internal BCryptHMAC(CngAlgorithm algorithm,
CngProvider algorithmProvider,
string hashName,
int blockSize,
byte[] key)
{
Debug.Assert(algorithm != null, "algorithm != null");
Debug.Assert(algorithmProvider != null, "algorithmProvider != null");
Debug.Assert(!String.IsNullOrEmpty(hashName), "!String.IsNullOrEmpty(hashName)");
Debug.Assert(blockSize > 0, "blockSize > 0");
Debug.Assert(key != null, "key != null");
BlockSizeValue = blockSize;
// We set the HashName up to be the CNG version of the hash, since the base type will instantiate
// the algorithm, and the CNG versions have different FIPS characteristics than the standard implementations.
HashName = String.Format(CultureInfo.InvariantCulture,
"System.Security.Cryptography.{0}Cng, {1}",
hashName,
typeof(SHA256Cng).Assembly.FullName);
m_implementation = algorithmProvider;
m_algorithm = BCryptNative.OpenAlgorithm(algorithm.Algorithm,
algorithmProvider.Provider,
BCryptNative.AlgorithmProviderOptions.HmacAlgorithm);
// Resetting the key will call Initialize for us, and get us setup with a hash handle,
// so we don't need to create the hash handle ourselves
Key = key;
HashSizeValue = BCryptNative.GetInt32Property(m_hash, BCryptNative.HashPropertyName.HashLength) * 8;
}
public static unsafe int HashData(string hashAlgorithmId, ReadOnlySpan <byte> source, Span <byte> destination)
{
int hashSize; // in bytes
// Try using a pseudo-handle if available.
if (!s_useCompatOneShot)
{
if (HashDataUsingPseudoHandle(hashAlgorithmId, source, destination, out hashSize))
{
return(hashSize);
}
}
// Pseudo-handle not available or a precondition check failed.
// Fall back to a shared handle with no using or dispose.
SafeBCryptAlgorithmHandle cachedAlgorithmHandle = BCryptAlgorithmCache.GetCachedBCryptAlgorithmHandle(
hashAlgorithmId,
BCryptOpenAlgorithmProviderFlags.None,
out hashSize);
if (destination.Length < hashSize)
{
throw new CryptographicException();
}
HashUpdateAndFinish(cachedAlgorithmHandle, hashSize, source, destination);
return(hashSize);
}
public Entry(string hashAlgorithmId, BCryptOpenAlgorithmProviderFlags flags, SafeBCryptAlgorithmHandle handle)
: this()
{
HashAlgorithmId = hashAlgorithmId;
Flags = flags;
Handle = handle;
}
internal BCryptHMAC(CngAlgorithm algorithm,
CngProvider algorithmProvider,
string hashName,
int blockSize,
byte[] key)
{
Debug.Assert(algorithm != null, "algorithm != null");
Debug.Assert(algorithmProvider != null, "algorithmProvider != null");
Debug.Assert(!String.IsNullOrEmpty(hashName), "!String.IsNullOrEmpty(hashName)");
Debug.Assert(blockSize > 0, "blockSize > 0");
Debug.Assert(key != null, "key != null");
BlockSizeValue = blockSize;
HashName = hashName;
m_algorithm = BCryptNative.OpenAlgorithm(algorithm.Algorithm,
algorithmProvider.Provider,
BCryptNative.AlgorithmProviderOptions.HmacAlgorithm);
// Resetting the key will call Initialize for us, and get us setup with a hash handle,
// so we don't need to create the hash handle ourselves
Key = key;
HashSizeValue = BCryptNative.GetInt32Property(m_hash, BCryptNative.HashPropertyName.HashLength) * 8;
}
private static unsafe void FillDeriveKeyPBKDF2(
ReadOnlySpan <byte> password,
ReadOnlySpan <byte> salt,
int iterations,
string hashAlgorithmName,
Span <byte> destination)
{
const BCryptOpenAlgorithmProviderFlags OpenAlgorithmFlags = BCryptOpenAlgorithmProviderFlags.BCRYPT_ALG_HANDLE_HMAC_FLAG;
// This code path will only be taken on Windows 7, so we can assume pseudo handles are not supported.
