/// <summary>
/// Validates the certificate supplied by the server, and also creates a symmetric encryption key
/// </summary>
/// <returns><c>true</c>, if certificate was validated, <c>false</c> otherwise.</returns>
/// <param name="login">ProtoLogin containing certificate</param>
public bool ValidateCertificateAndCreateKey(ProtoLogIn login, out byte[] key)
{
if (login == null || login.certificate == null)
{
key = null;
return(false);
}
else
{
try
{
// Get certificate
X509Certificate2 cert = new X509Certificate2(login.certificate);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
#if DEBUG
if (this.key != null)
{
if (this.key.Length == 0)
{
alg = new NetAESEncryption(client);
}
else
{
alg = new NetAESEncryption(client,
this.key, 0, this.key.Length);
}
key = rsa.Encrypt(this.key, false);
}
else
{
// If no key, do not use an encryption algorithm
alg = null;
key = null;
}
#else
// Create a new symmetric key
TripleDES des = TripleDESCryptoServiceProvider.Create();
des.GenerateKey();
// Encrypt key with server's public key
this.key = des.Key;
key = rsa.Encrypt(des.Key, false);
// Initialise the algoitm
alg = new NetAESEncryption(client, des.Key, 0, des.Key.Length);
Console.WriteLine("CLIENT: my unencrypted key:");
foreach (var bite in des.Key)
{
Console.Write(bite.ToString());
}
#endif
// Validate certificate
if (!cert.Verify())
{
X509Chain CertificateChain = new X509Chain();
//If you do not provide revokation information, use the following line.
CertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
bool IsCertificateChainValid = CertificateChain.Build(cert);
if (!IsCertificateChainValid)
{
for (int i = 0; i < CertificateChain.ChainStatus.Length; i++)
{
}
// TODO change to false after testing
return(true);
}
}
// temporary certificate validation fix
return(true);
//return cert.Verify();
}
catch (Exception e)
{
Console.Error.WriteLine("A problem occurred when parsing certificate from bytes: \n" + "type: " + e.GetType().FullName + "\n " + ", source: " + e.Source + "\n message: " + e.Message);
key = null;
return(true);
}
}
}
/// <summary>対称アルゴリズム暗号化サービスプロバイダ生成</summary>
/// <param name="esa">EnumSymmetricAlgorithm</param>
/// <param name="cm">CipherMode</param>
/// <param name="pm">PaddingMode</param>
/// <returns>SymmetricAlgorithm</returns>
private SymmetricAlgorithm CreateSymmetricAlgorithm(EnumSymmetricAlgorithm esa, CipherMode cm, PaddingMode pm)
{
#region Constructor
SymmetricAlgorithm sa = null;
#region Aes
if (esa.HasFlag(EnumSymmetricAlgorithm.AES_CSP))
{
// AesCryptoServiceProviderサービスプロバイダ
sa = AesCryptoServiceProvider.Create(); // devps(1703)
}
else if (esa.HasFlag(EnumSymmetricAlgorithm.AES_M))
{
// AesManagedサービスプロバイダ
sa = AesManaged.Create(); // devps(1703)
}
#if NET45 || NET46
#else
else if (esa.HasFlag(EnumSymmetricAlgorithm.AES_CNG))
{
// AesCngサービスプロバイダ
sa = AesCng.Create(); // devps(1703)
}
#endif
#endregion
#region TripleDES
else if (esa.HasFlag(EnumSymmetricAlgorithm.TDES_CSP))
{
// TripleDESCryptoServiceProviderサービスプロバイダ
sa = TripleDESCryptoServiceProvider.Create(); // devps(1703)
}
#if NET45 || NET46
