public string Decrypt(string inVal)
{
try
{
System.IO.MemoryStream MSout = new System.IO.MemoryStream();
byte[] bin;
byte[] retArr;
//Create variables to help with read and write.
System.Security.Cryptography.SymmetricAlgorithm encAlg = System.Security.Cryptography.SymmetricAlgorithm.Create("RC2");
System.Security.Cryptography.CryptoStream DecStream = new System.Security.Cryptography.CryptoStream(MSout, encAlg.CreateDecryptor(bKey, bIV), System.Security.Cryptography.CryptoStreamMode.Write);
bin = DeformatHexString(inVal);
DecStream.Write(bin, 0, bin.Length);
DecStream.Close();
retArr = MSout.ToArray();
MSout.Close();
System.Text.ASCIIEncoding getStr = new ASCIIEncoding();
return(getStr.GetString(retArr));
}
catch (System.Exception ex)
{
// Log Error
throw ex;
}
}
public string Encrypt(string inVal)
{
try
{
//System.Text.Encoder encoding;
//System.Text.Encoder encoding = System.Text.Encoding.ASCII
System.IO.MemoryStream MSout = new System.IO.MemoryStream();
//Create variables to help with read and write.
byte[] bin; //This is intermediate storage for the encryption.
System.Security.Cryptography.SymmetricAlgorithm encAlg = System.Security.Cryptography.SymmetricAlgorithm.Create("RC2");
System.Security.Cryptography.CryptoStream encStream = new System.Security.Cryptography.CryptoStream(MSout, encAlg.CreateEncryptor(bKey, bIV), System.Security.Cryptography.CryptoStreamMode.Write);
bin = ConvertStringToByteArray(inVal);
encStream.Write(bin, 0, inVal.Length);
encStream.Close();
bin = MSout.ToArray();
MSout.Close();
return(formatHexString(bin));
}
catch (System.Exception ex)
{
// Log Error
throw ex;
}
}
public static string DecryptPAN(string encryptedPAN)
{
// Log log = new Log(LogPath);
System.Security.Cryptography.SymmetricAlgorithm alg = System.Security.Cryptography.TripleDES.Create();
alg.KeySize = 128;
alg.Key = Hex2Bin(PEncKey);
alg.IV = Hex2Bin(PEncIV);
alg.Padding = System.Security.Cryptography.PaddingMode.None;
alg.Mode = System.Security.Cryptography.CipherMode.CBC;
byte[] buf = new byte[16];
Hex2Bin(encryptedPAN, buf);
try
{
MemoryStream outs = new MemoryStream();
System.Security.Cryptography.CryptoStream encStream = new System.Security.Cryptography.CryptoStream(outs, alg.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write);
encStream.Write(buf, 0, 16);
encStream.FlushFinalBlock();
Buffer.BlockCopy(outs.GetBuffer(), 0, buf, 0, 16);
encStream.Close();
return(Bin2Hex(buf).Trim('A'));
}
catch { }
return(null);
}
public void Dispose()
{
if (this.IsDisposed)
{
return;
}
this.IsDisposed = true;
this.provider.Dispose();
this.provider = null;
}
private static byte[] Decrypt(System.Security.Cryptography.SymmetricAlgorithm sa, byte[] baCipher)
{
if (sa is AES128Managed)
{
AES128EncryptionFormatter fmt = new AES128EncryptionFormatter((sa as AES128Managed));
return(fmt.Decrypt(baCipher));
}
else
{
return(Transform(sa.CreateDecryptor(), baCipher));
}
}
public static string EncryptString(string ClearText)
{
byte[] clearTextBytes = Encoding.UTF8.GetBytes(ClearText);
System.Security.Cryptography.SymmetricAlgorithm rijn = SymmetricAlgorithm.Create();
MemoryStream ms = new MemoryStream();
byte[] rgbIV = Encoding.ASCII.GetBytes("abcdefghijklmnop");
byte[] key = Encoding.ASCII.GetBytes("abcdefghijklmnop");
CryptoStream cs = new CryptoStream(ms, rijn.CreateEncryptor(key, rgbIV), CryptoStreamMode.Write);
cs.Write(clearTextBytes, 0, clearTextBytes.Length);
cs.Close();
return(Convert.ToBase64String(ms.ToArray()));
}
public static MemoryStream EncryptStream(string key, byte[] content)
{
System.Security.Cryptography.SymmetricAlgorithm rijn = System.Security.Cryptography.SymmetricAlgorithm.Create();
using (MemoryStream ms = new MemoryStream())
{
byte[] rgbIV = Encoding.ASCII.GetBytes("polychorepolycho");
byte[] rgbKey = Encoding.ASCII.GetBytes(key);
System.Security.Cryptography.CryptoStream cs = new System.Security.Cryptography.CryptoStream(ms, rijn.CreateEncryptor(rgbKey, rgbIV), System.Security.Cryptography.CryptoStreamMode.Write);
cs.Write(content, 0, content.Length);
cs.Close();
return(ms);
}
}
private static byte[] Encrypt(System.Security.Cryptography.SymmetricAlgorithm sa, byte[] baPlain)
{
if (sa is AES128Managed)
{
AES128EncryptionFormatter fmt = new AES128EncryptionFormatter((sa as AES128Managed));
return(fmt.Encrypt(baPlain));
}
//else if (sa is TripleDES)
//{
// TripleDESEncryptionFormatter fmt = new TripleDESEncryptionFormatter((sa as TripleDES));
// return fmt.Encrypt(baPlain);
//}
else
{
return(Transform(sa.CreateEncryptor(), baPlain));
}
}
/// <remarks>
/// Creates a new instance of the symmetric crypto service for the specified algorithm.
/// </remarks>
public SymmetricServices(SymmetricAlgorithms CryptographyAlgorithm)
{
// set the internal cryptographic service based on the selected algorithm.
switch (CryptographyAlgorithm)
{
case SymmetricAlgorithms.DES:
_cryptoservice = new System.Security.Cryptography.DESCryptoServiceProvider();
break;
case SymmetricAlgorithms.RC2:
_cryptoservice = new System.Security.Cryptography.RC2CryptoServiceProvider();
break;
case SymmetricAlgorithms.Rijndael:
_cryptoservice = new System.Security.Cryptography.RijndaelManaged();
break;
}
}
public static bool _Create_System_String( )
{
//Parameters
System.String algName = null;
//ReturnType/Value
System.Security.Cryptography.SymmetricAlgorithm returnVal_Real = null;
System.Security.Cryptography.SymmetricAlgorithm returnVal_Intercepted = null;
//Exception
Exception exception_Real = null;
Exception exception_Intercepted = null;
InterceptionMaintenance.disableInterception( );
try
{
returnValue_Real = System.Security.Cryptography.SymmetricAlgorithm.Create(algName);
}
catch (Exception e)
{
exception_Real = e;
}
InterceptionMaintenance.enableInterception( );
try
{
returnValue_Intercepted = System.Security.Cryptography.SymmetricAlgorithm.Create(algName);
}
catch (Exception e)
{
exception_Intercepted = e;
}
Return((exception_Real.Messsage == exception_Intercepted.Message) && (returnValue_Real == returnValue_Intercepted));
}
private void SetEncryptor()
{
switch (this._mbytEncryptionType)
{
case SymmetricEncryptType.DES:
this._mCSP = new System.Security.Cryptography.DESCryptoServiceProvider();
break;
case SymmetricEncryptType.RC2:
this._mCSP = new System.Security.Cryptography.RC2CryptoServiceProvider();
break;
case SymmetricEncryptType.Rijndael:
this._mCSP = new System.Security.Cryptography.RijndaelManaged();
break;
case SymmetricEncryptType.TripleDES:
this._mCSP = new System.Security.Cryptography.TripleDESCryptoServiceProvider();
break;
}
this._mCSP.GenerateKey();
this._mCSP.GenerateIV();
}
/// <remarks>
/// Creates a new instance of the symmetric crypto service for any other custom symmetric crypto provider.
