Obsolete Encrypt / Decrypt with fOAEP

docs/project/list-of-diagnostics.md

@@ -118,6 +118,7 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
 |  __`SYSLIB0061`__ | The Queryable MinBy and MaxBy taking an IComparer\<TSource\> are obsolete. Use the new ones that take an IComparer\<TKey\>. |
 |  __`SYSLIB0062`__ | XSLT Script blocks are not supported. |
 |  __`SYSLIB0063`__ | This constructor has been deprecated and argument bool isConnected does not have any effect. Use NamedPipeClientStream(PipeDirection direction, bool isAsync, SafePipeHandle safePipeHandle) instead. |
+|  __`SYSLIB0064`__ | RSACryptoServiceProvider.Encrypt and RSACryptoServiceProvider.Decrypt methods that take a boolean are obsolete. Use the overload that accepts RSAEncryptionPadding instead. |
 
 ## Analyzer Warnings
 

src/libraries/Common/src/System/Obsoletions.cs

@@ -201,6 +201,9 @@ internal static class Obsoletions
         internal const string NamedPipeClientStreamIsConnectedMessage = "This constructor has been deprecated and argument bool isConnected does not have any effect. Use NamedPipeClientStream(PipeDirection direction, bool isAsync, SafePipeHandle safePipeHandle) instead.";
         internal const string NamedPipeClientStreamIsConnectedDiagId = "SYSLIB0063";
 
+        internal const string RSACspEncryptDecryptMessage = "RSACryptoServiceProvider.Encrypt and RSACryptoServiceProvider.Decrypt methods that take a boolean are obsolete. Use the overload that accepts RSAEncryptionPadding instead.";
+        internal const string RSACspEncryptDecryptDiagId = "SYSLIB0064";
+
         // When adding a new diagnostic ID, add it to the table in docs\project\list-of-diagnostics.md as well.
         // Keep new const identifiers above this comment.
     }

src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs

@@ -2716,12 +2716,14 @@ public RSACryptoServiceProvider(System.Security.Cryptography.CspParameters? para
         public bool PublicOnly { get { throw null; } }
         public override string SignatureAlgorithm { get { throw null; } }
         public static bool UseMachineKeyStore { get { throw null; } set { } }
+        [System.ObsoleteAttribute("RSACryptoServiceProvider.Encrypt and RSACryptoServiceProvider.Decrypt methods that take a boolean are obsolete. Use the overload that accepts RSAEncryptionPadding instead.", DiagnosticId="SYSLIB0064", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] Decrypt(byte[] rgb, bool fOAEP) { throw null; }
         public override byte[] Decrypt(byte[] data, System.Security.Cryptography.RSAEncryptionPadding padding) { throw null; }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         [System.ObsoleteAttribute("RSA.EncryptValue and DecryptValue are not supported and throw NotSupportedException. Use RSA.Encrypt and RSA.Decrypt instead.", DiagnosticId="SYSLIB0048", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public override byte[] DecryptValue(byte[] rgb) { throw null; }
         protected override void Dispose(bool disposing) { }
+        [System.ObsoleteAttribute("RSACryptoServiceProvider.Encrypt and RSACryptoServiceProvider.Decrypt methods that take a boolean are obsolete. Use the overload that accepts RSAEncryptionPadding instead.", DiagnosticId="SYSLIB0064", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
         public byte[] Encrypt(byte[] rgb, bool fOAEP) { throw null; }
         public override byte[] Encrypt(byte[] data, System.Security.Cryptography.RSAEncryptionPadding padding) { throw null; }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.NotSupported.cs

@@ -31,7 +31,9 @@ public RSACryptoServiceProvider(CspParameters parameters) =>
         [SupportedOSPlatform("windows")]
         public CspKeyContainerInfo CspKeyContainerInfo => default!;
 
+        [Obsolete(Obsoletions.RSACspEncryptDecryptMessage, DiagnosticId = Obsoletions.RSACspEncryptDecryptDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public byte[] Decrypt(byte[] rgb, bool fOAEP) => default!;
+        [Obsolete(Obsoletions.RSACspEncryptDecryptMessage, DiagnosticId = Obsoletions.RSACspEncryptDecryptDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public byte[] Encrypt(byte[] rgb, bool fOAEP) => default!;
         public byte[] ExportCspBlob(bool includePrivateParameters) => default!;
         public override RSAParameters ExportParameters(bool includePrivateParameters) => default;

