public ProtectedBinary Encrypt(ProtectedBinary data, ProtectedBinary password)
{
byte[] rawData = data.ReadData();
byte[] rawPassword = password.ReadData();
byte[] rawEncrypted = null;
try
{
using (var stream = new MemoryStream())
using (var encryptingStream = _cipherEngine.EncryptStream(stream, rawPassword, _encryptionIV))
{
encryptingStream.Write(rawData, 0, rawData.Length);
encryptingStream.Close();
rawEncrypted = stream.ToArray();
return(new ProtectedBinary(true, rawEncrypted));
}
}
finally
{
MemUtil.ZeroByteArray(rawData);
MemUtil.ZeroByteArray(rawPassword);
if (rawEncrypted != null)
{
MemUtil.ZeroByteArray(rawEncrypted);
}
}
}
private Stream EncryptStream(Stream s, ICipherEngine iCipher,
byte[] pbKey, int cbIV, bool bEncrypt)
{
byte[] pbIV = (m_pbEncryptionIV ?? MemUtil.EmptyByteArray);
if(pbIV.Length != cbIV)
{
Debug.Assert(false);
throw new Exception(KLRes.FileCorrupted);
}
if(bEncrypt)
return iCipher.EncryptStream(s, pbKey, pbIV);
return iCipher.DecryptStream(s, pbKey, pbIV);
}
private Stream AttachStreamEncryptor(Stream s)
{
MemoryStream ms = new MemoryStream();
Debug.Assert(m_pbMasterSeed != null);
Debug.Assert(m_pbMasterSeed.Length == 32);
ms.Write(m_pbMasterSeed, 0, 32);
Debug.Assert(m_pwDatabase != null);
Debug.Assert(m_pwDatabase.MasterKey != null);
ProtectedBinary pbinKey = m_pwDatabase.MasterKey.GenerateKey32(
m_pbTransformSeed, m_pwDatabase.KeyEncryptionRounds);
Debug.Assert(pbinKey != null);
if (pbinKey == null)
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
byte[] pKey32 = pbinKey.ReadData();
if ((pKey32 == null) || (pKey32.Length != 32))
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
ms.Write(pKey32, 0, 32);
#if KeePass2PCL
var sha256 = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha256);
var aesKey = sha256.HashData(ms.ToArray());
#else
SHA256Managed sha256 = new SHA256Managed();
byte[] aesKey = sha256.ComputeHash(ms.ToArray());
#endif
ms.Dispose();
Array.Clear(pKey32, 0, 32);
Debug.Assert(CipherPool.GlobalPool != null);
ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(m_pwDatabase.DataCipherUuid);
if (iEngine == null)
{
throw new SecurityException(KLRes.FileUnknownCipher);
}
return(iEngine.EncryptStream(s, aesKey, m_pbEncryptionIV));
}
private Stream AttachStreamEncryptor(Stream s)
{
MemoryStream ms = new MemoryStream();
Debug.Assert(m_pbMasterSeed != null);
Debug.Assert(m_pbMasterSeed.Length == 32);
ms.Write(m_pbMasterSeed, 0, 32);
Debug.Assert(m_pwDatabase != null);
Debug.Assert(m_pwDatabase.MasterKey != null);
ProtectedBinary pbinKey = m_pwDatabase.MasterKey.GenerateKey32(
m_pbTransformSeed, m_pwDatabase.KeyEncryptionRounds);
Debug.Assert(pbinKey != null);
if (pbinKey == null)
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
byte[] pKey32 = pbinKey.ReadData();
if ((pKey32 == null) || (pKey32.Length != 32))
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
ms.Write(pKey32, 0, 32);
byte[] aesKey = Crypto.SHA256.ComputeHash(ms.ToArray());
ms.Close();
Array.Clear(pKey32, 0, 32);
Debug.Assert(CipherPool.GlobalPool != null);
ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(m_pwDatabase.DataCipherUuid);
if (iEngine == null)
{
throw new SecurityException(KLRes.FileUnknownCipher);
}
return(iEngine.EncryptStream(s, aesKey, m_pbEncryptionIV));
}