/// </remarks>
public SymmetricServices(System.Security.Cryptography.SymmetricAlgorithm CryptoProvider)
{
_cryptoservice = CryptoProvider;
}
public override byte[] Wrap(System.Security.Cryptography.SymmetricAlgorithm alg, System.Security.Cryptography.GostKeyWrapMethod method)
{
throw null;
}
public byte[] CreateKeyExchangeData(System.Security.Cryptography.SymmetricAlgorithm alg, System.Security.Cryptography.GostKeyWrapMethod wrapMethod = System.Security.Cryptography.GostKeyWrapMethod.CryptoPro12KeyWrap)
{
throw null;
}
/// <summary>
///
/// </summary>
/// <param name="secretKey"></param>
/// <param name="plainData"></param>
/// <returns></returns>
public static ProtectedMemory EncryptData(ProtectedString secretKey, ProtectedMemory plainData)
{
ProtectedMemory returnValue = null;
System.Byte[] encryptedData = null;
#region Check protection of secret key
if (!secretKey.IsProtected)
{
throw new UnsecureException();
}
#endregion
#region Check protection of plain data
if (!plainData.IsProtected)
{
throw new UnsecureException();
}
#endregion
#region Prepare encryption provider
// Unprotect memory containing secret key
secretKey.Unprotect();
// Create encryption provider
System.Security.Cryptography.SymmetricAlgorithm encryptionProvider = System.Security.Cryptography.Aes.Create();
encryptionProvider.Mode = System.Security.Cryptography.CipherMode.CBC;
encryptionProvider.Key = secretKey.GetBytes();
encryptionProvider.GenerateIV();
// Reprotect memory containing secret key
secretKey.Protect();
#endregion
// Create encryptor
System.Security.Cryptography.ICryptoTransform encryptor = encryptionProvider.CreateEncryptor(encryptionProvider.Key, encryptionProvider.IV);
// Create handle to stream data into memory
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream())
{
// Write IV to temp memory (IV length is static => 16 )
memoryStream.Write(encryptionProvider.IV, 0, 16);
// Create handle for data encryption; data streamed to this stream will be automatically encrypted and streamed to memory
using (System.Security.Cryptography.CryptoStream cryptoStream = new System.Security.Cryptography.CryptoStream(memoryStream, encryptor, System.Security.Cryptography.CryptoStreamMode.Write))
{
// Create handle to write data to a stream; data written to this stream will be automatically encrypted and streamed to memory
using (System.IO.StreamWriter streamWriter = new System.IO.StreamWriter(cryptoStream))
{
// Unprotect plain data
plainData.Unprotect();
#region Write and encrypt plain data to temp memory
foreach (System.Byte b in plainData.GetBytes())
{
streamWriter.Write((System.Char)b);
}
#endregion
// Reprotect plain data
plainData.Protect();
}
}
// Save content of temp memory in temp buffer
encryptedData = memoryStream.ToArray();
}
// Dispose encryptor
encryptor.Dispose();
// Dispose encryption provider
encryptionProvider.Dispose();
#region Save cyphered data in protected memory
// Create protected memory for cyphered data
returnValue = new ProtectedMemory(encryptedData.Length);
// Unprotect memory for cyphered data
returnValue.Unprotect();
// Copy cyphered data in encrypted memory
for (System.Int32 i = 0; i < encryptedData.Length; i++)
{
returnValue.SetByte(i, encryptedData[i]);
}
// Reprotect memory with cyphered data
returnValue.Protect();
#endregion
return(returnValue);
}
public static byte[] EncryptKey(byte[] keyData, System.Security.Cryptography.SymmetricAlgorithm symmetricAlgorithm)
{
throw null;
}
public byte[] EncryptData(byte[] plaintext, System.Security.Cryptography.SymmetricAlgorithm symmetricAlgorithm)
{
throw null;
}
public SymmetricCrypto(SymmetricAlgName algorithmName)
{
this.AlgorithmName = algorithmName;
this.provider = CreateProvider(algorithmName);
}
public static bool ObjToFile(object ObjectToSave, string filename, SerializationMode SerializeMode, string Password, bool Compression)
{
lock (ThreadLock)
{
Exception err = null;
System.Security.Cryptography.SymmetricAlgorithm EE = null;
Stream FinalStream = null;
System.Runtime.Serialization.IFormatter SR = default(System.Runtime.Serialization.IFormatter);
byte[] IV = null;
byte[] CypherKey = null;
string tmpfile = null;
string backupfile = null;
try
{
filename = System.IO.Path.Combine(LaserGRBL.GrblCore.DataPath, filename);
tmpfile = Path.GetDirectoryName(filename) + Path.DirectorySeparatorChar + "tmp_" + System.IO.Path.GetRandomFileName();
backupfile = filename + ".bak";
if (SerializeMode == SerializationMode.Auto)
{
SerializeMode = ModeFromFname(filename);
}
SR = CreateFormatterForMode(SerializeMode);
//CREATE FORMATTER
FinalStream = new FileStream(tmpfile, FileMode.CreateNew, FileAccess.Write, FileShare.None);
//Open a stream on the file for writing and lock the file
if ((Password != null))
{
EE = System.Security.Cryptography.SymmetricAlgorithm.Create();
IV = EE.IV;
CypherKey = GenerateKey(Password, Convert.ToInt32(EE.KeySize / 8));
}
WriteSerializerTag(FinalStream, SerializerVersion, SerializeMode, CypherKey, IV, Compression);
if ((Password != null))
{
FinalStream = new System.Security.Cryptography.CryptoStream(FinalStream, EE.CreateEncryptor(CypherKey, EE.IV), System.Security.Cryptography.CryptoStreamMode.Write);
}
if (Compression)
{
FinalStream = new System.IO.Compression.DeflateStream(FinalStream, System.IO.Compression.CompressionMode.Compress);
}
SR.Serialize(FinalStream, ObjectToSave); //WRITE DATA
FinalStream.Flush();
//If TypeOf (SS) Is System.Security.Cryptography.CryptoStream Then DirectCast(SS, System.Security.Cryptography.CryptoStream).FlushFinalBlock()
FinalStream.Close();
//CLOSE STREAM
if ((System.IO.File.Exists(filename)))
