Remove S.Sec.Crypto.Algorithms package dependency

eng/Versions.props

@@ -128,7 +128,6 @@
     <SystemMemoryVersion>4.5.5</SystemMemoryVersion>
     <SystemReflectionMetadataVersion>6.0.1</SystemReflectionMetadataVersion>
     <SystemSecurityAccessControlVersion>6.0.0</SystemSecurityAccessControlVersion>
-    <SystemSecurityCryptographyAlgorithmsVersion>4.3.1</SystemSecurityCryptographyAlgorithmsVersion>
     <SystemSecurityCryptographyCngVersion>5.0.0</SystemSecurityCryptographyCngVersion>
     <SystemSecurityCryptographyOpenSslVersion>5.0.0</SystemSecurityCryptographyOpenSslVersion>
     <SystemSecurityPrincipalWindowsVersion>5.0.0</SystemSecurityPrincipalWindowsVersion>

src/libraries/Common/src/System/Security/Cryptography/IncrementalHash.netfx.cs

@@ -0,0 +1,231 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#if !NETFRAMEWORK || NET471_OR_GREATER
+#error "This implementation of IncrementalHash should only be used for .NET Framework where it is not available"
+#endif
+
+using System.Diagnostics;
+
+namespace System.Security.Cryptography
+{
+    /// <summary>
+    /// Provides support for computing a hash or HMAC value incrementally across several segments.
+    /// </summary>
+    internal sealed class IncrementalHash : IDisposable
+    {
+        private const int NTE_BAD_ALGID = unchecked((int)0x80090008);
+
+        private readonly HashAlgorithmName _algorithmName;
+        private HashAlgorithm _hash;
+        private bool _disposed;
+        private bool _resetPending;
+
+        private IncrementalHash(HashAlgorithmName name, HashAlgorithm hash)
+        {
+            Debug.Assert(!string.IsNullOrEmpty(name.Name));
+            Debug.Assert(hash != null);
+
+            _algorithmName = name;
+            _hash = hash;
+        }
+
+        /// <summary>
+        /// Get the name of the algorithm being performed.
+        /// </summary>
+        public HashAlgorithmName AlgorithmName
+        {
+            get { return _algorithmName; }
+        }
+
+        /// <summary>
+        /// Append the entire contents of <paramref name="data"/> to the data already processed in the hash or HMAC.
+        /// </summary>
+        /// <param name="data">The data to process.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="data"/> is <c>null</c>.</exception>
+        /// <exception cref="ObjectDisposedException">The object has already been disposed.</exception>
+        public void AppendData(byte[] data)
+        {
+            if (data == null)
+                throw new ArgumentNullException(nameof(data));
+
+            AppendData(data, 0, data.Length);
+        }
+
+        /// <summary>
+        /// Append <paramref name="count"/> bytes of <paramref name="data"/>, starting at <paramref name="offset"/>,
+        /// to the data already processed in the hash or HMAC.
+        /// </summary>
+        /// <param name="data">The data to process.</param>
+        /// <param name="offset">The offset into the byte array from which to begin using data.</param>
+        /// <param name="count">The number of bytes in the array to use as data.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="data"/> is <c>null</c>.</exception>
+        /// <exception cref="ArgumentOutOfRangeException">
+        ///     <paramref name="offset"/> is out of range. This parameter requires a non-negative number.
+        /// </exception>
+        /// <exception cref="ArgumentOutOfRangeException">
+        ///     <paramref name="count"/> is out of range. This parameter requires a non-negative number less than
+        ///     the <see cref="Array.Length"/> value of <paramref name="data"/>.
+        ///     </exception>
+        /// <exception cref="ArgumentException">
+        ///     <paramref name="count"/> is greater than
+        ///     <paramref name="data"/>.<see cref="Array.Length"/> - <paramref name="offset"/>.
+        /// </exception>
+        /// <exception cref="ObjectDisposedException">The object has already been disposed.</exception>
+        public void AppendData(byte[] data, int offset, int count)
+        {
+            if (data == null)
+                throw new ArgumentNullException(nameof(data));
+            if (offset < 0)
+                throw new ArgumentOutOfRangeException(nameof(offset), SR.ArgumentOutOfRange_NeedNonNegNum);
+            if (count < 0 || (count > data.Length))
+                throw new ArgumentOutOfRangeException(nameof(count));
+            if ((data.Length - count) < offset)
+                throw new ArgumentException(SR.Argument_InvalidOffLen);
+            if (_disposed)
+                throw new ObjectDisposedException(nameof(IncrementalHash));
+
+            Debug.Assert(_hash != null);
+
+            if (_resetPending)
+            {
+                _hash.Initialize();
+                _resetPending = false;
+            }
+
+            _hash.TransformBlock(data, offset, count, null, 0);
+        }
+
+        /// <summary>
+        /// Retrieve the hash or HMAC for the data accumulated from prior calls to
+        /// <see cref="AppendData(byte[])"/>, and return to the state the object
+        /// was in at construction.
+        /// </summary>
+        /// <returns>The computed hash or HMAC.</returns>
+        /// <exception cref="ObjectDisposedException">The object has already been disposed.</exception>
+        public byte[] GetHashAndReset()
+        {
+            if (_disposed)
+                throw new ObjectDisposedException(nameof(IncrementalHash));
+
+            Debug.Assert(_hash != null);
+
+            if (_resetPending)
+            {
+                // No point in setting _resetPending to false, we're about to set it to true.
+                _hash.Initialize();
+            }