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Unix.cs

@@ -39,26 +39,25 @@ public RSACryptoServiceProvider(CspParameters parameters) =>
         public CspKeyContainerInfo CspKeyContainerInfo =>
             throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_CAPI_Required, nameof(CspKeyContainerInfo)));
 
+        [Obsolete(Obsoletions.RSACspEncryptDecryptMessage, DiagnosticId = Obsoletions.RSACspEncryptDecryptDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public byte[] Decrypt(byte[] rgb, bool fOAEP)
         {
             ArgumentNullException.ThrowIfNull(rgb);
-
-            // size check -- must be exactly the modulus size
-            if (rgb.Length != (KeySize / 8))
-                throw new CryptographicException(SR.Cryptography_RSA_DecryptWrongSize);
-
-            return _impl.Decrypt(rgb, fOAEP ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1);
+            return Decrypt(rgb, fOAEP ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1);
         }
 
         public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding)
         {
             ArgumentNullException.ThrowIfNull(data);
             ArgumentNullException.ThrowIfNull(padding);
 
-            return
-                padding == RSAEncryptionPadding.Pkcs1 ? Decrypt(data, fOAEP: false) :
-                padding == RSAEncryptionPadding.OaepSHA1 ? Decrypt(data, fOAEP: true) : // For compat, this prevents OaepSHA2 options as fOAEP==true will cause Decrypt to use OaepSHA1
+            if (padding != RSAEncryptionPadding.Pkcs1 && padding != RSAEncryptionPadding.OaepSHA1)
                 throw PaddingModeNotSupported();
+
+            if (data.Length != (KeySize / 8))
+                throw new CryptographicException(SR.Cryptography_RSA_DecryptWrongSize);
+
+            return _impl.Decrypt(data, padding);
         }
 
         public override bool TryDecrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten)
@@ -82,22 +81,22 @@ protected override void Dispose(bool disposing)
             }
         }
 
+        [Obsolete(Obsoletions.RSACspEncryptDecryptMessage, DiagnosticId = Obsoletions.RSACspEncryptDecryptDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public byte[] Encrypt(byte[] rgb, bool fOAEP)
         {
             ArgumentNullException.ThrowIfNull(rgb);
-
-            return _impl.Encrypt(rgb, fOAEP ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1);
+            return Encrypt(rgb, fOAEP ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1);
         }
 
         public override byte[] Encrypt(byte[] data, RSAEncryptionPadding padding)
         {
             ArgumentNullException.ThrowIfNull(data);
             ArgumentNullException.ThrowIfNull(padding);
 
-            return
-                padding == RSAEncryptionPadding.Pkcs1 ? Encrypt(data, fOAEP: false) :
-                padding == RSAEncryptionPadding.OaepSHA1 ? Encrypt(data, fOAEP: true) : // For compat, this prevents OaepSHA2 options as fOAEP==true will cause Decrypt to use OaepSHA1
+            if (padding != RSAEncryptionPadding.Pkcs1 && padding != RSAEncryptionPadding.OaepSHA1)
                 throw PaddingModeNotSupported();
+
+            return _impl.Encrypt(data, padding);
         }
 
         public override bool TryEncrypt(ReadOnlySpan<byte> data, Span<byte> destination, RSAEncryptionPadding padding, out int bytesWritten)

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs

@@ -259,22 +259,11 @@ public static bool UseMachineKeyStore
         /// <param name="rgb">encrypted data</param>
         /// <param name="fOAEP">true to use OAEP padding (PKCS #1 v2), false to use PKCS #1 type 2 padding</param>
         /// <returns>decrypted data</returns>
+        [Obsolete(Obsoletions.RSACspEncryptDecryptMessage, DiagnosticId = Obsoletions.RSACspEncryptDecryptDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public byte[] Decrypt(byte[] rgb, bool fOAEP)
         {
             ArgumentNullException.ThrowIfNull(rgb);
-
-            // Save the KeySize value to a local because it has non-trivial cost.
-            int keySize = KeySize;
-
-            // size check -- must be exactly the modulus size
-            if (rgb.Length != (keySize / 8))
-            {
-                throw new CryptographicException(SR.Cryptography_RSA_DecryptWrongSize);
-            }
-
-            byte[] decryptedKey;
-            CapiHelper.DecryptKey(SafeKeyHandle, rgb, rgb.Length, fOAEP, out decryptedKey);
-            return decryptedKey;
+            return Decrypt(rgb, fOAEP ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1);
         }
 