{
System.IO.File.Replace(tmpfile, filename, backupfile, true);
System.IO.File.Delete(backupfile);
}
else
{
System.IO.File.Move(tmpfile, filename);
}
return(true);
}
catch (Exception ex)
{
err = ex;
try
{
FinalStream?.Close();
}
catch { }
try { ManageWriteError(ObjectToSave, filename, ex); }
catch { }
}
finally
{
//evita di lasciare in giro file temporanei
if ((tmpfile != null) && System.IO.File.Exists(tmpfile))
{
try { System.IO.File.Delete(tmpfile); }
catch { }
}
}
}
return(false);
}
public static XmlDocument DecryptXml(XmlDocument cipherDoc)
{
SecConvObj = null;
if (DecObj == null)
{
return(cipherDoc); //no keys to decrypt with
}
XmlElement envelope = cipherDoc.DocumentElement;
//add namespace
//XmlAttribute xenc = xd.CreateAttribute(Pre.xmlns, Pre.xenc, Ns.xmlns);
//xenc.Value = Ns.xenc;
//envelope.Attributes.Append(xenc);
XmlElement headerOrBody = (XmlElement)envelope.ChildNodes[0];
XmlElement header = null;
XmlElement body = null;
if (headerOrBody.LocalName == Elem.Header)
{
header = (XmlElement)envelope.ChildNodes[0];
body = (XmlElement)envelope.ChildNodes[1];
}
else //no header
{
body = (XmlElement)envelope.ChildNodes[0];
}
string encKeyMethod = null;
byte [] baEncKey = null;
string encKeyId = null;
//UsernameToken encryption
XmlElement nonce = null;
XmlElement created = null;
//search for Security in Header, remove MustUnderstand
if (header != null)
{
XmlElement securityElem = LameXpath.SelectSingleNode(header, Elem.Security);
if (securityElem != null)
{
XmlAttribute mustUndAtt = securityElem.Attributes[Attrib.mustUnderstand, Ns.soap];
if (mustUndAtt != null)
{
mustUndAtt.Value = "0";
}
//securityElem.ParentNode.RemoveChild(securityElem);
XmlElement encKeyElem = LameXpath.SelectSingleNode(securityElem, Elem.EncryptedKey);
if (encKeyElem != null)
{
XmlElement encMethodElem = LameXpath.SelectSingleNode(encKeyElem, Elem.EncryptionMethod);
if (encMethodElem != null)
{
encKeyMethod = encMethodElem.Attributes[Attrib.Algorithm].Value;
}
//ignore KeyInfo, use SecurityTokenReference instead
XmlElement cipherValElem = LameXpath.SelectSingleNode(securityElem, Elem.CipherValue);
if (cipherValElem != null)
{
baEncKey = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(cipherValElem.InnerText);
}
}
XmlElement refListElem = LameXpath.SelectSingleNode(securityElem, Elem.ReferenceList);
if (refListElem != null)
{
//ignore refList, just do straight to encData
}
XmlElement keyIdElem = LameXpath.SelectSingleNode(securityElem, Elem.KeyIdentifier);
if (keyIdElem != null) //get keyId
{
string valueType = keyIdElem.Attributes[Attrib.ValueType].Value;
//"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier
if (valueType.EndsWith("#X509SubjectKeyIdentifier") == false && valueType != "wsse:X509v3")
{
throw new Exception("only support X.509v3 certificates");
}
encKeyId = keyIdElem.InnerText;
}
XmlElement refElem = LameXpath.SelectSingleNode(securityElem, Elem.Reference);
if (refElem != null) //get keyUri
{
string refUri = refElem.Attributes[Attrib.URI].Value;
}
XmlElement userTokElem = LameXpath.SelectSingleNode(securityElem, Elem.UsernameToken);
if (userTokElem != null)
{
nonce = LameXpath.SelectSingleNode(userTokElem, Elem.Nonce);
created = LameXpath.SelectSingleNode(userTokElem, Elem.Created);
}
}
//end header processing
}
byte [] baPlainKey = null;
if (encKeyMethod != null) //decrypt key, assume RSA
{
baPlainKey = DecObj.RSACSP.Decrypt(baEncKey, false);
KeyExchangeFormatter fmt = DecObj.SymmAlg.KeyExchangeFormatter;
DecObj.SymmAlg.Key.Key = baPlainKey;
}
//UsernameToken decryption
if (DecObj.ClearPassword != null)
{
//use XmlSigHandler values, because will more than likely be signing
int numKeyBytes = DecObj.SymmAlg.Key.Key.Length;
if (nonce == null || created == null)
{
baPlainKey = P_SHA1.DeriveKey(DecObj.ClearPassword, XmlSigHandler.StrKeyLabel, DecObj.UserTok.Nonce.Text, DecObj.UserTok.Created, numKeyBytes);
}
else
{
baPlainKey = P_SHA1.DeriveKey(DecObj.ClearPassword, XmlSigHandler.StrKeyLabel, nonce.InnerText, created.InnerText, numKeyBytes);
}
DecObj.SymmAlg.Key.Key = baPlainKey;
}
//TODO EncryptedKey in body?, multiple EncryptedData in body
string encBodMethod = null;
string keyName = null;
XmlElement cipherElem = LameXpath.SelectSingleNode(cipherDoc, Elem.EncryptedData);
//if(cipherElem == null)
// return cipherDoc; //nothing to decrypt
if (cipherElem != null)
{
XmlElement encMethodElemBod = LameXpath.SelectSingleNode(cipherElem, Elem.EncryptionMethod);
if (encMethodElemBod != null)
{
encBodMethod = encMethodElemBod.Attributes[Attrib.Algorithm].Value;
if (encBodMethod == Alg.aes128cbc)
{
if (DecObj.SymmAlg is TripleDES)
{
throw new Exception("device expects TripleDES, not AES");
}
}
if (encBodMethod == Alg.tripledesCbc)
{
if ((DecObj.SymmAlg is TripleDES) == false)
{
throw new Exception("device expects AES, not TripleDES");
}
}
}
XmlElement keyNameElem = LameXpath.SelectSingleNode(cipherElem, Elem.KeyName);
if (keyNameElem != null)
{
keyName = keyNameElem.InnerText;
}
XmlElement cipherValueElem = LameXpath.SelectSingleNode(cipherElem, Elem.CipherValue);
byte[] baCipher = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(cipherValueElem.InnerText);
//should have encMethod, key, and cipherData now
System.Security.Cryptography.SymmetricAlgorithm sa = DecObj.SymmAlg.Key;
byte[] baClear = DecObj.SymmAlg.EncryptionFormatter.Decrypt(baCipher);
/*
* PlainTextType ptType = PlainTextType.Content; //default
* if(cipherElem.Attributes["Type"] != null)
* {
* string strType = cipherElem.Attributes["Type"].Value;
* if(strType == "http://www.w3.org/2001/04/xmlenc#Element")
