private void EncryptAgileFromKey(EncryptionInfoAgile.EncryptionKeyEncryptor encr, byte[] key, byte[] data, long pos, long size, byte[] iv, MemoryStream ms)
{
var encryptKey = GetEncryptionAlgorithm(encr);
encryptKey.BlockSize = encr.BlockSize << 3;
encryptKey.KeySize = encr.KeyBits;
encryptKey.Mode = encr.ChiptherChaining == eChainingMode.ChainingModeCBC ? CipherMode.CBC : CipherMode.CFB;
encryptKey.Padding = PaddingMode.Zeros;
ICryptoTransform encryptor = encryptKey.CreateEncryptor(
FixHashSize(key, encr.KeyBits / 8),
FixHashSize(iv, 16, 0x36));
CryptoStream cryptoStream = new CryptoStream(ms,
encryptor,
CryptoStreamMode.Write);
var cryptoSize = size % encr.BlockSize == 0 ? size : (size + (encr.BlockSize - (size % encr.BlockSize)));
var buffer = new byte[size];
Array.Copy(data, pos, buffer, 0, size);
cryptoStream.Write(buffer, 0, (int)size);
while (size % encr.BlockSize != 0)
{
cryptoStream.WriteByte(0);
size++;
}
}
private HMAC GetHmacProvider(EncryptionInfoAgile.EncryptionKeyEncryptor ei, byte[] salt)
{
switch (ei.HashAlgorithm)
{
case eHashAlogorithm.RIPEMD160:
return(new HMACRIPEMD160(salt));
case eHashAlogorithm.MD5:
return(new HMACMD5(salt));
case eHashAlogorithm.SHA1:
return(new HMACSHA1(salt));
case eHashAlogorithm.SHA256:
return(new HMACSHA256(salt));
case eHashAlogorithm.SHA384:
return(new HMACSHA384(salt));
case eHashAlogorithm.SHA512:
return(new HMACSHA512(salt));
default:
throw(new NotSupportedException(string.Format("Hash method {0} not supported.", ei.HashAlgorithm)));
}
}
private byte[] DecryptAgileFromKey(EncryptionInfoAgile.EncryptionKeyEncryptor encr, byte[] key, byte[] encryptedData, long size, byte[] iv)
{
SymmetricAlgorithm decryptKey = GetEncryptionAlgorithm(encr);
decryptKey.BlockSize = encr.BlockSize << 3;
decryptKey.KeySize = encr.KeyBits;
decryptKey.Mode = encr.ChiptherChaining == eChainingMode.ChainingModeCBC ? CipherMode.CBC : CipherMode.CFB;
decryptKey.Padding = PaddingMode.Zeros;
ICryptoTransform decryptor = decryptKey.CreateDecryptor(
FixHashSize(key, encr.KeyBits / 8),
FixHashSize(iv, encr.BlockSize, 0x36));
MemoryStream dataStream = new MemoryStream(encryptedData);
CryptoStream cryptoStream = new CryptoStream(dataStream,
decryptor,
CryptoStreamMode.Read);
var decryptedData = new byte[size];
cryptoStream.Read(decryptedData, 0, (int)size);
return(decryptedData);
}
private HashAlgorithm GetHashProvider(EncryptionInfoAgile.EncryptionKeyEncryptor encr)
{
HashAlgorithm hashProvider;
switch (encr.HashAlgorithm)
{
case eHashAlogorithm.MD5:
return(new MD5CryptoServiceProvider());
case eHashAlogorithm.RIPEMD160:
return(new RIPEMD160Managed());
case eHashAlogorithm.SHA1:
return(new SHA1CryptoServiceProvider());
case eHashAlogorithm.SHA256:
return(new SHA256CryptoServiceProvider());
case eHashAlogorithm.SHA384:
return(new SHA384CryptoServiceProvider());
case eHashAlogorithm.SHA512:
return(new SHA512CryptoServiceProvider());
default:
throw new NotSupportedException(string.Format("Hash provider is unsupported. {0}", encr.HashAlgorithm));
}
}
private HashAlgorithm GetHashProvider(EncryptionInfoAgile.EncryptionKeyEncryptor encr)
{
switch (encr.HashAlgorithm)
{
case eHashAlogorithm.MD5:
return(MD5.Create());
//case eHashAlogorithm.RIPEMD160:
// return new RIPEMD160Managed();
case eHashAlogorithm.SHA1:
return(SHA1.Create());
case eHashAlogorithm.SHA256:
return(SHA256.Create());
case eHashAlogorithm.SHA384:
return(SHA384.Create());
case eHashAlogorithm.SHA512:
return(SHA512.Create());
default:
throw new NotSupportedException(string.Format("Hash provider is unsupported. {0}", encr.HashAlgorithm));