+
+            _hash.TransformFinalBlock(Array.Empty<byte>(), 0, 0);
+            byte[] hashValue = _hash.Hash;
+            _resetPending = true;
+
+            return hashValue;
+        }
+
+        /// <summary>
+        /// Release all resources used by the current instance of the
+        /// <see cref="IncrementalHash"/> class.
+        /// </summary>
+        public void Dispose()
+        {
+            _disposed = true;
+
+            if (_hash != null)
+            {
+                _hash.Dispose();
+                _hash = null;
+            }
+        }
+
+        /// <summary>
+        /// Create an <see cref="IncrementalHash"/> for the algorithm specified by <paramref name="hashAlgorithm"/>.
+        /// </summary>
+        /// <param name="hashAlgorithm">The name of the hash algorithm to perform.</param>
+        /// <returns>
+        /// An <see cref="IncrementalHash"/> instance ready to compute the hash algorithm specified
+        /// by <paramref name="hashAlgorithm"/>.
+        /// </returns>
+        /// <exception cref="ArgumentException">
+        ///     <paramref name="hashAlgorithm"/>.<see cref="HashAlgorithmName.Name"/> is <c>null</c>, or
+        ///     the empty string.
+        /// </exception>
+        /// <exception cref="CryptographicException"><paramref name="hashAlgorithm"/> is not a known hash algorithm.</exception>
+        public static IncrementalHash CreateHash(HashAlgorithmName hashAlgorithm)
+        {
+            if (string.IsNullOrEmpty(hashAlgorithm.Name))
+                throw new ArgumentException(SR.Cryptography_HashAlgorithmNameNullOrEmpty, nameof(hashAlgorithm));
+
+            return new IncrementalHash(hashAlgorithm, GetHashAlgorithm(hashAlgorithm));
+        }
+
+        /// <summary>
+        /// Create an <see cref="IncrementalHash"/> for the Hash-based Message Authentication Code (HMAC)
+        /// algorithm utilizing the hash algorithm specified by <paramref name="hashAlgorithm"/>, and a
+        /// key specified by <paramref name="key"/>.
+        /// </summary>
+        /// <param name="hashAlgorithm">The name of the hash algorithm to perform within the HMAC.</param>
+        /// <param name="key">
+        ///     The secret key for the HMAC. The key can be any length, but a key longer than the output size
+        ///     of the hash algorithm specified by <paramref name="hashAlgorithm"/> will be hashed (using the
+        ///     algorithm specified by <paramref name="hashAlgorithm"/>) to derive a correctly-sized key. Therefore,
+        ///     the recommended size of the secret key is the output size of the hash specified by
+        ///     <paramref name="hashAlgorithm"/>.
+        /// </param>
+        /// <returns>
+        /// An <see cref="IncrementalHash"/> instance ready to compute the hash algorithm specified
+        /// by <paramref name="hashAlgorithm"/>.
+        /// </returns>
+        /// <exception cref="ArgumentException">
+        ///     <paramref name="hashAlgorithm"/>.<see cref="HashAlgorithmName.Name"/> is <c>null</c>, or
+        ///     the empty string.
+        /// </exception>
+        /// <exception cref="CryptographicException"><paramref name="hashAlgorithm"/> is not a known hash algorithm.</exception>
+        public static IncrementalHash CreateHMAC(HashAlgorithmName hashAlgorithm, byte[] key)
+        {
+            if (key == null)
+                throw new ArgumentNullException(nameof(key));
+            if (string.IsNullOrEmpty(hashAlgorithm.Name))
+                throw new ArgumentException(SR.Cryptography_HashAlgorithmNameNullOrEmpty, nameof(hashAlgorithm));
+
+            return new IncrementalHash(hashAlgorithm, GetHMAC(hashAlgorithm, key));
+        }
+
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5351", Justification = "MD5 is used when the user asks for it.")]
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 is used when the user asks for it.")]
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5354", Justification = "SHA1 is used when the user asks for it.")]
+        private static HashAlgorithm GetHashAlgorithm(HashAlgorithmName hashAlgorithm)
+        {
+            if (hashAlgorithm == HashAlgorithmName.MD5)
+                return new MD5CryptoServiceProvider();
+            if (hashAlgorithm == HashAlgorithmName.SHA1)
+                return new SHA1CryptoServiceProvider();
+            if (hashAlgorithm == HashAlgorithmName.SHA256)
+                return new SHA256CryptoServiceProvider();
+            if (hashAlgorithm == HashAlgorithmName.SHA384)
+                return new SHA384CryptoServiceProvider();
+            if (hashAlgorithm == HashAlgorithmName.SHA512)
+                return new SHA512CryptoServiceProvider();
+
+            throw new CryptographicException(NTE_BAD_ALGID);
+        }
+
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5351", Justification = "MD5 is used when the user asks for it.")]
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 is used when the user asks for it.")]
+        private static HashAlgorithm GetHMAC(HashAlgorithmName hashAlgorithm, byte[] key)
+        {
+            if (hashAlgorithm == HashAlgorithmName.MD5)
+                return new HMACMD5(key);
+            if (hashAlgorithm == HashAlgorithmName.SHA1)
+                return new HMACSHA1(key);
+            if (hashAlgorithm == HashAlgorithmName.SHA256)
+                return new HMACSHA256(key);
+            if (hashAlgorithm == HashAlgorithmName.SHA384)
+                return new HMACSHA384(key);
+            if (hashAlgorithm == HashAlgorithmName.SHA512)
+                return new HMACSHA512(key);
+
+            throw new CryptographicException(NTE_BAD_ALGID);
+        }
+    }
+}

