public static void TestShims() { using (var alg = new AesCryptoServiceProvider()) { alg.BlockSize = 128; Assert.Equal(128, alg.BlockSize); var emptyIV = new byte[alg.BlockSize / 8]; alg.IV = emptyIV; Assert.Equal(emptyIV, alg.IV); alg.GenerateIV(); Assert.NotEqual(emptyIV, alg.IV); var emptyKey = new byte[alg.KeySize / 8]; alg.Key = emptyKey; Assert.Equal(emptyKey, alg.Key); alg.GenerateKey(); Assert.NotEqual(emptyKey, alg.Key); alg.KeySize = 128; Assert.Equal(128, alg.KeySize); alg.Mode = CipherMode.ECB; Assert.Equal(CipherMode.ECB, alg.Mode); alg.Padding = PaddingMode.PKCS7; Assert.Equal(PaddingMode.PKCS7, alg.Padding); } }
static NetAESEncryption() { #if !IOS && !__ANDROID__ AesCryptoServiceProvider aes = new AesCryptoServiceProvider(); List<int> temp = new List<int>(); foreach (KeySizes keysize in aes.LegalKeySizes) { for (int i = keysize.MinSize; i <= keysize.MaxSize; i += keysize.SkipSize) { if (!temp.Contains(i)) temp.Add(i); if (i == keysize.MaxSize) break; } } m_keysizes = temp; temp = new List<int>(); foreach (KeySizes keysize in aes.LegalBlockSizes) { for (int i = keysize.MinSize; i <= keysize.MaxSize; i += keysize.SkipSize) { if (!temp.Contains(i)) temp.Add(i); if (i == keysize.MaxSize) break; } } m_blocksizes = temp; #endif }
public static void EncryptDecryptKnownECB192() { byte[] plainTextBytes = new ASCIIEncoding().GetBytes("This is a sentence that is longer than a block, it ensures that multi-block functions work."); byte[] encryptedBytesExpected = new byte[] { 0xC9, 0x7F, 0xA5, 0x5B, 0xC3, 0x92, 0xDC, 0xA6, 0xE4, 0x9F, 0x2D, 0x1A, 0xEF, 0x7A, 0x27, 0x03, 0x04, 0x9C, 0xFB, 0x56, 0x63, 0x38, 0xAE, 0x4F, 0xDC, 0xF6, 0x36, 0x98, 0x28, 0x05, 0x32, 0xE9, 0xF2, 0x6E, 0xEC, 0x0C, 0x04, 0x9D, 0x12, 0x17, 0x18, 0x35, 0xD4, 0x29, 0xFC, 0x01, 0xB1, 0x20, 0xFA, 0x30, 0xAE, 0x00, 0x53, 0xD4, 0x26, 0x25, 0xA4, 0xFD, 0xD5, 0xE6, 0xED, 0x79, 0x35, 0x2A, 0xE2, 0xBB, 0x95, 0x0D, 0xEF, 0x09, 0xBB, 0x6D, 0xC5, 0xC4, 0xDB, 0x28, 0xC6, 0xF4, 0x31, 0x33, 0x9A, 0x90, 0x12, 0x36, 0x50, 0xA0, 0xB7, 0xD1, 0x35, 0xC4, 0xCE, 0x81, 0xE5, 0x2B, 0x85, 0x6B, }; byte[] aes192Key = new byte[] { 0xA6, 0x1E, 0xC7, 0x54, 0x37, 0x4D, 0x8C, 0xA5, 0xA4, 0xBB, 0x99, 0x50, 0x35, 0x4B, 0x30, 0x4D, 0x6C, 0xFE, 0x3B, 0x59, 0x65, 0xCB, 0x93, 0xE3, }; using (var alg = new AesCryptoServiceProvider()) { // The CipherMode and KeySize are different than the default values; this ensures the type // forwards the state properly to Aes. alg.Mode = CipherMode.ECB; alg.Key = aes192Key; byte[] encryptedBytes = alg.Encrypt(plainTextBytes); Assert.Equal(encryptedBytesExpected, encryptedBytes); byte[] decryptedBytes = alg.Decrypt(encryptedBytes); Assert.Equal(plainTextBytes, decryptedBytes); } }
} //End method //Implements IEncryptionMachine.Decrypt2 //Main user interface for the FortMachine library. //This method can be used to decrypt big files as it uses stream based operation for reading and //writing the data. //Returns true on success, false on failure. public bool Decrypt2(string passphrase, string inputpath, string outputpath) { FileStream StreamIn = null; FileStream StreamOut = null; CryptoStream decrypto = null; FileStream NewPlainStream = null; //Make sure our outputpath has correct encoding //byte[] filenamebytes = Encoding.Default.GetBytes(outputpath); //outputpath = Encoding.Default.GetString(filenamebytes); try { byte[] key; byte[] IV; byte[] salt; byte[] magic_header; int BufferSize = 4096; byte[] buffer = new byte[BufferSize]; int BytesRead; byte[] IntegrityHash; IV = new byte[FortMachineConstants.IV_SIZE]; salt = new byte[FortMachineConstants.SALT_SIZE]; magic_header = new byte[FortMachineConstants.MAGIC_HEADER_SIZE]; IntegrityHash = new byte[FortMachineConstants.DATA_INTEGRITY_HASH_SIZE]; StreamIn = new FileStream(inputpath, FileMode.Open, FileAccess.ReadWrite); StreamOut = new FileStream(outputpath, FileMode.OpenOrCreate, FileAccess.Write); //Ignore the magic header and move file pointer to the next bytes StreamIn.Read(magic_header, 0, FortMachineConstants.MAGIC_HEADER_SIZE); //Read the IV into the buffer StreamIn.Read(IV, 0, FortMachineConstants.IV_SIZE); //Read passphrase salt into a buffer StreamIn.Read(salt, 0, FortMachineConstants.SALT_SIZE); //Read data integrity hash StreamIn.Read(IntegrityHash, 0, FortMachineConstants.DATA_INTEGRITY_HASH_SIZE); key = this.ProcessKeyWithSalt(passphrase, salt); AesCryptoServiceProvider aes = new AesCryptoServiceProvider(); aes.Key = key; aes.IV = IV; aes.Mode = CipherMode.CBC; decrypto = new CryptoStream(StreamOut, aes.CreateDecryptor(), CryptoStreamMode.Write); do { BytesRead = StreamIn.Read(buffer, 0, BufferSize); decrypto.Write(buffer, 0, BytesRead); } while (BytesRead != 0); decrypto.Close(); StreamIn.Close(); //Create new temporary stream from the decrypted file to verify data integrity NewPlainStream = new FileStream(outputpath, FileMode.Open, FileAccess.Read); //Verify data integrity if (!DataIntegrity.VerifyHash(NewPlainStream, key, IntegrityHash)) { this._IsDataTampered = true; } else { this._IsDataTampered = false; } NewPlainStream.Close(); File.Delete(inputpath); } catch (Exception ex) { //Clean up streams, if they where created if (decrypto != null) { decrypto.Close(); } if (StreamOut != null) { StreamOut.Close(); } if (StreamIn != null) { StreamIn.Close(); } if (NewPlainStream != null) { NewPlainStream.Close(); } //As decryption failed, check if the output file was created and delete it //because it would be incomplete. if (File.Exists(outputpath)) { File.Delete(outputpath); } this._LastErrorMessage = "Decryption failed: " + ex.Message; return(false); } return(true); } //End method
