Clean up Abstractions / use HashData (#1451)

mus65 · Rob-Hague · web-flow · commit 4cc1278d7cac · 2024-07-23T14:17:11.000+02:00
* Clean up Abstractions / use HashData - replace usages of GenerateRandom(byte[]) with GenerateRandom(int) - remove Create() functions and make use of static HashData methods on .NET 6+, see https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca1850 - Remove unused ReflectionAbstraction * Use Abstractions for HashData Co-authored-by: Robert Hague <rh@johnstreetcapital.com> --------- Co-authored-by: Robert Hague <rh@johnstreetcapital.com>
diff --git a/src/Renci.SshNet/Abstractions/CryptoAbstraction.cs b/src/Renci.SshNet/Abstractions/CryptoAbstraction.cs
@@ -1,10 +1,10 @@
-﻿using System;
+using System.Security.Cryptography;
 
 namespace Renci.SshNet.Abstractions
 {
     internal static class CryptoAbstraction
     {
-        private static readonly System.Security.Cryptography.RandomNumberGenerator Randomizer = CreateRandomNumberGenerator();
+        private static readonly RandomNumberGenerator Randomizer = RandomNumberGenerator.Create();
 
         /// <summary>
         /// Generates a <see cref="byte"/> array of the specified length, and fills it with a
@@ -14,51 +14,68 @@ internal static class CryptoAbstraction
         public static byte[] GenerateRandom(int length)
         {
             var random = new byte[length];
-            GenerateRandom(random);
+            Randomizer.GetBytes(random);
             return random;
         }
 
-        /// <summary>
-        /// Fills an array of bytes with a cryptographically strong random sequence of values.
-        /// </summary>
-        /// <param name="data">The array to fill with cryptographically strong random bytes.</param>
-        /// <exception cref="ArgumentNullException"><paramref name="data"/> is <see langword="null"/>.</exception>
-        /// <remarks>
-        /// The length of the byte array determines how many random bytes are produced.
-        /// </remarks>
-        public static void GenerateRandom(byte[] data)
-        {
-            Randomizer.GetBytes(data);
-        }
-
-        public static System.Security.Cryptography.RandomNumberGenerator CreateRandomNumberGenerator()
-        {
-            return System.Security.Cryptography.RandomNumberGenerator.Create();
-        }
-
-        public static System.Security.Cryptography.MD5 CreateMD5()
+        public static byte[] HashMD5(byte[] source)
         {
-            return System.Security.Cryptography.MD5.Create();
+#if NET
+            return MD5.HashData(source);
+#else
+            using (var md5 = MD5.Create())
+            {
+                return md5.ComputeHash(source);
+            }
+#endif
         }
 
-        public static System.Security.Cryptography.SHA1 CreateSHA1()
+        public static byte[] HashSHA1(byte[] source)
         {
-            return System.Security.Cryptography.SHA1.Create();
+#if NET
+            return SHA1.HashData(source);
+#else
+            using (var sha1 = SHA1.Create())
+            {
+                return sha1.ComputeHash(source);
+            }
+#endif
         }
 
-        public static System.Security.Cryptography.SHA256 CreateSHA256()
+        public static byte[] HashSHA256(byte[] source)
         {
-            return System.Security.Cryptography.SHA256.Create();
+#if NET
+            return SHA256.HashData(source);
+#else
+            using (var sha256 = SHA256.Create())
+            {
+                return sha256.ComputeHash(source);
+            }
+#endif
         }
 
-        public static System.Security.Cryptography.SHA384 CreateSHA384()
+        public static byte[] HashSHA384(byte[] source)
         {
-            return System.Security.Cryptography.SHA384.Create();
+#if NET
+            return SHA384.HashData(source);
+#else
+            using (var sha384 = SHA384.Create())
+            {
+                return sha384.ComputeHash(source);
+            }
+#endif
         }
 