src/libraries/Microsoft.Extensions.FileProviders.Physical/src/Microsoft.Extensions.FileProviders.Physical.csproj

@@ -16,6 +16,9 @@
              Link="Common\src\Extensions\NonCapturingTimer\NonCapturingTimer.cs" />
     <Compile Include="$(CommonPath)System\ThrowHelper.cs"
              Link="Common\System\ThrowHelper.cs" />
+    <Compile Include="$(CommonPath)System\Security\Cryptography\IncrementalHash.netfx.cs"
+             Link="Common\System\Security\Cryptography\IncrementalHash.cs"
+             Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework'" />
   </ItemGroup>
 
   <ItemGroup>
@@ -24,8 +27,4 @@
     <ProjectReference Include="$(LibrariesProjectRoot)Microsoft.Extensions.Primitives\src\Microsoft.Extensions.Primitives.csproj" />
   </ItemGroup>
 
-  <!-- For IncrementalHash -->
-  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework'">
-    <PackageReference Include="System.Security.Cryptography.Algorithms" Version="$(SystemSecurityCryptographyAlgorithmsVersion)" />
-  </ItemGroup>
 </Project>

src/libraries/Microsoft.Extensions.FileProviders.Physical/src/Resources/Strings.resx

@@ -117,6 +117,12 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
+  <data name="Argument_InvalidOffLen" xml:space="preserve">
+    <value>Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection.</value>
+  </data>
+  <data name="ArgumentOutOfRange_NeedNonNegNum" xml:space="preserve">
+    <value>Non-negative number required.</value>
+  </data>
   <data name="Error_FileSystemWatcherRequiredWithoutPolling" xml:space="preserve">
     <value>The fileSystemWatcher parameter must be non-null when pollForChanges is false.</value>
   </data>
@@ -126,6 +132,9 @@
   <data name="CannotModifyWhenFileWatcherInitialized" xml:space="preserve">
     <value>Cannot modify {0} once file watcher has been initialized.</value>
   </data>
+  <data name="Cryptography_HashAlgorithmNameNullOrEmpty" xml:space="preserve">
+    <value>The hash algorithm name cannot be null or empty.</value>
+  </data>
   <data name="UnexpectedFileSystemInfo" xml:space="preserve">
     <value>Unexpected type of FileSystemInfo</value>
   </data>

src/libraries/System.Reflection.Metadata/tests/System.Reflection.Metadata.Tests.csproj

