public static int GetKeySize(PgpSymmetricKeyAlgorithm algorithm) { switch (algorithm) { case PgpSymmetricKeyAlgorithm.Des: return(64); case PgpSymmetricKeyAlgorithm.Idea: case PgpSymmetricKeyAlgorithm.Cast5: case PgpSymmetricKeyAlgorithm.Blowfish: case PgpSymmetricKeyAlgorithm.Safer: case PgpSymmetricKeyAlgorithm.Aes128: case PgpSymmetricKeyAlgorithm.Camellia128: return(128); case PgpSymmetricKeyAlgorithm.TripleDes: case PgpSymmetricKeyAlgorithm.Aes192: case PgpSymmetricKeyAlgorithm.Camellia192: return(192); case PgpSymmetricKeyAlgorithm.Aes256: case PgpSymmetricKeyAlgorithm.Twofish: case PgpSymmetricKeyAlgorithm.Camellia256: return(256); default: throw new PgpException("unknown symmetric algorithm: " + algorithm); } }
public SymmetricKeyEncSessionPacket(PgpSymmetricKeyAlgorithm encAlgorithm, S2k s2k, byte[]?secKeyData) { this.version = 4; this.encAlgorithm = encAlgorithm; this.s2k = s2k; this.secKeyData = secKeyData; }
/// <summary>Base constructor.</summary> /// <param name="encAlgorithm">The symmetric algorithm to use.</param> /// <param name="withIntegrityPacket">Use integrity packet.</param> public PgpEncryptedMessageGenerator( IPacketWriter packetWriter, PgpSymmetricKeyAlgorithm encAlgorithm, bool withIntegrityPacket = false) : base(packetWriter) { this.defAlgorithm = encAlgorithm; this.withIntegrityPacket = withIntegrityPacket; }
public PbeMethod( PgpSymmetricKeyAlgorithm encAlgorithm, S2k s2k, byte[] key) { this.encAlgorithm = encAlgorithm; this.s2k = s2k; this.key = key; }
internal SymmetricKeyEncSessionPacket(Stream bcpgIn) { version = bcpgIn.ReadByte(); encAlgorithm = (PgpSymmetricKeyAlgorithm)bcpgIn.ReadByte(); s2k = new S2k(bcpgIn); secKeyData = bcpgIn.ReadAll(); }
private static byte[] CreateSessionInfo( PgpSymmetricKeyAlgorithm algorithm, byte[] keyBytes) { byte[] sessionInfo = new byte[keyBytes.Length + 3]; sessionInfo[0] = (byte)algorithm; keyBytes.CopyTo(sessionInfo, 1); AddCheckSum(sessionInfo); return(sessionInfo); }
public ECDiffieHellmanKey( ECDiffieHellman ecdh, PgpHashAlgorithm hashAlgorithm, PgpSymmetricKeyAlgorithm symmetricAlgorithm, byte[] fingerprint) { if (fingerprint == null) { throw new ArgumentNullException(nameof(fingerprint)); } this.ecdh = ecdh; this.hashAlgorithm = hashAlgorithm; this.symmetricAlgorithm = symmetricAlgorithm; this.fingerprint = fingerprint; VerifyHashAlgorithm(); VerifySymmetricKeyAlgorithm(); }
public static string GetSymmetricCipherName(PgpSymmetricKeyAlgorithm algorithm) { switch (algorithm) { case PgpSymmetricKeyAlgorithm.Null: return("Null"); case PgpSymmetricKeyAlgorithm.TripleDes: return("DESEDE"); case PgpSymmetricKeyAlgorithm.Idea: return("IDEA"); case PgpSymmetricKeyAlgorithm.Cast5: return("CAST5"); case PgpSymmetricKeyAlgorithm.Blowfish: return("Blowfish"); case PgpSymmetricKeyAlgorithm.Safer: return("SAFER"); case PgpSymmetricKeyAlgorithm.Des: return("DES"); case PgpSymmetricKeyAlgorithm.Aes128: return("AES"); case PgpSymmetricKeyAlgorithm.Aes192: return("AES"); case PgpSymmetricKeyAlgorithm.Aes256: return("AES"); case PgpSymmetricKeyAlgorithm.Twofish: return("Twofish"); case PgpSymmetricKeyAlgorithm.Camellia128: return("Camellia"); case PgpSymmetricKeyAlgorithm.Camellia192: return("Camellia"); case PgpSymmetricKeyAlgorithm.Camellia256: return("Camellia"); default: throw new PgpException("unknown symmetric algorithm: " + algorithm); } }
