public void MicrosoftCertificateAuthority_Sign_CngEcdh256_CertificateAuthorityRequestResponse_Issued()
{
string templateName = "ServerAuthentication-CngEcdh";
int keysize = 256;
string commonName = "domain.com";
WindowsApi api = WindowsApi.Cng;
CipherAlgorithm cipher = CipherAlgorithm.ECDH;
KeyUsage keyUsage = KeyUsage.ServerAuthentication;
CertificateSubject subject = new CertificateSubject(commonName);
Win32CertificateProvider provider = new Win32CertificateProvider();
CertificateRequest csr = provider.CreateCsrKeyPair(subject, cipher, keysize, api, SigningRequestProtocol.Pkcs10);
MicrosoftCertificateAuthority ca = new MicrosoftCertificateAuthority(new MicrosoftCertificateAuthorityOptions()
{
AuthenticationRealm = domain,
AuthenticationType = MicrosoftCertificateAuthorityAuthenticationType.UsernamePassword,
HashAlgorithm = HashAlgorithm.SHA256,
ServerName = caServerName,
CommonName = caCommonName,
Username = username,
Password = password
});
CertificateAuthorityRequestResponse response = ca.Sign(csr, templateName, keyUsage);
Assert.AreEqual(CertificateRequestStatus.Issued, response.CertificateRequestStatus);
}
public static Cipher CreateCipher(SSHProtocol protocol, CipherAlgorithm algorithm,
byte[] key, byte[] iv)
{
if (protocol == SSHProtocol.SSH1)
{
//ignoring iv
return CreateCipher(protocol, algorithm, key);
}
else
{
switch (algorithm)
{
case CipherAlgorithm.TripleDES:
return new SSH2.TripleDESCipher2(key, iv);
case CipherAlgorithm.Blowfish:
return new SSH2.BlowfishCipher2(key, iv);
case CipherAlgorithm.AES128:
case CipherAlgorithm.AES192:
case CipherAlgorithm.AES256:
case CipherAlgorithm.AES128CTR:
case CipherAlgorithm.AES192CTR:
case CipherAlgorithm.AES256CTR:
//return new RijindaelManagedCipher(key, iv, algorithm);
return new SSH2.RijindaelCipher2(key, iv, algorithm);
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
}
private static SymmetricAlgorithm CreateCipher(CipherAlgorithm ca, string encryptionKey)
{
SymmetricAlgorithm sa = null;
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(encryptionKey, new byte[]
{ 21, 221, 125, 99, 18, 200, 181, 116, 158, 30, 180, 73, 108 });
switch (ca)
{
case CipherAlgorithm.AES128:
sa = Aes.Create();
break;
case CipherAlgorithm.AES256:
sa = Aes.Create();
break;
case CipherAlgorithm.TwoFish128:
sa = new Twofish();
break;
case CipherAlgorithm.BlowFish256:
sa = new BlowFish();
break;
case CipherAlgorithm.Serpent128:
sa = new SerpentEngine();
break;
}
sa.Key = pdb.GetBytes(sa.KeySize / 8);
sa.IV = pdb.GetBytes(sa.BlockSize / 8);
return(sa);
}
//If encrypt is true, encrypts the given file into a new file in the same folder with name ".enc" appended.
//If encrypt is false, decrypts the given file into a new file in the same folder with name ".dec" appended.
//limit: file size limit
internal static void EncryptOrDecrypt(CipherAlgorithm ca, string inputFile, string outputFile, string encryptionKey, bool encrypt)
{
run = true;
using (SymmetricAlgorithm encryptor = CreateCipher(ca, encryptionKey))
{
byte[] buffer = new byte[1024];
using (FileStream inputFs = new FileStream(inputFile, FileMode.Open, FileAccess.Read))
using (FileStream outputFs = new FileStream(outputFile, FileMode.CreateNew))
using (CryptoStream cs = new CryptoStream(outputFs, encrypt ? encryptor.CreateEncryptor() : encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
int bytesRead;
while (run && (bytesRead = inputFs.Read(buffer, 0, 1024)) > 0)
{
cs.Write(buffer, 0, bytesRead);
Processed(bytesRead);
}
}
}
if (!run)
{
File.Delete(outputFile);
}
run = false;
}
/// <summary>
/// Constructor
/// </summary>
public AvailableNetworkGroupPack(
InterfaceInfo interfaceInfo,
NetworkIdentifier ssid,
BssType bssType,
int signalQuality,
bool isSecurityEnabled,
string profileName,
AuthenticationAlgorithm authenticationAlgorithm,
CipherAlgorithm cipherAlgorithm,
IEnumerable <BssNetworkPack> bssNetworks) : base(
interfaceInfo: interfaceInfo,
ssid: ssid,
bssType: bssType,
signalQuality: signalQuality,
isSecurityEnabled: isSecurityEnabled,
profileName: profileName,
authenticationAlgorithm: authenticationAlgorithm,
cipherAlgorithm: cipherAlgorithm)
{
this.BssNetworks = Array.AsReadOnly(bssNetworks?.OrderByDescending(x => x.LinkQuality).ToArray() ?? new BssNetworkPack[0]);
if (!this.BssNetworks.Any())
{
return;
}
var highestLinkQualityNetwork = this.BssNetworks.First();
LinkQuality = highestLinkQualityNetwork.LinkQuality;
Frequency = highestLinkQualityNetwork.Frequency;
Band = highestLinkQualityNetwork.Band;
Channel = highestLinkQualityNetwork.Channel;
}
public AdcsTemplate DiscoverTemplate(CipherAlgorithm cipher, WindowsApi api, KeyUsage keyUsage)
{
Expression <Func <AdcsTemplate, bool> > query = template => template.Cipher == cipher && template.WindowsApi == api && template.KeyUsage.ToString() == keyUsage.ToString();
