internal MachineKeyMasterKeyProvider(MachineKeySection machineKeySection, string applicationId = null, string applicationName = null, CryptographicKey autogenKeys = null, KeyDerivationFunction keyDerivationFunction = null)
{
this._machineKeySection = machineKeySection;
this._applicationId = applicationId;
this._applicationName = applicationName;
this._autogenKeys = autogenKeys;
this._keyDerivationFunction = keyDerivationFunction;
}
internal Purpose(string primaryPurpose, string[] specificPurposes, CryptographicKey derivedEncryptionKey, CryptographicKey derivedValidationKey)
{
this.PrimaryPurpose = primaryPurpose;
this.SpecificPurposes = (specificPurposes ?? new string[0]);
this.DerivedEncryptionKey = derivedEncryptionKey;
this.DerivedValidationKey = derivedValidationKey;
this.SaveDerivedKeys = (this.SpecificPurposes.Length == 0);
}
public CryptographicKey GetValidationKey()
{
if (this._validationKey == null)
{
this._validationKey = this.GenerateCryptographicKey("validationKey", this._machineKeySection.ValidationKey, 256, 256, "Invalid_validation_key");
}
return(this._validationKey);
}
public CryptographicKey GetEncryptionKey()
{
if (this._encryptionKey == null)
{
this._encryptionKey = this.GenerateCryptographicKey("decryptionKey", this._machineKeySection.DecryptionKey, 0, 256, "Invalid_decryption_key");
}
return(this._encryptionKey);
}
private NetFXCryptoService GetNetFXCryptoService(Purpose purpose, CryptoServiceOptions options)
{
// Extract the encryption and validation keys from the provided Purpose object
CryptographicKey encryptionKey = purpose.GetDerivedEncryptionKey(_masterKeyProvider, _keyDerivationFunction);
CryptographicKey validationKey = purpose.GetDerivedValidationKey(_masterKeyProvider, _keyDerivationFunction);
// and return the ICryptoService
// (predictable IV turned on if the caller requested cacheable output)
return(new NetFXCryptoService(_cryptoAlgorithmFactory, encryptionKey, validationKey, predictableIV: (options == CryptoServiceOptions.CacheableOutput)));
}
public static CryptographicKey DeriveKey(CryptographicKey keyDerivationKey, Purpose purpose)
{
CryptographicKey result;
using (HMACSHA512 hMACSHA = CryptoAlgorithms.CreateHMACSHA512(keyDerivationKey.GetKeyMaterial()))
{
byte[] label;
byte[] context;
purpose.GetKeyDerivationParameters(out label, out context);
result = new CryptographicKey(SP800_108.DeriveKeyImpl(hMACSHA, label, context, keyDerivationKey.KeyLength));
}
return(result);
}
public CryptographicKey GetDerivedValidationKey(IMasterKeyProvider masterKeyProvider, KeyDerivationFunction keyDerivationFunction)
{
CryptographicKey cryptographicKey = this.DerivedValidationKey;
if (cryptographicKey == null)
{
CryptographicKey validationKey = masterKeyProvider.GetValidationKey();
cryptographicKey = keyDerivationFunction(validationKey, this);
if (this.SaveDerivedKeys)
{
this.DerivedValidationKey = cryptographicKey;
}
}
return(cryptographicKey);
}
public NetFXCryptoService(ICryptoAlgorithmFactory cryptoAlgorithmFactory, CryptographicKey encryptionKey, CryptographicKey validationKey, bool predictableIV = false)
{
this._cryptoAlgorithmFactory = cryptoAlgorithmFactory;
this._encryptionKey = encryptionKey;
this._validationKey = validationKey;
this._predictableIV = predictableIV;
}