// Note that extension methods must be defined in a non-generic static class. // Encrypt or decrypt the data in in_bytes[] and return the result. public static byte[] CryptBytes(string password, byte[] in_bytes, bool encrypt) { // Make an AES service provider. AesCryptoServiceProvider aes_provider = new AesCryptoServiceProvider(); // Find a valid key size for this provider. int key_size_bits = 0; for (int i = 1024; i > 1; i--) { if (aes_provider.ValidKeySize(i)) { key_size_bits = i; break; } } Debug.Assert(key_size_bits > 0); Console.WriteLine("Key size: " + key_size_bits); // Get the block size for this provider. int block_size_bits = aes_provider.BlockSize; // Generate the key and initialization vector. byte[] key = null; byte[] iv = null; byte[] salt = { 0x0, 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0xF1, 0xF0, 0xEE, 0x21, 0x22, 0x45 }; MakeKeyAndIV(password, salt, key_size_bits, block_size_bits, out key, out iv); // Make the encryptor or decryptor. ICryptoTransform crypto_transform; if (encrypt) { crypto_transform = aes_provider.CreateEncryptor(key, iv); } else { crypto_transform = aes_provider.CreateDecryptor(key, iv); } // Create the output stream. using (MemoryStream out_stream = new MemoryStream()) { // Attach a crypto stream to the output stream. using (CryptoStream crypto_stream = new CryptoStream(out_stream, crypto_transform, CryptoStreamMode.Write)) { // Write the bytes into the CryptoStream. crypto_stream.Write(in_bytes, 0, in_bytes.Length); try { crypto_stream.FlushFinalBlock(); } catch (CryptographicException) { // Ignore this exception. The password is bad. } catch { // Re-throw this exception. throw; } // return the result. return(out_stream.ToArray()); } } }
public AESCrypt() { m_aesCryptoServiceProvider = new AesCryptoServiceProvider(); m_containKey = true; m_message = string.Empty; }
} //End method //Implements IEncryptionMachine.Encrypt2 //Main user interface for the FortMachine library. //This method can be used to encrypt big files as stream based operations are used and //data is not read into memory at once. public bool Encrypt2(string passphrase, string inputpath, string outputpath, bool KeepPlainFile = false) { FileStream StreamIn = null; FileStream StreamOut = null; CryptoStream crypto = null; try { byte[] IV; FortKey key; byte[] KeyBytes; int BufferSize = 4096; byte[] buffer = new byte[BufferSize]; int BytesRead; byte[] IntegrityHash; key = this.CreateKey(passphrase); KeyBytes = key.GetNew(); IV = this.GetRandom16IV(); StreamIn = new FileStream(inputpath, FileMode.Open, FileAccess.Read); StreamOut = new FileStream(outputpath, FileMode.OpenOrCreate, FileAccess.Write); IntegrityHash = DataIntegrity.GetHMACHash(StreamIn, KeyBytes); StreamIn.Seek(0, SeekOrigin.Begin); //First write our magic header to mark that the file is encrypted with Fort StreamOut.Write(FortMachineConstants.MAGIC_HEADER, 0, FortMachineConstants.MAGIC_HEADER_SIZE); //Then, write IV into the file StreamOut.Write(IV, 0, FortMachineConstants.IV_SIZE); //Then, write the salt into the file StreamOut.Write(key.Salt, 0, FortMachineConstants.SALT_SIZE); //Then, write the integrity has into the file StreamOut.Write(IntegrityHash, 0, FortMachineConstants.DATA_INTEGRITY_HASH_SIZE); AesCryptoServiceProvider aes = new AesCryptoServiceProvider(); aes.Key = KeyBytes; aes.IV = IV; aes.Mode = CipherMode.CBC; crypto = new CryptoStream(StreamOut, aes.CreateEncryptor(), CryptoStreamMode.Write); do { BytesRead = StreamIn.Read(buffer, 0, BufferSize); crypto.Write(buffer, 0, BytesRead); } while (BytesRead != 0); crypto.Close(); StreamIn.Close(); if (!KeepPlainFile) { File.Delete(inputpath); } } catch (Exception ex) { if (crypto != null) { crypto.Close(); } if (StreamIn != null) { StreamIn.Close(); } if (File.Exists(outputpath)) { File.Delete(outputpath); } this._LastErrorMessage = "Encryption failed: " + ex.Message; return(false); } return(true); } //End method
private static async Task DecryptPacket(IPEndPoint sender, byte[] data) { if (data.Length < UDPSendSignByteArr.Length) { Logger.Error("sender: {0} , data: {1}", sender, data.ToHex()); return; } try { var udpSendSign = Config.Encoding.GetString( data, 0, UDPSendSignByteArr.Length ); if (udpSendSign != UDPSendSign) { Logger.Error("sender: {0} , data: {1}", sender, data.ToHex()); return; } } catch (Exception ex) { Logger.Error( "sender: {0} , data: {1}\r\n{2}", sender, data.ToHex(), ex.ToString() ); return; } byte[] orig; if (File.Exists("debug")) { orig = new byte[data.Length - UDPSendSignByteArr.Length]; Array.Copy( data, UDPSendSignByteArr.Length, orig, 0, data.Length - UDPSendSignByteArr.Length ); } else { orig = null; var key = new byte[16]; var timestamp = Program.GetUnixTimestamp().ModFloor(300) - 300; Array.Copy(Config.SPBA, key, Config.SPBA.Length); using (var aes = new AesCryptoServiceProvider()) { aes.Mode = CipherMode.CBC; for (var i = 0; i < 3; ++i) { key.WriteUInt(Config.SPBA.Length, timestamp); try { using (var ss = new MemoryStream( data, UDPSendSignByteArr.Length, data.Length - UDPSendSignByteArr.Length, false )) using (var dpt = aes.CreateDecryptor(key, IV)) using (var cs = new CryptoStream( ss, dpt, CryptoStreamMode.Read )) using (var ds = new MemoryStream()) { cs.CopyTo(ds); orig = ds.ToArray(); break; } } catch (Exception ex) { var exStr = ex.ToString(); if (!exStr.Contains("pad")) { Logger.Error( "sender: {0} , data: {1} , key: {2}\r\n{3}", sender, data.ToHex(), key.ToHex(), exStr ); } } timestamp += 300; } } if (orig == null) { return; } } string reqStr; try { reqStr = Config.Encoding.GetString(orig); } catch (Exception ex) { Logger.Error( "sender: {0} , data: {1}\r\n{2}", sender, data.ToHex(), ex.ToString() ); return; } try { var reqObj = JsonConvert.DeserializeObject <ReqObj>(reqStr); if (string.IsNullOrWhiteSpace(reqObj.MimeType)) { Logger.Error("sender: {0} , reqStr: {1}", sender, reqStr); return; } string mimeCategory; string mimeSubCategory; { var idx = reqObj.MimeType.IndexOf('/'); if (idx == -1) { Logger.Error("sender: {0} , reqStr: {1}", sender, reqStr); return; } mimeCategory = reqObj.MimeType.Substring(0, idx); mimeSubCategory = reqObj.MimeType.Substring(idx + 1); } if (string.IsNullOrWhiteSpace(reqObj.Content)) { if (MimeTypeComplexTransferHandlerDict.TryGetValue( mimeCategory, out Func <string, HSParams, Task> handler )) { var hsparams = JsonConvert.DeserializeObject <HSParams>( reqObj.Handshake ); await handler(mimeSubCategory, hsparams) .ConfigureAwait(false); return; } } else { if (MimeTypeSimpleTransferHandlerDict.TryGetValue( mimeCategory, out Func <string, string, Task> handler )) { await handler(mimeSubCategory, reqObj.Content) .ConfigureAwait(false); return; } } Logger.Error( "Unknown type: sender: {0} , reqStr: {1}", sender, reqStr ); } catch (Exception ex) { Logger.Error( "sender: {0} , reqStr: {1}\r\n{2}", sender, reqStr, ex.ToString() ); return; } }
/// <summary> /// Returns a plain text message given an encrypted message. /// </summary> /// <param name="inputMessage">The encrypted message.</param> /// <param name="requireEncryption">A value to indicate that the data read from the server should be encrypted.</param> /// <returns>The plain text message bytes.</returns> internal byte[] DecryptMessage(string inputMessage, bool?requireEncryption) { CommonUtility.AssertNotNull("inputMessage", inputMessage); try { CloudQueueEncryptedMessage encryptedMessage = JsonConvert.DeserializeObject <CloudQueueEncryptedMessage>(inputMessage); if (requireEncryption.HasValue && requireEncryption.Value && encryptedMessage.EncryptionData == null) { throw new StorageException(SR.EncryptionDataNotPresentError, null) { IsRetryable = false }; } if (encryptedMessage.EncryptionData != null) { EncryptionData encryptionData = encryptedMessage.EncryptionData; CommonUtility.AssertNotNull("ContentEncryptionIV", encryptionData.ContentEncryptionIV); CommonUtility.AssertNotNull("EncryptedKey", encryptionData.WrappedContentKey.EncryptedKey); // Throw if the encryption protocol on the message doesn't match the version that this client library understands // and is able to decrypt. if (encryptionData.EncryptionAgent.Protocol != Constants.EncryptionConstants.EncryptionProtocolV1) { throw new StorageException(SR.EncryptionProtocolVersionInvalid, null) { IsRetryable = false }; } // Throw if neither the key nor the key resolver are set. if (this.Key == null && this.KeyResolver == null) { throw new StorageException(SR.KeyAndResolverMissingError, null) { IsRetryable = false }; } byte[] contentEncryptionKey = null; // 1. Invoke the key resolver if specified to get the key. If the resolver is specified but does not have a // mapping for the key id, an error should be thrown. This is important for key rotation scenario. // 2. If resolver is not specified but a key is specified, match the key id on the key and and use it. // Calling UnwrapKeyAsync synchronously is fine because for the storage client scenario, unwrap happens // locally. No service call is made. if (this.KeyResolver != null) { IKey keyEncryptionKey = CommonUtility.RunWithoutSynchronizationContext(() => this.KeyResolver.ResolveKeyAsync(encryptionData.WrappedContentKey.KeyId, CancellationToken.None).Result); CommonUtility.AssertNotNull("keyEncryptionKey", keyEncryptionKey); contentEncryptionKey = CommonUtility.RunWithoutSynchronizationContext(() => keyEncryptionKey.UnwrapKeyAsync(encryptionData.WrappedContentKey.EncryptedKey, encryptionData.WrappedContentKey.Algorithm, CancellationToken.None).Result); } else { if (this.Key.Kid == encryptionData.WrappedContentKey.KeyId) { contentEncryptionKey = CommonUtility.RunWithoutSynchronizationContext(() => this.Key.UnwrapKeyAsync(encryptionData.WrappedContentKey.EncryptedKey, encryptionData.WrappedContentKey.Algorithm, CancellationToken.None).Result); } else { throw new StorageException(SR.KeyMismatch, null) { IsRetryable = false }; } } switch (encryptionData.EncryptionAgent.EncryptionAlgorithm) { case EncryptionAlgorithm.AES_CBC_256: #if WINDOWS_DESKTOP && !WINDOWS_PHONE using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider()) #else using (AesManaged myAes = new AesManaged()) #endif { myAes.Key = contentEncryptionKey; myAes.IV = encryptionData.ContentEncryptionIV; byte[] src = Convert.FromBase64String(encryptedMessage.EncryptedMessageContents); using (ICryptoTransform decryptor = myAes.CreateDecryptor()) { return(decryptor.TransformFinalBlock(src, 0, src.Length)); } } default: throw new StorageException(SR.InvalidEncryptionAlgorithm, null) { IsRetryable = false }; } } else { return(Convert.FromBase64String(encryptedMessage.EncryptedMessageContents)); } } catch (JsonException ex) { throw new StorageException(SR.EncryptedMessageDeserializingError, ex) { IsRetryable = false }; } catch (StorageException) { throw; } catch (Exception ex) { throw new StorageException(SR.DecryptionLogicError, ex) { IsRetryable = false }; } }
