BcryptNet · JohnWFlaherty · Oct 23, 2019
diff --git a/src/BCrypt.Net.MainPackage/BCrypt.Net.Package.csproj b/src/BCrypt.Net.MainPackage/BCrypt.Net.Package.csproj
@@ -71,4 +71,8 @@
     <DocumentationFile>bin\$(Configuration)\$(TargetFramework)\BCrypt.Net-Next.xml</DocumentationFile>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
 </Project>
diff --git a/src/BCrypt.Net.StrongName/BCrypt.Net.StrongName.csproj b/src/BCrypt.Net.StrongName/BCrypt.Net.StrongName.csproj
@@ -71,4 +71,8 @@
     <DocumentationFile>bin\$(Configuration)\$(TargetFramework)\BCrypt.Net-Next.xml</DocumentationFile>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
 </Project>
diff --git a/src/BCrypt.Net.UnitTests/BCrypt.Net.UnitTests.csproj b/src/BCrypt.Net.UnitTests/BCrypt.Net.UnitTests.csproj
@@ -10,6 +10,10 @@
     <NoWarn>1701;1702;CS1591</NoWarn>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.3.0" />
     <PackageReference Include="xunit" Version="2.4.1" />

diff --git a/src/BCrypt.Net.UnitTests/BCryptTests.cs b/src/BCrypt.Net.UnitTests/BCryptTests.cs
@@ -19,6 +19,7 @@ IN THE SOFTWARE.
 
 using System;
 using System.Diagnostics;
+using System.Security;
 using System.Security.Cryptography;
 using System.Text;
 using Xunit;
@@ -145,6 +146,62 @@ public void TestHashPassword()
         }
 
 
+        private SecureString AsSecureString(string text)
+        {
+            var result = new SecureString();
+            foreach (var c in text) result.AppendChar(c);
+            result.MakeReadOnly();
+            return result;
+        }
+
+
+        /**
+         * Test method for 'BCrypt.HashPassword(SecureString, string)'
+         */
+        [Fact()]
+        public void TestSecureHashPassword()
+        {
+            Trace.Write("BCrypt.HashPassword()[Secure]: ");
+            var sw = Stopwatch.StartNew();
+            for (var r = 0; r < _revisions.Length; r++)
+            {
+                for (int i = 0; i < _testVectors.Length / 3; i++)
+                {
+                    var plain = AsSecureString(_testVectors[i, 0]);
+                    string salt;
+                    string expected;
+                    if (r > 0)
+                    {
+                        //Check hash that goes in one end comes out the next the same
+                        salt = _testVectors[i, 1].Replace("2a", "2" + _revisions[r]);
+
+                        string hashed = BCrypt.HashPassword(plain, salt);
+
+
+                        var d = hashed.StartsWith("$2" + _revisions[r]);
+                        Assert.True(d);
+                        Trace.WriteLine(hashed);
+                    }
+                    else
+                    {
+                        salt = _testVectors[i, 1];
+                        expected = _testVectors[i, 2];
+
+                        string hashed = BCrypt.HashPassword(plain, salt);
+                        var d = hashed == expected;
+                        Assert.Equal(hashed, expected);
+                    }
+
+
+                    Trace.Write(".");
+                }
+            }
+
+            Trace.WriteLine(sw.ElapsedMilliseconds);
+            Trace.WriteLine("");
+        }
+
+
         /**
          * Test method for 'BCrypt.HashPassword(string, string)'
          */
@@ -182,6 +239,42 @@ public void TestHashPasswordEnhanced()
             Trace.WriteLine("");
         }
 
