return the hash.
True to signal the last node of a layer in tree-hashing mode; false otherwise.
The 64-byte hash.
Release unmanaged resources.
Init/Update/Final for Blake2 hash.
Initializes a new instance of the class.
The configuration to use; may be null to use the default Blake2 configuration.
Initialize the hasher. The hasher is initialized upon construction but this can be used
to reinitialize in order to reuse the hasher.
When called after being disposed.
Update the hasher with more bytes of data.
Buffer holding the data to update with.
The offset into the buffer of the data to update the hasher with.
The number of bytes starting at to update the hasher with.
When called after being disposed.
Either returns .
or a new buffer of .
if no was given.
Either the final Blake2 hash or the . If
is non-null and . is less than 64, then the actual Blake2 hash
is the first of the buffer.
Disposes resources if is true.
Set to true if disposing.
Parameters for the tree hash.
Initializes a new instance of the class.
Gets or sets the intermediate hash size.
Gets or sets the tree maximum height.
Gets or sets the tree leaf size.
Gets or sets the tree fan out value.
Create an instance of the for parallel hash computation.
The amount of parallelism to invoke when generating the hash.
An instance of the suitable for generating a hash.
Utilities to create the Blake2 initialization vector.
Create a raw Blake2 configuration from the given configurations.
The .
The .
The raw Blake2 configuration.
When . is not between 0 and 64.
When . length is > 64.
Update the Blake2 raw configuration for the given depth and node offset.
The configuration to update.
The new depth value.
The new node offset value.
The base hasher class.
Initialize for hash generation.
Generate the hash from the hash's state.
The generated hash.
Update the hash's state with the given data.
The data to add to the hash's state.
The index of the first byte of to add to the hash's state.
The number of bytes of to add to the hash's state.
Update the hash's state with the given data.
The data to add to the hash's state.
Create a from this.
The based on this .
Zero and release sensitive resources.
Disposes resources if is true.
Set to true if disposing.
implementation for a .
Initializes a new instance of the class.
The the is for.
Cryptographic strength enumeration.
Uses no encryption.
Uses AES 128-bit encryption.
Uses AES 256-bit encryption.
Provides general use cryptographic functions.
This class exists to simplify usage of basic cryptography functionality.
Represents an inter-process serializable cryptographic key and initialization vector cache.
Gets a copy of the internal key and initialization vector table.
Gets the crypto key and initialization vector for the given user password.
User password used for key lookup.
Specifies the desired key size.
Crypto key, index 0, and initialization vector, index 1, for the given user password.
Determines if a key and initialization vector exists for the given .
User password used for key lookups.
Specifies the desired key size.
true if a key and initialization vector exists for the given ; otherwise false.
Imports a key and initialization vector into the local system key cache.
User password used for key lookups.
Specifies the desired key size.
Text based key and initialization vector to import into local key cache.
This method is used to manually import a key created on another computer.
Exports a key and initialization vector from the local system key cache.
User password used for key lookup.
Specifies the desired key size.
Text based key and initialization vector exported from local key cache.
This method is used to manually export a key to be installed on another computer.
Merge keys and initialization vectors from another , local cache taking precedence.
Other to merge with.
Merge keys and initialization vectors from another , other cache taking precedence.
Other to merge with.
Initiates inter-process synchronized save of key and initialization vector table.
Handles serialization of file to disk; virtual method allows customization (e.g., pre-save encryption and/or data merge).
used to serialize data.
File data to be serialized.
Consumers overriding this method should not directly call property to avoid potential deadlocks.
Handles deserialization of file from disk; virtual method allows customization (e.g., preload decryption and/or data merge).
used to deserialize data.
Deserialized file data.
Consumers overriding this method should not directly call property to avoid potential deadlocks.
Gets a flag that determines if system will allow use of managed, i.e., non-FIPS compliant, security algorithms.
Blocks current thread and waits for any pending save of local system key cache to complete.
The number of milliseconds to wait, or (-1) to wait indefinitely.
This method only needs to be used if crypto cache changes could be pending during application shutdown (i.e., executing ciphers with
new keys that have not been saved, using existing keys does not queue crypto cache updates) to ensure keys are flushed before exit.
