private static void ValidatePassword(byte[] derived, VaultValue ansibleValue) { var hmacKey = derived.AsSpan(32, 32).ToArray(); var hmac256 = new HMACSHA256(hmacKey); var hash = hmac256.ComputeHash(ansibleValue.Body); if (!hash.AsSpan().SequenceEqual(ansibleValue.Hamc)) { throw new Exception("Password was wrong"); } }
/// <inheritdoc /> public string Decode(string password, string input) { var ansibleValue = new VaultValue(input); var(aesKey, aes, derived) = Rfc2898DeriveBytes(ansibleValue.Salt, password); ValidatePassword(derived, ansibleValue); var cipher = Cipher(ansibleValue.Body, aesKey, aes, false); return(Encoding.ASCII.GetString(cipher)); }
/// <inheritdoc /> public string Encode(string password, string input) { var salt = this.CreateSalt(); var(aesKey, aes, derived) = Rfc2898DeriveBytes(salt, password); var cipher = Cipher(Encoding.ASCII.GetBytes(input), aesKey, aes, true); var hmac = new HMACSHA256(derived.AsSpan(32, 32).ToArray()).ComputeHash(cipher); var value = new VaultValue { Salt = salt, Hamc = hmac, Body = cipher }; return(value.ToVaultString()); }