         /// <summary>
@@ -316,26 +305,11 @@ protected override void Dispose(bool disposing)
         /// <param name="rgb">raw data to encrypt</param>
         /// <param name="fOAEP">true to use OAEP padding (PKCS #1 v2), false to use PKCS #1 type 2 padding</param>
         /// <returns>Encrypted key</returns>
+        [Obsolete(Obsoletions.RSACspEncryptDecryptMessage, DiagnosticId = Obsoletions.RSACspEncryptDecryptDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public byte[] Encrypt(byte[] rgb, bool fOAEP)
         {
             ArgumentNullException.ThrowIfNull(rgb);
-
-            if (fOAEP)
-            {
-                int rsaSize = GetMaxOutputSize();
-                const int OaepSha1Overhead = 20 + 20 + 2;
-
-                // Normalize the Windows 7 and Windows 8.1+ exception
-                if (rsaSize - OaepSha1Overhead < rgb.Length)
-                {
-                    const int NTE_BAD_LENGTH = unchecked((int)0x80090004);
-                    throw NTE_BAD_LENGTH.ToCryptographicException();
-                }
-            }
-
-            byte[]? encryptedKey = null;
-            CapiHelper.EncryptKey(SafeKeyHandle, rgb, rgb.Length, fOAEP, ref encryptedKey);
-            return encryptedKey;
+            return Encrypt(rgb, fOAEP ? RSAEncryptionPadding.OaepSHA1 : RSAEncryptionPadding.Pkcs1);
         }
 
         /// <summary>
@@ -591,37 +565,68 @@ public override byte[] Encrypt(byte[] data, RSAEncryptionPadding padding)
             ArgumentNullException.ThrowIfNull(data);
             ArgumentNullException.ThrowIfNull(padding);
 
+            bool fOAEP;
+
             if (padding == RSAEncryptionPadding.Pkcs1)
             {
-                return Encrypt(data, fOAEP: false);
+                fOAEP = false;
             }
             else if (padding == RSAEncryptionPadding.OaepSHA1)
             {
-                return Encrypt(data, fOAEP: true);
+                fOAEP = true;
+
+                int rsaSize = GetMaxOutputSize();
+                const int OaepSha1Overhead = 20 + 20 + 2;
+
+                // Normalize the Windows 7 and Windows 8.1+ exception
+                if (rsaSize - OaepSha1Overhead < data.Length)
+                {
+                    const int NTE_BAD_LENGTH = unchecked((int)0x80090004);
+                    throw NTE_BAD_LENGTH.ToCryptographicException();
+                }
             }
             else
             {
                 throw PaddingModeNotSupported();
             }
+
+            byte[]? encryptedKey = null;
+            CapiHelper.EncryptKey(SafeKeyHandle, data, data.Length, fOAEP, ref encryptedKey);
+            return encryptedKey;
         }
 
         public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding)
         {
             ArgumentNullException.ThrowIfNull(data);
             ArgumentNullException.ThrowIfNull(padding);
 
+            bool fOAEP;
+
             if (padding == RSAEncryptionPadding.Pkcs1)
             {
-                return Decrypt(data, fOAEP: false);
+                fOAEP = false;
             }
             else if (padding == RSAEncryptionPadding.OaepSHA1)
             {
-                return Decrypt(data, fOAEP: true);
+                fOAEP = true;
             }
             else
             {
                 throw PaddingModeNotSupported();
             }
+
+            // Save the KeySize value to a local because it has non-trivial cost.
+            int keySize = KeySize;
+
+            // size check -- must be exactly the modulus size
+            if (data.Length != (keySize / 8))
+            {
+                throw new CryptographicException(SR.Cryptography_RSA_DecryptWrongSize);
+            }
+
+            byte[] decryptedKey;
+            CapiHelper.DecryptKey(SafeKeyHandle, data, data.Length, fOAEP, out decryptedKey);
+            return decryptedKey;
         }
 
         public override byte[] SignHash(