// Do not dispose handle since it is shared and cached.
SafeBCryptAlgorithmHandle handle =
Interop.BCrypt.BCryptAlgorithmCache.GetCachedBCryptAlgorithmHandle(hashAlgorithmName, OpenAlgorithmFlags, out _);
fixed(byte *pPassword = password)
fixed(byte *pSalt = salt)
fixed(byte *pDestination = destination)
{
NTSTATUS status = Interop.BCrypt.BCryptDeriveKeyPBKDF2(
handle,
pPassword,
password.Length,
pSalt,
salt.Length,
(ulong)iterations,
pDestination,
destination.Length,
dwFlags: 0);
if (status != NTSTATUS.STATUS_SUCCESS)
{
throw Interop.BCrypt.CreateCryptographicException(status);
}
}
}
private void UpdateLegalTagSizes()
{
using (SafeBCryptAlgorithmHandle algorithm = SetupAlgorithm())
{
UpdateLegalTagSizes(algorithm);
}
}
internal BCryptAuthenticatedSymmetricAlgorithm(CngAlgorithm algorithm,
CngProvider implementation,
KeySizes[] legalBlockSizes,
KeySizes[] legalKeySizes)
{
Debug.Assert(algorithm != null, "algorithm != null");
Debug.Assert(implementation != null, "implementation != null");
Debug.Assert(legalBlockSizes != null, "legalBlockSizes != null");
Debug.Assert(legalKeySizes != null, "legalKeySizes != null");
m_algorithm = algorithm;
m_implementation = implementation;
m_chainingMode = CngChainingMode.Gcm;
LegalBlockSizesValue = legalBlockSizes;
LegalKeySizesValue = legalKeySizes;
// Create a temporary algorithm handle so that we can query it for some properties - such as the
// block and tag sizes.
using (SafeBCryptAlgorithmHandle algorithmHandle = SetupAlgorithm())
{
// Get block size in bits
BlockSize = BCryptNative.GetInt32Property(algorithmHandle, BCryptNative.ObjectPropertyName.BlockLength) * 8;
UpdateLegalTagSizes(algorithmHandle);
}
}
internal unsafe AeadBulkCipherInstance(SafeBCryptAlgorithmHandle algo, EphemeralBufferPoolWindows bufferPool, BulkCipherType cipherType)
{
_bufferPool = bufferPool;
_algo = algo;
switch (cipherType)
{
case BulkCipherType.AES_128_GCM:
_chainingMode = BCRYPT_CHAIN_MODE_GCM;
_keyLength = 16;
_iVLength = 16;
_overhead = 16;
break;
case BulkCipherType.AES_256_GCM:
_chainingMode = BCRYPT_CHAIN_MODE_GCM;
_keyLength = 32;
_iVLength = 16;
_overhead = 16;
break;
default:
Internal.ExceptionHelper.ThrowException(new InvalidOperationException());
return;
}
_keyStore = bufferPool.Rent(0);
void *tmpPointer;
if (!_keyStore.Memory.TryGetPointer(out tmpPointer))
{
throw new InvalidOperationException("Could not get keystore pointer");
}
_ivPointer = (IntPtr)tmpPointer;
}
public IHashInstance GetHashInstance(HashType hashType)
{
int size = HashSize(hashType);
SafeBCryptAlgorithmHandle algo = null;
switch (hashType)
{
case HashType.SHA256:
algo = _sha256.Item1;
break;
case HashType.SHA384:
algo = _sha384.Item1;
break;
case HashType.SHA512:
algo = _sha512.Item1;
break;
default:
ExceptionHelper.ThrowException(new ArgumentOutOfRangeException(nameof(hashType)));
break;
}
return(new HashInstance(size, algo));
}
public static unsafe int HashData(string hashAlgorithmId, ReadOnlySpan <byte> source, Span <byte> destination)
{
int hashSize; // in bytes
// Try using a pseudo-handle if available.
if (Interop.BCrypt.PseudoHandlesSupported)
{
HashDataUsingPseudoHandle(hashAlgorithmId, source, destination, out hashSize);
return(hashSize);
}
else
{
// Pseudo-handle not available. Fall back to a shared handle with no using or dispose.