* ptType = PlainTextType.Element;
* }
*/
string strClear = OpenNETCF.Security.Cryptography.Internal.Format.GetString(baClear); //for debugging
cipherElem.ParentNode.InnerXml = strClear;
}
//MOD for SecureConversation
//XmlElement rstrElem = LameXpath.SelectSingleNode(body, Elem.RequestSecurityToken); //temp for testing
XmlElement rstrElem = LameXpath.SelectSingleNode(body, Elem.RequestSecurityTokenResponse);
if (rstrElem != null)
{
SecConvObj = new SecConvObject();
//<TokenType/>
XmlElement ttElem = LameXpath.SelectSingleNode(rstrElem, Elem.TokenType);
if (ttElem != null)
{
SecConvObj.tokenType = new TokenType();
SecConvObj.tokenType.InnerText = ttElem.InnerText;
}
//ignore <AppliesTo/> for now
//Entropy
XmlElement entropyElem = LameXpath.SelectSingleNode(rstrElem, Elem.Entropy);
if (entropyElem != null)
{
XmlElement encKeyElem = LameXpath.SelectSingleNode(entropyElem, Elem.EncryptedKey);
if (encKeyElem != null)
{
XmlElement cipherValElem = LameXpath.SelectSingleNode(encKeyElem, Elem.CipherValue);
if (cipherValElem != null)
{
baEncKey = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(cipherValElem.InnerText);
}
XmlElement encMethodElem = LameXpath.SelectSingleNode(encKeyElem, Elem.EncryptionMethod);
if (encMethodElem != null)
{
encKeyMethod = encMethodElem.Attributes[Attrib.Algorithm].Value;
if (encKeyMethod == Alg.kwTripledes)
{
throw new Exception("return Entropy with kw-TripleDes is not supported");
}
if (encKeyMethod == Alg.kwAes128)
{
XmlElement keyNameElem = LameXpath.SelectSingleNode(encKeyElem, Elem.KeyName);
if (keyNameElem != null)
{
keyName = keyNameElem.InnerText;
}
if (DecObj.SymmAlg.Key is System.Security.Cryptography.TripleDES)
{
throw new Exception("device expects TripleDES, not AES128");
}
//the request entropy is encrypted with RSA
//it passes a symmetric key
//the response is encrypted with kw-aes128
//the key for the kw-aes128 seems to be the symm key passed by RSA?
System.Security.Cryptography.SymmetricAlgorithm sa = DecObj.keyWrap;
//key should have already been set
byte[] unwrappedKey = Decrypt(sa, baEncKey);
SecConvObj.entropyKey = unwrappedKey;
}
if (encKeyMethod == Alg.rsa15)
{
//TODO - this scenario is not expected?
XmlElement keyIdElem = LameXpath.SelectSingleNode(encKeyElem, Elem.KeyIdentifier);
if (keyIdElem != null)
{
keyName = keyIdElem.InnerText;
}
baPlainKey = DecObj.RSACSP.DecryptValue(baEncKey);
SecConvObj.secConvKey = baPlainKey;
//went from 128 bytes to 16 decrypted - AES?
//DecObj.SymmAlg.Key.Key = baPlainKey;
}
}
XmlElement carriedKeyNameElem = LameXpath.SelectSingleNode(encKeyElem, Elem.CarriedKeyName);
if (carriedKeyNameElem != null)
{
keyName = carriedKeyNameElem.InnerText;
}
}
}
//RST
XmlElement rstElem = LameXpath.SelectSingleNode(rstrElem, Elem.RequestedSecurityToken);
if (rstElem != null)
{
SecConvObj.requestedSecurityToken = rstElem;
}
//RPT
XmlElement rptElem = LameXpath.SelectSingleNode(rstrElem, Elem.RequestedProofToken);
if (rptElem != null)
{
SecConvObj.requestedProofToken = rptElem;
//figure out if key is computed
//TODO use this later on
bool computed = false;
XmlElement compKeyElem = LameXpath.SelectSingleNode(rptElem, Elem.ComputedKey);
if (compKeyElem != null)
{
computed = true;
}
if (computed == true)
{
//throw new Exception("not handling computed return keys yet");
byte [] entropy1 = DecObj.keyWrap.Key;
byte [] entropy2 = SecConvObj.entropyKey;
byte [] concatEntropies = new byte[entropy1.Length + entropy2.Length];
Array.Copy(entropy1, 0, concatEntropies, 0, entropy1.Length);
Array.Copy(entropy2, 0, concatEntropies, entropy1.Length, entropy2.Length);
SecConvObj.secConvKey = P_SHA1.DeriveKey(entropy1, entropy2, XmlSigHandler.NumKeyBytes);
}
XmlElement encMethodElemBod = LameXpath.SelectSingleNode(rptElem, Elem.EncryptionMethod);
if (encMethodElemBod != null)
{
encBodMethod = encMethodElemBod.Attributes[Attrib.Algorithm].Value;
if (encBodMethod == Alg.kwAes128)
{
//throw new Exception("only supports TripleDes, no AES on device");
XmlElement cvElem = LameXpath.SelectSingleNode(rptElem, Elem.CipherValue);
//byte [] baPKey = null;
if (cvElem != null)
{
byte[] baCipher = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(cvElem.InnerText);
int numKeyBytes = DecObj.SymmAlg.Key.Key.Length;
string tempLabel = XmlSigHandler.StrKeyLabel; //WS-Security
baPlainKey = P_SHA1.DeriveKey(DecObj.ClearPassword, tempLabel, nonce.InnerText, created.InnerText, numKeyBytes);
//TODO make TripleDES below work like this too - common codebase
System.Security.Cryptography.SymmetricAlgorithm sa = DecObj.keyWrap;
sa.Key = baPlainKey;
byte[] unwrappedKey = Decrypt(sa, baCipher);
SecConvObj.secConvKey = unwrappedKey;
}
}
else if (encBodMethod == Alg.kwTripledes)
{
XmlElement cvElem = LameXpath.SelectSingleNode(rptElem, Elem.CipherValue);
//byte [] baPKey = null;
if (cvElem != null)
{
byte[] baCipher = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(cvElem.InnerText);
int numKeyBytes = DecObj.SymmAlg.Key.Key.Length;
string tempLabel = XmlSigHandler.StrKeyLabel; //WS-Security
//string tempLabel = "WS-SecureConversation";
baPlainKey = P_SHA1.DeriveKey(DecObj.ClearPassword, tempLabel, nonce.InnerText, created.InnerText, numKeyBytes);
//TODO make this work with KeyWrap interface
//SymmetricAlgorithm sa = DecObj.SymmAlg;
System.Security.Cryptography.TripleDESCryptoServiceProvider sa = (System.Security.Cryptography.TripleDESCryptoServiceProvider)DecObj.SymmAlg.Key;
sa.Key = baPlainKey;
TripleDesKeyWrap tdkw = new TripleDesKeyWrap(sa);
byte [] unwrappedKey = tdkw.DecryptValue(baCipher);
SecConvObj.secConvKey = unwrappedKey;
}
}