#else
else if (esa.HasFlag(EnumSymmetricAlgorithm.TDES_CNG))
{
// TripleDESCngサービスプロバイダ
sa = TripleDESCng.Create(); // devps(1703)
}
#endif
#endregion
#region Others
else if (esa.HasFlag(EnumSymmetricAlgorithm.DES_CSP))
{
// DESCryptoServiceProviderサービスプロバイダ
sa = DESCryptoServiceProvider.Create(); // devps(1703)
}
else if (esa.HasFlag(EnumSymmetricAlgorithm.RC2_CSP))
{
// RC2CryptoServiceProviderサービスプロバイダ
sa = RC2CryptoServiceProvider.Create(); // devps(1703)
}
else if (esa.HasFlag(EnumSymmetricAlgorithm.Rijndael_M))
{
// RijndaelManagedサービスプロバイダ
sa = RijndaelManaged.Create(); // devps(1703)
}
#endregion
else
{
throw new ArgumentException(
PublicExceptionMessage.ARGUMENT_INCORRECT, "EnumSymmetricAlgorithm esa");
}
#endregion
#region Options
// cmが設定されている場合。
if (cm != 0)
{
sa.Mode = cm;
}
// pmが設定されている場合。
if (pm != 0)
{
sa.Padding = pm;
}
#endregion
return(sa);
}
//public static string GenerateOTPCode()
//{
// Random random = new Random();
// return new string(Enumerable.Repeat(SingleSignOnSettings.CharactersOfOTPCode, SingleSignOnSettings.NumberCharactersOfOTPCode)
// .Select(s => s[random.Next(s.Length)]).ToArray());
//}
public static string TripleDESEncrypt(string key, string data)
{
data = data.Trim();
byte[] keydata = Encoding.ASCII.GetBytes(key);
string md5String = BitConverter.ToString(new
MD5CryptoServiceProvider().ComputeHash(keydata)).Replace("-", "").ToLower(); byte[] tripleDesKey = Encoding.ASCII.GetBytes(md5String.Substring(0, 24)); TripleDES tripdes = TripleDESCryptoServiceProvider.Create();
tripdes.Mode = CipherMode.ECB;
tripdes.Key = tripleDesKey;
tripdes.GenerateIV();
MemoryStream ms = new MemoryStream();
CryptoStream encStream = new CryptoStream(ms, tripdes.CreateEncryptor(), CryptoStreamMode.Write);
encStream.Write(Encoding.ASCII.GetBytes(data), 0, Encoding.ASCII.GetByteCount(data));
encStream.FlushFinalBlock();
byte[] cryptoByte = ms.ToArray();
ms.Close();
encStream.Close();
return(Convert.ToBase64String(cryptoByte, 0,
cryptoByte.GetLength(0)).Trim());
}
private void btDecode_Click(object sender, RoutedEventArgs e)
{
Passphrase pass = new Passphrase();
pass.Owner = this;
pass.ShowDialog();
byte[] decrypted;
using (FileStream fileStream = File.OpenRead(file))
{
decrypted = new byte[fileStream.Length];
fileStream.Read(decrypted, 0, decrypted.Length);
}
SymmetricAlgorithm sa;
CipherMode mode;
PaddingMode padding = PaddingMode.None;
byte[] keyT = Encoding.UTF8.GetBytes(pass.pbPass.Password);
SHA256 sha256 = new SHA256Cng();
keyT = sha256.ComputeHash(keyT);
int n = 0;
if (rbDeAES.IsChecked == true)
{
sa = AesCryptoServiceProvider.Create();
n = 32;
}
else
{
sa = TripleDESCryptoServiceProvider.Create();
n = 24;
}
byte[] key = new byte[n];
Array.Copy(keyT, key, n);
byte[] iv = new byte[8];
if (n == 24)
{
iv = new byte[8];
}
else
{
iv = new byte[16];
}
if (rbEnCBC.IsChecked == true)
{
mode = CipherMode.CBC;
}
else
{
if (rbEnCFB.IsEnabled)
{
mode = CipherMode.CFB;
}
else
{
mode = CipherMode.CTS;
}
}
byte[] entrophy = sha256.ComputeHash(Encoding.UTF8.GetBytes(pass.pbPass.Password)); //File.ReadAllBytes(@"D:\OSU\ЗПиД\ЗПиД6\Энтропия.txt");//113 183