SafeBCryptAlgorithmHandle cachedAlgorithmHandle = BCryptAlgorithmCache.GetCachedBCryptAlgorithmHandle(
hashAlgorithmId,
BCryptOpenAlgorithmProviderFlags.None,
out hashSize);
if (destination.Length < hashSize)
{
Debug.Fail("Caller should have checked length.");
throw new CryptographicException();
}
HashUpdateAndFinish(cachedAlgorithmHandle, hashSize, source, destination);
return(hashSize);
}
}
public KeyshareProvider()
{
_x25519 = GetECProvider("curve25519");
_secp256r1 = GetECProvider("secP256r1");
_secp384r1 = GetECProvider("secP384r1");
_secp521r1 = GetECProvider("secP521r1");
}
private static extern ErrorCode BCryptCreateHash(SafeBCryptAlgorithmHandle hAlgorithm,
[Out] out SafeBCryptHashHandle phHash,
[MarshalAs(UnmanagedType.LPArray), In, Out] byte[] pbHashObject,
int cbHashObject,
IntPtr pbSecret,
int cbSecret,
BCryptAlgorithmFlags dwFlags);
public RNGCng(CngProvider algorithmProvider)
{
if (algorithmProvider == null)
throw new ArgumentNullException("algorithmProvider");
m_algorithm = BCryptNative.OpenAlgorithm(BCryptNative.AlgorithmName.Rng,
algorithmProvider.Provider);
}
internal static unsafe partial NTSTATUS BCryptGenerateSymmetricKey(
SafeBCryptAlgorithmHandle hAlgorithm,
out SafeBCryptKeyHandle phKey,
IntPtr pbKeyObject,
int cbKeyObject,
byte *pbSecret,
int cbSecret,
uint dwFlags);
internal BCryptAuthenticatedSymmetricCryptoTransform(SafeBCryptAlgorithmHandle algorithm,
byte[] key,
byte[] nonce,
byte[] authenticatedData,
bool chainingSupported,
int tagSize) :
this(algorithm, key, nonce, authenticatedData, new byte[tagSize / 8], chainingSupported)
{
m_encrypting = true;
}
internal static extern int BCryptDeriveKeyPBKDF2(
SafeBCryptAlgorithmHandle hPrf,
byte[] pbPassword,
int cbPassword,
byte[] pbSalt,
int cbSalt,
long cIterations,
byte[] derivedKey,
int cbDerivedKey,
int dwFlags);
internal static extern unsafe NTSTATUS BCryptDeriveKeyPBKDF2(
SafeBCryptAlgorithmHandle hPrf,
byte *pbPassword,
int cbPassword,
byte *pbSalt,
int cbSalt,
ulong cIterations,
byte *pbDerivedKey,
int cbDerivedKey,
uint dwFlags);
public static unsafe int HashData(string hashAlgorithmId, ReadOnlySpan <byte> source, Span <byte> destination)
{
// Shared handle, no using or dispose.
