private static Stream CreateStream(Stream s, bool bEncrypt, byte[] pbKey, byte[] pbIV)
{
StandardAesEngine.ValidateArguments(s, bEncrypt, pbKey, pbIV);
#if KeePassUAP
return(StandardAesEngineExt.CreateStream(s, bEncrypt, pbKey, pbIV));
#else
SymmetricAlgorithm a = CryptoUtil.CreateAes();
if (a.BlockSize != 128) // AES block size
{
Debug.Assert(false);
a.BlockSize = 128;
}
a.KeySize = 256;
a.Mode = SaeCipherMode;
a.Padding = SaePaddingMode;
ICryptoTransform t;
if (bEncrypt)
{
t = a.CreateEncryptor(pbKey, pbIV);
}
else
{
t = a.CreateDecryptor(pbKey, pbIV);
}
if (t == null)
{
Debug.Assert(false); throw new SecurityException("Unable to create AES transform!");
}
return(new CryptoStreamEx(s, t, bEncrypt ? CryptoStreamMode.Write :
CryptoStreamMode.Read, a));
#endif
}
private static Stream CreateStream(Stream s, bool bEncrypt, byte[] pbKey, byte[] pbIV)
{
StandardAesEngine.ValidateArguments(s, bEncrypt, pbKey, pbIV);
RijndaelManaged r = new RijndaelManaged();
byte[] pbLocalIV = new byte[16];
Array.Copy(pbIV, pbLocalIV, 16);
r.IV = pbLocalIV;
byte[] pbLocalKey = new byte[32];
Array.Copy(pbKey, pbLocalKey, 32);
r.KeySize = 256;
r.Key = pbLocalKey;
r.Mode = m_rCipherMode;
r.Padding = m_rCipherPadding;
ICryptoTransform iTransform = (bEncrypt ? r.CreateEncryptor() : r.CreateDecryptor());
Debug.Assert(iTransform != null);
if (iTransform == null)
{
throw new SecurityException("Unable to create Rijndael transform!");
}
return(new CryptoStream(s, iTransform, bEncrypt ? CryptoStreamMode.Write :
CryptoStreamMode.Read));
}
private static Stream CreateStream(Stream s, bool bEncrypt, byte[] pbKey, byte[] pbIV)
{
StandardAesEngine.ValidateArguments(s, bEncrypt, pbKey, pbIV);
byte[] pbLocalIV = new byte[16];
Array.Copy(pbIV, pbLocalIV, 16);
byte[] pbLocalKey = new byte[32];
Array.Copy(pbKey, pbLocalKey, 32);
#if KeePassUWP
var cbc = new CbcBlockCipher(new AesEngine());
var bc = new PaddedBufferedBlockCipher(cbc,
new Pkcs7Padding());
var kp = new KeyParameter(pbLocalKey);
var prmIV = new ParametersWithIV(kp, pbLocalIV);
bc.Init(bEncrypt, prmIV);
var cpRead = (bEncrypt ? null : bc);
var cpWrite = (bEncrypt ? bc : null);
return(new CipherStream(s, cpRead, cpWrite));
#elif KeePassUAP
return(StandardAesEngineExt.CreateStream(s, bEncrypt, pbLocalKey, pbLocalIV));
#else
SymmetricAlgorithm a = CryptoUtil.CreateAes();
if (a.BlockSize != 128) // AES block size
{
Debug.Assert(false);
a.BlockSize = 128;
}
a.IV = pbLocalIV;
a.KeySize = 256;
a.Key = pbLocalKey;
a.Mode = m_rCipherMode;
a.Padding = m_rCipherPadding;
ICryptoTransform iTransform = (bEncrypt ? a.CreateEncryptor() : a.CreateDecryptor());
Debug.Assert(iTransform != null);
if (iTransform == null)
{
throw new SecurityException("Unable to create AES transform!");
}
return(new CryptoStream(s, iTransform, bEncrypt ? CryptoStreamMode.Write :
CryptoStreamMode.Read));
#endif
}
private static Stream CreateStream(Stream s, bool bEncrypt, byte[] pbKey, byte[] pbIV)
{
StandardAesEngine.ValidateArguments(s, bEncrypt, pbKey, pbIV);
byte[] pbLocalIV = new byte[16];
Array.Copy(pbIV, pbLocalIV, 16);
byte[] pbLocalKey = new byte[32];
Array.Copy(pbKey, pbLocalKey, 32);
#if !KeePassRT
RijndaelManaged r = new RijndaelManaged();
if (r.BlockSize != 128) // AES block size
{
Debug.Assert(false);
r.BlockSize = 128;
}
r.IV = pbLocalIV;
r.KeySize = 256;
r.Key = pbLocalKey;
r.Mode = m_rCipherMode;
r.Padding = m_rCipherPadding;
ICryptoTransform iTransform = (bEncrypt ? r.CreateEncryptor() : r.CreateDecryptor());
Debug.Assert(iTransform != null);
if (iTransform == null)
{
throw new SecurityException("Unable to create Rijndael transform!");
}
return(new CryptoStream(s, iTransform, bEncrypt ? CryptoStreamMode.Write :
CryptoStreamMode.Read));
#else
AesEngine aes = new AesEngine();
CbcBlockCipher cbc = new CbcBlockCipher(aes);
PaddedBufferedBlockCipher bc = new PaddedBufferedBlockCipher(cbc,
