The .NET Framework 1.1 provides a lot of built in security classes but unfortunately the two I needed for my current project are missing: A 32-bit Cyclic Redundancy Check (CRC) algorithm and a Hash-based Message Authentication Code (HMAC) algorithm using MD5 rather than SHA1.
There are a lot of implementations of CRC algorithms on the web, but most are incorrectly implemented, and none are high quality code. As a result, I was forced to write my own. To save you some time in the future, here are the implementations.
CRC algorithms
Cyclic Redundancy Check algorithms are a simple and fast way to check that a packet of data such as a file is complete. They can also be used to check that it has not been modified, however the CRC algorithms are cryptographically very weak due to the small hash size. For basic integrity checking where speed is more important than security they are widely used, and are embedded in many common standards such as Ethernet and PNG images.
Although both the mathematics and implementation of the algorithm are not too complex, there are many variants of the basic design which are fairly poorly documented. Even the most complete reference I could find still leaves something to be desired about the exact nature of partly reflected algorithms and lookup table generation. This is probably why the vast majority of implementations on the web of CRC algorithms are wrong - most fail to correctly compute the well known Ethernet checksum.
The version I have written supports all possible variants of the algorithm (polynomial value, initial register value, xor output value, reflect in and reflect out). The code for all of the CRC algorithms is identical other than the sizes of the integers, so I implemented the entire family - CRC16, CRC32 and CRC64. It's got extensive (probably too much, quite frankly) commenting so in combination with the above paper you should be able to understand how it works.
HMAC algorithms
The Hash-based Message Authentication Code algorithm provides a simple way to use a shared key with an existing hash algorithm (for example CRC32, MD5 or SHA1) to make it much harder for the document to be modified without detection. The RFC is well worth reading if you want the full details, but the essence is that it computes an inner hash of the shared key and the document, and then computes the final hash from the shared key and the inner hash.
What's weird with the .NET Framework implementation is that the algorithm is specifically designed to allow the underlying hash algorithm to be easily changed, and yet the only one provided is hard-coded to use SHA1. My implementation encapsulates all the required HMAC logic in a single base class, and then derived classes for specific algorithms simply need to pass any class inheriting from HashAlgorithm into the base class constructor; I've included specific subclasses for MD5, the CRC variants above, and all of the SHA variants.
Download the code
The code is written for .NET Framework 1.1 as that's what my project is using, however it should compile on any other version of the framework.
Click here to download.
Posted
Mar 08 2006, 03:34 PM
by
Greg Beech