SafeBCryptAlgorithmHandle cachedAlgorithmHandle = BCryptAlgorithmCache.GetCachedBCryptAlgorithmHandle(
hashAlgorithmId,
BCryptOpenAlgorithmProviderFlags.None);
int hashSize;
NTSTATUS ntStatus = Interop.BCrypt.BCryptGetProperty(
cachedAlgorithmHandle,
Interop.BCrypt.BCryptPropertyStrings.BCRYPT_HASH_LENGTH,
&hashSize,
sizeof(int),
out _,
0);
if (ntStatus != NTSTATUS.STATUS_SUCCESS)
{
throw Interop.BCrypt.CreateCryptographicException(ntStatus);
}
if (destination.Length < hashSize)
{
throw new CryptographicException();
}
if (!s_useCompatOneShot)
{
try
{
fixed(byte *pSource = source)
fixed(byte *pDestination = destination)
{
ntStatus = Interop.BCrypt.BCryptHash(cachedAlgorithmHandle, null, 0, pSource, source.Length, pDestination, hashSize);
if (ntStatus != NTSTATUS.STATUS_SUCCESS)
{
throw Interop.BCrypt.CreateCryptographicException(ntStatus);
}
}
return(hashSize);
}
catch (EntryPointNotFoundException)
{
s_useCompatOneShot = true;
}
}
Debug.Assert(s_useCompatOneShot);
HashUpdateAndFinish(cachedAlgorithmHandle, hashSize, source, destination);
return(hashSize);
}
private static void HashUpdateAndFinish(
SafeBCryptAlgorithmHandle algHandle,
int hashSize,
ReadOnlySpan <byte> source,
Span <byte> destination)
{
NTSTATUS ntStatus = Interop.BCrypt.BCryptCreateHash(
algHandle,
out SafeBCryptHashHandle hHash,
IntPtr.Zero,
0,
internal static void DisposeMD5Handles()
{
lock (syncObject)
{
if (algorithmHandle != null)
{
algorithmHandle.Dispose();
algorithmHandle = null;
}
}
}
public RNGCng(CngProvider algorithmProvider)
{
if (algorithmProvider == null)
{
throw new ArgumentNullException("algorithmProvider");
}
m_algorithm = BCryptNative.OpenAlgorithm(BCryptNative.AlgorithmName.Rng,
algorithmProvider.Provider);
m_implementation = algorithmProvider;
}
private SafeBCryptAlgorithmHandle SetupAlgorithm()
{
// Open the algorithm handle
SafeBCryptAlgorithmHandle algorithm =
BCryptNative.OpenAlgorithm(m_algorithm.Algorithm, m_implementation.Provider);
// Set the chaining mode
BCryptNative.SetStringProperty(algorithm,
BCryptNative.ObjectPropertyName.ChainingMode,
m_chainingMode.ChainingMode);
return(algorithm);
}
private SafeBCryptAlgorithmHandle SetupAlgorithm()
{
SafeBCryptAlgorithmHandle algorithmHandle = BCryptNative.OpenAlgorithm(m_algorithm.Algorithm, m_algorithmProvider.Provider);
// If we've selected a different block size than the default, set that now
if (BlockSize / 8 != BCryptNative.GetInt32Property(algorithmHandle, BCryptNative.ObjectPropertyName.BlockLength))
{
BCryptNative.SetInt32Property(algorithmHandle, BCryptNative.ObjectPropertyName.BlockLength, BlockSize / 8);
}
BCryptNative.SetStringProperty(algorithmHandle, BCryptNative.ObjectPropertyName.ChainingMode, m_chainingMode.ChainingMode);
return(algorithmHandle);
}
private ICryptoTransform CreateEphemeralCryptoTransformCore(byte[] key, byte[] iv, bool encrypting)
{
int blockSizeInBytes = _outer.BlockSize.BitSizeToByteSize();
SafeBCryptAlgorithmHandle algorithmModeHandle = _outer.GetEphemeralModeHandle();
BasicSymmetricCipher cipher = new BasicSymmetricCipherBCrypt(
algorithmModeHandle,
_outer.Mode,
blockSizeInBytes,
key,
iv,
encrypting);
return(UniversalCryptoTransform.Create(_outer.Padding, cipher, encrypting));
}
public BasicSymmetricCipherBCrypt(SafeBCryptAlgorithmHandle algorithm, CipherMode cipherMode, int blockSizeInBytes, byte[] key, byte[] iv, bool encrypting)
: base(cipherMode.GetCipherIv(iv), blockSizeInBytes)
{
Debug.Assert(algorithm != null);
_encrypting = encrypting;
if (IV != null)
{
_currentIv = new byte[IV.Length];
}
_hKey = BCryptNative.BCryptImportKey(algorithm, key);