AdcsTemplate results = configurationRepository.Get <AdcsTemplate>(query).First();
return(results);
}
private CX509PrivateKey CreatePrivateKey(CipherAlgorithm cipher, int keysize, WindowsApi api = WindowsApi.CryptoApi)
{
CX509PrivateKey privateKey = new CX509PrivateKey
{
ProviderName = GetWindowsApiProviderName(api)
};
switch (api)
{
case WindowsApi.Cng:
privateKey.KeySpec = X509KeySpec.XCN_AT_NONE;
privateKey.LegacyCsp = false;
break;
case WindowsApi.CryptoApi:
privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
break;
default:
throw new AlgorithmNotSupportedByProviderException("Cryptographic provider is not valid");
}
privateKey.Algorithm = GetPrivateKeyAlgorithm(cipher, keysize);
privateKey.Length = keysize;
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
privateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
privateKey.MachineContext = true;
privateKey.CspInformations = GetCspInformation(api);
privateKey.SecurityDescriptor = GetDefaultPrivateKeySecurityDescriptor();
privateKey.Create();
return(privateKey);
}
public AgileEncryptionVerifier(CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int keyBits, int blockSize, ChainingMode chainingMode)
{
CipherAlgorithm = (cipherAlgorithm);
HashAlgorithm = (hashAlgorithm);
ChainingMode = (chainingMode);
SpinCount = (100000); // TODO: use parameter
}
public static string AlgorithmToSSH2Name(CipherAlgorithm algorithm)
{
switch (algorithm)
{
case CipherAlgorithm.TripleDES:
return("3des-cbc");
case CipherAlgorithm.Blowfish:
return("blowfish-cbc");
case CipherAlgorithm.AES128:
return("aes128-cbc");
case CipherAlgorithm.AES192:
return("aes192-cbc");
case CipherAlgorithm.AES256:
return("aes256-cbc");
case CipherAlgorithm.AES128CTR:
return("aes128-ctr");
case CipherAlgorithm.AES192CTR:
return("aes192-ctr");
case CipherAlgorithm.AES256CTR:
return("aes256-ctr");
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
public static String ToName(CipherAlgorithm algorithm)
{
switch (algorithm)
{
//case CipherAlgorithm.IDEA: return "IDEA"; // See comment in Enums.cs
case CipherAlgorithm.None: return(String.Empty);
case CipherAlgorithm.ThreeDes: return("3DES");
case CipherAlgorithm.Cast5: return("CAST5");
case CipherAlgorithm.BlowFish: return("BLOWFISH");
case CipherAlgorithm.Aes: return("AES");
case CipherAlgorithm.Aes192: return("AES192");
case CipherAlgorithm.Aes256: return("AES256");
case CipherAlgorithm.TwoFish: return("TWOFISH");
case CipherAlgorithm.Camellia128: return("CAMELLIA128");
case CipherAlgorithm.Camellia192: return("CAMELLIA192");
case CipherAlgorithm.Camellia256: return("CAMELLIA256");
default: return(String.Empty);
}
}
public static Cipher CreateCipher(SSHProtocol protocol, CipherAlgorithm algorithm, byte[] key)
{
if (protocol == SSHProtocol.SSH1)
{
switch (algorithm)
{
case CipherAlgorithm.TripleDES:
return(new SSH1.TripleDESCipher1(key));
case CipherAlgorithm.Blowfish:
return(new SSH1.BlowfishCipher1(key));
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
else
{
switch (algorithm)
{
case CipherAlgorithm.TripleDES:
return(new SSH2.TripleDESCipher2(key));
case CipherAlgorithm.Blowfish:
return(new SSH2.BlowfishCipher2(key));
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
}
public static Cipher CreateCipher(SSHProtocol protocol, CipherAlgorithm algorithm, byte[] key, byte[] iv)
{
if (protocol == SSHProtocol.SSH1) //ignoring iv
{
return(CreateCipher(protocol, algorithm, key));
}
else
{
switch (algorithm)
{
case CipherAlgorithm.TripleDES:
return(new SSH2.TripleDESCipher2(key, iv));
case CipherAlgorithm.Blowfish:
return(new SSH2.BlowfishCipher2(key, iv));
case CipherAlgorithm.AES128:
case CipherAlgorithm.AES192:
case CipherAlgorithm.AES256:
case CipherAlgorithm.AES128CTR:
case CipherAlgorithm.AES192CTR:
case CipherAlgorithm.AES256CTR:
return(new SSH2.RijindaelCipher2(key, iv, algorithm));
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
}
public override string ToString()
{
return(SslProtocol.ToString() + ", " +
CipherAlgorithm.ToString() + " (" + cipherStrength.ToString() + " bit), " +
KeyExchangeAlgorithm.ToString() + " (" + keyExchangeStrength.ToString() + " bit), " +
HashAlgorithm.ToString() + " (" + hashStrength.ToString() + " bit)");
}
/// <summary>
/// returns necessary key size from Algorithm in bytes
/// </summary>
public static int GetKeySize(CipherAlgorithm algorithm)
{
switch (algorithm)
{
case CipherAlgorithm.TripleDES:
return(24);
case CipherAlgorithm.Blowfish:
case CipherAlgorithm.AES128:
case CipherAlgorithm.AES128CTR:
return(16);
case CipherAlgorithm.AES192:
case CipherAlgorithm.AES192CTR:
return(24);
case CipherAlgorithm.AES256:
case CipherAlgorithm.AES256CTR:
return(32);
default:
//throw new Exception("unknown algorithm " + algorithm);
throw new Exception("unknown algorithm " + algorithm);
}
}
private static IBlockCipher CreateBlockCipher(CipherAlgorithm cipherAlgorithm)