new Pkcs7Padding());
KeyParameter kp = new KeyParameter(pbLocalKey);
ParametersWithIV prmIV = new ParametersWithIV(kp, pbLocalIV);
bc.Init(bEncrypt, prmIV);
IBufferedCipher cpRead = (bEncrypt ? null : bc);
IBufferedCipher cpWrite = (bEncrypt ? bc : null);
return(new CipherStream(s, cpRead, cpWrite));
#endif
}
private static Stream CreateStream(Stream s, bool bEncrypt, byte[] pbKey, byte[] pbIV)
{
StandardAesEngine.ValidateArguments(s, bEncrypt, pbKey, pbIV);
byte[] pbLocalIV = new byte[16];
Array.Copy(pbIV, pbLocalIV, 16);
byte[] pbLocalKey = new byte[32];
Array.Copy(pbKey, pbLocalKey, 32);
#if KeePassUAP
return(StandardAesEngineExt.CreateStream(s, bEncrypt, pbLocalKey, pbLocalIV));
#else
SymmetricAlgorithm a = CryptoUtil.CreateAes();
if (a.BlockSize != 128) // AES block size
{
Debug.Assert(false);
a.BlockSize = 128;
}
a.IV = pbLocalIV;
a.KeySize = 256;
a.Key = pbLocalKey;
a.Mode = m_rCipherMode;
a.Padding = m_rCipherPadding;
ICryptoTransform iTransform = (bEncrypt ? a.CreateEncryptor() : a.CreateDecryptor());
Debug.Assert(iTransform != null);
if (iTransform == null)
{
throw new SecurityException("Unable to create AES transform!");
}
return(new CryptoStream(s, iTransform, bEncrypt ? CryptoStreamMode.Write :
CryptoStreamMode.Read));
#endif
}
public Stream DecryptStream(Stream sEncrypted, byte[] pbKey, byte[] pbIV)
{
return(StandardAesEngine.CreateStream(sEncrypted, false, pbKey, pbIV));
}
public Stream EncryptStream(Stream sPlainText, byte[] pbKey, byte[] pbIV)
{
return(StandardAesEngine.CreateStream(sPlainText, true, pbKey, pbIV));
}
/// <summary>
/// A method for generating encrypted ChallengeInfo to be saved. For security, this method should
/// be called every time you get a successful challenge-response pair from the Yubikey. Failure to
/// do so will permit password re-use attacks.
/// </summary>
/// <param name="secret">The un-encrypted secret</param>
/// <returns>A fully populated ChallengeInfo object ready to be saved</returns>
public ChallengeInfo Encrypt(byte[] secret)
{
//generate a random challenge for use next time
byte[] challenge = GenerateChallenge();
//generate the expected HMAC-SHA1 response for the challenge based on the secret
byte[] resp = GenerateResponse(challenge, secret);
//use the response to encrypt the secret
SHA256 sha = SHA256Managed.Create();
byte[] key = sha.ComputeHash(resp); // get a 256 bit key from the 160 bit hmac response
byte[] secretHash = sha.ComputeHash(secret);
StandardAesEngine aes = new StandardAesEngine();
const uint aesIVLenBytes = 16 ;
byte[] IV = CryptoRandom.Instance.GetRandomBytes(aesIVLenBytes);
byte[] encrypted;
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = (CryptoStream)aes.EncryptStream(msEncrypt, key, IV))
{
csEncrypt.Write(secret, 0, secret.Length);
csEncrypt.Close();
}
encrypted = msEncrypt.ToArray();
msEncrypt.Close();
}
ChallengeInfo inf = new ChallengeInfo (encrypted, IV, challenge, secretHash, LT64);
sha.Clear();
return inf;
}
private bool DecryptSecret(byte[] yubiResp, ChallengeInfo inf, out byte[] secret)
{
secret = new byte[keyLenBytes];
if (inf.IV == null) return false;
if (inf.Verification == null) return false;
//use the response to decrypt the secret
SHA256 sha = SHA256Managed.Create();
byte[] key = sha.ComputeHash(yubiResp); // get a 256 bit key from the 160 bit hmac response
StandardAesEngine aes = new StandardAesEngine();
using (MemoryStream msDecrypt = new MemoryStream(inf.EncryptedSecret))
{
using (CryptoStream csDecrypt = (CryptoStream)aes.DecryptStream(msDecrypt, key, inf.IV))
{
csDecrypt.Read(secret, 0, secret.Length);
csDecrypt.Close();
}
msDecrypt.Close();
}
byte[] secretHash = sha.ComputeHash(secret);
for (int i = 0; i < secretHash.Length; i++)
{
if (secretHash[i] != inf.Verification[i])
{
//wrong response
Array.Clear(secret, 0, secret.Length);
return false;
}
}
//return the secret
sha.Clear();
return true;
}