// SHA256 sha256 = new SHA256Cng();
// entrophy = sha256.ComputeHash(entrophy);
using (FileStream fstream = File.OpenRead(@"D:\OSU\ЗПиД\ЗПиД6\Пароль.txt"))
{
byte[] keyTemp = new byte[fstream.Length];
fstream.Read(keyTemp, 0, keyTemp.Length);
key = ProtectedData.Unprotect(keyTemp, entrophy, DataProtectionScope.CurrentUser);
// keyT = Decrypt(temp, sa, key, iv, mode, padding);
}
//Array.Copy(keyT, key, n);
byte[] decr = Decrypt(decrypted, sa, key, iv, mode, padding);
string result = Encoding.UTF8.GetString(decr);
File.WriteAllText(@"C:\Users\Nastya\Desktop\Университет\ЗПиД\ЗПиД6\Результат.txt", result, Encoding.UTF8);
MessageBox.Show("Выполнено!");
tbDeOpenDialog.Text = "";
}
private void Encode_Click(object sender, RoutedEventArgs e)
{
Passphrase pass = new Passphrase();
pass.Owner = this;
pass.ShowDialog();
SymmetricAlgorithm sa;
byte[] iv = new byte[8];
CipherMode mode;
PaddingMode padding = PaddingMode.Zeros;
int n = 0;
if (rbEnAES.IsChecked == true)
{
sa = AesCryptoServiceProvider.Create();
n = 32;
}
else
{
sa = TripleDESCryptoServiceProvider.Create();
n = 24;
}
if (n == 32)
{
iv = new byte[16];
}
byte[] key = new byte[n];
if (rbEnCBC.IsChecked == true)
{
mode = CipherMode.CBC;
}
else
{
if (rbEnCFB.IsChecked == true)
{
mode = CipherMode.CFB;
}
else
{
mode = CipherMode.CTS;
}
}
byte[] entrophy = new byte[32];
/* RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
* rng.GetBytes(entrophy);*/
SHA256 sha256 = new SHA256Cng();
entrophy = sha256.ComputeHash(Encoding.UTF8.GetBytes(pass.pbPass.Password));//114 174 3
byte[] salt = Encoding.UTF8.GetBytes("saltsaltsalt");
// File.WriteAllBytes(@"D:\OSU\ЗПиД\ЗПиД6\Энтропия.txt", entrophy);
if (rbGeneration.IsChecked == true)
{
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pass.pbPass.Password, salt, 10000);
key = pbkdf2.GetBytes(n);
}
else
{
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pbKeyPhrase.Password, salt, 10000);
key = pbkdf2.GetBytes(n);
}
byte[] encrypted = Encrypt(dataText, sa, key, iv, mode, padding);
using (
FileStream fs = new FileStream(@"D:\OSU\ЗПиД\ЗПиД6\Шифр.txt",
FileMode.Create))
{
fs.Write(encrypted, 0, encrypted.Length);
}
byte[] keyTemp = Encoding.UTF8.GetBytes(pass.pbPass.Password);
// SHA256 sha256 = new SHA256Managed();
keyTemp = sha256.ComputeHash(keyTemp);
byte[] keyForkey = new byte[n];
Array.Copy(keyTemp, keyForkey, n);
// byte[] en = Encrypt(key, sa, keyForkey, iv, mode, padding);
byte[] en = ProtectedData.Protect(key, entrophy, DataProtectionScope.CurrentUser);
using (
FileStream fs_key = new FileStream(@"D:\OSU\ЗПиД\ЗПиД6\Пароль.txt",
FileMode.Create))
{
fs_key.Write(en, 0, en.Length);
}
MessageBox.Show("Выполнено!");
tbEnOpenDialog.Text = "";
rbGeneration.IsChecked = true;
pbKeyPhrase.Password = "";
rbGeneration_Checked(sender, e);
}
public static string Decrypt(string text, byte[] key, byte[] iv)
{
try
{
return(UTF8Encoding.UTF8.GetString(Transform(Convert.FromBase64String(text), TripleDESCryptoServiceProvider.Create().CreateDecryptor(key, iv))));
}
catch (Exception)
{
return("¡Error...!");
}
}