+        [Fact()]
+        public void TestSecureHashPasswordEnhanced()
+        {
+            Trace.Write("BCrypt.HashPassword()[Secure]: ");
+            var sw = Stopwatch.StartNew();
+            for (var r = 0; r < _revisions.Length; r++)
+            {
+                for (int i = 0; i < _testVectors.Length / 3; i++)
+                {
+                    var plain = _testVectors[i, 0];
+                    string salt;
+
+                    //Check hash that goes in one end comes out the next the same
+                    salt = _testVectors[i, 1].Replace("2a", "2" + _revisions[r]);
+
+                    string hashed = BCrypt.HashPassword(plain, salt, enhancedEntropy: true);
+                    string secureHashed = BCrypt.HashPassword(AsSecureString(plain), salt, enhancedEntropy: true);
+
+                    var revCheck = hashed.StartsWith("$2" + _revisions[r]);
+
+                    Assert.True(revCheck);
+                    Assert.Equal(hashed, secureHashed);
+
+                    var validateHashCheck = BCrypt.EnhancedVerify(AsSecureString(plain), hashed);
+                    Assert.True(validateHashCheck);
+
+                    Trace.WriteLine(hashed);
+
+                    Trace.Write(".");
+                }
+            }
+
+            Trace.WriteLine(sw.ElapsedMilliseconds);
+            Trace.WriteLine("");
+        }
+
         [Fact()]
         public void TestHashPasswordEnhancedWithHashType()
         {
@@ -216,6 +309,42 @@ public void TestHashPasswordEnhancedWithHashType()
             Trace.WriteLine("");
         }
 
+        [Fact()]
+        public void TestSecureHashPasswordEnhancedWithHashType()
+        {
+            Trace.Write("BCrypt.HashPassword()[Secure]: ");
+            var sw = Stopwatch.StartNew();
+            for (var r = 0; r < _revisions.Length; r++)
+            {
+                for (int i = 0; i < _testVectors.Length / 3; i++)
+                {
+                    var plain = _testVectors[i, 0];
+                    string salt;
+
+                    //Check hash that goes in one end comes out the next the same
+                    salt = _testVectors[i, 1].Replace("2a", "2" + _revisions[r]);
+
+                    string hashed = BCrypt.HashPassword(plain, salt, true, HashType.SHA256);
+                    string secureHashed = BCrypt.HashPassword(AsSecureString(plain), salt, true, HashType.SHA256);
+
+                    var revCheck = hashed.StartsWith("$2" + _revisions[r]);
+
+                    Assert.True(revCheck);
+                    Assert.Equal(hashed, secureHashed);
+
+                    var validateHashCheck = BCrypt.EnhancedVerify(AsSecureString(plain), hashed, HashType.SHA256);
+                    Assert.True(validateHashCheck);
+
+                    Trace.WriteLine(hashed);
+
+                    Trace.Write(".");
+                }
+            }
+
+            Trace.WriteLine(sw.ElapsedMilliseconds);
+            Trace.WriteLine("");
+        }
+
         [Fact()]
         public void TestValidateAndReplace()
         {
@@ -240,6 +369,30 @@ public void TestValidateAndReplace()
 
         }
 
+        [Fact()]
+        public void TestSecureValidateAndReplace()
+        {
+            for (int i = 0; i < _testVectors.Length / 3; i++)
+            {
+                var currentKey = AsSecureString(_testVectors[i, 0]);
+                string salt = _testVectors[i, 1];
+                string currentHash = _testVectors[i, 2];
+
+                var newPassword = AsSecureString("my new password");
+                string hashed = BCrypt.HashPassword(currentKey, salt);
+                var d = hashed == currentHash;
+
+                var newHash = BCrypt.ValidateAndReplacePassword(currentKey, currentHash, newPassword);
+
+                var newPassValid = BCrypt.Verify(newPassword, newHash);
+
+                Assert.True(newPassValid);
+
+                Trace.Write(".");
+            }
+
+        }
+
 
         [Theory()]
         [InlineData("\u2605\u2605\u2605\u2605\u2605\u2605\u2605\u2605")]

diff --git a/src/BCrypt.Net/BCrypt.Net.csproj b/src/BCrypt.Net/BCrypt.Net.csproj
@@ -51,6 +51,10 @@
     <DocumentationFile>bin\$(Configuration)\$(TargetFramework)\BCrypt.Net-Next.xml</DocumentationFile>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Update="SourceLink.Create.GitHub" Version="2.8.3" />
   </ItemGroup>