Merge pull request #163 from bevanweiss/fix_obsolete

Update obsolete security / cryptography references
nauful · Jun 8, 2024 · 85f2996 · 85f2996
2 parents bb99867 + 386ccf3
commit 85f2996
Showing 1 changed file with 31 additions and 39 deletions.
diff --git a/NET Core/LibUA/Security.cs b/NET Core/LibUA/Security.cs
@@ -137,7 +137,7 @@ public static RSAEncryptionPadding UseOaepForSecuritySigPolicyUri(string policy)
 
         public static int CalculatePublicKeyLength(X509Certificate2 cert)
         {
-            RSA rsa = cert.PublicKey.Key as RSA;
+            RSA rsa = cert.PublicKey.GetRSAPublicKey();
             if (rsa == null)
             {
                 throw new Exception("Could not create RSA");
@@ -214,12 +214,12 @@ public static int CalculateSignatureSize(RSA key)
 
         public static int CalculateSignatureSize(X509Certificate2 cert)
         {
-            return CalculateSignatureSize(cert.PublicKey.Key as RSA);
+            return CalculateSignatureSize(cert.PublicKey.GetRSAPublicKey());
         }
 
         public static int CalculateEncryptedSize(X509Certificate2 cert, int messageSize, PaddingAlgorithm paddingAlgorithm)
         {
-            RSA rsa = cert.PublicKey.Key as RSA;
+            RSA rsa = cert.PublicKey.GetRSAPublicKey();
             if (rsa == null)
             {
                 throw new Exception("Could not create RSA");
@@ -273,7 +273,7 @@ public static byte[] GenerateRandomBytes(int numBytes)
             //var arr = Enumerable.Range(1, numBytes).Select(i => (byte)(i & 0xFF)).ToArray();
             //return arr;
 
-            RandomNumberGenerator rng = new RNGCryptoServiceProvider();
+            RandomNumberGenerator rng = RandomNumberGenerator.Create();
 
             var res = new byte[numBytes];
             rng.GetBytes(res);
@@ -283,14 +283,12 @@ public static byte[] GenerateRandomBytes(int numBytes)
 
         public static byte[] AesEncrypt(ArraySegment<byte> data, byte[] key, byte[] iv)
         {
-            using (var aes = new AesManaged()
-            {
-                Mode = CipherMode.CBC,
-                IV = iv, // new byte[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
-                Key = key,
-                Padding = PaddingMode.PKCS7
-            })
+            using (var aes = Aes.Create())
             {
+                aes.Mode = CipherMode.CBC;
+                aes.IV = iv; // new byte[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+                aes.Key = key;
+                aes.Padding = PaddingMode.PKCS7;
                 using (var crypt = aes.CreateEncryptor(aes.Key, aes.IV))
                 {
                     using (var ms = new MemoryStream())
@@ -322,14 +320,12 @@ public static byte[] AesDecrypt(ArraySegment<byte> data, byte[] key, byte[] iv)
                 return null;
             }
 
-            using (var aes = new AesManaged()
-            {
-                Mode = CipherMode.CBC,
-                IV = iv, // new byte[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
-                Key = key,
-                Padding = PaddingMode.PKCS7
-            })
+            using (var aes = Aes.Create())
             {
+                aes.Mode = CipherMode.CBC;
+                aes.IV = iv; // new byte[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+                aes.Key = key;
+                aes.Padding = PaddingMode.PKCS7;
                 using (var crypt = aes.CreateDecryptor(aes.Key, aes.IV))
                 {
                     using (var ms = new MemoryStream(data.Array, data.Offset, data.Count))
@@ -364,14 +360,12 @@ public static byte[] AesDecrypt(ArraySegment<byte> data, byte[] key, byte[] iv)
 
