am-wd/common
1
0
Fork 0
Code Actions Activity

Bring CryptoHelper to the state of the art for .NET 10

Browse Source
This commit is contained in:
Andreas Müller
2025-11-14 08:11:34 +01:00
parent 3698452e92
commit 8602d5fe29
3 changed files with 58 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -22,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `DomainComparer` ordering alphabetically from TLD to sub-domain - `DomainComparer` ordering alphabetically from TLD to sub-domain
- `IPAddressComparer` able to compare IPv4 and IPv6 - `IPAddressComparer` able to compare IPv4 and IPv6
- `VersionStringComparer` to compare version strings (SemVer) - `VersionStringComparer` to compare version strings (SemVer)
- `ASPNETCORE_APPL_PROXY` environment variable can be used on proxy configuration
- Support for .NET 10.0 LTS - Support for .NET 10.0 LTS
### Changed ### Changed

70
src/AMWD.Common/Utilities/CryptographyHelper.cs
View File

@@ -171,7 +171,6 @@ namespace System.Security.Cryptography
#region Static methods #region Static methods
#region Encryption #region Encryption
#pragma warning disable SYSLIB0041
#region AES #region AES
@@ -186,17 +185,22 @@ namespace System.Security.Cryptography
byte[] salt = new byte[_saltLength]; byte[] salt = new byte[_saltLength];
Array.Copy(cipher, salt, _saltLength); Array.Copy(cipher, salt, _saltLength);
#if NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
#endif
using var aes = Aes.Create(); using var aes = Aes.Create();
aes.Mode = CipherMode.CBC; aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7; aes.Padding = PaddingMode.PKCS7;
#if NET10_0_OR_GREATER
aes.Key = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, aes.KeySize / 8);
aes.IV = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, aes.BlockSize / 8);
#elif NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
aes.Key = gen.GetBytes(aes.KeySize / 8); aes.Key = gen.GetBytes(aes.KeySize / 8);
aes.IV = gen.GetBytes(aes.BlockSize / 8); aes.IV = gen.GetBytes(aes.BlockSize / 8);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
aes.Key = gen.GetBytes(aes.KeySize / 8);
aes.IV = gen.GetBytes(aes.BlockSize / 8);
#endif
using var ms = new MemoryStream(); using var ms = new MemoryStream();
using var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write); using var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write);
@@ -230,17 +234,22 @@ namespace System.Security.Cryptography
{ {
byte[] salt = GetRandomBytes(_saltLength); byte[] salt = GetRandomBytes(_saltLength);
#if NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
#endif
using var aes = Aes.Create(); using var aes = Aes.Create();
aes.Mode = CipherMode.CBC; aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7; aes.Padding = PaddingMode.PKCS7;
#if NET10_0_OR_GREATER
aes.Key = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, aes.KeySize / 8);
aes.IV = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, aes.BlockSize / 8);
#elif NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
aes.Key = gen.GetBytes(aes.KeySize / 8); aes.Key = gen.GetBytes(aes.KeySize / 8);
aes.IV = gen.GetBytes(aes.BlockSize / 8); aes.IV = gen.GetBytes(aes.BlockSize / 8);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