{
switch (cipherAlgorithm)
{
case CipherAlgorithm.AES: return(new AesEngine());
case CipherAlgorithm.BLOWFISH: return(new BlowfishEngine());
case CipherAlgorithm.CAMELLIA: return(new CamelliaEngine());
case CipherAlgorithm.CAST5: return(new Cast5Engine());
case CipherAlgorithm.CAST6: return(new Cast6Engine());
case CipherAlgorithm.DES: return(new DesEngine());
case CipherAlgorithm.DESEDE: return(new DesEdeEngine());
case CipherAlgorithm.GOST28147: return(new Gost28147Engine());
case CipherAlgorithm.IDEA: return(new IdeaEngine());
case CipherAlgorithm.NOEKEON: return(new NoekeonEngine());
case CipherAlgorithm.RC2: return(new RC2Engine());
case CipherAlgorithm.RC5: return(new RC532Engine());
case CipherAlgorithm.RC5_64: return(new RC564Engine());
case CipherAlgorithm.RC6: return(new RC6Engine());
case CipherAlgorithm.RIJNDAEL: return(new RijndaelEngine());
case CipherAlgorithm.SEED: return(new SeedEngine());
case CipherAlgorithm.SERPENT: return(new SerpentEngine());
case CipherAlgorithm.SKIPJACK: return(new SkipjackEngine());
case CipherAlgorithm.SM4: return(new SM4Engine());
case CipherAlgorithm.TEA: return(new TeaEngine());
case CipherAlgorithm.THREEFISH_256: return(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_256));
case CipherAlgorithm.THREEFISH_512: return(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512));
case CipherAlgorithm.THREEFISH_1024: return(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_1024));
case CipherAlgorithm.TNEPRES: return(new TnepresEngine());
case CipherAlgorithm.TWOFISH: return(new TwofishEngine());
case CipherAlgorithm.XTEA: return(new XteaEngine());
default:
throw new SecurityUtilityException("Cipher " + cipherAlgorithm + " not recognised or not a block cipher");
}
}
public void fromMenu()
{
string direction;
string identifier;
do
{
identifier = displayAlgorithmMenu();
direction = displayDirectionMenu(identifier);
} while (direction == id_back);
Console.Clear();
Console.WriteLine("Wpisz tekst (potwierdź enterem)\n");
string input = Console.ReadLine();
Console.Clear();
CipherAlgorithm algorithm = getAlgorithm(identifier);
if (direction == id_from)
{
Console.WriteLine(algorithm.from(input));
}
else
{
Console.WriteLine(algorithm.to(input));
}
Console.ReadKey(true);
}
public string encryptString(string toEncrypt, string target, string sign = null, CipherAlgorithm algorithm = CipherAlgorithm.Aes256, bool armour = true, bool hideuserid = false)
{
List<KeyId> recipients = new List<KeyId>();
recipients.Add(new KeyId(target));
KeyId signkey = new KeyId(defaultsign);
GpgInterface.ExePath = ExePath;
string path = Directory.GetCurrentDirectory() + "\\" + GetUniqueKey() + ".txt";
string pathout = path + ".out";
System.IO.File.WriteAllText(path, toEncrypt);
GpgEncrypt encrypt = new GpgEncrypt(path, pathout, armour, hideuserid, signkey, recipients, algorithm);
encrypt.AskPassphrase = GetPassword;
GpgInterfaceResult result = encrypt.Execute();
System.IO.File.Delete(path);
if (result.Status == GpgInterfaceStatus.Success)
{
string toReturn = System.IO.File.ReadAllText(pathout);
System.IO.File.Delete(pathout);
return toReturn;
}
else
{
throw new Exception("Encryption Failed");
}
}
private ZipEntrySource fileToSource(FileInfo tmpFile, CipherAlgorithm cipherAlgorithm, byte[] keyBytes, byte[] ivBytes)
{
SecretKeySpec skeySpec = new SecretKeySpec(keyBytes, cipherAlgorithm.jceId);
Cipher ciDec = CryptoFunctions.GetCipher(skeySpec, cipherAlgorithm, ChainingMode.cbc, ivBytes, Cipher.DECRYPT_MODE, "PKCS5PAdding");
ZipFile zf = new ZipFile(tmpFile.FullName);
return(new AesZipFileZipEntrySource(zf, ciDec));
}
internal SecurityAttributes(WLAN_SECURITY_ATTRIBUTES attributes)
{
_attributes = attributes;
SecurityEnabled = attributes.bSecurityEnabled;
OneXEnabled = attributes.bOneXEnabled;
AuthAlgorithm = (AuthAlgorithm)attributes.dot11AuthAlgorithm;
CipherAlgorithm = (CipherAlgorithm)attributes.dot11CipherAlgorithm;
}
protected internal StandardEncryptionVerifier(CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int keyBits, int blockSize, ChainingMode chainingMode)
{
CipherAlgorithm = (cipherAlgorithm);
HashAlgorithm = (hashAlgorithm);
ChainingMode = (chainingMode);
SpinCount = (SPIN_COUNT);
verifierHashSize = hashAlgorithm.hashSize;
}
public AgileEncryptionHeader(CipherAlgorithm algorithm, HashAlgorithm hashAlgorithm, int keyBits, int blockSize, ChainingMode chainingMode)
{
CipherAlgorithm = (algorithm);
HashAlgorithm = (hashAlgorithm);
KeySize = (keyBits);
BlockSize = (blockSize);
ChainingMode = (chainingMode);
}
public static CipherAlgorithm[] ParseCipherAlgorithm(string[] t) {
CipherAlgorithm[] ret = new CipherAlgorithm[t.Length];
int i = 0;
foreach (string a in t) {
ret[i++] = ParseCipherAlgorithm(a);
}
return ret;
}
/**
* instead of a password, it's also possible to decrypt via certificate.
