Crash because SHA256 is not FIPS-compliant

[aienabled]

Hello! One of our users reported that the application is not working for him because of this exception in Lidgren network library: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.SHA256.Create() at Lidgren.Network.NetUtility..cctor()

It seems he has a security policy enforced to allow only FIPS-compliant crypto-providers: http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html

[aienabled]

We've resolved this by using SHA256Cng. It works on Mono also (it just wraps SHA256Managed). However, we afraid that some versions of Mono (Unity3D?) may not contains SHA256Cng implementation so we're using this code:

static NetUtility()
{
    s_sha = MonoHelper.IsMono ? new SHA256Managed() : (HashAlgorithm)new SHA256Cng();
    // ...
}

public static class MonoHelper
{
    public static bool IsMono
    {
        get
        {
            return Type.GetType("Mono.Runtime") != null;
        }
    }
}

However using SHA256Cng may be slower... there is a good article about it http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx So maybe a better solution is to use try-catch and fallback to SHA256Cng only when required:

try
{
    s_sha = new SHA256Managed();
}
catch (InvalidOperationException)
{
    // FIPS policy enforced?
    s_sha = new SHA256Cng();
}

[lidgren]

"new SHA256Managed()" isn't used anywhere in the library; only SHA256.Create() - what does it return on mono?

[aienabled]

I just checked it on Mono 4.0.2 for Windows - SHA256.Create() returns an instance of type System.Security.Cryptography.SHA256Managed.