For most applications it is expected that this method would rarely be needed. However, possible usage scenarios would include:
-
Writing an application that establishes crypto keys where application lifetime would be very short (i.e., run, create keys, exit).
-
Creating new crypto keys during application shutdown (i.e., performing ciphers with non-existing keys at shutdown).
Manually loads keys into the local system key cache.
Determines if a key and initialization vector exists for the given in the local system key cache.
User password used for key lookups.
Specifies the desired key size.
true if a key and initialization vector exists for the given ; otherwise false.
Imports a key and initialization vector into the local system key cache.
User password used for key lookups.
Specifies the desired key size.
Text based key and initialization vector to import into local key cache.
This method is used to manually import a key created on another computer.
Exports a key and initialization vector from the local system key cache.
User password used for key lookup.
Specifies the desired key size.
Text based key and initialization vector exported from local key cache.
This method is used to manually export a key to be installed on another computer.
Gets the Base64 encoded SHA-256 hash of given user password.
User password to get hash for.
Specifies the optional category ID.
Base64 encoded SHA-256 hash of user password.
The optional will be appended to the to allow
the same password to be used in different contexts and return different results, when useful.
Verifies the given user password against a given hash.
Stored hash.
User provide password.
Specifies the optional category ID.
true if the given user password matches the stored hash; otherwise, false.
Returns a Base64 encoded string of the returned binary array of the encrypted data, generated with
the given parameters.
Source string to encrypt.
User password used for key lookup.
Cryptographic strength to use when encrypting string.
An encrypted version of the source string.
Returns a binary array of encrypted data for the given parameters.
Binary array of data to encrypt.
User password used for key lookup.
Cryptographic strength to use when encrypting data.
An encrypted version of the source data.
Returns a binary array of encrypted data for the given parameters.
Binary array of data to encrypt.
Offset into buffer.
Number of bytes in buffer to encrypt starting from offset.
User password used for key lookup.
Cryptographic strength to use when encrypting data.
An encrypted version of the source data.
Returns a binary array of encrypted data for the given parameters.
Binary array of data to encrypt.
Encryption key to use to encrypt data.
Initialization vector to use to encrypt data.
Cryptographic strength to use when encrypting data.
An encrypted version of the source data.
Returns a binary array of encrypted data for the given parameters.
Binary array of data to encrypt.
Offset into buffer.
Number of bytes in buffer to encrypt starting from offset.
Encryption key to use to encrypt data.
Initialization vector to use to encrypt data.
Cryptographic strength to use when encrypting data.
An encrypted version of the source data.
Returns a stream of encrypted data for the given parameters.
Source stream that contains data to encrypt.
Encryption key to use to encrypt stream.
Initialization vector to use to encrypt stream.
Cryptographic strength to use when encrypting stream.
An encrypted version of the source stream.
This returns a memory stream of the encrypted results, if the incoming stream is
very large this will consume a large amount of memory. In this case use the overload
that takes the destination stream as a parameter instead.
Encrypts input stream onto output stream for the given parameters.
Source stream that contains data to encrypt.
Destination stream used to hold encrypted data.
Encryption key to use to encrypt stream.
Initialization vector to use to encrypt stream.
Cryptographic strength to use when encrypting stream.
Optional delegate to handle progress updates for encrypting large streams.
Creates an encrypted file from source file data.
Source file name.
Destination file name.
User password used for key lookup.
Cryptographic strength to use when encrypting file.
Optional delegate to handle progress updates for encrypting large files.
Decrypts a configuration setting in the format of "KeyName:EncodedValue" that was previously
encrypted using the method
using a key size.
Encoded configuration setting value.
Decoded configuration setting.
If no key name is specified, value is assumed to not be encoded and is returned as is.
It is recommended to use this method at the last possible moment, e.g., in stack variables,
to avoid storing decrypted data in memory for longer periods of time.
Returns a decrypted string from a Base64 encoded string of binary encrypted data from the given
parameters.
Source string to decrypt.
User password used for key lookup.
Cryptographic strength to use when decrypting string.
