public Ciphertext Encrypt(string text, Secret secret = null) { var cleanTextBytes = _encoding.GetBytes(text); var salt = GenerateRandomBytes(SaltLength); var key = SecretKeyFactory.GetKey(salt, secret, _pbkdf2Iterations); var iv = GenerateRandomBytes(IvLength); var cipher = new GcmBlockCipher(new AesEngine()); var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null); cipher.Init(true, parameters); var cipherTextBytes = new byte[cipher.GetOutputSize(cleanTextBytes.Length)]; var len = cipher.ProcessBytes(cleanTextBytes, 0, cleanTextBytes.Length, cipherTextBytes, 0); cipher.DoFinal(cipherTextBytes, len); byte[] resultBytes; using (var combinedStream = new MemoryStream()) { using (var binaryWriter = new BinaryWriter(combinedStream)) { binaryWriter.Write(salt); binaryWriter.Write(iv); binaryWriter.Write(cipherTextBytes); } resultBytes = combinedStream.ToArray(); } SecretKeyFactory.ShuffleSecretKey(key); var cipheredText = Convert.ToBase64String(resultBytes); return(new Ciphertext(Name + ":" + cipheredText, secret.Version)); }
public void GetKeyTest() { var secretData = SecretsDataGenerator.FromPassword("secret"); var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()); var key = SecretKeyFactory.GetKey(salt, secretData.CurrentSecret, 1000); Assert.IsNotNull(key); Assert.IsNotEmpty(key); }
public void GetKeyNegativeTest() { var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password")); var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()); var exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(salt, null, 1000)); Assert.AreEqual("Secret is null", exception.Message); exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(null, secret, -1)); Assert.AreEqual("Unable to generate secret", exception.Message); Assert.NotNull(exception.InnerException); }
protected static string DecodeBytes(byte[] decodedBytes, Secret secret, int pbkdf2Iterations, Encoding encoding) { #pragma warning disable CA1062 var invalidCipherLength = decodedBytes.Length < MetaInfoLength; #pragma warning restore CA1062 s_helper.Check <StorageCryptoException>(invalidCipherLength, Messages.AesGcmCipher.s_errWrongEncryptedText); s_helper.Check <StorageCryptoException>(secret == null, Messages.AesGcmCipher.s_errNoSecret); s_helper.Check <StorageCryptoException>(encoding == null, Messages.AesGcmCipher.s_errNoEncoding); var salt = Arrays.CopyOfRange(decodedBytes, 0, SaltLength); var iv = Arrays.CopyOfRange(decodedBytes, SaltLength, MetaInfoLength); var encrypted = Arrays.CopyOfRange(decodedBytes, MetaInfoLength, decodedBytes.Length); var key = SecretKeyFactory.GetKey(salt, secret, pbkdf2Iterations); try { var cipher = new GcmBlockCipher(new AesEngine()); var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null); cipher.Init(false, parameters); var decryptedText = new byte[cipher.GetOutputSize(encrypted.Length)]; var len = cipher.ProcessBytes(encrypted, 0, encrypted.Length, decryptedText, 0); cipher.DoFinal(decryptedText, len); #pragma warning disable CA1062 return(encoding.GetString(decryptedText)); #pragma warning restore CA1062 } catch (InvalidCipherTextException ex) { s_log.Error(ex, Messages.AesGcmCipher.s_errInvalidCipher); throw new StorageCryptoException(Messages.AesGcmCipher.s_errInvalidCipher, ex); } catch (System.Exception ex) { s_log.Error(ex, Messages.AesGcmCipher.s_errUnexpectedDuringDecryption); throw new StorageCryptoException(Messages.AesGcmCipher.s_errUnexpectedDuringDecryption, ex); } finally { SecretKeyFactory.ShuffleSecretKey(key); } }