1
//------------------------------------------------------------------------------
2 // <copyright file="CryptoAlgorithms.cs" company="Microsoft">
3 // Copyright (c) Microsoft Corporation. All rights reserved.
5 //------------------------------------------------------------------------------
7 namespace System
.Web
.Security
.Cryptography
{
9 using System
.Diagnostics
.CodeAnalysis
;
10 using System
.Security
.Cryptography
;
12 // Utility class to provide the "one true way" of getting instances of
13 // cryptographic algorithms, like SymmetricAlgorithm and HashAlgorithm.
15 // From discussions with Microsoft and the crypto board, we should prefer
16 // the CNG implementations of algorithms, then the CAPI implementations,
17 // then finally managed implementations if there are no CNG / CAPI
18 // implementations. The CNG / CAPI implementations are preferred for
19 // expandability, FIPS-compliance, and performance.
21 // .NET Framework 4.5 allows us to make two core assumptions:
22 // - The built-in HMAC classes have been updated for FIPS compliance.
23 // - Since .NET 4.5 requires Windows Server 2008 or greater, we can
24 // assume that CNG is available on the box.
26 // Note that some algorithms (MD5, DES, etc.) aren't FIPS-compliant
27 // under any circumstance. Calling these methods when the OS is
28 // configured to allow only FIPS-compliant algorithms will result
29 // in an exception being thrown.
31 // The .NET Framework's built-in algorithms don't need to be created
32 // under the application impersonation context since they don't depend
33 // on the impersonated identity.
35 internal static class CryptoAlgorithms
{
37 internal static Aes
CreateAes() {
38 return new AesCryptoServiceProvider();
41 [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5351:DESCannotBeUsed", Justification
= @"This is only used by legacy code; new features do not use this algorithm.")]
42 [Obsolete("DES is deprecated and MUST NOT be used by new features. Consider using AES instead.")]
43 internal static DES
CreateDES() {
44 return new DESCryptoServiceProvider();
47 [SuppressMessage("Microsoft.Security.Cryptography", "CA5354:SHA1CannotBeUsed", Justification
= @"This is only used by legacy code; new features do not use this algorithm.")]
48 internal static HMACSHA1
CreateHMACSHA1() {
49 return new HMACSHA1();
52 internal static HMACSHA256
CreateHMACSHA256() {
53 return new HMACSHA256();
56 internal static HMACSHA384
CreateHMACSHA384() {
57 return new HMACSHA384();
60 internal static HMACSHA512
CreateHMACSHA512() {
61 return new HMACSHA512();
64 internal static HMACSHA512
CreateHMACSHA512(byte[] key
) {
65 return new HMACSHA512(key
);
68 [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5350:MD5CannotBeUsed", Justification
= @"This is only used by legacy code; new features do not use this algorithm.")]
69 [Obsolete("MD5 is deprecated and MUST NOT be used by new features. Consider using a SHA-2 algorithm instead.")]
70 internal static MD5
CreateMD5() {
74 [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5354:SHA1CannotBeUsed", Justification
= @"This is only used by legacy code; new features do not use this algorithm.")]
75 [Obsolete("SHA1 is deprecated and MUST NOT be used by new features. Consider using a SHA-2 algorithm instead.")]
76 internal static SHA1
CreateSHA1() {
80 internal static SHA256
CreateSHA256() {
81 return new SHA256Cng();
84 internal static SHA384
CreateSHA384() {
85 return new SHA384Cng();
88 internal static SHA512
CreateSHA512() {
89 return new SHA512Cng();
92 [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5353:TripleDESCannotBeUsed", Justification
= @"This is only used by legacy code; new features do not use this algorithm.")]
93 [Obsolete("3DES is deprecated and MUST NOT be used by new features. Consider using AES instead.")]
94 internal static TripleDES
CreateTripleDES() {
95 return new TripleDESCryptoServiceProvider();