aes.Key = gen.GetBytes(aes.KeySize / 8);
aes.IV = gen.GetBytes(aes.BlockSize / 8);
#endif
using var ms = new MemoryStream(); using var ms = new MemoryStream();
using var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write); using var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write);
@@ -280,17 +289,22 @@ namespace System.Security.Cryptography
byte[] salt = new byte[_saltLength]; byte[] salt = new byte[_saltLength];
Array.Copy(cipher, salt, _saltLength); Array.Copy(cipher, salt, _saltLength);
#if NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
#endif
using var tdes = TripleDES.Create(); using var tdes = TripleDES.Create();
tdes.Mode = CipherMode.CBC; tdes.Mode = CipherMode.CBC;
tdes.Padding = PaddingMode.PKCS7; tdes.Padding = PaddingMode.PKCS7;
#if NET10_0_OR_GREATER
tdes.Key = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, tdes.KeySize / 8);
tdes.IV = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, tdes.BlockSize / 8);
#elif NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
tdes.Key = gen.GetBytes(tdes.KeySize / 8); tdes.Key = gen.GetBytes(tdes.KeySize / 8);
tdes.IV = gen.GetBytes(tdes.BlockSize / 8); tdes.IV = gen.GetBytes(tdes.BlockSize / 8);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
tdes.Key = gen.GetBytes(tdes.KeySize / 8);
tdes.IV = gen.GetBytes(tdes.BlockSize / 8);
#endif
using var ms = new MemoryStream(); using var ms = new MemoryStream();
using var cs = new CryptoStream(ms, tdes.CreateDecryptor(), CryptoStreamMode.Write); using var cs = new CryptoStream(ms, tdes.CreateDecryptor(), CryptoStreamMode.Write);
@@ -311,17 +325,22 @@ namespace System.Security.Cryptography
{ {
byte[] salt = GetRandomBytes(_saltLength); byte[] salt = GetRandomBytes(_saltLength);
#if NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
#endif
using var tdes = TripleDES.Create(); using var tdes = TripleDES.Create();
tdes.Mode = CipherMode.CBC; tdes.Mode = CipherMode.CBC;
tdes.Padding = PaddingMode.PKCS7; tdes.Padding = PaddingMode.PKCS7;
#if NET10_0_OR_GREATER
tdes.Key = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, tdes.KeySize / 8);
tdes.IV = Rfc2898DeriveBytes.Pbkdf2(password, salt, 1000, HashAlgorithmName.SHA1, tdes.BlockSize / 8);
#elif NET8_0_OR_GREATER
using var gen = new Rfc2898DeriveBytes(password, salt, 1000, HashAlgorithmName.SHA1);
tdes.Key = gen.GetBytes(tdes.KeySize / 8); tdes.Key = gen.GetBytes(tdes.KeySize / 8);
tdes.IV = gen.GetBytes(tdes.BlockSize / 8); tdes.IV = gen.GetBytes(tdes.BlockSize / 8);
#else
using var gen = new Rfc2898DeriveBytes(password, salt, 1000);
tdes.Key = gen.GetBytes(tdes.KeySize / 8);
tdes.IV = gen.GetBytes(tdes.BlockSize / 8);
#endif
using var ms = new MemoryStream(); using var ms = new MemoryStream();
using var cs = new CryptoStream(ms, tdes.CreateEncryptor(), CryptoStreamMode.Write); using var cs = new CryptoStream(ms, tdes.CreateEncryptor(), CryptoStreamMode.Write);
@@ -361,7 +380,6 @@ namespace System.Security.Cryptography
#endregion Triple DES #endregion Triple DES
#pragma warning restore SYSLIB0041
#endregion Encryption #endregion Encryption
#region Hashing #region Hashing