-        public static System.Security.Cryptography.SHA512 CreateSHA512()
+        public static byte[] HashSHA512(byte[] source)
         {
-            return System.Security.Cryptography.SHA512.Create();
+#if NET
+            return SHA512.HashData(source);
+#else
+            using (var sha512 = SHA512.Create())
+            {
+                return sha512.ComputeHash(source);
+            }
+#endif
         }
     }
 }
diff --git a/src/Renci.SshNet/Abstractions/ReflectionAbstraction.cs b/src/Renci.SshNet/Abstractions/ReflectionAbstraction.cs
diff --git a/src/Renci.SshNet/Common/BigInteger.cs b/src/Renci.SshNet/Common/BigInteger.cs
@@ -179,8 +179,7 @@ public static BigInteger PositiveMod(BigInteger dividend, BigInteger divisor)
         /// <returns>A random number of the specified length.</returns>
         public static BigInteger Random(int bitLength)
         {
-            var bytesArray = new byte[(bitLength / 8) + (((bitLength % 8) > 0) ? 1 : 0)];
-            CryptoAbstraction.GenerateRandom(bytesArray);
+            var bytesArray = CryptoAbstraction.GenerateRandom((bitLength / 8) + (((bitLength % 8) > 0) ? 1 : 0));
             bytesArray[bytesArray.Length - 1] = (byte)(bytesArray[bytesArray.Length - 1] & 0x7F); // Ensure not a negative value
             return new BigInteger(bytesArray);
         }
diff --git a/src/Renci.SshNet/Common/HostKeyEventArgs.cs b/src/Renci.SshNet/Common/HostKeyEventArgs.cs
@@ -100,17 +100,11 @@ public HostKeyEventArgs(KeyHostAlgorithm host)
             HostKeyName = host.Name;
             KeyLength = host.Key.KeyLength;
 
-            _lazyFingerPrint = new Lazy<byte[]>(() =>
-                {
-                    using var md5 = CryptoAbstraction.CreateMD5();
-                    return md5.ComputeHash(HostKey);
-                });
+            _lazyFingerPrint = new Lazy<byte[]>(() => CryptoAbstraction.HashMD5(HostKey));
 
             _lazyFingerPrintSHA256 = new Lazy<string>(() =>
                 {
-                    using var sha256 = CryptoAbstraction.CreateSHA256();
-
-                    return Convert.ToBase64String(sha256.ComputeHash(HostKey))
+                    return Convert.ToBase64String(CryptoAbstraction.HashSHA256(HostKey))
 #if NET || NETSTANDARD2_1_OR_GREATER
                                   .Replace("=", string.Empty, StringComparison.Ordinal);
 #else
diff --git a/src/Renci.SshNet/Messages/Message.cs b/src/Renci.SshNet/Messages/Message.cs
@@ -83,8 +83,7 @@ internal byte[] GetPacket(byte paddingMultiplier, Compressor compressor, bool ex
                     var paddingLength = GetPaddingLength(paddingMultiplier, excludePacketLengthFieldWhenPadding ? packetLength - 4 : packetLength);
 
                     // add padding bytes
-                    var paddingBytes = new byte[paddingLength];
-                    CryptoAbstraction.GenerateRandom(paddingBytes);
+                    var paddingBytes = CryptoAbstraction.GenerateRandom(paddingLength);
                     sshDataStream.Write(paddingBytes, 0, paddingLength);
 
                     var packetDataLength = GetPacketDataLength(messageLength, paddingLength);
@@ -128,8 +127,7 @@ internal byte[] GetPacket(byte paddingMultiplier, Compressor compressor, bool ex
                     WriteBytes(sshDataStream);
 
                     // add padding bytes
-                    var paddingBytes = new byte[paddingLength];
-                    CryptoAbstraction.GenerateRandom(paddingBytes);
+                    var paddingBytes = CryptoAbstraction.GenerateRandom(paddingLength);
                     sshDataStream.Write(paddingBytes, 0, paddingLength);
 
                     return sshDataStream.ToArray();
diff --git a/src/Renci.SshNet/Messages/Transport/KeyExchangeInitMessage.cs b/src/Renci.SshNet/Messages/Transport/KeyExchangeInitMessage.cs
@@ -12,9 +12,7 @@ public class KeyExchangeInitMessage : Message, IKeyExchangedAllowed
         /// </summary>
         public KeyExchangeInitMessage()
         {
-            var cookie = new byte[16];
-            CryptoAbstraction.GenerateRandom(cookie);
-            Cookie = cookie;
+            Cookie = CryptoAbstraction.GenerateRandom(16);
         }
 