@@ -1,4 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
+
   <PropertyGroup>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <ExternallyShipping>false</ExternallyShipping>
@@ -9,6 +10,7 @@
     <EnableLibraryImportGenerator>true</EnableLibraryImportGenerator>
     <DefineConstants Condition="'$(TargetOS)' == 'browser'">$(DefineConstants);TARGET_BROWSER</DefineConstants> 
   </PropertyGroup>
+
   <ItemGroup>
     <Compile Include="$(CommonTestPath)System\Security\Cryptography\SignatureSupport.cs"
              Link="CommonTest\System\Security\Cryptography\SignatureSupport.cs" />
@@ -24,6 +26,7 @@
              Link="Common\Microsoft\Win32\SafeHandles\SafeLibraryHandle.cs" />
     <Compile Include="$(CommonTestPath)System\IO\TempFile.cs"
              Link="Common\System\IO\TempFile.cs" />
+
     <Compile Include="Metadata\BlobContentIdTests.cs" />
     <Compile Include="Metadata\BlobTests.cs" />
     <Compile Include="Metadata\BlobUtilitiesTests.cs" />
@@ -90,6 +93,7 @@
     <Compile Include="Utilities\MemoryBlockTests.cs" />
     <Compile Include="Utilities\OrderByTests.cs" />
   </ItemGroup>
+
   <ItemGroup>
     <None Include="Resources\Namespace\NamespaceForwardedCS.cs" />
     <None Include="Resources\Namespace\NamespaceTests.cs" />
@@ -135,16 +139,19 @@
     <None Include="Resources\Misc\Signed.cs" />
     <EmbeddedResource Include="Resources\Misc\Signed.exe" />
   </ItemGroup>
+
   <ItemGroup>
     <!-- Some internal types are needed, so we reference the implementation assembly, rather than the reference assembly. -->
     <ProjectReference Include="..\src\System.Reflection.Metadata.csproj" SkipUseReferenceAssembly="true" />
   </ItemGroup>
+
     <!-- For IncrementalHash -->
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework'">
-    <PackageReference Include="System.Security.Cryptography.Algorithms" Version="$(SystemSecurityCryptographyAlgorithmsVersion)" />
     <PackageReference Include="System.ValueTuple" Version="$(SystemValueTupleVersion)" />
   </ItemGroup>
+
   <ItemGroup Condition="'$(TargetOS)' == 'browser'">
     <WasmFilesToIncludeFromPublishDir Include="$(AssemblyName).dll" />
   </ItemGroup>
+
 </Project>

src/libraries/System.Reflection.Metadata/tests/TestUtilities/SigningUtilities.cs

@@ -29,20 +29,19 @@ public static byte[] CalculateRsaSignature(IEnumerable<Blob> content, byte[] pri
 
         public static byte[] CalculateSha1(IEnumerable<Blob> content)
         {
-            using (var hash = IncrementalHash.CreateHash(HashAlgorithmName.SHA1))
-            {
-                var stream = new MemoryStream();
-
-                foreach (var blob in content)
-                {
-                    var segment = blob.GetBytes();
+            MemoryStream stream = new();
 
-                    stream.Write(segment.Array, segment.Offset, segment.Count);
+            foreach (Blob blob in content)
+            {
+                var segment = blob.GetBytes();
+                stream.Write(segment.Array, segment.Offset, segment.Count);
+            }
 
-                    hash.AppendData(segment.Array, segment.Offset, segment.Count);
-                }
+            stream.Position = 0;
 
-                return hash.GetHashAndReset();
+            using (SHA1 sha1 = SHA1.Create())
+            {
+                return sha1.ComputeHash(stream);
             }
         }
 

src/libraries/System.Security.Cryptography.Cose/src/Resources/Strings.resx

@@ -123,6 +123,12 @@
   <data name="Argument_EncodeDestinationTooSmall" xml:space="preserve">
     <value>The destination is too small to hold the encoded value.</value>
   </data>
+  <data name="Argument_InvalidOffLen" xml:space="preserve">
+    <value>Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection.</value>
+  </data>
+  <data name="ArgumentOutOfRange_NeedNonNegNum" xml:space="preserve">
+    <value>Non-negative number required.</value>
+  </data>
   <data name="ContentWasDetached" xml:space="preserve">
     <value>Content was not included in the message (detached message), provide a content to verify.</value>
   </data>
@@ -156,6 +162,9 @@
   <data name="CriticalHeadersMustBeArrayOfAtLeastOne" xml:space="preserve">
     <value>Critical Headers must be a CBOR array of at least one element.</value>
   </data>
+  <data name="Cryptography_HashAlgorithmNameNullOrEmpty" xml:space="preserve">
+    <value>The hash algorithm name cannot be null or empty.</value>
+  </data>
   <data name="DecodeCoseSignatureMustBeArrayOfThree" xml:space="preserve">
     <value>COSE Signature must be an array of three elements.</value>
   </data>