25
test/AMWD.Common.Tests/Utilities/CryptographyHelperTest.cs
View File

@@ -1,6 +1,7 @@
using System; using System;
using System.Diagnostics; using System.Diagnostics;
using System.IO; using System.IO;
using System.Linq;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using AMWD.Common.Tests.Utils; using AMWD.Common.Tests.Utils;
@@ -33,7 +34,7 @@ namespace UnitTests.Common.Utilities
#region AES #region AES
[TestMethod] [TestMethod]
public void ShouldEncryptAesWithoutSalt() // required to test the encryption itself public void ShouldEncryptAesWithoutSalt()
{ {
// arrange // arrange
using var _ = CryptographyHelperSaltMock.Create(0); using var _ = CryptographyHelperSaltMock.Create(0);
@@ -43,7 +44,7 @@ namespace UnitTests.Common.Utilities
string password1 = "P@ssw0rd!"; string password1 = "P@ssw0rd!";
string password2 = "P@ssw0rd"; string password2 = "P@ssw0rd";
byte[] expectedBytes = [0x7c, 0x7b, 0x77, 0x56, 0x91, 0x1a, 0xd9, 0xc0, 0x72, 0x70, 0x36, 0x88, 0x9f, 0xb4, 0xb5, 0xbc]; byte[] expectedBytes = [0xda, 0xc2, 0x74, 0x2c, 0x74, 0x50, 0x8b, 0xac, 0x6c, 0xbe, 0x60, 0x8c, 0x62, 0x32, 0xc2, 0xdd];
// act // act
byte[] cipherBytes1 = CryptographyHelper.AesEncrypt(bytes, password1); byte[] cipherBytes1 = CryptographyHelper.AesEncrypt(bytes, password1);
@@ -53,10 +54,10 @@ namespace UnitTests.Common.Utilities
// assert // assert
CollectionAssert.AreEqual(expectedBytes, cipherBytes1); CollectionAssert.AreEqual(expectedBytes, cipherBytes1);
Assert.AreEqual("ueLuhFNpCuYmx8v3hczHtg==", cipherStr1); Assert.AreEqual("R/Bgu4VSk9EzvXRduyn02w==", cipherStr1);
CollectionAssert.AreNotEqual(expectedBytes, cipherBytes2); CollectionAssert.AreNotEqual(expectedBytes, cipherBytes2);
Assert.AreNotEqual("ueLuhFNpCuYmx8v3hczHtg==", cipherStr2); Assert.AreNotEqual("R/Bgu4VSk9EzvXRduyn02w==", cipherStr2);
} }
[TestMethod] [TestMethod]
@@ -65,8 +66,8 @@ namespace UnitTests.Common.Utilities
// arrange // arrange
using var _ = CryptographyHelperSaltMock.Create(0); using var _ = CryptographyHelperSaltMock.Create(0);
string cipherStr = "ueLuhFNpCuYmx8v3hczHtg=="; string cipherStr = "R/Bgu4VSk9EzvXRduyn02w==";
byte[] cipherBytes = [0x7c, 0x7b, 0x77, 0x56, 0x91, 0x1a, 0xd9, 0xc0, 0x72, 0x70, 0x36, 0x88, 0x9f, 0xb4, 0xb5, 0xbc]; byte[] cipherBytes = [0xda, 0xc2, 0x74, 0x2c, 0x74, 0x50, 0x8b, 0xac, 0x6c, 0xbe, 0x60, 0x8c, 0x62, 0x32, 0xc2, 0xdd];
string password1 = "P@ssw0rd!"; string password1 = "P@ssw0rd!";
string password2 = "P@ssw0rd"; string password2 = "P@ssw0rd";
@@ -147,7 +148,7 @@ namespace UnitTests.Common.Utilities
#region TripleDES #region TripleDES
[TestMethod] [TestMethod]
public void ShouldEncryptTdesWithoutSalt() // required to test the encryption itself public void ShouldEncryptTdesWithoutSalt()
{ {
// arrange // arrange
using var _ = CryptographyHelperSaltMock.Create(0); using var _ = CryptographyHelperSaltMock.Create(0);
@@ -157,7 +158,7 @@ namespace UnitTests.Common.Utilities
string password1 = "P@ssw0rd!"; string password1 = "P@ssw0rd!";
string password2 = "P@ssw0rd"; string password2 = "P@ssw0rd";
byte[] expectedBytes = [0xbf, 0x59, 0x1f, 0x48, 0x69, 0xab, 0x18, 0xc7]; byte[] expectedBytes = [0xcf, 0x1a, 0x60, 0x41, 0xbb, 0x69, 0x50, 0x24];
// act // act
byte[] cipherBytes1 = CryptographyHelper.TripleDesEncrypt(bytes, password1); byte[] cipherBytes1 = CryptographyHelper.TripleDesEncrypt(bytes, password1);
@@ -167,10 +168,10 @@ namespace UnitTests.Common.Utilities
// assert // assert
CollectionAssert.AreEqual(expectedBytes, cipherBytes1); CollectionAssert.AreEqual(expectedBytes, cipherBytes1);
Assert.AreEqual("1l74soBuuEI=", cipherStr1); Assert.AreEqual("EB2GFc/pIUE=", cipherStr1);
CollectionAssert.AreNotEqual(expectedBytes, cipherBytes2); CollectionAssert.AreNotEqual(expectedBytes, cipherBytes2);
Assert.AreNotEqual("1l74soBuuEI=", cipherStr2); Assert.AreNotEqual("EB2GFc/pIUE=", cipherStr2);
} }
[TestMethod] [TestMethod]
@@ -179,8 +180,8 @@ namespace UnitTests.Common.Utilities
// arrange // arrange
using var _ = CryptographyHelperSaltMock.Create(0); using var _ = CryptographyHelperSaltMock.Create(0);
string cipherStr = "1l74soBuuEI="; string cipherStr = "EB2GFc/pIUE=";
byte[] cipherBytes = [0xbf, 0x59, 0x1f, 0x48, 0x69, 0xab, 0x18, 0xc7]; byte[] cipherBytes = [0xcf, 0x1a, 0x60, 0x41, 0xbb, 0x69, 0x50, 0x24];
string password1 = "P@ssw0rd!"; string password1 = "P@ssw0rd!";
string password2 = "P@ssw0rd"; string password2 = "P@ssw0rd";