         public static int RijndaelEncryptInplace(ArraySegment<byte> data, byte[] key, byte[] iv)
         {
-            using (var rijn = new RijndaelManaged()
-            {
-                Mode = CipherMode.CBC,
-                IV = iv,
-                Key = key,
-                Padding = PaddingMode.None
-            })
+            using (var rijn = Aes.Create())
             {
+                rijn.Mode = CipherMode.CBC;
+                rijn.IV = iv;
+                rijn.Key = key;
+                rijn.Padding = PaddingMode.None;
                 using (var crypt = rijn.CreateEncryptor(rijn.Key, rijn.IV))
                 {
                     if (data.Count % crypt.InputBlockSize != 0)
@@ -388,14 +382,12 @@ public static int RijndaelEncryptInplace(ArraySegment<byte> data, byte[] key, by
 
         public static int RijndaelDecryptInplace(ArraySegment<byte> data, byte[] key, byte[] iv)
         {
-            using (var rijn = new RijndaelManaged()
-            {
-                Mode = CipherMode.CBC,
-                IV = iv,
-                Key = key,
-                Padding = PaddingMode.None
-            })
+            using (var rijn = Aes.Create())
             {
+                rijn.Mode = CipherMode.CBC;
+                rijn.IV = iv;
+                rijn.Key = key;
+                rijn.Padding = PaddingMode.None;
                 using (var crypt = rijn.CreateDecryptor(rijn.Key, rijn.IV))
                 {
                     if (data.Count % crypt.InputBlockSize != 0)
@@ -666,7 +658,7 @@ private static void EncodeIntBigEndian(BinaryWriter stream, byte[] value)
 
         public static int GetPlainBlockSize(X509Certificate2 cert, RSAEncryptionPadding useOaep)
         {
-            var rsa = cert.PublicKey.Key as RSA;
+            var rsa = cert.PublicKey.GetRSAPublicKey();
             if (rsa == null)
             {
                 throw new Exception("Could not create RSA");
@@ -691,7 +683,7 @@ public static int GetPlainBlockSize(X509Certificate2 cert, RSAEncryptionPadding
 
         public static int GetCipherTextBlockSize(X509Certificate2 cert)
         {
-            var rsa = cert.PublicKey.Key as RSA;
+            var rsa = cert.PublicKey.GetRSAPublicKey();
             if (rsa == null)
             {
                 throw new Exception("Could not create RSA");
@@ -702,7 +694,7 @@ public static int GetCipherTextBlockSize(X509Certificate2 cert)
 
         public static int GetSignatureLength(X509Certificate2 cert)
         {
-            var rsa = cert.PublicKey.Key as RSA;
+            var rsa = cert.PublicKey.GetRSAPublicKey();
             if (rsa == null)
             {
                 throw new Exception("Could not create RSA");
@@ -753,16 +745,16 @@ private static System.Security.Cryptography.HashAlgorithm HashAlgorithmForSecuri
                 case SecurityPolicy.Basic256Sha256:
                 case SecurityPolicy.Aes128_Sha256_RsaOaep:
                 case SecurityPolicy.Aes256_Sha256_RsaPss:
-                    return new SHA256Managed();
+                    return SHA256.Create();
 
                 default:
-                    return new SHA1Managed();
+                    return SHA1.Create();
             }
         }
 
         public static bool VerifySigned(ArraySegment<byte> data, byte[] signature, X509Certificate2 cert, SecurityPolicy policy)
         {
-            var rsa = cert.PublicKey.Key as RSA;
+            var rsa = cert.PublicKey.GetRSAPublicKey();
 
             var hash = HashAlgorithmForSecurityPolicy(policy);
             var digest = hash.ComputeHash(data.Array, data.Offset, data.Count);
@@ -774,7 +766,7 @@ public static bool VerifySigned(ArraySegment<byte> data, byte[] signature, X509C
 
         public static byte[] Encrypt(ArraySegment<byte> data, X509Certificate2 cert, RSAEncryptionPadding padding)
         {
-            var rsa = cert.PublicKey.Key as RSA;
+            var rsa = cert.PublicKey.GetRSAPublicKey();
             int inputBlockSize = GetPlainBlockSize(cert, padding);
 
             if (data.Count % inputBlockSize != 0)