else //http://www.w3.org/2001/04/xmlenc#rsa-1_5
{
XmlElement cvElem = LameXpath.SelectSingleNode(rptElem, Elem.CipherValue);
byte [] baPKey = null;
if (cvElem != null)
{
byte[] baEKey = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(cvElem.InnerText);
baPKey = DecObj.RSACSP.DecryptValue(baEKey);
SecConvObj.secConvKey = baPKey;
}
}
}
//else
//{
// throw new Exception("EncryptionMethod not specified");
//}
}
//ignore <LifeTime/> for now
}
DecObj = null;
return(cipherDoc);
}
public static XmlDocument EncryptXml(XmlDocument plainDoc)
{
if (EncObj == null)
{
return(plainDoc); //nothing to encrypt
}
XmlElement envelope = plainDoc.DocumentElement;
//add namespace
//XmlAttribute xenc = xd.CreateAttribute(Pre.xmlns, Pre.xenc, Ns.xmlns);
//xenc.Value = Ns.xenc;
//envelope.Attributes.Append(xenc);
XmlElement headerOrBody = (XmlElement)envelope.ChildNodes[0];
XmlElement header;
XmlElement body;
if (headerOrBody.LocalName == Elem.Body)
{
header = plainDoc.CreateElement(headerOrBody.Prefix, Elem.Header, headerOrBody.NamespaceURI);
envelope.InsertBefore(header, headerOrBody);
}
header = (XmlElement)envelope.ChildNodes[0];
body = (XmlElement)envelope.ChildNodes[1];
XmlNodeList headers = header.ChildNodes;
XmlElement security = null;
foreach (XmlNode xn in headers)
{
if (xn.LocalName == Elem.Security)
{
security = (XmlElement)xn;
}
}
if (security == null)
{
//used to work for SymmetricEncryptionV1
//if(EncObj.SecTokRef != null) //symmetric is older
// security = plainDoc.CreateElement(Pre.wsse, Elem.Security, Ns.wsse0207);
//else //newest
security = plainDoc.CreateElement(Pre.wsse, Elem.Security, Ns.wsseLatest);
XmlAttribute mustUnderstand = plainDoc.CreateAttribute(Pre.soap, Attrib.mustUnderstand, Ns.soap);
mustUnderstand.Value = "1";
security.Attributes.Append(mustUnderstand);
header.AppendChild(security);
}
XmlElement tokenElem = null;
if (EncObj.UserTok != null)
{
XmlElement userTokElem = LameXpath.SelectSingleNode(security, Elem.UsernameToken);
if (userTokElem == null)
{
EncObj.UserTok.WriteXml(plainDoc, security);
}
tokenElem = userTokElem;
//secTokId = SigObj.UserTok.Id;
//sigAlgVal = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
}
/*
* <wsse:Security soap:mustUnderstand="1">
* <wsse:BinarySecurityToken ValueType="wsse:X509v3"
* EncodingType="wsse:Base64Binary"
* xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
* wsu:Id="SecurityToken-b2adaba3-09f7-45a0-aa0d-0c4da15d0725">
* MIIBxDCCAW6...==
* </wsse:BinarySecurityToken>
* </wsse:Security>
*/
if (EncObj.BinSecTok != null)
{
XmlElement binSecTok = LameXpath.SelectSingleNode(security, Elem.BinarySecurityToken);
if (binSecTok == null)
{
EncObj.BinSecTok.WriteXml(plainDoc, security);
}
tokenElem = binSecTok;
}
/*
* <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
* <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
* <xenc:DataReference URI="#EncryptedContent-c163b16f-44c7-4eea-ac65-a6ce744e2651" />
* </xenc:ReferenceList>
* </wsse:Security>
*/
if (EncObj.SecTokRef != null) // || EncObj.ClearPassword != null
{
//security.Attributes["xmlns"].Value = Ns.wsse0207;
XmlElement referenceList = plainDoc.CreateElement(Pre.xenc, Elem.ReferenceList, Ns.xenc);
XmlElement dataReference = plainDoc.CreateElement(Pre.xenc, Elem.DataReference, Ns.xenc);
XmlAttribute uri = plainDoc.CreateAttribute(Attrib.URI);
uri.Value = "#" + EncObj.Id;
dataReference.Attributes.Append(uri);
referenceList.AppendChild(dataReference);
if (SignFirst == false)
{
security.AppendChild(referenceList); //just append
}
else
{
security.InsertAfter(referenceList, tokenElem); //after token
}
}
/*
* <wsse:Security soap:mustUnderstand="1">
* <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
* <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
* <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
* <wsse:SecurityTokenReference>
* <wsse:KeyIdentifier ValueType="wsse:X509v3">gBfo0147lM6cKnTbbMSuMVvmFY4=</wsse:KeyIdentifier>
* </wsse:SecurityTokenReference>
* </KeyInfo>
* <xenc:CipherData>
* <xenc:CipherValue>CKc0qzMkc...==</xenc:CipherValue>
* </xenc:CipherData>
* <xenc:ReferenceList>
* <xenc:DataReference URI="#EncryptedContent-702cd57e-c5ca-44c6-9bd8-b8639762b036" />
* </xenc:ReferenceList>
* </xenc:EncryptedKey>
* </wsse:Security>
*/
if (EncObj.EncKey != null)
{
XmlElement encKeyElem = plainDoc.CreateElement(Pre.xenc, Elem.EncryptedKey, Ns.xenc);
XmlElement encMethElem = plainDoc.CreateElement(Pre.xenc, Elem.EncryptionMethod, Ns.xenc);
XmlAttribute alg = plainDoc.CreateAttribute(Attrib.Algorithm);
alg.Value = Alg.rsa15;
encMethElem.Attributes.Append(alg);
encKeyElem.AppendChild(encMethElem);
XmlElement keyInfoElem = plainDoc.CreateElement(Pre.ds, Elem.KeyInfo, Ns.ds);
XmlElement secTokRefElem = plainDoc.CreateElement(Pre.wsse, Elem.SecurityTokenReference, Ns.wsseLatest);
XmlElement keyIdElem = plainDoc.CreateElement(Pre.wsse, Elem.KeyIdentifier, Ns.wsseLatest);
XmlAttribute valueType = plainDoc.CreateAttribute(Attrib.ValueType);
//valueType.Value = "wsse:X509v3";
valueType.Value = Misc.tokenProfX509 + "#X509SubjectKeyIdentifier";
keyIdElem.Attributes.Append(valueType);
keyIdElem.InnerText = EncObj.KeyId;
secTokRefElem.AppendChild(keyIdElem);
keyInfoElem.AppendChild(secTokRefElem);
encKeyElem.AppendChild(keyInfoElem);
//encrypt key
EncryptionFormatter fmt = EncObj.SymmAlg.EncryptionFormatter;
byte [] baSessKey = EncObj.SymmAlg.Key.Key;
byte [] baEncSessKey = EncObj.RSACSP.Encrypt(baSessKey, false); //ok to use since the key is of the right size - no padding required
XmlElement ciphDataElem = plainDoc.CreateElement(Pre.xenc, Elem.CipherData, Ns.xenc);
