3

I'm having hard time with this one. Can someone either point me in the right direction for checking/building hash codes for an uploaded file or else tell me what I'm doing wrong with the code below?

getFileSHA256(softwareUpload.PostedFile) 'Line that calls the function includes a reference to an uploaded file

Private Function getFileSHA256(ByVal theFile As Web.HttpPostedFile) As String
    Dim SHA256CSP As New SHA256Managed()
    Dim byteHash() As Byte = SHA256CSP.ComputeHash(theFile.InputStream)
    Return ByteArrayToString(byteHash)
End Function

Private Function ByteArrayToString(ByVal arrInput() As Byte) As String
    Dim sb As New System.Text.StringBuilder(arrInput.Length * 2)
    For i As Integer = 0 To arrInput.Length - 1
        sb.Append(arrInput(i).ToString("X2"))
    Next
    Return sb.ToString().ToLower
End Function

I should add that the function works, but the return does not match other programs' sha256 values.

EDIT ------

There are two other functions that I'm using in my code. SHA1 gets the same kind of results as the SHA256; the results do not match trusted sources.

However, the MD5 works as expected.

Private Function getFileSHA1(ByVal theFile As Web.HttpPostedFile) As String
    Dim SHA1CSP As New SHA1CryptoServiceProvider()
    Dim byteHash() As Byte = SHA1CSP.ComputeHash(theFile.InputStream)
    Return ByteArrayToString(byteHash)
End Function

Private Function getFileMd5(ByVal theFile As Web.HttpPostedFile) As String
    Dim Md5CSP As New System.Security.Cryptography.MD5CryptoServiceProvider
    Dim byteHash() As Byte = Md5CSP.ComputeHash(theFile.InputStream)
    Return ByteArrayToString(byteHash)
End Function

I plan to consolidate these functions once I know they are working as expected.

The only difference between these is that MD5 is using "MD5CryptoServiceProvider" and it works as expected. SHA1 is also using "SHA1CryptoServiceProvider" but it does not match trusted sources.

  • I can't see anything wrong with your code. Although this question would probably be more suitable on CodeReview. – Victor Zakharov Feb 05 '13 at 21:55
  • Hmmm... no takers? Here is an example. I have a file that I upload as a test. A trusted program produces the SHA 256 of "608b3e8b2b4e0b10bfb02cc86d8640d73cfe432961a26edc478654d2ccdc0853". While The code above produces the SHA256 of "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" –  Feb 06 '13 at 00:40
  • One difference is the code is applying the hash to a file that is in memory while the other is applying the has to the same file while it is on the disk. –  Feb 06 '13 at 00:41
  • @Neolisk No that's not correct. CodeReview is targeted for peer code-reviews, not for debugging failing routines. In fact the best site in StackExchange for that is this one, StackOverflow. – RBarryYoung Feb 06 '13 at 01:42
  • @RBarryYoung: I think when I wrote that comment, this question did not have that last line, as well as a fact of non-match to another 'trusted' hash. As it stood, it was very much CodeReview-like. – Victor Zakharov Feb 06 '13 at 01:58
  • BTW, can you add links to your trusted source, and maybe sample data, so we all could reproduce your issue? – Victor Zakharov Feb 06 '13 at 12:35
  • I can't think of how I could get the code into a usable place for testing online o.O without too much difficulty. I'm open to suggestions. I'm using ["Comput Hash 2.0"](http://www.softpedia.com/get/System/File-Management/ComputeHash.shtml) as one of my sources. The other is an application I built last year (some further refinements and I plan to make it available to everyone, it's pretty cool :) that has not failed a test for accuracy yet. I think I'm going to try saving the upload to disk, run this code, to see if that makes a difference. I'll report back with results. –  Feb 06 '13 at 18:50

1 Answers1

2

I did some testing here, it appears that for text files SHA256Managed works perfectly.

My code is below, I used your implementation of ByteArrayToString:

Sub Main()
  Dim s As New SHA256Managed
  Dim fileBytes() As Byte = IO.File.ReadAllBytes("s:\sha256.txt")
  Dim hash() As Byte = s.ComputeHash(fileBytes)

  Dim referenceHash As String = "18ffd9682c5535a2b2798ca51b13e9490df326f185a83fe6e059f8ff47d92105"
  Dim calculatedHash As String = ByteArrayToString(hash)
  MsgBox(calculatedHash = referenceHash) 'outputs True
End Sub

Private Function ByteArrayToString(ByVal arrInput() As Byte) As String
  Dim sb As New System.Text.StringBuilder(arrInput.Length * 2)
  For i As Integer = 0 To arrInput.Length - 1
    sb.Append(arrInput(i).ToString("X2"))
  Next
  Return sb.ToString().ToLower
End Function

For testing purposes, I created a file called sha256.txt under S: with the following contents:

my test file

(no trailing spaces or newline)

I got the reference hash value from here, by feeding same data.

Also check this and this - the fact you get non-match could be related to platform and/or implementation of your trusted source, or needing an extra conversion step.

Community
  • 1
  • 1
Victor Zakharov
  • 25,801
  • 18
  • 85
  • 151
  • OY! Do you think a file that is sitting in memory could get a different hash result than one sitting on a disk? Does that make sense? That's the only thing that I can think of that could be the difference. Both are windows platforms (Server 8 and Win7). –  Feb 06 '13 at 01:44
  • @Jimmmy: my suggestion is to try another trusted source first. – Victor Zakharov Feb 06 '13 at 01:56
  • thanks for your help... btw. And yeah, already did that. I have two "trusted soures". I'm not just testing for SHA256, but also SHA 1 and MD5... and all match between the two trusted sources. But the SHA hashes using the same programming above (making considerations for -1 and -256) fail the check while MD5 passes. BTW, the test files are known files, made by myself. So MD5, using similar code, checks, but not the SHAs –  Feb 06 '13 at 02:08
  • @Jimmmy: so it's just SHA256 that does not match? – Victor Zakharov Feb 06 '13 at 02:24
  • No, 256 and 1. The fact that MD5 does match tells me more is working correctly. I'm adding the codes for the other functions (which I plan to consolidate once things are working as expected) –  Feb 06 '13 at 02:53