public void Hash(byte[] temp)
{
using var DSACng = new DSACng(10); // Noncompliant {{Make sure this weak hash algorithm is not used in a sensitive context here.}}
// ^^^^^^^^^^^^^^
using var DSACryptoServiceProvider = new DSACryptoServiceProvider(); // Noncompliant
using var DSACreate = DSA.Create(); // Noncompliant
using var DSACreateWithParam = DSA.Create("DSA"); // Noncompliant
using var DSACreateFromName = (AsymmetricAlgorithm)CryptoConfig.CreateFromName("DSA"); // Noncompliant
using var DSAAsymmetricAlgorithm = AsymmetricAlgorithm.Create("DSA"); // Noncompliant
using var DSAAsymmetricAlgorithmWithNamespace = AsymmetricAlgorithm.Create("System.Security.Cryptography.DSA"); // Noncompliant
using var HMACCreate = HMAC.Create(); // Noncompliant
using var HMACCreateWithParam = HMAC.Create("HMACMD5"); // Noncompliant
using var HMACMD5 = new HMACMD5(); // Noncompliant
using var HMACMD5Create = HMACMD5.Create(); // Noncompliant
using var HMACMD5CreateWithParam = HMACMD5.Create("HMACMD5"); // Noncompliant
using var HMACMD5KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACMD5"); // Noncompliant
using var HMACMD5KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACMD5"); // Noncompliant
using var HMACMD5CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACMD5"); // Noncompliant
using var HMACSHA1 = new HMACSHA1(); // Noncompliant
using var HMACSHA1Create = HMACMD5.Create(); // Noncompliant
using var HMACSHA1CreateWithParam = HMACMD5.Create("HMACSHA1"); // Noncompliant
using var HMACSHA1KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACSHA1"); // Noncompliant
using var HMACSHA1KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACSHA1"); // Noncompliant
using var HMACSHA1CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACSHA1"); // Noncompliant
using var HMACSHA256Create = HMACSHA256.Create("HMACSHA256");
using var HMACSHA256KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACSHA256");
using var HMACSHA256KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACSHA256");
using var HMACSHA256CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACSHA256");
using var MD5CryptoServiceProvider = new MD5CryptoServiceProvider(); // Noncompliant
using var MD5CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("MD5"); // Noncompliant
using var MD5HashAlgorithm = HashAlgorithm.Create("MD5"); // Noncompliant
using var MD5HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.MD5"); // Noncompliant
using var MD5Create = MD5.Create(); // Noncompliant
using var MD5CreateWithParam = MD5.Create("MD5"); // Noncompliant
using var SHA1Managed = new SHA1Managed(); // Noncompliant
using var SHA1Create = SHA1.Create(); // Noncompliant
using var SHA1CreateWithParam = SHA1.Create("SHA1"); // Noncompliant
using var SHA1HashAlgorithm = HashAlgorithm.Create("SHA1"); // Noncompliant
using var SHA1HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.SHA1"); // Noncompliant
using var SHA1CryptoServiceProvider = new SHA1CryptoServiceProvider(); // Noncompliant
using var sha256Managed = new SHA256Managed();
using var sha256HashAlgorithm = HashAlgorithm.Create("SHA256Managed");
using var sha256HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.SHA256Managed");
var sha256CryptoConfig = CryptoConfig.CreateFromName("SHA256Managed");
HashAlgorithm hashAlgo = HashAlgorithm.Create();
var algoName = "MD5";
var md5Var = (HashAlgorithm)CryptoConfig.CreateFromName(algoName); // Noncompliant
algoName = "SHA256Managed";
var SHA256ManagedVar = (HashAlgorithm)CryptoConfig.CreateFromName(algoName);
}
public void HmaCalls()
{
using (var hmac = new HMACSHA1()) // Noncompliant
{
}
using (var hmac = HMAC.Create()) // Noncompliant
{
}
using (var hmacmd5 = HMACMD5.Create("HMACMD5")) // Noncompliant
{
}
using (var hmacmd5 = KeyedHashAlgorithm.Create("HMACMD5")) // Noncompliant
{
}
using (var hmacmd5 = (KeyedHashAlgorithm)CryptoConfig.CreateFromName("HMACMD5")) // Noncompliant
{
}
using (var hmacsha256 = HMACSHA256.Create("HMACSHA256"))
{
}
using (var hmacsha256 = KeyedHashAlgorithm.Create("HMACSHA256"))
{
}