private Stream GetDataStream(ReadOnlySpan <byte> sessionData, bool verifyIntegrity) { PgpSymmetricKeyAlgorithm keyAlgorithm = (PgpSymmetricKeyAlgorithm)sessionData[0]; if (keyAlgorithm == PgpSymmetricKeyAlgorithm.Null) { return(inputStream); } var key = sessionData.Slice(1); SymmetricAlgorithm encryptionAlgorithm = PgpUtilities.GetSymmetricAlgorithm(keyAlgorithm); var iv = new byte[(encryptionAlgorithm.BlockSize + 7) / 8]; byte[] keyArray = Array.Empty <byte>(); ICryptoTransform decryptor; var inlineIv = new byte[iv.Length * 2]; // Aligned to block size try { keyArray = key.ToArray(); decryptor = encryptionAlgorithm.CreateDecryptor(keyArray, iv); if (encryptedPacket is SymmetricEncDataPacket) { if (inputStream.ReadFully(inlineIv.AsSpan(0, iv.Length + 2)) < iv.Length + 2) { throw new EndOfStreamException(); } var decryptedInlineIv = decryptor.TransformFinalBlock(inlineIv, 0, inlineIv.Length); if (verifyIntegrity) { VerifyInlineIV(decryptedInlineIv.AsSpan(0, iv.Length), decryptedInlineIv.AsSpan(iv.Length, 2)); } // Perform reset according to the OpenPGP CFB rules decryptor = encryptionAlgorithm.CreateDecryptor(keyArray, inlineIv.AsSpan(2, iv.Length).ToArray()); } } finally { CryptographicOperations.ZeroMemory(keyArray.AsSpan()); } encStream = new CryptoStream( inputStream, new ZeroPaddedCryptoTransform(decryptor), CryptoStreamMode.Read); if (encryptedPacket is SymmetricEncIntegrityPacket) { hashAlgorithm = SHA1.Create(); tailEndCryptoTransform = new TailEndCryptoTransform(hashAlgorithm, hashAlgorithm.HashSize / 8); encStream = new CryptoStream(encStream, tailEndCryptoTransform, CryptoStreamMode.Read); if (encStream.ReadFully(inlineIv.AsSpan(0, iv.Length + 2)) < iv.Length + 2) { throw new EndOfStreamException(); } if (verifyIntegrity) { VerifyInlineIV(inlineIv.AsSpan(0, iv.Length), inlineIv.AsSpan(iv.Length, 2)); } } return(encStream); }
public PgpEncryptedMessageGenerator CreateEncrypted(PgpSymmetricKeyAlgorithm encAlgorithm, bool withIntegrityPacket = false) { return(new PgpEncryptedMessageGenerator(Open(), encAlgorithm, withIntegrityPacket)); }
private static byte[] GetDValue(SXprReader reader, KeyPacket publicKey, byte[] rawPassPhrase, string curveName) { string type; reader.SkipOpenParenthesis(); string protection; string?protectedAt = null; S2k s2k; byte[] iv; byte[] secKeyData; type = reader.ReadString(); if (type.Equals("protected", StringComparison.Ordinal)) { protection = reader.ReadString(); reader.SkipOpenParenthesis(); s2k = reader.ParseS2k(); iv = reader.ReadBytes(); reader.SkipCloseParenthesis(); secKeyData = reader.ReadBytes(); reader.SkipCloseParenthesis(); reader.SkipOpenParenthesis(); if (reader.ReadString().Equals("protected-at", StringComparison.Ordinal)) { protectedAt = reader.ReadString(); } } else { throw new PgpException("protected block not found"); } byte[] data; switch (protection) { case "openpgp-s2k3-sha1-aes256-cbc": case "openpgp-s2k3-sha1-aes-cbc": PgpSymmetricKeyAlgorithm symmAlg = protection.Equals("openpgp-s2k3-sha1-aes256-cbc", StringComparison.Ordinal) ? PgpSymmetricKeyAlgorithm.Aes256 : PgpSymmetricKeyAlgorithm.Aes128; using (var c = PgpUtilities.GetSymmetricAlgorithm(symmAlg)) { var keyBytes = new byte[c.KeySize / 8]; S2kBasedEncryption.MakeKey(rawPassPhrase, PgpHashAlgorithm.Sha1, s2k.GetIV(), s2k.IterationCount, keyBytes); c.Key = keyBytes; c.IV = iv; c.Mode = CipherMode.CBC; using var decryptor = new ZeroPaddedCryptoTransform(c.CreateDecryptor()); data = decryptor.TransformFinalBlock(secKeyData, 0, secKeyData.Length); // TODO: check SHA-1 hash. } break; case "openpgp-s2k3-ocb-aes": { MemoryStream aad = new MemoryStream(); WriteSExprPublicKey(new SXprWriter(aad), publicKey, curveName, protectedAt); var keyBytes = new byte[16]; S2kBasedEncryption.MakeKey(rawPassPhrase, PgpHashAlgorithm.Sha1, s2k.GetIV(), s2k.IterationCount, keyBytes); using var aesOcb = new AesOcb(keyBytes); data = new byte[secKeyData.Length - 16]; aesOcb.Decrypt(iv, secKeyData.AsSpan(0, secKeyData.Length - 16), secKeyData.AsSpan(secKeyData.Length - 16), data, aad.ToArray()); } break; case "openpgp-native": default: throw new PgpException(protection + " key format is not supported yet"); } // // parse the secret key S-expr // Stream keyIn = new MemoryStream(data, false); reader = new SXprReader(keyIn); reader.SkipOpenParenthesis(); reader.SkipOpenParenthesis(); reader.SkipOpenParenthesis(); String name = reader.ReadString(); return(reader.ReadBytes()); }