* Warning: this code is experimental and hasn't been validated
*
* @see <a href="http://social.msdn.microsoft.com/Forums/en-US/cc9092bb-0c82-4b5b-ae21-abf643bdb37c/agile-encryption-with-certificates">Agile encryption with certificates</a>
*
* @param keyPair
* @param x509
* @return true, when the data can be successfully decrypted with the given private key
* @throws GeneralSecurityException
*/
public bool VerifyPassword(KeyPair keyPair, X509Certificate x509)
{
AgileEncryptionVerifier ver = (AgileEncryptionVerifier)builder.GetVerifier();
AgileEncryptionHeader header = (AgileEncryptionHeader)builder.GetHeader();
HashAlgorithm hashAlgo = header.HashAlgorithm;
CipherAlgorithm cipherAlgo = header.CipherAlgorithm;
int blockSize = header.BlockSize;
AgileCertificateEntry ace = null;
foreach (AgileCertificateEntry aceEntry in ver.GetCertificates())
{
if (x509.Equals(aceEntry.x509))
{
ace = aceEntry;
break;
}
}
if (ace == null)
{
return(false);
}
Cipher cipher = Cipher.GetInstance("RSA");
cipher.Init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] keyspec = cipher.DoFinal(ace.encryptedKey);
SecretKeySpec secretKey = new SecretKeySpec(keyspec, ver.CipherAlgorithm.jceId);
Mac x509Hmac = CryptoFunctions.GetMac(hashAlgo);
x509Hmac.Init(secretKey);
byte[] certVerifier = x509Hmac.DoFinal(ace.x509.GetEncoded());
byte[] vec = CryptoFunctions.GenerateIv(hashAlgo, header.KeySalt, kIntegrityKeyBlock, blockSize);
cipher = GetCipher(secretKey, cipherAlgo, ver.ChainingMode, vec, Cipher.DECRYPT_MODE);
byte[] hmacKey = cipher.DoFinal(header.GetEncryptedHmacKey());
hmacKey = GetBlock0(hmacKey, hashAlgo.hashSize);
vec = CryptoFunctions.GenerateIv(hashAlgo, header.KeySalt, kIntegrityValueBlock, blockSize);
cipher = GetCipher(secretKey, cipherAlgo, ver.ChainingMode, vec, Cipher.DECRYPT_MODE);
byte[] hmacValue = cipher.DoFinal(header.GetEncryptedHmacValue());
hmacValue = GetBlock0(hmacValue, hashAlgo.hashSize);
if (Arrays.Equals(ace.certVerifier, certVerifier))
{
SetSecretKey(secretKey);
SetIntegrityHmacKey(hmacKey);
SetIntegrityHmacValue(hmacValue);
return(true);
}
else
{
return(false);
}
}
public void NewTagEncryptedFromStream(byte[] bytes, CipherAlgorithm algorithm, byte[] data)
{
using var ms = new MemoryStream(bytes);
var tag = ms.Decode <TagEncrypted>();
Assert.AreEqual(ILTagId.Encrypted, tag.TagId);
Assert.AreEqual(algorithm, tag.Algorithm);
Assert.AreEqual(data.Length, tag.CipherData?.Length ?? 0);
}
/// <summary>
/// constructs from file
/// </summary>
/// <param name="path">file name</param>
/// <param name="passphrase">passphrase or empty string if passphrase is not required</param>
public SSH1UserAuthKey(string path, string passphrase)
{
var fileTask = StorageFile.GetFileFromPathAsync(path);
fileTask.AsTask().Wait();
var fileObject = fileTask.AsTask().Result;
var openTask = fileObject.OpenReadAsync();
openTask.AsTask().Wait();
Stream s = openTask.AsTask().Result.AsStream();
byte[] header = new byte[32];
s.Read(header, 0, header.Length);
if (Encoding.UTF8.GetString(header, 0, header.Length) != "SSH PRIVATE KEY FILE FORMAT 1.1\n")
{
//throw new Exception(String.Format(Strings.GetString("BrokenKeyFile"), path));
throw new Exception(String.Format(Strings.GetString("BrokenKeyFile"), path));
}
SSH1DataReader reader = new SSH1DataReader(ReadAll(s));
s.Dispose();
byte[] cipher = reader.Read(2); //first 2 bytes indicates algorithm and next 8 bytes is space
reader.Read(8);
_modulus = reader.ReadMPInt();
_publicExponent = reader.ReadMPInt();
byte[] comment = reader.ReadString();
byte[] prvt = reader.ReadAll();
//必要なら復号
CipherAlgorithm algo = (CipherAlgorithm)cipher[1];
if (algo != 0)
{
Cipher c = CipherFactory.CreateCipher(SSHProtocol.SSH1, algo, ConvertToKey(passphrase));
byte[] buf = new byte[prvt.Length];
c.Decrypt(prvt, 0, prvt.Length, buf, 0);
prvt = buf;
}
SSH1DataReader prvtreader = new SSH1DataReader(prvt);
byte[] mark = prvtreader.Read(4);
if (mark[0] != mark[2] || mark[1] != mark[3])
{
//throw new Exception(Strings.GetString("WrongPassphrase"));
throw new Exception(Strings.GetString("WrongPassphrase"));
}
_privateExponent = prvtreader.ReadMPInt();
_crtCoefficient = prvtreader.ReadMPInt();
_primeP = prvtreader.ReadMPInt();
_primeQ = prvtreader.ReadMPInt();
}
/// <summary>
/// Initializes a new instance of the <see cref="GpgApi.GpgEncrypt"/> class.