/// <summary> /// Return a decrypted entity. This method is used for decrypting entity properties. /// </summary> internal Dictionary <string, EntityProperty> DecryptEntity(IDictionary <string, EntityProperty> properties, HashSet <string> encryptedPropertyDetailsSet, string partitionKey, string rowKey, byte[] contentEncryptionKey, EncryptionData encryptionData, bool isJavav1) { try { Dictionary <string, EntityProperty> decryptedProperties = new Dictionary <string, EntityProperty>(); switch (encryptionData.EncryptionAgent.EncryptionAlgorithm) { case EncryptionAlgorithm.AES_CBC_256: #if WINDOWS_DESKTOP && !WINDOWS_PHONE using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider()) { using (SHA256CryptoServiceProvider sha256 = new SHA256CryptoServiceProvider()) #else using (AesManaged myAes = new AesManaged()) { using (SHA256Managed sha256 = new SHA256Managed()) #endif { myAes.Key = contentEncryptionKey; foreach (KeyValuePair <string, EntityProperty> kvp in properties) { if (kvp.Key == Constants.EncryptionConstants.TableEncryptionKeyDetails || kvp.Key == Constants.EncryptionConstants.TableEncryptionPropertyDetails) { // Do nothing. Do not add to the result properties. } else if (encryptedPropertyDetailsSet.Contains(kvp.Key)) { byte[] columnIV = sha256.ComputeHash(CommonUtility.BinaryAppend(encryptionData.ContentEncryptionIV, Encoding.UTF8.GetBytes(isJavav1 ? string.Concat(partitionKey, rowKey, kvp.Key) : string.Concat(rowKey, partitionKey, kvp.Key)))); Array.Resize <byte>(ref columnIV, 16); myAes.IV = columnIV; byte[] src = kvp.Value.BinaryValue; using (ICryptoTransform transform = myAes.CreateDecryptor()) { byte[] dest = transform.TransformFinalBlock(src, 0, src.Length); string destString = Encoding.UTF8.GetString(dest, 0, dest.Length); decryptedProperties.Add(kvp.Key, new EntityProperty(destString)); } } else { decryptedProperties.Add(kvp.Key, kvp.Value); } } } } return(decryptedProperties); default: throw new StorageException(SR.InvalidEncryptionAlgorithm, null) { IsRetryable = false }; } } catch (JsonException ex) { throw new StorageException(SR.EncryptionMetadataError, ex) { IsRetryable = false }; } catch (StorageException) { throw; } catch (Exception ex) { throw new StorageException(SR.DecryptionLogicError, ex) { IsRetryable = false }; } }
/// <summary> /// Encrypt outgoing message /// </summary> public bool Encrypt(NetOutgoingMessage msg) { try { #if IS_FULL_NET_AVAILABLE // nested usings are fun! using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider { KeySize = m_bitSize, Mode = CipherMode.CBC }) { using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateEncryptor(m_key, m_iv)) { using (MemoryStream memoryStream = new MemoryStream()) { using (CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Write)) { cryptoStream.Write(msg.m_data, 0, msg.m_data.Length); } msg.m_data = memoryStream.ToArray(); } } } #endif } catch { return false; } return true; }
/* goodB2G() - use badsource and goodsink*/ private void GoodB2G() { string password; password = ""; /* init password */ /* Read data using an outbound tcp connection */ { try { /* Read data using an outbound tcp connection */ using (TcpClient tcpConn = new TcpClient("host.example.org", 39544)) { /* read input from socket */ using (StreamReader sr = new StreamReader(tcpConn.GetStream())) { /* POTENTIAL FLAW: Read password using an outbound tcp connection */ password = sr.ReadLine(); } } } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with stream reading", exceptIO); } } for (int k = 0; k < 1; k++) { if (password != null) { /* FIX: Decrypt password before using in getConnection() */ { using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider()) { aesAlg.Padding = PaddingMode.None; aesAlg.Key = Encoding.UTF8.GetBytes("ABCDEFGHABCDEFGH"); // Create a decryptor to perform the stream transform. ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV); // Create the streams used for decryption. using (MemoryStream msDecrypt = new MemoryStream(Encoding.UTF8.GetBytes(password))) { using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { using (StreamReader srDecrypt = new StreamReader(csDecrypt)) { // Read the decrypted bytes from the decrypting stream // and place them in a string. password = srDecrypt.ReadToEnd(); } } } } } try { /* POTENTIAL FLAW: use password directly in SqlConnection() */ using (SqlConnection connection = new SqlConnection(@"Data Source=(local);Initial Catalog=CWE256;User ID=" + "sa" + ";Password="******"select * from test_table", connection)) { command.ExecuteNonQuery(); } } } catch (SqlException exceptSql) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with database connection", exceptSql); } } } }