XmlElement ciphValElem = plainDoc.CreateElement(Pre.xenc, Elem.CipherValue, Ns.xenc);
ciphValElem.InnerText = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(baEncSessKey);
ciphDataElem.AppendChild(ciphValElem);
encKeyElem.AppendChild(ciphDataElem);
XmlElement refListElem = plainDoc.CreateElement(Pre.xenc, Elem.ReferenceList, Ns.xenc);
XmlElement dataRefElem = plainDoc.CreateElement(Pre.xenc, Elem.DataReference, Ns.xenc);
XmlAttribute uri = plainDoc.CreateAttribute(Attrib.URI);
uri.Value = "#" + EncObj.Id;
dataRefElem.Attributes.Append(uri);
refListElem.AppendChild(dataRefElem);
encKeyElem.AppendChild(refListElem);
//security.PrependChild(encKeyElem);
if (SignFirst == false)
{
security.AppendChild(encKeyElem); //just append
}
else
{
security.InsertAfter(encKeyElem, tokenElem); //after token
}
}
//SecurityContextToken - add here, or with Signature
string secTokId = null;
if (EncObj.securityContextToken != null)
{
XmlNode sctNode = LameXpath.SelectSingleNode(header, Elem.SecurityContextToken);
if (sctNode == null)
{
//i need to import this node 1st
sctNode = plainDoc.ImportNode(EncObj.securityContextToken, true);
string dupeId = sctNode.Attributes[Attrib.Id, Ns.wsuLatest].Value;
XmlElement dupeElem = LameXpath.SelectSingleNode(dupeId, security);
if (dupeElem == null)
{
security.AppendChild(sctNode);
}
else
{
sctNode = LameXpath.SelectSingleNode(dupeId, security);
}
}
//<wsse:SecurityContextToken wsu:Id=\"SecurityToken-feb27552-6eb5-4a27-a831-e1bdfca326e2\">
secTokId = sctNode.Attributes[Attrib.Id, Ns.wsuLatest].Value;
//add ReferenceList too for SecureConversation
//<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
// <xenc:DataReference URI="#EncryptedContent-cb7efc1c-e4dd-4737-9214-aec967789d2d" />
//</xenc:ReferenceList>
XmlElement referenceListElem = plainDoc.CreateElement(Pre.xenc, Elem.ReferenceList, Ns.xenc);
//security.AppendChild(referenceListElem);
XmlElement dataReferenceElem = plainDoc.CreateElement(Pre.xenc, Elem.DataReference, Ns.xenc);
XmlAttribute uriAttrib = plainDoc.CreateAttribute(Attrib.URI);
uriAttrib.Value = "#" + EncObj.Id;
dataReferenceElem.Attributes.Append(uriAttrib);
referenceListElem.AppendChild(dataReferenceElem);
security.InsertAfter(referenceListElem, sctNode);
if (EncObj.derKeyTok != null)
{
XmlNode idElem = LameXpath.SelectSingleNode(sctNode, Elem.Identifier);
if (idElem != null)
{
EncObj.derKeyTok.secTokRef.Reference.URI = idElem.InnerText;
}
XmlElement derKeyTokElem = EncObj.derKeyTok.WriteXml(plainDoc, security, (XmlElement)sctNode);
secTokId = EncObj.derKeyTok.id;
EncObj.SymmAlg.Key.Key = EncObj.derKeyTok.derKey;
}
}
if (EncObj.UserTok != null)
{
int numBytes = EncObj.SymmAlg.Key.Key.Length;
byte [] derKey = P_SHA1.DeriveKey(EncObj.ClearPassword, XmlSigHandler.StrKeyLabel, EncObj.UserTok.Nonce.Text, EncObj.UserTok.Created, numBytes);
EncObj.SymmAlg.Key.Key = derKey;
}
//possibly add BinSecTok, but dont encrypt
if (EncObj.SymmAlg == null)
{
return(plainDoc);
}
if (EncObj.RSACSP == null && EncObj.UserTok == null && EncObj.securityContextKey == null && (EncObj.derKeyTok == null || EncObj.derKeyTok.derKey == null))
{
return(plainDoc);
}
XmlElement plainElement = LameXpath.SelectSingleNode(envelope, EncObj.TargetElement);
if (plainElement == null)
{
throw new Exception("element not found to encrypt");
}
byte [] baPlain;
if (EncObj.Type == PlainTextType.Element)
{
baPlain = OpenNETCF.Security.Cryptography.Internal.Format.GetBytes(plainElement.OuterXml);
}
else if (EncObj.Type == PlainTextType.Content)
{
baPlain = OpenNETCF.Security.Cryptography.Internal.Format.GetBytes(plainElement.InnerXml);
}
else
{
throw new Exception("only support #Element and #Content");
}
//diff algorithms
System.Security.Cryptography.SymmetricAlgorithm sa = EncObj.SymmAlg.Key;
byte[] baCipher = EncObj.SymmAlg.EncryptionFormatter.Encrypt(baPlain);
/*
* <xenc:EncryptedData Id="EncryptedContent-c163b16f-44c7-4eea-ac65-a6ce744e2651" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
* <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
* <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
* <KeyName>WSE Sample Symmetric Key</KeyName> //NORMAL
* <wsse:SecurityTokenReference> //SecureConversation
* <wsse:Reference URI="#SecurityToken-be84969f-41c7-4dff-95a4-7319a3122142" />
* </wsse:SecurityTokenReference>
* </KeyInfo>
* <xenc:CipherData>
* <xenc:CipherValue>1+uBlSL/pxXyl2FdeT/EVM6TZgW9cv1AjwlJ9LZyKejet9TgjK37QoURZklglS9z+yGd5XooIDhtWPLaw3ApuhRCky6Y8eP1+3mT6v+t3o28idscfYOrkFmVaI25AwHK</xenc:CipherValue>
* </xenc:CipherData>
* </xenc:EncryptedData>
*/
XmlElement encryptedData = plainDoc.CreateElement(Pre.xenc, Elem.EncryptedData, Ns.xenc);
XmlAttribute id = plainDoc.CreateAttribute(Attrib.Id);
id.Value = EncObj.Id;
encryptedData.Attributes.Append(id);
XmlAttribute type = plainDoc.CreateAttribute(Attrib.Type);
type.Value = Misc.plainTextTypeContent; //xeo.Type.ToString();
encryptedData.Attributes.Append(type);
XmlElement encryptionMethod = plainDoc.CreateElement(Pre.xenc, Elem.EncryptionMethod, Ns.xenc);
XmlAttribute algorithm = plainDoc.CreateAttribute(Attrib.Algorithm);
if (EncObj.SymmAlg is TripleDES)
{
algorithm.Value = Alg.tripledesCbc; //xeo.AlgorithmEnum.ToString();
}
else
{
algorithm.Value = Alg.aes128cbc;
}
encryptionMethod.Attributes.Append(algorithm);
encryptedData.AppendChild(encryptionMethod);
if ((EncObj.KeyName != null && EncObj.KeyName != String.Empty) || EncObj.securityContextToken != null || EncObj.ClearPassword != null)
{
XmlElement keyInfo = plainDoc.CreateElement(Pre.ds, Elem.KeyInfo, Ns.ds);
if (EncObj.KeyName != null && EncObj.KeyName != String.Empty)