using (var hmacsha256 = (KeyedHashAlgorithm)CryptoConfig.CreateFromName("HMACSHA256"))
{
}
}
public static string GetEncryptResult(string input)
{
var md5 = HMACMD5.Create();
byte[] bytes = md5.ComputeHash(Encoding.UTF8.GetBytes(input));
var strResult = BitConverter.ToString(bytes);
return(strResult.Replace("-", ""));
}
public static byte[] ComputeHash(byte[] input, byte[] key, string algorithm)
{
if (input == null || input.Length == 0)
{
throw new ArgumentException();
}
if (key == null || key.Length == 0)
{
throw new ArgumentException();
}
System.Security.Cryptography.KeyedHashAlgorithm hash;
switch (algorithm.ToUpperInvariant())
{
case "MD5":
case "HMACMD5":
hash = HMACMD5.Create();
break;
case "MD160":
case "RIPEMD160":
case "HMACRIPEMD160":
hash = HMACRIPEMD160.Create();
break;
case "SHA":
case "SHA1":
case "HMACSHA":
case "HMACSHA1":
hash = HMACSHA1.Create();
break;
case "SHA256":
case "HMACSHA256":
hash = HMACSHA256.Create();
break;
case "SHA384":
case "HMACSHA384":
hash = HMACSHA384.Create();
break;
case "SHA512":
case "HMACSHA512":
hash = HMACSHA512.Create();
break;
default:
throw new NotSupportedException();
}
hash.Key = key;
byte[] result = hash.ComputeHash(input);
hash.Clear();
return(result);
}
private static byte[] GetHash([CanBeNull] string input, EHashType hash)
{
var inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case EHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
#pragma warning disable RECS0030 // Suggests using the class declaring a static function when calling it
case EHashType.HMACMD5: // DevSkim: ignore DS126858
return(HMACMD5.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
case EHashType.HMACSHA1: // DevSkim: ignore DS126858
return(HMACSHA1.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
case EHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
#pragma warning restore RECS0030 // Suggests using the class declaring a static function when calling it
case EHashType.MD5: // DevSkim: ignore DS126858
#pragma warning disable SG0006 // Weak hashing function
return(MD5.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
#pragma warning restore SG0006 // Weak hashing function
case EHashType.SHA1: // DevSkim: ignore DS126858
#pragma warning disable SG0006 // Weak hashing function
return(SHA1.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
#pragma warning restore SG0006 // Weak hashing function
case EHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case EHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case EHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
private static byte[] GetHash(string Source, HashType hash)
{
byte[] inputBytes = Encoding.ASCII.GetBytes(Source);
switch (hash)
{
case HashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case HashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case HashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case HashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case HashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case HashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
/*
* case HashType.MACTripleDES:
* return MACTripleDES.Create().ComputeHash(inputBytes);
*/
case HashType.MD5:
return(MD5.Create().ComputeHash(inputBytes));
/*
* case HashType.RIPEMD160:
* return RIPEMD160.Create().ComputeHash(inputBytes);
*/
case HashType.SHA1:
return(SHA1.Create().ComputeHash(inputBytes));
case HashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case HashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case HashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
private static byte[] GetHash(string input, EHashType hash)
{
var inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case EHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case EHashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
case EHashType.MACTripleDES:
return(MACTripleDES.Create().ComputeHash(inputBytes));
case EHashType.MD5:
return(MD5.Create().ComputeHash(inputBytes));
case EHashType.RIPEMD160:
return(RIPEMD160.Create().ComputeHash(inputBytes));
case EHashType.SHA1:
