/// <summary>
/// Compares plain text input with a computed hash using the configured <c>HashAlgorithm</c>.
/// <seealso cref="IHashProvider.CompareHash"/>
/// </summary>
/// <param name="plaintext"><seealso cref="IHashProvider.CompareHash"/></param>
/// <param name="hashedtext"><seealso cref="IHashProvider.CompareHash"/></param>
/// <returns><seealso cref="IHashProvider.CompareHash"/></returns>
public bool CompareHash(byte[] plaintext, byte[] hashedtext)
{
ArgumentValidation.CheckForNullReference(plaintext, "plainText");
ArgumentValidation.CheckForNullReference(hashedtext, "hashedText");
ArgumentValidation.CheckForZeroBytes(hashedtext, "hashedText");
bool result = false;
byte[] hashedPlainText = null;
byte[] salt = null;
try
{
salt = ExtractSalt(hashedtext);
hashedPlainText = CreateHashWithSalt(plaintext, salt);
}
finally
{
CryptographyUtility.ZeroOutBytes(salt);
}
result = CryptographyUtility.CompareBytes(hashedPlainText, hashedtext);
SecurityCryptoHashCheckEvent.Fire(string.Empty);
if (!result)
{
SecurityCryptoHashCheckFailureEvent.Fire(string.Empty);
}
return(result);
}
private ProtectedKey ProtectKey(byte[] decryptedKey, DataProtectionScope protectionScope)
{
ProtectedKey protectedKey = ProtectedKey.CreateFromPlaintextKey(decryptedKey, protectionScope);
CryptographyUtility.ZeroOutBytes(decryptedKey);
return(protectedKey);
}
private byte[] DecryptKeyForRestore(string passphrase, byte[] encryptedKey, byte[] salt)
{
RijndaelManaged archivalEncryptionAlgorithm = new RijndaelManaged();
byte[] restoreKey = GenerateArchivalKey(archivalEncryptionAlgorithm, passphrase, salt);
byte[] iv = new byte[archivalEncryptionAlgorithm.BlockSize / 8];
byte[] key = CryptographyUtility.Transform(archivalEncryptionAlgorithm.CreateDecryptor(restoreKey, iv), encryptedKey);
CryptographyUtility.ZeroOutBytes(restoreKey);
return(key);
}
private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt)
{
byte[] decryptedKey = keyToBeArchived.DecryptedKey;
try
{
return(EncryptKeyForArchival(decryptedKey, passphrase, salt));
}
finally
{
CryptographyUtility.ZeroOutBytes(decryptedKey);
}
}
private ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope)
{
byte[] generatedKey = GenerateUnprotectedKey(algorithm);
try
{
return(ProtectedKey.CreateFromPlaintextKey(generatedKey, dataProtectionScope));
}
finally
{
if (generatedKey != null)
{
CryptographyUtility.ZeroOutBytes(generatedKey);
}
}
}
/// <summary>
/// <para>Decrypts bytes with the initialized algorithm and key.</para>
/// </summary>
/// <param name="encryptedText"><para>The text which you wish to decrypt.</para></param>
/// <returns><para>The resulting plaintext.</para></returns>
public byte[] Decrypt(byte[] encryptedText)
{
byte[] output = null;
byte[] data = ExtractIV(encryptedText);
this.algorithm.Key = Key;
using (ICryptoTransform transform = this.algorithm.CreateDecryptor())
{
output = Transform(transform, data);
}
CryptographyUtility.ZeroOutBytes(this.algorithm.Key);
return(output);
}
/// <summary>
/// Compares plain text input with a computed hash.
/// </summary>
/// <param name="plaintext">The input for which you want to compare the hash to.</param>
/// <param name="hashedtext">The hash value for which you want to compare the input to.</param>
/// <returns><c>true</c> if plainText hashed is equal to the hashedText. Otherwise, <c>false</c>.</returns>
public bool CompareHash(byte[] plaintext, byte[] hashedtext)
{
if (plaintext == null)
{
throw new ArgumentNullException("plainText");
}
if (hashedtext == null)
{
throw new ArgumentNullException("hashedText");
}
if (hashedtext.Length == 0)
{
throw new ArgumentException(Resources.ExceptionByteArrayValueMustBeGreaterThanZeroBytes, "hashedText");
}
bool result = false;
byte[] hashedPlainText = null;
byte[] salt = null;
try
{
try
{
salt = ExtractSalt(hashedtext);
hashedPlainText = CreateHashWithSalt(plaintext, salt);
}
finally
{
CryptographyUtility.ZeroOutBytes(salt);
}
result = CryptographyUtility.CompareBytes(hashedPlainText, hashedtext);
}
catch (Exception e)
{
InstrumentationProvider.FireCyptographicOperationFailed(Resources.HashComparisonFailed, e);
throw;
}
InstrumentationProvider.FireHashComparisonPerformed();
if (!result)
{
InstrumentationProvider.FireHashMismatchDetected();
}
return(result);
}
/// <summary>
/// <para>Encrypts bytes with the initialized algorithm and key.</para>
/// </summary>
/// <param name="plaintext"><para>The plaintext in which you wish to encrypt.</para></param>
/// <returns><para>The resulting ciphertext.</para></returns>
public byte[] Encrypt(byte[] plaintext)
{
byte[] output = null;
byte[] cipherText = null;
this.algorithm.Key = Key;
using (ICryptoTransform transform = this.algorithm.CreateEncryptor())
{
cipherText = Transform(transform, plaintext);
}
output = new byte[IVLength + cipherText.Length];
Buffer.BlockCopy(this.algorithm.IV, 0, output, 0, IVLength);
Buffer.BlockCopy(cipherText, 0, output, IVLength, cipherText.Length);
CryptographyUtility.ZeroOutBytes(this.algorithm.Key);
return(output);
}