public static void CryptDeriveKey_NotSupported()
{
using (var deriveBytes = new Rfc2898DeriveBytes(TestPassword, s_testSalt))
{
Assert.Throws <PlatformNotSupportedException>(() => deriveBytes.CryptDeriveKey("RC2", "SHA1", 128, new byte[8]));
}
}
public static void CryptDeriveKey_NotSupported()
{
using (var deriveBytes = new Rfc2898DeriveBytes(TestPassword, s_testSalt))
{
#pragma warning disable SYSLIB0033 // Rfc2898DeriveBytes.CryptDeriveKey is obsolete
Assert.Throws <PlatformNotSupportedException>(() => deriveBytes.CryptDeriveKey("RC2", "SHA1", 128, new byte[8]));
#pragma warning restore SYSLIB0033
}
}
// Derive 3DES key from plaintext (192 bits)
public byte[] DeriveKey(string passwd, byte[] salt, byte[] initvector)
{
byte[] derivedKey;
if (passwd == null || salt == null || initvector == null)
{
throw new ArgumentNullException("Key derivation failed due to null argument");
}
using (var kdf = new Rfc2898DeriveBytes(passwd, salt, 1000))
derivedKey = kdf.CryptDeriveKey("3DES", "SHA1", 192, initvector);
Debug.WriteLine("Derived Key Length: " + derivedKey.Length);
return(derivedKey);
}
public static void CryptDeriveKey_NotSupported()
{
using (var deriveBytes = new Rfc2898DeriveBytes(TestPassword, s_testSalt))
{
Assert.Throws<PlatformNotSupportedException>(() => deriveBytes.CryptDeriveKey("RC2", "SHA1", 128, new byte[8]));
}
}
private byte[] EncryptBinaryDataInternal(ref byte[] data, ref byte[] encryptedKey, bool useExternalKey)
{
var ms = new MemoryStream(data);
var msEncodedData = new MemoryStream();
using (Aes aesAlg = AesCng.Create("AES"))
{
if (useExternalKey)
{
ProtectedMemory.Unprotect(encryptedKey, MemoryProtectionScope.SameProcess);
}
if (aesAlg == null)
{
return(msEncodedData.ToArray());
}
var hashAlg = SHA512Cng.Create("SHA512");
hashAlg.Initialize();
aesAlg.BlockSize = 128;
aesAlg.KeySize = 256;
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Mode = CipherMode.CBC;
aesAlg.GenerateIV();
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(encryptedKey, SaltBytes, 1000, HashAlgorithmName.SHA256);
byte[] key = rfc2898DeriveBytes.CryptDeriveKey("AES", "SHA256", 256, aesAlg.IV);
// Create AES Crypto Transform to be used in the CryptoStream transform function
ICryptoTransform cryptoTransform = aesAlg.CreateEncryptor(key, aesAlg.IV);
// Protect encryption Key Again
if (useExternalKey)
{
ProtectedMemory.Protect(encryptedKey, MemoryProtectionScope.SameProcess);
}
// Create the streams used for encryption.
int bufferSize = (int)Math.Min(MaxBufferSize, ms.Length);
var buffer = new byte[bufferSize];
ms.Position = 0;
//Write Init Vector - Always 16 bytes
msEncodedData.Write(aesAlg.IV, 0, 16);
// Write Validation Hash - Always 64 bytes
byte[] hashBuffer = hashAlg.ComputeHash(data);
msEncodedData.Write(hashBuffer, 0, hashBuffer.Length);
// Write 32 byte of entropy
hashBuffer = rfc2898DeriveBytes.GetBytes(32);
msEncodedData.Write(hashBuffer, 0, hashBuffer.Length);
using (var csEncrypt = new CryptoStream(msEncodedData, cryptoTransform, CryptoStreamMode.Write))
{
int bytesRead;
while ((bytesRead = ms.Read(buffer, 0, buffer.Length)) > 0)
{
csEncrypt.Write(buffer, 0, bytesRead);
}
csEncrypt.FlushFinalBlock();
msEncodedData.Flush();
}
rfc2898DeriveBytes.Dispose();
}
return(msEncodedData.ToArray());
}
private byte[] DecryptBinaryDataInternal(ref byte[] data, ref byte[] encryptedKey, bool useExternalKey, out bool dataIsValid)
{
var msDecrypted = new MemoryStream();
var msEncrypted = new MemoryStream(data, MetadataLength - 1, data.Length - MetadataLength);
var msMetadata = new MemoryStream(data, 0, MetadataLength);
using (Aes aesAlg = AesCng.Create("AES"))
{
if (useExternalKey)
{
ProtectedMemory.Unprotect(encryptedKey, MemoryProtectionScope.SameProcess);
}
if (aesAlg == null)
{
dataIsValid = false;
return(null);
}
SHA512 hashAlg = SHA512Cng.Create("SHA512");
hashAlg.Initialize();
byte[] initVector = new byte[16];
msMetadata.Read(initVector, 0, initVector.Length);
byte[] hashBuffer = new byte[64];
msMetadata.Read(hashBuffer, 0, hashBuffer.Length);
byte[] entropyBytes = new byte[32];
msMetadata.Read(entropyBytes, 0, entropyBytes.Length);
int encryptedDataLength = data.Length;
aesAlg.BlockSize = 128;
aesAlg.KeySize = 256;
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Mode = CipherMode.CBC;
aesAlg.IV = initVector;
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(encryptedKey, SaltBytes, 1000, HashAlgorithmName.SHA256);
byte[] key = rfc2898DeriveBytes.CryptDeriveKey("AES", "SHA256", 256, aesAlg.IV);
// Create AES Crypto Transform to be used in the CryptoStream transform function
ICryptoTransform cryptoTransform = aesAlg.CreateDecryptor(key, initVector);
// Create the streams used for encryption.
int bufferSize = Math.Min(MaxBufferSize, encryptedDataLength);
var plainTextBytes = new byte[bufferSize];
// Protect encryption Key Again
if (useExternalKey)
{
ProtectedMemory.Protect(encryptedKey, MemoryProtectionScope.SameProcess);
}
// Create the streams used for decryption.
using (var csDecrypt = new CryptoStream(msEncrypted, cryptoTransform, CryptoStreamMode.Read))
{
int decryptedByteCount;
while ((decryptedByteCount = csDecrypt.Read(plainTextBytes, 0, plainTextBytes.Length)) > 0)
{
msDecrypted.Write(plainTextBytes, 0, decryptedByteCount);
}
}
byte[] validationHash = hashAlg.ComputeHash(msDecrypted);
dataIsValid = validationHash.AsEnumerable().SequenceEqual(hashBuffer);
rfc2898DeriveBytes.Dispose();
msEncrypted.Dispose();
msMetadata.Dispose();
}
return(msDecrypted.ToArray());
}