         #region Message Properties
diff --git a/src/Renci.SshNet/PrivateKeyFile.cs b/src/Renci.SshNet/PrivateKeyFile.cs
@@ -7,7 +7,6 @@
 using System.Text;
 using System.Text.RegularExpressions;
 
-using Renci.SshNet.Abstractions;
 using Renci.SshNet.Common;
 using Renci.SshNet.Security;
 using Renci.SshNet.Security.Cryptography;
@@ -380,7 +379,8 @@ private static byte[] GetCipherKey(string passphrase, int length)
         {
             var cipherKey = new List<byte>();
 
-            using (var md5 = CryptoAbstraction.CreateMD5())
+#pragma warning disable CA1850 // Prefer static HashData method; We'll reuse the object on lower targets.
+            using (var md5 = MD5.Create())
             {
                 var passwordBytes = Encoding.UTF8.GetBytes(passphrase);
 
@@ -394,6 +394,7 @@ private static byte[] GetCipherKey(string passphrase, int length)
                     cipherKey.AddRange(hash);
                 }
             }
+#pragma warning restore CA1850 // Prefer static HashData method
 
             return cipherKey.ToArray().Take(length);
         }
@@ -426,7 +427,8 @@ private static byte[] DecryptKey(CipherInfo cipherInfo, byte[] cipherData, strin
 
             var cipherKey = new List<byte>();
 
-            using (var md5 = CryptoAbstraction.CreateMD5())
+#pragma warning disable CA1850 // Prefer static HashData method; We'll reuse the object on lower targets.
+            using (var md5 = MD5.Create())
             {
                 var passwordBytes = Encoding.UTF8.GetBytes(passPhrase);
 
@@ -443,6 +445,7 @@ private static byte[] DecryptKey(CipherInfo cipherInfo, byte[] cipherData, strin
                     cipherKey.AddRange(hash);
                 }
             }
+#pragma warning restore CA1850 // Prefer static HashData method
 
             var cipher = cipherInfo.Cipher(cipherKey.ToArray(), binarySalt);
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Bcrypt.cs b/src/Renci.SshNet/Security/Cryptography/Bcrypt.cs
@@ -852,7 +852,7 @@ public void Hash(byte[] hpass, byte[] hsalt, byte[] output)
         /// <param name="output"></param>
         public void Pbkdf(byte[] password, byte[] salt, int rounds, byte[] output)
         {
-            using (var sha512 = CryptoAbstraction.CreateSHA512())
+            using (var sha512 = SHA512.Create())
             {
                 int nblocks = (output.Length + 31) / 32;
                 byte[] hpass = sha512.ComputeHash(password);
diff --git a/src/Renci.SshNet/Security/Cryptography/DsaDigitalSignature.cs b/src/Renci.SshNet/Security/Cryptography/DsaDigitalSignature.cs
@@ -1,7 +1,6 @@
 ﻿using System;
 using System.Security.Cryptography;
 
-using Renci.SshNet.Abstractions;
 using Renci.SshNet.Common;
 
 namespace Renci.SshNet.Security.Cryptography
@@ -29,7 +28,7 @@ public DsaDigitalSignature(DsaKey key)
 
             _key = key;
 
-            _hash = CryptoAbstraction.CreateSHA1();
+            _hash = SHA1.Create();
         }
 
         /// <summary>
diff --git a/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha1.cs b/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha1.cs
@@ -35,10 +35,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha1 = CryptoAbstraction.CreateSHA1())
-            {
-                return sha1.ComputeHash(hashData, 0, hashData.Length);
-            }
+            return CryptoAbstraction.HashSHA1(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha256.cs b/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupExchangeSha256.cs
@@ -35,10 +35,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha256 = CryptoAbstraction.CreateSHA256())
-            {
-                return sha256.ComputeHash(hashData);
-            }
+            return CryptoAbstraction.HashSHA256(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupSha1.cs b/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupSha1.cs
@@ -27,10 +27,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha1 = CryptoAbstraction.CreateSHA1())
-            {
-                return sha1.ComputeHash(hashData, 0, hashData.Length);
-            }
+            return CryptoAbstraction.HashSHA1(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupSha256.cs b/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupSha256.cs
@@ -27,10 +27,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha256 = CryptoAbstraction.CreateSHA256())
-            {
-                return sha256.ComputeHash(hashData);
-            }
+            return CryptoAbstraction.HashSHA256(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupSha512.cs b/src/Renci.SshNet/Security/KeyExchangeDiffieHellmanGroupSha512.cs
@@ -27,10 +27,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha512 = CryptoAbstraction.CreateSHA512())
-            {
-                return sha512.ComputeHash(hashData);
-            }
+            return CryptoAbstraction.HashSHA512(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs b/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs
@@ -68,10 +68,7 @@ public override void Finish()
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha256 = CryptoAbstraction.CreateSHA256())
-            {
-                return sha256.ComputeHash(hashData, 0, hashData.Length);
-            }
+            return CryptoAbstraction.HashSHA256(hashData);
         }
 