internal byte[] DecryptMetadataAndReturnCEK(string partitionKey, string rowKey, EntityProperty encryptionKeyProperty, EntityProperty propertyDetailsProperty, out EncryptionData encryptionData, out bool isJavaV1) { // Throw if neither the key nor the resolver are set. if (this.Key == null && this.KeyResolver == null) { throw new StorageException(SR.KeyAndResolverMissingError, null) { IsRetryable = false }; } try { encryptionData = JsonConvert.DeserializeObject <EncryptionData>(encryptionKeyProperty.StringValue); EncryptionData encryptionDataCopy = encryptionData; // This is necessary because you cannot use "out" variables in a lambda. CommonUtility.AssertNotNull("ContentEncryptionIV", encryptionData.ContentEncryptionIV); CommonUtility.AssertNotNull("EncryptedKey", encryptionData.WrappedContentKey.EncryptedKey); // Throw if the encryption protocol on the entity doesn't match the version that this client library understands // and is able to decrypt. if (encryptionData.EncryptionAgent.Protocol != Constants.EncryptionConstants.EncryptionProtocolV1) { throw new StorageException(SR.EncryptionProtocolVersionInvalid, null) { IsRetryable = false }; } isJavaV1 = (encryptionData.EncryptionAgent.Protocol == Constants.EncryptionConstants.EncryptionProtocolV1) && ((encryptionData.KeyWrappingMetadata == null) || (encryptionData.KeyWrappingMetadata.ContainsKey(Constants.EncryptionConstants.AgentMetadataKey) && encryptionData.KeyWrappingMetadata[Constants.EncryptionConstants.AgentMetadataKey].Contains("Java"))); byte[] contentEncryptionKey = null; // 1. Invoke the key resolver if specified to get the key. If the resolver is specified but does not have a // mapping for the key id, an error should be thrown. This is important for key rotation scenario. // 2. If resolver is not specified but a key is specified, match the key id on the key and and use it. // Calling UnwrapKeyAsync synchronously is fine because for the storage client scenario, unwrap happens // locally. No service call is made. if (this.KeyResolver != null) { IKey keyEncryptionKey = CommonUtility.RunWithoutSynchronizationContext(() => this.KeyResolver.ResolveKeyAsync(encryptionDataCopy.WrappedContentKey.KeyId, CancellationToken.None).Result); CommonUtility.AssertNotNull("keyEncryptionKey", keyEncryptionKey); contentEncryptionKey = CommonUtility.RunWithoutSynchronizationContext(() => keyEncryptionKey.UnwrapKeyAsync(encryptionDataCopy.WrappedContentKey.EncryptedKey, encryptionDataCopy.WrappedContentKey.Algorithm, CancellationToken.None).Result); } else { if (this.Key.Kid == encryptionData.WrappedContentKey.KeyId) { contentEncryptionKey = CommonUtility.RunWithoutSynchronizationContext(() => this.Key.UnwrapKeyAsync(encryptionDataCopy.WrappedContentKey.EncryptedKey, encryptionDataCopy.WrappedContentKey.Algorithm, CancellationToken.None).Result); } else { throw new StorageException(SR.KeyMismatch, null) { IsRetryable = false }; } } // Decrypt the property details set and add it to entity properties. #if WINDOWS_DESKTOP && !WINDOWS_PHONE using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider()) { using (SHA256CryptoServiceProvider sha256 = new SHA256CryptoServiceProvider()) #else using (AesManaged myAes = new AesManaged()) { using (SHA256Managed sha256 = new SHA256Managed()) #endif { // Here we are correcting for a bug in Java's v1 encryption. // Java v1 constructed the IV as PK + RK + column name. Other libraries use RK + PK + column name. string IVString = isJavaV1 ? string.Concat(partitionKey, rowKey, Constants.EncryptionConstants.TableEncryptionPropertyDetails) : string.Concat(rowKey, partitionKey, Constants.EncryptionConstants.TableEncryptionPropertyDetails); byte[] metadataIV = sha256.ComputeHash(CommonUtility.BinaryAppend(encryptionData.ContentEncryptionIV, Encoding.UTF8.GetBytes(IVString))); Array.Resize <byte>(ref metadataIV, 16); myAes.IV = metadataIV; myAes.Key = contentEncryptionKey; using (ICryptoTransform transform = myAes.CreateDecryptor()) { byte[] src = propertyDetailsProperty.BinaryValue; propertyDetailsProperty.BinaryValue = transform.TransformFinalBlock(src, 0, src.Length); } } } return(contentEncryptionKey); } catch (JsonException ex) { throw new StorageException(SR.EncryptionMetadataError, ex) { IsRetryable = false }; } catch (StorageException) { throw; } catch (Exception ex) { throw new StorageException(SR.DecryptionLogicError, ex) { IsRetryable = false }; } }
static void Main(string[] args) { byte[] msg; IPEndPoint serverEndPoint; TcpClient client = null; NetworkStream netStream = null; ProtocolSI protocol = null; AesCryptoServiceProvider aes = null; SymmetricsSI symmetricsSI = null; RSACryptoServiceProvider rsaClient = null; RSACryptoServiceProvider rsaServer = null; try { Console.WriteLine("CLIENT"); #region Defenitions // algortimos assimétricos rsaClient = new RSACryptoServiceProvider(); rsaServer = new RSACryptoServiceProvider(); // algoritmos simétrico a usar... aes = new AesCryptoServiceProvider(); symmetricsSI = new SymmetricsSI(aes); // Client/Server Protocol to SI protocol = new ProtocolSI(); // Defenitions for TcpClient: IP:port (127.0.0.1:13000) serverEndPoint = new IPEndPoint(IPAddress.Parse("127.0.0.1"), 13000); #endregion Console.WriteLine(SEPARATOR); #region TCP Connection // Connects to Server ... Console.Write("Connecting to server... "); client = new TcpClient(); client.Connect(serverEndPoint); netStream = client.GetStream(); Console.WriteLine("ok"); #endregion Console.WriteLine(SEPARATOR); #region Exchange Public Keys // Send public key... Console.Write("Sending public key... "); msg = protocol.Make(ProtocolSICmdType.PUBLIC_KEY, rsaClient.ToXmlString(false)); netStream.Write(msg, 0, msg.Length); Console.WriteLine("ok"); // Receive server public key Console.Write("waiting for server public key..."); netStream.Read(protocol.Buffer, 