mcs/class/referencesource/System.Web/Security/Cryptography/CryptoAlgorithms.cs

   1 //------------------------------------------------------------------------------
   2 // <copyright file="CryptoAlgorithms.cs" company="Microsoft">
   3 //     Copyright (c) Microsoft Corporation.  All rights reserved.
   4 // </copyright>
   5 //------------------------------------------------------------------------------
   6
   7 namespace System.Web.Security.Cryptography {
   8     using System;
   9     using System.Diagnostics.CodeAnalysis;
  10     using System.Security.Cryptography;
  11
  12     // Utility class to provide the "one true way" of getting instances of
  13     // cryptographic algorithms, like SymmetricAlgorithm and HashAlgorithm.
  14
  15     // From discussions with Microsoft and the crypto board, we should prefer
  16     // the CNG implementations of algorithms, then the CAPI implementations,
  17     // then finally managed implementations if there are no CNG / CAPI
  18     // implementations. The CNG / CAPI implementations are preferred for
  19     // expandability, FIPS-compliance, and performance.
  20     //
  21     // .NET Framework 4.5 allows us to make two core assumptions:
  22     // - The built-in HMAC classes have been updated for FIPS compliance.
  23     // - Since .NET 4.5 requires Windows Server 2008 or greater, we can
  24     //   assume that CNG is available on the box.
  25     //
  26     // Note that some algorithms (MD5, DES, etc.) aren't FIPS-compliant
  27     // under any circumstance. Calling these methods when the OS is
  28     // configured to allow only FIPS-compliant algorithms will result
  29     // in an exception being thrown.
  30     //
  31     // The .NET Framework's built-in algorithms don't need to be created
  32     // under the application impersonation context since they don't depend
  33     // on the impersonated identity.
  34
  35     internal static class CryptoAlgorithms {
  36
  37         internal static Aes CreateAes() {
  38             return new AesCryptoServiceProvider();
  39         }
  40
  41         [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5351:DESCannotBeUsed", Justification = @"This is only used by legacy code; new features do not use this algorithm.")]
  42         [Obsolete("DES is deprecated and MUST NOT be used by new features. Consider using AES instead.")]
  43         internal static DES CreateDES() {
  44             return new DESCryptoServiceProvider();
  45         }
  46
  47         [SuppressMessage("Microsoft.Security.Cryptography", "CA5354:SHA1CannotBeUsed", Justification = @"This is only used by legacy code; new features do not use this algorithm.")]
  48         internal static HMACSHA1 CreateHMACSHA1() {
  49             return new HMACSHA1();
  50         }
  51
  52         internal static HMACSHA256 CreateHMACSHA256() {
  53             return new HMACSHA256();
  54         }
  55
  56         internal static HMACSHA384 CreateHMACSHA384() {
  57             return new HMACSHA384();
  58         }
  59
  60         internal static HMACSHA512 CreateHMACSHA512() {
  61             return new HMACSHA512();
  62         }
  63
  64         internal static HMACSHA512 CreateHMACSHA512(byte[] key) {
  65             return new HMACSHA512(key);
  66         }
  67
  68         [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5350:MD5CannotBeUsed", Justification = @"This is only used by legacy code; new features do not use this algorithm.")]
  69         [Obsolete("MD5 is deprecated and MUST NOT be used by new features. Consider using a SHA-2 algorithm instead.")]
  70         internal static MD5 CreateMD5() {
  71             return new MD5Cng();
  72         }
  73
  74         [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5354:SHA1CannotBeUsed", Justification = @"This is only used by legacy code; new features do not use this algorithm.")]
  75         [Obsolete("SHA1 is deprecated and MUST NOT be used by new features. Consider using a SHA-2 algorithm instead.")]
  76         internal static SHA1 CreateSHA1() {
  77             return new SHA1Cng();
  78         }
  79
  80         internal static SHA256 CreateSHA256() {
  81             return new SHA256Cng();
  82         }
  83
  84         internal static SHA384 CreateSHA384() {
  85             return new SHA384Cng();
  86         }
  87
  88         internal static SHA512 CreateSHA512() {
  89             return new SHA512Cng();
  90         }
  91
  92         [SuppressMessage("Microsoft.Cryptographic.Standard", "CA5353:TripleDESCannotBeUsed", Justification = @"This is only used by legacy code; new features do not use this algorithm.")]
  93         [Obsolete("3DES is deprecated and MUST NOT be used by new features. Consider using AES instead.")]
  94         internal static TripleDES CreateTripleDES() {
  95             return new TripleDESCryptoServiceProvider();
  96         }
  97
  98     }
  99 }