         private void Session_KeyExchangeEcdhReplyMessageReceived(object sender, MessageEventArgs<KeyExchangeEcdhReplyMessage> e)
diff --git a/src/Renci.SshNet/Security/KeyExchangeECDH256.cs b/src/Renci.SshNet/Security/KeyExchangeECDH256.cs
@@ -1,4 +1,4 @@
-﻿using Org.BouncyCastle.Asn1.Sec;
+using Org.BouncyCastle.Asn1.Sec;
 using Org.BouncyCastle.Asn1.X9;
 
 using Renci.SshNet.Abstractions;
@@ -46,10 +46,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha256 = CryptoAbstraction.CreateSHA256())
-            {
-                return sha256.ComputeHash(hashData, 0, hashData.Length);
-            }
+            return CryptoAbstraction.HashSHA256(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeECDH384.cs b/src/Renci.SshNet/Security/KeyExchangeECDH384.cs
@@ -1,4 +1,4 @@
-﻿using Org.BouncyCastle.Asn1.Sec;
+using Org.BouncyCastle.Asn1.Sec;
 using Org.BouncyCastle.Asn1.X9;
 
 using Renci.SshNet.Abstractions;
@@ -46,10 +46,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha384 = CryptoAbstraction.CreateSHA384())
-            {
-                return sha384.ComputeHash(hashData, 0, hashData.Length);
-            }
+            return CryptoAbstraction.HashSHA384(hashData);
         }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeECDH521.cs b/src/Renci.SshNet/Security/KeyExchangeECDH521.cs
@@ -1,4 +1,4 @@
-﻿using Org.BouncyCastle.Asn1.Sec;
+using Org.BouncyCastle.Asn1.Sec;
 using Org.BouncyCastle.Asn1.X9;
 
 using Renci.SshNet.Abstractions;
@@ -46,10 +46,7 @@ protected override int HashSize
         /// </returns>
         protected override byte[] Hash(byte[] hashData)
         {
-            using (var sha512 = CryptoAbstraction.CreateSHA512())
-            {
-                return sha512.ComputeHash(hashData, 0, hashData.Length);
-            }
+            return CryptoAbstraction.HashSHA512(hashData);
         }
     }
 }
diff --git a/test/Renci.SshNet.Tests/Classes/SessionTest_ConnectingBase.cs b/test/Renci.SshNet.Tests/Classes/SessionTest_ConnectingBase.cs