/// </summary>
/// <param name="fileName"></param>
/// <param name="encryptedFileName"></param>
/// <param name="armored"></param>
/// <param name="hideUserIds"></param>
/// <param name="signatureKeyId"></param>
/// <param name="recipients"></param>
/// <param name="cipherAlgorithm"></param>
public GpgEncrypt(String fileName, String encryptedFileName, Boolean armored, Boolean hideUserIds, KeyId signatureKeyId, IEnumerable<KeyId> recipients, CipherAlgorithm cipherAlgorithm)
{
FileName = fileName;
EncryptedFileName = encryptedFileName;
Armored = armored;
HideUserIds = hideUserIds;
SignatureKeyId = signatureKeyId;
Recipients = recipients;
CipherAlgorithm = cipherAlgorithm;
}
public void Initialize(EncryptionInfo info,
CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm,
int keyBits, int blockSize, ChainingMode chainingMode)
{
this.info = info;
header = new BinaryRC4EncryptionHeader();
verifier = new BinaryRC4EncryptionVerifier();
decryptor = new BinaryRC4Decryptor(this);
encryptor = new BinaryRC4Encryptor(this);
}
/// <summary>
/// Initializes a new instance of the <see cref="GpgApi.GpgEncrypt"/> class.
/// </summary>
/// <param name="fileName"></param>
/// <param name="encryptedFileName"></param>
/// <param name="armored"></param>
/// <param name="hideUserIds"></param>
/// <param name="signatureKeyId"></param>
/// <param name="recipients"></param>
/// <param name="cipherAlgorithm"></param>
public GpgEncrypt(String fileName, String encryptedFileName, Boolean armored, Boolean hideUserIds, KeyId signatureKeyId, IEnumerable <KeyId> recipients, CipherAlgorithm cipherAlgorithm)
{
FileName = fileName;
EncryptedFileName = encryptedFileName;
Armored = armored;
HideUserIds = hideUserIds;
SignatureKeyId = signatureKeyId;
Recipients = recipients;
CipherAlgorithm = cipherAlgorithm;
}
/// <summary>
/// constructs from file
/// </summary>
/// <param name="path">file name</param>
/// <param name="passphrase">passphrase or empty string if passphrase is not required</param>
public SSH1UserAuthKey(string path, string passphrase)
{
#if PODEROSA_KEYFORMAT
PrivateKeyLoader loader = new PrivateKeyLoader(path);
loader.LoadSSH1PrivateKey(
passphrase,
out _modulus,
out _publicExponent,
out _privateExponent,
out _primeP,
out _primeQ,
out _crtCoefficient,
out _comment);
#else
Stream s = File.Open(path, FileMode.Open);
byte[] header = new byte[32];
s.Read(header, 0, header.Length);
if (Encoding.ASCII.GetString(header) != "SSH PRIVATE KEY FILE FORMAT 1.1\n")
{
throw new SSHException(String.Format(Strings.GetString("BrokenKeyFile"), path));
}
SSH1DataReader reader = new SSH1DataReader(ReadAll(s));
s.Close();
byte[] cipher = reader.Read(2); //first 2 bytes indicates algorithm and next 8 bytes is space
reader.Read(8);
_modulus = reader.ReadMPInt();
_publicExponent = reader.ReadMPInt();
_comment = reader.ReadString();
byte[] prvt = reader.GetRemainingDataView().GetBytes();
//必要なら復号
CipherAlgorithm algo = (CipherAlgorithm)cipher[1];
if (algo != 0)
{
Cipher c = CipherFactory.CreateCipher(SSHProtocol.SSH1, algo, ConvertToKey(passphrase));
byte[] buf = new byte[prvt.Length];
c.Decrypt(prvt, 0, prvt.Length, buf, 0);
prvt = buf;
}
SSH1DataReader prvtreader = new SSH1DataReader(prvt);
byte[] mark = prvtreader.Read(4);
if (mark[0] != mark[2] || mark[1] != mark[3])
{
throw new SSHException(Strings.GetString("WrongPassphrase"));
}
_privateExponent = prvtreader.ReadMPInt();
_crtCoefficient = prvtreader.ReadMPInt();
_primeP = prvtreader.ReadMPInt();
_primeQ = prvtreader.ReadMPInt();
#endif
}
public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidNameAndCipherEdsa_ReturnsObjectWithExpectedCipherAlgorithm()
{
string name = "ServerAuthentication-CngEcdsa";
CipherAlgorithm expectedCipher = CipherAlgorithm.ECDSA;
AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory);
AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata);
Assert.AreEqual(expectedCipher, template.Cipher);
}
/// <summary>
/// Read SSH1 private key parameters.