{
XmlElement keyName = plainDoc.CreateElement(Pre.ds, Elem.KeyName, Ns.ds);
keyName.InnerText = EncObj.KeyName;
keyInfo.AppendChild(keyName);
}
if (EncObj.securityContextToken != null || EncObj.ClearPassword != null)
{
XmlElement securityTokenReferenceElem = plainDoc.CreateElement(Pre.wsse, Elem.SecurityTokenReference, Ns.wsseLatest);
keyInfo.AppendChild(securityTokenReferenceElem);
XmlElement referenceElem = plainDoc.CreateElement(Pre.wsse, Elem.Reference, Ns.wsseLatest);
securityTokenReferenceElem.AppendChild(referenceElem);
if (EncObj.securityContextToken != null)
{
XmlAttribute uriAttrib = plainDoc.CreateAttribute(Attrib.URI);
uriAttrib.Value = "#" + secTokId;
referenceElem.Attributes.Append(uriAttrib);
}
if (EncObj.UserTok != null)
{
XmlAttribute uriAttrib = plainDoc.CreateAttribute(Attrib.URI);
uriAttrib.Value = "#" + EncObj.UserTok.Id;
referenceElem.Attributes.Append(uriAttrib);
XmlAttribute valueTypeAttrib = plainDoc.CreateAttribute(Attrib.ValueType);
valueTypeAttrib.Value = Misc.tokenProfUsername + "#UsernameToken";
referenceElem.Attributes.Append(valueTypeAttrib);
}
}
encryptedData.AppendChild(keyInfo);
}
XmlElement cipherData = plainDoc.CreateElement(Pre.xenc, Elem.CipherData, Ns.xenc);
XmlElement cipherValue = plainDoc.CreateElement(Pre.xenc, Elem.CipherValue, Ns.xenc);
cipherValue.InnerText = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(baCipher);
cipherData.AppendChild(cipherValue);
encryptedData.AppendChild(cipherData);
if (EncObj.Type == PlainTextType.Element)
{
plainElement.ParentNode.InnerXml = encryptedData.OuterXml;
}
else //content
{
plainElement.InnerXml = encryptedData.OuterXml;
}
SecConvObj = null;
EncObj = null;
return(plainDoc);
}
public byte[] DecryptData(EncryptedData encryptedData, System.Security.Cryptography.SymmetricAlgorithm symmetricAlgorithm)
{
}
/// <remarks>
/// Creates a new instance of the symmetric crypto service for any other custom symmetric crypto provider.
/// </remarks>
public SymmetricServices(System.Security.Cryptography.SymmetricAlgorithm CryptoProvider)
{
_cryptoservice = CryptoProvider;
}
/// <remarks>
/// Creates a new instance of the symmetric crypto service for the specified algorithm.
/// </remarks>
public SymmetricServices(SymmetricAlgorithms CryptographyAlgorithm)
{
// set the internal cryptographic service based on the selected algorithm.
switch (CryptographyAlgorithm)
{
case SymmetricAlgorithms.DES:
_cryptoservice = new System.Security.Cryptography.DESCryptoServiceProvider();
break;
case SymmetricAlgorithms.RC2:
_cryptoservice = new System.Security.Cryptography.RC2CryptoServiceProvider();
break;
case SymmetricAlgorithms.Rijndael:
_cryptoservice = new System.Security.Cryptography.RijndaelManaged();
break;
}
}
public byte[] DecryptData(System.Security.Cryptography.Xml.EncryptedData encryptedData, System.Security.Cryptography.SymmetricAlgorithm symmetricAlgorithm)
{
throw null;
}
public PolyAES()
{
this.algo = new System.Security.Cryptography.RijndaelManaged();
this.algo.Mode = System.Security.Cryptography.CipherMode.CBC;
this.rngAlgo = new System.Security.Cryptography.RNGCryptoServiceProvider();
}
public byte[] EncryptData(System.Xml.XmlElement inputElement, System.Security.Cryptography.SymmetricAlgorithm symmetricAlgorithm, bool content)
{
throw null;
}
public System.Security.Cryptography.GostKeyTransport CreateKeyExchange(System.Security.Cryptography.SymmetricAlgorithm alg, System.Security.Cryptography.GostKeyWrapMethod keyWrapMethod = System.Security.Cryptography.GostKeyWrapMethod.CryptoPro12KeyWrap)
{
throw null;
}
public static object ObjFromFile(string filename, string Password, bool AskForMissingPassword)
{
object rv = null;
lock (ThreadLock)
{
Exception err = null;
filename = System.IO.Path.Combine(LaserGRBL.GrblCore.DataPath, filename);
if ((File.Exists(filename + ".bak") & !File.Exists(filename)))
{
ManageOrphanTmp(filename);
}
if (File.Exists(filename))
{
System.Security.Cryptography.SymmetricAlgorithm EE = null;
Stream FinalStream = null;
System.Runtime.Serialization.IFormatter SR = default(System.Runtime.Serialization.IFormatter);
bool REncrypted = false;
bool RCompressed = false;
SerializationMode Rmode = default(SerializationMode);
string RVersion = null;
byte[] Rhash = null;
byte[] IV = null;
byte[] CypherKey = null;
try
{
//Open a stream on the file for reading (overwrite if exist) and lock the file
FinalStream = new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.Read);
GetSerializerTag(FinalStream, ref RVersion, ref Rmode, ref REncrypted, ref IV, ref Rhash, ref RCompressed);
//Get serializer tag end move stream position
//GESTISCI LA VERSIONE CORRENTE
if (RVersion == SerializerVersion)
{
SR = CreateFormatterForMode(Rmode);
if (RCompressed)
{
FinalStream = new System.IO.Compression.DeflateStream(FinalStream, System.IO.Compression.CompressionMode.Decompress);
}
if (REncrypted && Password == null)
{
if (AskForMissingPassword)
{
string NewKey = InputBox.Show(null, "Insert password:"******"Protected file", "", null).Text;
if ((NewKey != null))
{
FinalStream.Close();
return(ObjFromFile(filename, NewKey, AskForMissingPassword));
}
else
{
throw new MissingPasswordException(filename);
}
}
else
{
throw new MissingPasswordException(filename);
}
}
//GENERATE KEY AND CRYPTO SERVICE
if (REncrypted)
{
EE = System.Security.Cryptography.SymmetricAlgorithm.Create();
EE.IV = IV;
CypherKey = GenerateKey(Password, Convert.ToInt32(EE.KeySize / 8));
}
//TEST KEY VALIDITY WITH HASH COMPARE
if (REncrypted)
{
byte[] CurHash = GenerateHash(CypherKey);
if (Rhash == null || CurHash == null)