Original file line number	Diff line number	Diff line change
`@@ -179,8 +179,7 @@ public static BigInteger PositiveMod(BigInteger dividend, BigInteger divisor)`
`179`	`179`	`/// <returns>A random number of the specified length.</returns>`
`180`	`180`	`public static BigInteger Random(int bitLength)`
`181`	`181`	`{`
`182`		`- var bytesArray = new byte[(bitLength / 8) + (((bitLength % 8) > 0) ? 1 : 0)];`
`183`		`- CryptoAbstraction.GenerateRandom(bytesArray);`
	`182`	`+ var bytesArray = CryptoAbstraction.GenerateRandom((bitLength / 8) + (((bitLength % 8) > 0) ? 1 : 0));`
`184`	`183`	`bytesArray[bytesArray.Length - 1] = (byte)(bytesArray[bytesArray.Length - 1] & 0x7F); // Ensure not a negative value`
`185`	`184`	`return new BigInteger(bytesArray);`
`186`	`185`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,7 @@ public class KeyExchangeInitMessage : Message, IKeyExchangedAllowed`
`12`	`12`	`/// </summary>`
`13`	`13`	`public KeyExchangeInitMessage()`
`14`	`14`	`{`
`15`		`- var cookie = new byte[16];`
`16`		`- CryptoAbstraction.GenerateRandom(cookie);`
`17`		`- Cookie = cookie;`
	`15`	`+ Cookie = CryptoAbstraction.GenerateRandom(16);`
`18`	`16`	`}`
`19`	`17`
`20`	`18`	`#region Message Properties`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@`
`7`	`7`	`using System.Text;`
`8`	`8`	`using System.Text.RegularExpressions;`
`9`	`9`
`10`		`-using Renci.SshNet.Abstractions;`
`11`	`10`	`using Renci.SshNet.Common;`
`12`	`11`	`using Renci.SshNet.Security;`
`13`	`12`	`using Renci.SshNet.Security.Cryptography;`
`@@ -380,7 +379,8 @@ private static byte[] GetCipherKey(string passphrase, int length)`
`380`	`379`	`{`
`381`	`380`	`var cipherKey = new List<byte>();`
`382`	`381`
`383`		`- using (var md5 = CryptoAbstraction.CreateMD5())`
	`382`	`+#pragma warning disable CA1850 // Prefer static HashData method; We'll reuse the object on lower targets.`
	`383`	`+ using (var md5 = MD5.Create())`
`384`	`384`	`{`
`385`	`385`	`var passwordBytes = Encoding.UTF8.GetBytes(passphrase);`
`386`	`386`
`@@ -394,6 +394,7 @@ private static byte[] GetCipherKey(string passphrase, int length)`
`394`	`394`	`cipherKey.AddRange(hash);`
`395`	`395`	`}`
`396`	`396`	`}`
	`397`	`+#pragma warning restore CA1850 // Prefer static HashData method`
`397`	`398`
`398`	`399`	`return cipherKey.ToArray().Take(length);`
`399`	`400`	`}`
`@@ -426,7 +427,8 @@ private static byte[] DecryptKey(CipherInfo cipherInfo, byte[] cipherData, strin`
`426`	`427`
`427`	`428`	`var cipherKey = new List<byte>();`
`428`	`429`
`429`		`- using (var md5 = CryptoAbstraction.CreateMD5())`
	`430`	`+#pragma warning disable CA1850 // Prefer static HashData method; We'll reuse the object on lower targets.`
	`431`	`+ using (var md5 = MD5.Create())`
`430`	`432`	`{`
`431`	`433`	`var passwordBytes = Encoding.UTF8.GetBytes(passPhrase);`
`432`	`434`
`@@ -443,6 +445,7 @@ private static byte[] DecryptKey(CipherInfo cipherInfo, byte[] cipherData, strin`
`443`	`445`	`cipherKey.AddRange(hash);`
`444`	`446`	`}`
`445`	`447`	`}`
	`448`	`+#pragma warning restore CA1850 // Prefer static HashData method`
`446`	`449`
`447`	`450`	`var cipher = cipherInfo.Cipher(cipherKey.ToArray(), binarySalt);`
`448`	`451`
Original file line number	Diff line number	Diff line change
`@@ -852,7 +852,7 @@ public void Hash(byte[] hpass, byte[] hsalt, byte[] output)`
`852`	`852`	`/// <param name="output"></param>`
`853`	`853`	`public void Pbkdf(byte[] password, byte[] salt, int rounds, byte[] output)`
`854`	`854`	`{`
`855`		`- using (var sha512 = CryptoAbstraction.CreateSHA512())`
	`855`	`+ using (var sha512 = SHA512.Create())`
`856`	`856`	`{`
`857`	`857`	`int nblocks = (output.Length + 31) / 32;`
`858`	`858`	`byte[] hpass = sha512.ComputeHash(password);`
Original file line number	Diff line number	Diff line change
`@@ -35,10 +35,7 @@ protected override int HashSize`
`35`	`35`	`/// </returns>`
`36`	`36`	`protected override byte[] Hash(byte[] hashData)`
`37`	`37`	`{`
`38`		`- using (var sha1 = CryptoAbstraction.CreateSHA1())`
`39`		`- {`
`40`		`- return sha1.ComputeHash(hashData, 0, hashData.Length);`
`41`		`- }`
	`38`	`+ return CryptoAbstraction.HashSHA1(hashData);`
`42`	`39`	`}`
`43`	`40`	`}`
`44`	`41`	`}`