/// </summary>
/// <param name="passphrase">passphrase for decrypt the key file</param>
/// <param name="modulus">private key parameter</param>
/// <param name="publicExponent">private key parameter</param>
/// <param name="privateExponent">private key parameter</param>
/// <param name="primeP">private key parameter</param>
/// <param name="primeQ">private key parameter</param>
/// <param name="crtCoefficient">private key parameter</param>
/// <exception cref="SSHException">failed to parse</exception>
public void Load(
string passphrase,
out BigInteger modulus,
out BigInteger publicExponent,
out BigInteger privateExponent,
out BigInteger primeP,
out BigInteger primeQ,
out BigInteger crtCoefficient)
{
if (keyFile == null)
{
throw new SSHException("A key file is not loaded yet");
}
byte[] hdr = Encoding.ASCII.GetBytes(PrivateKeyFileHeader.SSH1_HEADER);
if (!ByteArrayUtil.ByteArrayStartsWith(keyFile, hdr))
{
throw new SSHException(Strings.GetString("NotValidPrivateKeyFile"));
}
SSH1DataReader reader = new SSH1DataReader(keyFile);
reader.Read(hdr.Length);
byte[] cipher = reader.Read(2); //first 2 bytes indicates algorithm and next 8 bytes is space
reader.Read(8);
modulus = reader.ReadMPInt();
publicExponent = reader.ReadMPInt();
byte[] comment = reader.ReadString();
byte[] prvt = reader.ReadAll();
//必要なら復号
CipherAlgorithm algo = (CipherAlgorithm)cipher[1];
if (algo != 0)
{
Cipher c = CipherFactory.CreateCipher(SSHProtocol.SSH1, algo, SSH1PassphraseToKey(passphrase));
byte[] buf = new byte[prvt.Length];
c.Decrypt(prvt, 0, prvt.Length, buf, 0);
prvt = buf;
}
SSH1DataReader prvtreader = new SSH1DataReader(prvt);
byte[] mark = prvtreader.Read(4);
if (mark[0] != mark[2] || mark[1] != mark[3])
{
throw new SSHException(Strings.GetString("WrongPassphrase"));
}
privateExponent = prvtreader.ReadMPInt();
crtCoefficient = prvtreader.ReadMPInt();
primeP = prvtreader.ReadMPInt();
primeQ = prvtreader.ReadMPInt();
}
public static CipherAlgorithm[] ParseCipherAlgorithm(string[] t)
{
CipherAlgorithm[] ret = new CipherAlgorithm[t.Length];
int i = 0;
foreach (string a in t)
{
ret[i++] = ParseCipherAlgorithm(a);
}
return(ret);
}
/// <summary>
/// returns necessary key size from Algorithm in bytes
/// </summary>
public static int GetKeySize(CipherAlgorithm algorithm) {
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return 24;
case CipherAlgorithm.Blowfish:
case CipherAlgorithm.AES128:
return 16;
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
public byte[] SerializeEncryptedText(CipherAlgorithm algorithm, string clearText)
{
var encodedBytes = new EncryptedText(algorithm,
clearText,
TestFakeSigner.FixedKeysInstance,
TestFakeSigner.FixedKeysInstance,
Array.Empty <TagReader>()).AsPayload.EncodedBytes;
TestContext.WriteLine(encodedBytes.AsLiteral());
return(encodedBytes.PartOf(124));
}
/**
* Initialize the builder from scratch
*/
public void Initialize(EncryptionInfo info, CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int keyBits, int blockSize, ChainingMode chainingMode)
{
this.info = info;
if (cipherAlgorithm == null)
{
cipherAlgorithm = CipherAlgorithm.aes128;
}
if (cipherAlgorithm != CipherAlgorithm.aes128 &&
cipherAlgorithm != CipherAlgorithm.aes192 &&
cipherAlgorithm != CipherAlgorithm.aes256)
{
throw new EncryptedDocumentException("Standard encryption only supports AES128/192/256.");
}
if (hashAlgorithm == null)
{
hashAlgorithm = HashAlgorithm.sha1;
}
if (hashAlgorithm != HashAlgorithm.sha1)
{
throw new EncryptedDocumentException("Standard encryption only supports SHA-1.");
}
if (chainingMode == null)
{
chainingMode = ChainingMode.ecb;
}
if (chainingMode != ChainingMode.ecb)
{
throw new EncryptedDocumentException("Standard encryption only supports ECB chaining.");
}
if (keyBits == -1)
{
keyBits = cipherAlgorithm.defaultKeySize;
}
if (blockSize == -1)
{
blockSize = cipherAlgorithm.blockSize;
}
bool found = false;
foreach (int ks in cipherAlgorithm.allowedKeySize)
{
found |= (ks == keyBits);
}
if (!found)
{
throw new EncryptedDocumentException("KeySize " + keyBits + " not allowed for Cipher " + cipherAlgorithm.ToString());
}
header = new StandardEncryptionHeader(cipherAlgorithm, hashAlgorithm, keyBits, blockSize, chainingMode);
verifier = new StandardEncryptionVerifier(cipherAlgorithm, hashAlgorithm, keyBits, blockSize, chainingMode);
decryptor = new StandardDecryptor(this);
encryptor = new StandardEncryptor(this);
}
public static string AlgorithmToSSH2Name(CipherAlgorithm algorithm)
{
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return "3des-cbc";
case CipherAlgorithm.Blowfish:
return "blowfish-cbc";
case CipherAlgorithm.AES128:
return "aes128-cbc";
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
/// <summary>
/// Append missing algorithm to the list of <see cref="CipherAlgorithm"/>.