{
throw new WrongPasswordException(filename);
}
if (!(Rhash.Length == CurHash.Length))
{
throw new WrongPasswordException(filename);
}
for (int I = 0; I <= Rhash.Length - 1; I++)
{
if (!(Rhash[I] == CurHash[I]))
{
throw new WrongPasswordException(filename);
}
}
}
if (REncrypted)
{
FinalStream = new System.Security.Cryptography.CryptoStream(FinalStream, EE.CreateDecryptor(CypherKey, EE.IV), System.Security.Cryptography.CryptoStreamMode.Read);
}
rv = SR.Deserialize(FinalStream); //READ DATA
FinalStream.Close();
}
else
{
FinalStream?.Close();
rv = ManageOldVersion(RVersion, filename, Password);
}
}
catch (Exception ex)
{
err = ex;
System.Diagnostics.Debug.WriteLine(string.Format("Serialization exception in {0} Position {1}", filename, FinalStream.Position));
try
{
FinalStream?.Close();
}
catch
{
}
try
{
ManageReadError(filename, ex);
}
catch
{
}
}
}
else
{
;
}
}
return(rv);
}
/// <summary>
///
/// </summary>
/// <param name="secretKey"></param>
/// <param name="cypheredData"></param>
/// <returns></returns>
public static ProtectedMemory DecryptData(ProtectedString secretKey, ProtectedMemory cypheredData)
{
ProtectedMemory returnValue = null;
System.Byte[] encryptedData = null;
System.Byte[] ivData = null;
#region Check protection of secret key
if (!secretKey.IsProtected)
{
throw new UnsecureException();
}
#endregion
#region Check protection of cyphered data
if (!cypheredData.IsProtected)
{
throw new UnsecureException();
}
#endregion
#region Split cyphered data
// Unprotect cyphered memory
cypheredData.Unprotect();
// extract iv data (IV length is static => 16)
ivData = new System.Byte[16];
System.Array.Copy(cypheredData.GetBytes(), 0, ivData, 0, 16);
// extract encrypted data
encryptedData = new System.Byte[cypheredData.SizeInByte - 16];
System.Array.Copy(cypheredData.GetBytes(), 16, encryptedData, 0, (cypheredData.SizeInByte - 16));
// Reprotect cyphered memory
cypheredData.Protect();
#endregion
#region Prepare encryption provider
// Unprotect memory containing secret key
secretKey.Unprotect();
// Create encryption provider
System.Security.Cryptography.SymmetricAlgorithm encryptionProvider = System.Security.Cryptography.Aes.Create();
encryptionProvider.Mode = System.Security.Cryptography.CipherMode.CBC;
encryptionProvider.Key = secretKey.GetBytes();
encryptionProvider.IV = ivData;
// Reprotect memory containing secret key
secretKey.Protect();
#endregion
// Create decryptor
System.Security.Cryptography.ICryptoTransform decryptor = encryptionProvider.CreateDecryptor(encryptionProvider.Key, encryptionProvider.IV);
// Create handle to memory of encrypted data
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(encryptedData))
{
// Create handle for data decryption; data streamed by this stream will be automatically decrypted
using (System.Security.Cryptography.CryptoStream cryptoStream = new System.Security.Cryptography.CryptoStream(memoryStream, decryptor, System.Security.Cryptography.CryptoStreamMode.Read))
{
// Create handle to read data of a strea,; data readed by this stream will be automatically decrypted
using (System.IO.StreamReader streamReader = new System.IO.StreamReader(cryptoStream))
{
#region Save plain data in protected memory
// Save plain data in temp buffer
System.String plainData = streamReader.ReadToEnd();
// Create protected memory for plain data
returnValue = new ProtectedMemory(plainData.Length);
// Unprotect memory for plain data
returnValue.Unprotect();
// Copy plain data in encrypted memory
for (System.Int32 i = 0; i < plainData.Length; i++)
{
returnValue.SetByte(i, (System.Byte)plainData[i]);
}
// Reprotect memory with plain data
returnValue.Protect();
// Save erase temp buffer
plainData = null;
System.GC.Collect();
#endregion
}
}
}
// Dispose decryptor
decryptor.Dispose();
// Dispose encryption provider
encryptionProvider.Dispose();
return(returnValue);
}
private static object ManageOldVersion(string Version, string FileWhereRead, string Password)
{
try
{
switch (Version)
{
case "v0.0":
if (!System.IO.File.Exists(FileWhereRead))
{
return(null);
}
SerializationMode mode = ModeFromFname(FileWhereRead);
System.Runtime.Serialization.IFormatter FR = default(System.Runtime.Serialization.IFormatter);
if (mode == SerializationMode.Xml)
{
FR = CreateFormatterForMode(SerializationMode.Xml);
}
else if (mode == SerializationMode.Binary)
{
FR = CreateFormatterForMode(SerializationMode.Binary);
}
else
{
throw new Exception("Unknown DeSerialization Mode");
}
System.IO.FileStream FS = default(System.IO.FileStream);
//File Stream
System.Security.Cryptography.SymmetricAlgorithm DE = default(System.Security.Cryptography.SymmetricAlgorithm);
//Decryption Engine
System.Security.Cryptography.CryptoStream DS = null;
//Decrypted Stream
FS = new System.IO.FileStream(FileWhereRead, FileMode.Open, FileAccess.Read, FileShare.Read);
if ((Password != null))
{
DE = System.Security.Cryptography.SymmetricAlgorithm.Create();
DS = new System.Security.Cryptography.CryptoStream(FS, DE.CreateDecryptor(GenerateKey(Password, Convert.ToInt32(DE.KeySize / 8)), GenerateKey("Vettore di inizializzazione", 16)), System.Security.Cryptography.CryptoStreamMode.Read);
}
object Result = null;
if ((DS != null))
{
Result = FR.Deserialize(DS);
FS.Close();
}
else
{
Result = FR.Deserialize(FS);
FS.Close();
}
//Save in newer version
ObjToFile(Result, FileWhereRead, Password);
return(Result);
}
}
catch (Exception ex)
{
ManageReadError(FileWhereRead, ex);
}
return(null);
}
public void SetCryptoAlgoritm(System.Security.Cryptography.SymmetricAlgorithm cryptoAlg)
{
this.cryptoAlg = cryptoAlg;
}
