// Note: input and output are allowed to be the same buffer. BCryptEncrypt will correctly do the encryption in place according to CNG documentation. public static int BCryptEncrypt(this SafeKeyHandle hKey, byte[] input, int inputOffset, int inputCount, byte[] iv, byte[] output, int outputOffset, int outputCount) { Debug.Assert(input != null); Debug.Assert(inputOffset >= 0); Debug.Assert(inputCount >= 0); Debug.Assert(inputCount <= input.Length - inputOffset); Debug.Assert(output != null); Debug.Assert(outputOffset >= 0); Debug.Assert(outputCount >= 0); Debug.Assert(outputCount <= output.Length - outputOffset); unsafe { fixed(byte *pbInput = input) { fixed(byte *pbOutput = output) { int cbResult; NTSTATUS ntStatus = Interop.BCryptEncrypt(hKey, pbInput + inputOffset, inputCount, IntPtr.Zero, iv, iv == null ? 0 : iv.Length, pbOutput + outputOffset, outputCount, out cbResult, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) { throw CreateCryptographicException(ntStatus); } return(cbResult); } } } }