/// </summary>
/// <param name="algorithms">list of <see cref="CipherAlgorithm"/></param>
/// <returns>new array of of <see cref="CipherAlgorithm"/></returns>
public static CipherAlgorithm[] AppendMissingCipherAlgorithm(CipherAlgorithm[] algorithms)
{
var enumSet = new HashSet<CipherAlgorithm>((CipherAlgorithm[])Enum.GetValues(typeof(CipherAlgorithm)));
foreach (var a in algorithms) {
enumSet.Remove(a);
}
var listToAppend = new List<CipherAlgorithm>(enumSet);
listToAppend.Sort((a1, a2) => a2.GetDefaultPriority().CompareTo(a1.GetDefaultPriority())); // descending order
var list = new List<CipherAlgorithm>(algorithms.Length + enumSet.Count);
list.AddRange(algorithms);
list.AddRange(listToAppend);
return list.ToArray();
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="hostName">Host name</param>
/// <param name="portNumber">port number</param>
/// <param name="protocol">SSH protocol version</param>
/// <param name="authType">authentication type</param>
/// <param name="userName">user name for login</param>
/// <param name="password">password for login. pass empty string for the keyboard interactive mode.</param>
public SSHConnectionParameter(string hostName, int portNumber, SSHProtocol protocol, AuthenticationType authType, string userName, string password)
{
HostName = hostName;
PortNumber = portNumber;
Protocol = protocol;
PreferableCipherAlgorithms = new CipherAlgorithm[] { CipherAlgorithm.AES256CTR, CipherAlgorithm.AES256, CipherAlgorithm.AES192CTR, CipherAlgorithm.AES192, CipherAlgorithm.AES128CTR, CipherAlgorithm.AES128, CipherAlgorithm.Blowfish, CipherAlgorithm.TripleDES };
PreferableHostKeyAlgorithms = new PublicKeyAlgorithm[] { PublicKeyAlgorithm.DSA, PublicKeyAlgorithm.RSA };
AuthenticationType = authType;
UserName = userName;
Password = password;
TerminalName = "vt100";
WindowSize = 0x1000;
MaxPacketSize = 0x10000;
CheckMACError = true;
}
public static Cipher CreateCipher(SSHProtocol protocol, CipherAlgorithm algorithm, byte[] key) {
if (protocol == SSHProtocol.SSH1) {
throw new SSHException("SSH1 is not supported");
}
else {
switch (algorithm) {
case CipherAlgorithm.TripleDES:
return new SSH2.TripleDESCipher2(key);
case CipherAlgorithm.Blowfish:
return new SSH2.BlowfishCipher2(key);
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
}
/// <summary>
/// returns necessary key size from Algorithm in bytes
/// </summary>
public static int GetKeySize(CipherAlgorithm algorithm)
{
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return 24;
case CipherAlgorithm.Blowfish:
case CipherAlgorithm.AES128:
case CipherAlgorithm.AES128CTR:
return 16;
case CipherAlgorithm.AES192:
case CipherAlgorithm.AES192CTR:
return 24;
case CipherAlgorithm.AES256:
case CipherAlgorithm.AES256CTR:
return 32;
default:
//throw new Exception("unknown algorithm " + algorithm);
throw new Exception("unknown algorithm " + algorithm);
}
}
public CipherAlgorithmListItem(CipherAlgorithm value)
{
this.Value = value;
this.AlgorithmName = value.GetAlgorithmName();
}
public static string AlgorithmToSSH2Name(CipherAlgorithm algorithm)
{
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return "3des-cbc";
case CipherAlgorithm.Blowfish:
return "blowfish-cbc";
case CipherAlgorithm.AES128:
return "aes128-cbc";
case CipherAlgorithm.AES192:
return "aes192-cbc";
case CipherAlgorithm.AES256:
return "aes256-cbc";
case CipherAlgorithm.AES128CTR:
return "aes128-ctr";
case CipherAlgorithm.AES192CTR:
return "aes192-ctr";
case CipherAlgorithm.AES256CTR:
return "aes256-ctr";
default:
//throw new Exception("unknown algorithm " + algorithm);
throw new Exception("unknown algorithm " + algorithm);
}
}
public static Cipher CreateCipher(SSHProtocol protocol, CipherAlgorithm algorithm, byte[] key)
{
if(protocol==SSHProtocol.SSH1) {
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return new TripleDESCipher1(key);
case CipherAlgorithm.Blowfish:
return new BlowfishCipher1(key);
default:
//throw new Exception("unknown algorithm " + algorithm);
throw new Exception("unknown algorithm " + algorithm);
