private static void ValidatePassword(byte[] derived, VaultValue ansibleValue)
{
var hmacKey = derived.AsSpan(32, 32).ToArray();
var hmac256 = new HMACSHA256(hmacKey);
var hash = hmac256.ComputeHash(ansibleValue.Body);
if (!hash.AsSpan().SequenceEqual(ansibleValue.Hamc))
{
throw new Exception("Password was wrong");
}
}
/// <inheritdoc />
public string Decode(string password, string input)
{
var ansibleValue = new VaultValue(input);
var(aesKey, aes, derived) = Rfc2898DeriveBytes(ansibleValue.Salt, password);
ValidatePassword(derived, ansibleValue);
var cipher = Cipher(ansibleValue.Body, aesKey, aes, false);
return(Encoding.ASCII.GetString(cipher));
}
/// <inheritdoc />
public string Encode(string password, string input)
{
var salt = this.CreateSalt();
var(aesKey, aes, derived) = Rfc2898DeriveBytes(salt, password);
var cipher = Cipher(Encoding.ASCII.GetBytes(input), aesKey, aes, true);
var hmac = new HMACSHA256(derived.AsSpan(32, 32).ToArray()).ComputeHash(cipher);
var value = new VaultValue
{
Salt = salt,
Hamc = hmac,
Body = cipher
};
return(value.ToVaultString());
}