Reset();
}
internal BCryptSymmetricCryptoTransform(SafeBCryptAlgorithmHandle algorithm,
byte[] key,
byte[] iv,
PaddingMode paddingMode,
bool encrypting)
{
Debug.Assert(algorithm != null, "algorithm != null");
Debug.Assert(!algorithm.IsClosed && !algorithm.IsInvalid, "!algorithm.IsClosed && !algorithm.IsInvalid");
Debug.Assert(key != null, "key != null");
m_algorithm = algorithm;
m_encrypting = encrypting;
m_paddingMode = BlockPaddingMethod.Create(paddingMode,
BCryptNative.GetInt32Property(algorithm, BCryptNative.ObjectPropertyName.BlockLength));
m_iv = ProcessIV(iv, BCryptNative.GetInt32Property(algorithm,
BCryptNative.ObjectPropertyName.BlockLength),
BCryptNative.MapChainingMode(BCryptNative.GetStringProperty(algorithm, BCryptNative.ObjectPropertyName.ChainingMode)));
m_key = BCryptNative.ImportSymmetricKey(algorithm, key);
}
internal BCryptSymmetricCryptoTransform(SafeBCryptAlgorithmHandle algorithm,
byte[] key,
byte[] iv,
PaddingMode paddingMode,
bool encrypting)
{
Debug.Assert(algorithm != null, "algorithm != null");
Debug.Assert(!algorithm.IsClosed && !algorithm.IsInvalid, "!algorithm.IsClosed && !algorithm.IsInvalid");
Debug.Assert(key != null, "key != null");
m_algorithm = algorithm;
m_encrypting = encrypting;
m_paddingMode = BlockPaddingMethod.Create(paddingMode,
BCryptNative.GetInt32Property(algorithm, BCryptNative.ObjectPropertyName.BlockLength));
m_iv = ProcessIV(iv, BCryptNative.GetInt32Property(algorithm,
BCryptNative.ObjectPropertyName.BlockLength),
BCryptNative.MapChainingMode(BCryptNative.GetStringProperty(algorithm, BCryptNative.ObjectPropertyName.ChainingMode)));
m_key = BCryptNative.ImportSymmetricKey(algorithm, key);
}
private void UpdateLegalTagSizes(SafeBCryptAlgorithmHandle algorithm)
{
Debug.Assert(algorithm != null, "algorithm != null");
Debug.Assert(!algorithm.IsClosed && !algorithm.IsInvalid, "!algorithm.IsClosed && !algorithm.IsInvalid");
// Get the authentication tag length structure.
BCryptNative.BCRYPT_KEY_LENGTHS_STRUCT tagLengths =
BCryptNative.GetValueTypeProperty <SafeBCryptAlgorithmHandle, BCryptNative.BCRYPT_KEY_LENGTHS_STRUCT>(
algorithm,
BCryptNative.ObjectPropertyName.AuthTagLength);
// BCrypt returns the tag sizes in bytes, convert them to bits for the LegalTagSizes property
LegalTagSizesValue = new KeySizes[]
{
new KeySizes(tagLengths.dwMinLength * 8, tagLengths.dwMaxLength * 8, tagLengths.dwIncrement * 8)
};
// By default, generate the maximum authentication tag length possible for this algorithm
TagSize = tagLengths.dwMaxLength * 8;
}
internal static extern NTSTATUS BCryptOpenAlgorithmProvider(out SafeBCryptAlgorithmHandle phAlgorithm, string pszAlgId, string pszImplementation, BCryptOpenAlgorithmProviderFlags dwFlags);
internal static extern int BCryptCreateHash(SafeBCryptAlgorithmHandle algorithmHandle, out SafeBCryptHashHandle hashHandle, IntPtr hashObject, int hashObjectByteLength, [In, Out] byte[] secretBuffer, int secretByteLength, BCryptCreateHashFlags flags);
internal static extern int BCryptOpenAlgorithmProvider(out SafeBCryptAlgorithmHandle algorithmHandle, string algIdString, string implementationString, BCryptOpenAlgorithmProviderFlags flags);
internal static extern NTSTATUS BCryptCreateHash(SafeBCryptAlgorithmHandle hAlgorithm, out SafeBCryptHashHandle phHash, IntPtr pbHashObject, int cbHashObject, [In, Out] byte[] pbSecret, int cbSecret, BCryptCreateHashFlags dwFlags);
public static extern NTStatus BCryptGetProperty(SafeBCryptAlgorithmHandle hObject, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, byte[] pbOutput, int cbOutput, out uint pcbResult, int dwFlags = 0);
