Crypto cleanup and enable usage of FIPS compliant crypto when required (#806)

* Use FIPS compliant crypto when required * Comment cleanup * Store OAuth signing scheme in credentialData instead of runner setting Add encryption scheme for job message encyption key to session Further cleanup of unused crypto code * Update windows rsa key manager to use crossplat dotnet RSA api * Undo unneeded ConfigurationManager change
2025-12-12 05:37:01 +00:00 · 2020-12-04 11:35:16 -05:00
parent a2e32170fd
commit 80bf68db81
9 changed files with 40 additions and 293 deletions
--- a/src/Runner.Listener/MessageListener.cs
+++ b/src/Runner.Listener/MessageListener.cs
@@ -319,7 +319,8 @@ namespace GitHub.Runner.Listener
                var keyManager = HostContext.GetService<IRSAKeyManager>();
                using (var rsa = keyManager.GetKey())
                {
-                    return aes.CreateDecryptor(rsa.Decrypt(_session.EncryptionKey.Value, RSAEncryptionPadding.OaepSHA1), message.IV);
+                    var padding = _session.UseFipsEncryption ? RSAEncryptionPadding.OaepSHA256 : RSAEncryptionPadding.OaepSHA1;
+                    return aes.CreateDecryptor(rsa.Decrypt(_session.EncryptionKey.Value, padding), message.IV);
                }
            }
            else