0, protocol.Buffer.Length); rsaServer.FromXmlString(protocol.GetStringFromData()); Console.WriteLine("ok"); #endregion Console.WriteLine(SEPARATOR); #region Exchange Secret Key // Send key... Console.Write("Sending key... "); msg = protocol.Make(ProtocolSICmdType.SECRET_KEY, rsaServer.Encrypt(aes.Key, true)); netStream.Write(msg, 0, msg.Length); Console.WriteLine("ok"); Console.WriteLine(" Sent: " + ProtocolSI.ToHexString(aes.Key)); // Receive ack Console.Write("waiting for ACK..."); netStream.Read(protocol.Buffer, 0, protocol.Buffer.Length); Console.WriteLine("ok"); // Send iv... Console.Write("Sending iv... "); msg = protocol.Make(ProtocolSICmdType.IV, rsaServer.Encrypt(aes.IV, true)); netStream.Write(msg, 0, msg.Length); Console.WriteLine("ok"); Console.WriteLine(" Sent: " + ProtocolSI.ToHexString(aes.IV)); // Receive ack Console.Write("waiting for ACK..."); netStream.Read(protocol.Buffer, 0, protocol.Buffer.Length); Console.WriteLine("ok"); #endregion Console.WriteLine(SEPARATOR); #region Exchange Data (Secure channel) // Send data... byte[] clearData = Encoding.UTF8.GetBytes("hello world!!!"); Console.Write("Sending data... "); byte[] encryptedData = symmetricsSI.Encrypt(clearData); msg = protocol.Make(ProtocolSICmdType.DATA, encryptedData); netStream.Write(msg, 0, msg.Length); Console.WriteLine("ok"); Console.WriteLine(" Data: {0} = {1}", ProtocolSI.ToString(clearData), ProtocolSI.ToHexString(clearData)); Console.WriteLine(" Encrypted: {0}", ProtocolSI.ToHexString(encryptedData)); // Receive answer from server Console.Write("waiting for ACK..."); netStream.Read(protocol.Buffer, 0, protocol.Buffer.Length); Console.WriteLine("ok"); #endregion #region Send Digital signature Console.Write("Sending digital signature... "); msg = protocol.Make(ProtocolSICmdType.DIGITAL_SIGNATURE, rsaClient.SignData(encryptedData, new SHA256CryptoServiceProvider())); netStream.Write(msg, 0, msg.Length); Console.WriteLine("OK"); Console.Write("waiting... "); netStream.Read(protocol.Buffer, 0, protocol.Buffer.Length); Console.WriteLine(protocol.GetCmdType()); #endregion } catch (Exception ex) { Console.WriteLine(SEPARATOR); Console.WriteLine("Exception: {0}", ex.ToString()); } finally { // Close connections if (netStream != null) { netStream.Dispose(); } if (client != null) { client.Close(); } Console.WriteLine(SEPARATOR); Console.WriteLine("Connection with server was closed."); } Console.WriteLine(SEPARATOR); Console.Write("End: Press a key..."); Console.ReadKey(); }
public override bool Execute() { if (this.SourceFiles.Length == 0) { return(true); } if (this.DestinationFiles != null && this.SourceFiles.Length != this.DestinationFiles.Length) { this.Log.LogError("Number of source files is different than number of destination files."); return(false); } if (this.DestinationFiles != null && this.DestinationFolder != null) { this.Log.LogError("You must specify only one attribute from DestinationFiles and DestinationFolder"); return(false); } FileEncrypter encrypter = new FileEncrypter(); encrypter.Logger = new ExecutionLogger(this); Aes provider = new AesCryptoServiceProvider(); provider.Key = FileEncrypter.DeriveKey(this.EncryptionSeed); if (this.DestinationFiles != null && this.DestinationFiles.Length > 0) { for (int i = 0; i < this.SourceFiles.Length; i++) { ITaskItem sourceItem = this.SourceFiles [i]; ITaskItem destinationItem = this.DestinationFiles [i]; String sourcePath = sourceItem.GetMetadata("FullPath"); String destinationPath = destinationItem.GetMetadata("FullPath"); if (!File.Exists(sourcePath)) { this.Log.LogError("Cannot encrypt {0} to {1}, as the source file doesn't exist.", new object[] { sourcePath, destinationPath }); } else { String parentDestinationPath = Path.GetDirectoryName(destinationPath); if (!Directory.Exists(parentDestinationPath)) { Directory.CreateDirectory(parentDestinationPath); } encrypter.Encrypt(sourcePath, destinationPath, provider); } } return(true); } if (this.DestinationFolder == null) { this.Log.LogError("You must specify DestinationFolder attribute."); return(false); } String destinationFolder = this.DestinationFolder.GetMetadata("FullPath"); if (!Directory.Exists(destinationFolder)) { Directory.CreateDirectory(destinationFolder); } for (int i = 0; i < this.SourceFiles.Length; i++) { ITaskItem sourceItem = this.SourceFiles [i]; String sourcePath = sourceItem.GetMetadata("FullPath"); String path = sourceItem.GetMetadata("Filename") + sourceItem.GetMetadata("Extension"); String destinationPath = Path.Combine(destinationFolder, path); if (!File.Exists(sourcePath)) { this.Log.LogError("Cannot encrypt {0} to {1}, as the source file doesn't exist.", new object[] { sourcePath, destinationPath }); } else { encrypter.Encrypt(sourcePath, destinationPath, provider); } } return(true); }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void GoodB2G2() { string password; if (IO.staticFive == 5) { password = ""; /* init password */ /* read input from WebClient */ { try { using (WebClient client = new WebClient()) { using (StreamReader sr = new StreamReader(client.OpenRead("http://www.example.org/"))) { /* POTENTIAL FLAW: Read password from a web server with WebClient */ /* This will be reading the first "line" of the response body, * which could be very long if there are no newlines in the HTML */ password = sr.ReadLine(); } } } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with stream reading", exceptIO); } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure password is inititialized before the Sink to avoid compiler errors */ password = null; } if (IO.staticFive == 5) { if (password != null) { /* FIX: Decrypt password before using in getConnection() */ { using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider()) { aesAlg.Padding = PaddingMode.None; aesAlg.Key = Encoding.UTF8.GetBytes("ABCDEFGHABCDEFGH"); // Create a decryptor to perform the stream transform. ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV); // Create the streams used for decryption. using (MemoryStream msDecrypt = new MemoryStream(Encoding.UTF8.GetBytes(password))) { using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { using (StreamReader srDecrypt = new StreamReader(csDecrypt)) { // Read the decrypted bytes from the decrypting stream // and place them in a string. password = srDecrypt.ReadToEnd(); } } } } } try { /* POTENTIAL FLAW: use password directly in SqlConnection() */ using (SqlConnection connection = new SqlConnection(@"Data Source=(local);Initial Catalog=CWE256;User ID=" + "sa" + ";Password="******"select * from test_table", connection)) { command.ExecuteNonQuery(); } } } catch (SqlException exceptSql) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with database connection", exceptSql); } } } }
public AesEnryptionService() { aesInstance = new AesCryptoServiceProvider(); }
/// <summary> /// 构造函数,默认 /// </summary> public AESCrypt() { _aesCryptoServiceProvider = new AesCryptoServiceProvider(); ContainKey = true; Message = string.Empty; }
public AesEnryptionService(string plainTxt) { aesInstance = new AesCryptoServiceProvider(); plainText = plainTxt; }
/// <summary> /// Decrypt incoming message /// </summary> public bool Decrypt(NetIncomingMessage msg) { #if !IOS && !__ANDROID__ try { // nested usings are fun! using (AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider { KeySize = m_bitSize, Mode = CipherMode.CBC }) { using (ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor(m_key, m_iv)) { using (MemoryStream memoryStream = new MemoryStream()) { using (CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Write)) { cryptoStream.Write(msg.m_data, 0, msg.m_data.Length); } msg.m_data = memoryStream.ToArray(); } } } } catch { return false; } return true; #else return false; #endif }
/// <summary> /// Return an encrypted entity. This method is used for encrypting entity properties. /// </summary> internal Dictionary <string, EntityProperty> EncryptEntity(IDictionary <string, EntityProperty> properties, string partitionKey, string rowKey, Func <string, string, string, bool> encryptionResolver) { CommonUtility.AssertNotNull("properties", properties); // The Key should be set on the policy for encryption. Otherwise, throw an error. if (this.Key == null) { throw new InvalidOperationException(SR.KeyMissingError, null); } EncryptionData encryptionData = new EncryptionData(); encryptionData.EncryptionAgent = new EncryptionAgent(Constants.EncryptionConstants.EncryptionProtocolV1, EncryptionAlgorithm.AES_CBC_256); encryptionData.KeyWrappingMetadata = new Dictionary <string, string>(); encryptionData.KeyWrappingMetadata[Constants.EncryptionConstants.AgentMetadataKey] = Constants.EncryptionConstants.AgentMetadataValue; Dictionary <string, EntityProperty> encryptedProperties = new Dictionary <string, EntityProperty>(); HashSet <string> encryptionPropertyDetailsSet = new HashSet <string>(); #if WINDOWS_DESKTOP && !WINDOWS_PHONE using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider()) { using (SHA256CryptoServiceProvider sha256 = new SHA256CryptoServiceProvider()) #else using (AesManaged myAes = new AesManaged()) { using (SHA256Managed sha256 = new SHA256Managed()) #endif { encryptionData.ContentEncryptionIV = myAes.IV; // Wrap always happens locally, irrespective of local or cloud key. So it is ok to call it synchronously. Tuple <byte[], string> wrappedKey = CommonUtility.RunWithoutSynchronizationContext(() => this.Key.WrapKeyAsync(myAes.Key, null /* algorithm */, CancellationToken.None).Result); encryptionData.WrappedContentKey = new WrappedKey(this.Key.Kid, wrappedKey.Item1, wrappedKey.Item2); foreach (KeyValuePair <string, EntityProperty> kvp in properties) { if (encryptionResolver != null && encryptionResolver(partitionKey, rowKey, kvp.Key)) { // Throw if users try to encrypt null properties. This could happen in the DynamicTableEntity case // where a user adds a new property as follows - ent.Properties.Add("foo2", null); if (kvp.Value == null) { throw new InvalidOperationException(SR.EncryptingNullPropertiesNotAllowed); } kvp.Value.IsEncrypted = true; } // IsEncrypted is set to true when either the EncryptPropertyAttribute is set on a property or when it is // specified in the encryption resolver or both. if (kvp.Value != null && kvp.Value.IsEncrypted) { // Throw if users try to encrypt non-string properties. if (kvp.Value.PropertyType != EdmType.String) { throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, SR.UnsupportedPropertyTypeForEncryption, kvp.Value.PropertyType)); } byte[] columnIV = sha256.ComputeHash(CommonUtility.BinaryAppend(encryptionData.ContentEncryptionIV, Encoding.UTF8.GetBytes(string.Join(partitionKey, rowKey, kvp.Key)))); Array.Resize <byte>(ref columnIV, 16); myAes.IV = columnIV; using (ICryptoTransform transform = myAes.CreateEncryptor()) { // Throw if users try to encrypt null properties. This could happen in the DynamicTableEntity or POCO // case when the property value is null. if (kvp.Value.IsNull) { throw new InvalidOperationException(SR.EncryptingNullPropertiesNotAllowed); } byte[] src = Encoding.UTF8.GetBytes(kvp.Value.StringValue); byte[] dest = transform.TransformFinalBlock(src, 0, src.Length); // Store the encrypted properties as binary values on the service instead of base 64 encoded strings because strings are stored as a sequence of // WCHARs thereby further reducing the allowed size by half. During retrieve, it is handled by the response parsers correctly // even when the service does not return the type for JSON no-metadata. encryptedProperties.Add(kvp.Key, new EntityProperty(dest)); encryptionPropertyDetailsSet.Add(kvp.Key); } } else { encryptedProperties.Add(kvp.Key, kvp.Value); } } // Encrypt the property details set and add it to entity properties. byte[] metadataIV = sha256.ComputeHash(CommonUtility.BinaryAppend(encryptionData.ContentEncryptionIV, Encoding.UTF8.GetBytes(string.Join(partitionKey, rowKey, Constants.EncryptionConstants.TableEncryptionPropertyDetails)))); Array.Resize <byte>(ref metadataIV, 16); myAes.IV = metadataIV; using (ICryptoTransform transform = myAes.CreateEncryptor()) { byte[] src = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(encryptionPropertyDetailsSet)); byte[] dest = transform.TransformFinalBlock(src, 0, src.Length); encryptedProperties.Add(Constants.EncryptionConstants.TableEncryptionPropertyDetails, new EntityProperty(dest)); } } } // Add the key details to entity properties. encryptedProperties.Add(Constants.EncryptionConstants.TableEncryptionKeyDetails, new EntityProperty(JsonConvert.SerializeObject(encryptionData))); return(encryptedProperties); }
public AesCryptor() { aes = new AesCryptoServiceProvider(); }
public static void VerifyDefaults() { using (var alg = new AesCryptoServiceProvider()) { Assert.Equal(128, alg.BlockSize); Assert.Equal(256, alg.KeySize); Assert.Equal(CipherMode.CBC, alg.Mode); Assert.Equal(PaddingMode.PKCS7, alg.Padding); } }
//Створення при зчитувані з файлу public Header(Stream memoryStream, UInt64 startPos, SafeStreamAccess headersStream, AesCryptoServiceProvider AES) { memoryData = memoryStream; //Зчитуємо незакодовані дані, IV (16 байт) і Exists (1 байт) byte[] buf = new byte[17]; _StartPos = startPos; memoryStream.Position = (int)startPos; memoryStream.Read(buf, 0, buf.Length); //Записуємо зчитані дані в відповідні параметри _IV = new byte[16]; Buffer.BlockCopy(buf, 0, _IV, 0, 16); _Exists = buf[16] < 128; _AES = AES; SetAESValue(); Crypto.AES_Decrypt(memoryStream, buf, 16, this.AES); _InfSize = BitConverter.ToUInt16(buf, 13); _ElType = (ElementType)(buf[15] / 128); writedInFile = true; _headersFileStream = headersStream; if (_Exists) { infDdata = new byte[_InfSize]; SetAESValue(); //memoryData.Position = (int)_StartPos + Length; Crypto.AES_Decrypt(memoryData, infDdata, infDdata.Length, AES); } }
public AESEncryption() { myAes = new AesCryptoServiceProvider(); }
private string Encrypt(string text, string strMeterID) { string strAESKey = string.Empty; //Need to check does the key exist using (var db = new uwkeydataEntities1()) { foreach (MeterKey mk in db.MeterKeys) { if (mk.MeterID == strMeterID) { strAESKey = mk.AesKey; } } } //if key does not already exist if (strAESKey == string.Empty) { //make key on the fly using (RijndaelManaged myRijndael = new RijndaelManaged()) { myRijndael.KeySize = 128; myRijndael.GenerateKey(); // we dont need iv just key value //myRijndael.GenerateIV(); byte[] xkey = myRijndael.Key; //var xIV = myRijndael.IV; AesCryptoServiceProvider aes; // AesCryptoServiceProvider using (aes = new AesCryptoServiceProvider()) { aes.BlockSize = 128; aes.KeySize = 128; aes.IV = Encoding.UTF8.GetBytes(AesIV); aes.Key = xkey; aes.Mode = CipherMode.CBC; aes.Padding = PaddingMode.PKCS7; //store meterID AES Key AES IV in Database using (var db = new uwkeydataEntities1()) { MeterKey mk = new MeterKey(); mk.MeterID = strMeterID; mk.AesKey = Convert.ToBase64String(aes.Key); db.MeterKeys.Add(mk); db.SaveChanges(); } //byte[] encrypted = EncryptStringToBytes(original, myRijndael.Key, myRijndael.IV); // Convert string to byte array byte[] src = Encoding.Unicode.GetBytes(text); // encryption using (ICryptoTransform encrypt = aes.CreateEncryptor()) { byte[] dest = encrypt.TransformFinalBlock(src, 0, src.Length); aes.Clear(); aes.Dispose(); encrypt.Dispose(); // Convert byte array to Base64 strings return(Convert.ToBase64String(dest)); } } } } else { //we have the key AesCryptoServiceProvider aes; // AesCryptoServiceProvider using (aes = new AesCryptoServiceProvider()) { aes.BlockSize = 128; aes.KeySize = 128; aes.IV = Encoding.UTF8.GetBytes(AesIV); //aes.Key = Encoding.UTF8.GetBytes(strAESKey); aes.Key = System.Convert.FromBase64String(strAESKey); aes.Mode = CipherMode.CBC; aes.Padding = PaddingMode.PKCS7; //byte[] encrypted = EncryptStringToBytes(original, myRijndael.Key, myRijndael.IV); // Convert string to byte array byte[] src = Encoding.Unicode.GetBytes(text); // encryption using (ICryptoTransform encrypt = aes.CreateEncryptor()) { byte[] dest = encrypt.TransformFinalBlock(src, 0, src.Length); aes.Clear(); aes.Dispose(); encrypt.Dispose(); // Convert byte array to Base64 strings return(Convert.ToBase64String(dest)); } } } }