return(SHA1.Create().ComputeHash(inputBytes));
case EHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case EHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case EHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
private static byte[] GetHash(string input, EHashType hash)
{
byte[] inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case EHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case EHashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
#pragma warning disable CS0618 // Type or member is obsolete
case EHashType.MD5:
#pragma warning restore CS0618 // Type or member is obsolete
return(MD5.Create().ComputeHash(inputBytes));
#pragma warning disable CS0618 // Type or member is obsolete
case EHashType.SHA1:
#pragma warning restore CS0618 // Type or member is obsolete
return(SHA1.Create().ComputeHash(inputBytes));
case EHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case EHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case EHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
private static byte[] GetHash(string input, eHashType hash)
{
byte[] inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case eHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case eHashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case eHashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case eHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case eHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case eHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
case eHashType.MD5:
return(MD5.Create().ComputeHash(inputBytes));
case eHashType.SHA1:
return(SHA1.Create().ComputeHash(inputBytes));
case eHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case eHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case eHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
public void Hash(byte[] temp)
{
using var HMACRIPEMD160 = new HMACRIPEMD160(); // Noncompliant
using var HMACRIPEMD160Create = HMACMD5.Create(); // Noncompliant
using var HMACRIPEMD160CreateWithParam = HMACMD5.Create("HMACRIPEMD160"); // Noncompliant
using var HMACRIPEMD160KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACRIPEMD160"); // Noncompliant
using var HMACRIPEMD160KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACRIPEMD160"); // Noncompliant
using var HMACRIPEMD160CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACRIPEMD160"); // Noncompliant
using var MD5Cng = new MD5Cng(); // Noncompliant
using var RIPEMD160Managed = new RIPEMD160Managed(); // Noncompliant
using var RIPEMD160Create = RIPEMD160.Create(); // Noncompliant
using var RIPEMD160CreateWithParam = RIPEMD160.Create("RIPEMD160"); // Noncompliant
using var RIPEMD160HashAlgorithm = HashAlgorithm.Create("RIPEMD160"); // Noncompliant
using var RIPEMD160HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.RIPEMD160"); // Noncompliant
using var RIPEMD160CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("RIPEMD160"); // Noncompliant
}
// ReSharper disable AccessToStaticMemberViaDerivedType
private void setHashAlgorithm()
{
switch (cbAlgo.SelectedIndex)
{
case 0:
switch (cbOption.SelectedIndex)
{
case 0: _ha = SHA256.Create();
break;
case 1: _ha = SHA256Cng.Create();
break;
case 2: _ha = HMACSHA256.Create();
break;
}
break;
case 1:
switch (cbOption.SelectedIndex)
{
case 0: _ha = SHA512.Create();
break;
case 1: _ha = SHA512Cng.Create();
break;
case 2: _ha = HMACSHA512.Create();
break;
}
break;
case 2:
switch (cbOption.SelectedIndex)
{
case 0: _ha = SHA1.Create();
break;
case 1: _ha = SHA1Cng.Create();
break;
case 2: _ha = HMACSHA1.Create();
break;
}
break;
case 3:
switch (cbOption.SelectedIndex)
{
case 0: _ha = MD5.Create();
break;
case 1: _ha = MD5Cng.Create();
break;
case 2: _ha = HMACMD5.Create();
break;
}
break;
case 4:
//stays null for Modbus-CRC16
break;
case 5:
_ha = new Crc32();
break;
}
}
public void Create_Incorrect()
{
var x = HMACMD5.Create();
Assert.AreEqual("SHA1", x.HashName, "https://connect.microsoft.com/VisualStudio/feedback/details/838731/all-hmac-create-methods-return-an-instance-of-hmacmd5");
}