A decrypted version of the source string.
Returns a binary array of decrypted data for the given parameters.
Binary array of data to decrypt.
User password used for key lookup.
Cryptographic strength to use when decrypting data.
A decrypted version of the source data.
Returns a binary array of decrypted data for the given parameters.
Binary array of data to decrypt.
Offset into buffer.
Number of bytes in buffer to decrypt starting from offset.
User password used for key lookup.
Cryptographic strength to use when decrypting data.
A decrypted version of the source data.
Returns a binary array of decrypted data for the given parameters.
Binary array of data to decrypt.
Encryption key to use to decrypt data.
Initialization vector to use to decrypt data.
Cryptographic strength to use when decrypting data.
A decrypted version of the source data.
Returns a binary array of decrypted data for the given parameters.
Binary array of data to decrypt.
Offset into buffer.
Number of bytes in buffer to decrypt starting from offset.
Encryption key to use to decrypt data.
Initialization vector to use to decrypt data.
Cryptographic strength to use when decrypting data.
A decrypted version of the source data.
Returns a stream of decrypted data for the given parameters.
Source stream that contains data to decrypt.
Encryption key to use to decrypt stream.
Initialization vector to use to decrypt stream.
Cryptographic strength to use when decrypting stream.
A decrypted version of the source stream.
This returns a memory stream of the decrypted results, if the incoming stream is
very large this will consume a large amount of memory. In this case use the overload
that takes the destination stream as a parameter instead.
Decrypts input stream onto output stream for the given parameters.
Source stream that contains data to decrypt.
Destination stream used to hold decrypted data.
Encryption key to use to decrypt stream.
Initialization vector to use to decrypt stream.
Cryptographic strength to use when decrypting stream.
Optional delegate to handle progress updates for decrypting large streams.
Creates a decrypted file from source file data.
Source file name.
Destination file name.
User password used for key lookup.
Cryptographic strength to use when decrypting file.
Optional delegate to handle progress updates for decrypting large files.
Generates cryptographically strong random numbers.
Generates a cryptographically strong 24-bit random integer.
The cryptographic service provider (CSP) cannot be acquired.
Generates a cryptographically strong 24-bit random integer between specified values.
The cryptographic service provider (CSP) cannot be acquired.
A that is the low end of our range.
A that is the high end of our range.
A that is generated between the and the .
Generates cryptographically strong random numbers.
Generates a cryptographically strong unsigned 24-bit random integer.
The cryptographic service provider (CSP) cannot be acquired.
Generates a cryptographically strong unsigned 24-bit random integer between specified values.
The cryptographic service provider (CSP) cannot be acquired.
A that is the low end of our range.
A that is the high end of our range.
A that is generated between the and the .
Represents a buffer that is zeroed when disposed.
Initializes a new instance of the class.
If type is a reference type, the buffer will be zeroed by setting all elements to null.
The number of elements in the array.
Represents a buffer that is zeroed when disposed.
Initializes a new instance of the class.
If type is a reference type, the buffer will be zeroed by setting all elements to null.
The number of elements in the array.
Gets the buffer array instance.
Accesses element in the > by reference.
The index of the element to access.
Zero buffer and release resources.
The namespace organizes all Gemstone library functionality
related to security. The root security namespace also includes common security classes,
e.g., .
Custom -derived type for the SpecialCharacterPattern method.
Cached, thread-safe singleton instance.
Initializes the instance.
Provides a factory for creating instances to be used by methods on .
Creates an instance of a used by methods on .
Provides the runner that contains the custom logic implementing the specified regular expression.
Scan the starting from base.runtextstart for the next match.
The text being scanned by the regular expression.
Search starting from base.runtextpos for the next location a match could possibly start.
The text being scanned by the regular expression.
true if a possible match was found; false if no more matches are possible.
Determine whether at base.runtextpos is a match for the regular expression.
The text being scanned by the regular expression.
true if the regular expression matches at the current position; otherwise, false.
Helper methods used by generated -derived implementations.
Default timeout value set in , or if none was set.
Whether is non-infinite.
Supports searching for characters in or not in "\0()\\".