}
}
else {
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return new TripleDESCipher2(key);
case CipherAlgorithm.Blowfish:
return new BlowfishCipher2(key);
default:
//throw new Exception("unknown algorithm " + algorithm);
throw new Exception("unknown algorithm " + algorithm);
}
}
}
/// <summary>
/// returns the block size from Algorithm in bytes
/// </summary>
public static int GetBlockSize(CipherAlgorithm algorithm) {
switch (algorithm) {
case CipherAlgorithm.TripleDES:
case CipherAlgorithm.Blowfish:
return 8;
case CipherAlgorithm.AES128:
case CipherAlgorithm.AES192:
case CipherAlgorithm.AES256:
case CipherAlgorithm.AES128CTR:
case CipherAlgorithm.AES192CTR:
case CipherAlgorithm.AES256CTR:
return 16;
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
private static IBlockCipher CreateBlockCipher(CipherAlgorithm cipherAlgorithm)
{
switch (cipherAlgorithm)
{
case CipherAlgorithm.AES: return new AesFastEngine();
case CipherAlgorithm.BLOWFISH: return new BlowfishEngine();
case CipherAlgorithm.CAMELLIA: return new CamelliaEngine();
case CipherAlgorithm.CAST5: return new Cast5Engine();
case CipherAlgorithm.CAST6: return new Cast6Engine();
case CipherAlgorithm.DES: return new DesEngine();
case CipherAlgorithm.DESEDE: return new DesEdeEngine();
case CipherAlgorithm.GOST28147: return new Gost28147Engine();
case CipherAlgorithm.IDEA: return new IdeaEngine();
case CipherAlgorithm.NOEKEON: return new NoekeonEngine();
case CipherAlgorithm.RC2: return new RC2Engine();
case CipherAlgorithm.RC5: return new RC532Engine();
case CipherAlgorithm.RC5_64: return new RC564Engine();
case CipherAlgorithm.RC6: return new RC6Engine();
case CipherAlgorithm.RIJNDAEL: return new RijndaelEngine();
case CipherAlgorithm.SEED: return new SeedEngine();
case CipherAlgorithm.SERPENT: return new SerpentEngine();
case CipherAlgorithm.SKIPJACK: return new SkipjackEngine();
case CipherAlgorithm.TEA: return new TeaEngine();
case CipherAlgorithm.TWOFISH: return new TwofishEngine();
case CipherAlgorithm.XTEA: return new XteaEngine();
default:
throw new SecurityUtilityException("Cipher " + cipherAlgorithm + " not recognised or not a block cipher");
}
}
//�A���S���Y����
private static string CipherAlgorithmName(CipherAlgorithm a)
{
switch(a) {
case CipherAlgorithm.AES128:
return "AES(Rijndael) ";
case CipherAlgorithm.Blowfish:
return "Blowfish";
case CipherAlgorithm.TripleDES:
return "TripleDES";
default:
throw new Exception("Unexpected Algorithm "+a);
}
}
public RijindaelCipher2(byte[] key, byte[] iv, CipherAlgorithm algorithm) {
_rijindael = new Rijndael();
_rijindael.SetIV(iv);
_rijindael.InitializeKey(key);
if (algorithm == CipherAlgorithm.AES256CTR ||
algorithm == CipherAlgorithm.AES192CTR ||
algorithm == CipherAlgorithm.AES128CTR)
isCTR = true;
else
isCTR = false;
}
public static String ToName(CipherAlgorithm algorithm)
{
switch (algorithm)
{
//case CipherAlgorithm.IDEA: return "IDEA"; // See comment in Enums.cs
case CipherAlgorithm.None: return String.Empty;
case CipherAlgorithm.ThreeDes: return "3DES";
case CipherAlgorithm.Cast5: return "CAST5";
case CipherAlgorithm.BlowFish: return "BLOWFISH";
case CipherAlgorithm.Aes: return "AES";
case CipherAlgorithm.Aes192: return "AES192";
case CipherAlgorithm.Aes256: return "AES256";
case CipherAlgorithm.TwoFish: return "TWOFISH";
case CipherAlgorithm.Camellia128: return "CAMELLIA128";
case CipherAlgorithm.Camellia192: return "CAMELLIA192";
case CipherAlgorithm.Camellia256: return "CAMELLIA256";
default: return String.Empty;
}
}
public static Cipher CreateCipher(SSHProtocol protocol, CipherAlgorithm algorithm, byte[] key, byte[] iv)
{
if(protocol==SSHProtocol.SSH1) {
return CreateCipher(protocol, algorithm, key);
}
else {
switch(algorithm) {
case CipherAlgorithm.TripleDES:
return new TripleDESCipher2(key, iv);
case CipherAlgorithm.Blowfish:
return new BlowfishCipher2(key, iv);
case CipherAlgorithm.AES128:
return new RijindaelCipher2(key, iv);
default:
throw new SSHException("unknown algorithm " + algorithm);
}
}
}