}
}
private SymmetricAlgorithm GetEncryptionAlgorithm(EncryptionInfoAgile.EncryptionKeyEncryptor encr)
{
switch (encr.CipherAlgorithm)
{
case eCipherAlgorithm.AES:
#if COREFX
return(Aes.Create());
#else
return(new RijndaelManaged());
#endif
case eCipherAlgorithm.DES:
#if COREFX
throw (new NotSupportedException(string.Format("Unsupported Cipher Algorithm: {0}", encr.CipherAlgorithm.ToString())));
#else
return(new DESCryptoServiceProvider());
#endif
case eCipherAlgorithm.TRIPLE_DES:
case eCipherAlgorithm.TRIPLE_DES_112:
#if COREFX
return(TripleDES.Create());
#else
return(new TripleDESCryptoServiceProvider());
#endif
case eCipherAlgorithm.RC2:
#if COREFX
throw (new NotSupportedException(string.Format("Unsupported Cipher Algorithm: {0}", encr.CipherAlgorithm.ToString())));
#else
return(new RC2CryptoServiceProvider());
#endif
default:
throw(new NotSupportedException(string.Format("Unsupported Cipher Algorithm: {0}", encr.CipherAlgorithm.ToString())));
}
}
private HMAC GetHmacProvider(EncryptionInfoAgile.EncryptionKeyEncryptor ei, byte[] salt)
{
switch (ei.HashAlgorithm)
{
case eHashAlogorithm.RIPEMD160:
#if COREFX || NETSTANDARD2_0
throw new NotSupportedException("RIPEMD-160 is banned by SDL.");
#else
return(new HMACRIPEMD160(salt));
#endif
case eHashAlogorithm.MD5:
return(new HMACMD5(salt));
case eHashAlogorithm.SHA1:
return(new HMACSHA1(salt));
case eHashAlogorithm.SHA256:
return(new HMACSHA256(salt));
case eHashAlogorithm.SHA384:
return(new HMACSHA384(salt));
case eHashAlogorithm.SHA512:
return(new HMACSHA512(salt));
default:
throw (new NotSupportedException(string.Format("Hash method {0} not supported.", ei.HashAlgorithm)));
}
}
private void EncryptAgileFromKey(EncryptionInfoAgile.EncryptionKeyEncryptor encr, byte[] key, Stream dataStream, long pos, long size, byte[] iv, Stream s)
{
var encryptKey = GetEncryptionAlgorithm(encr);
encryptKey.BlockSize = encr.BlockSize << 3;
encryptKey.KeySize = encr.KeyBits;
#if (Core)
encryptKey.Mode = CipherMode.CBC;
#else
encryptKey.Mode = encr.CipherChaining == eChainingMode.ChainingModeCBC ? CipherMode.CBC : CipherMode.CFB;
#endif
encryptKey.Padding = PaddingMode.Zeros;
ICryptoTransform encryptor = encryptKey.CreateEncryptor(
FixHashSize(key, encr.KeyBits / 8),
FixHashSize(iv, 16, 0x36));
CryptoStream cryptoStream = new CryptoStream(s,
encryptor,
CryptoStreamMode.Write);
//var cryptoSize = size % encr.BlockSize == 0 ? size : (size + (encr.BlockSize - (size % encr.BlockSize)));
var buffer = new byte[size];
dataStream.Seek((int)pos, SeekOrigin.Begin);
dataStream.Read(buffer, 0, (int)size);
cryptoStream.Write(buffer, 0, (int)size);
while (size % encr.BlockSize != 0)
{
cryptoStream.WriteByte(0);
size++;
}
}
private byte[] GetFinalHash(HashAlgorithm hashProvider, EncryptionInfoAgile.EncryptionKeyEncryptor encr, byte[] blockKey, byte[] hash)
{
//2.3.4.13 MS-OFFCRYPTO
var tempHash = new byte[hash.Length + blockKey.Length];
Array.Copy(hash, tempHash, hash.Length);
Array.Copy(blockKey, 0, tempHash, hash.Length, blockKey.Length);
var hashFinal = hashProvider.ComputeHash(tempHash);
return(hashFinal);
}
/// <summary>
/// Validate the password
/// </summary>
/// <param name="key">The encryption key</param>
/// <param name="encryptionInfo">The encryption info extracted from the ENCRYPTIOINFO stream inside the OLE document</param>
/// <returns></returns>
private bool IsPasswordValid(HashAlgorithm sha, EncryptionInfoAgile.EncryptionKeyEncryptor encr)
{
var valHash = sha.ComputeHash(encr.VerifierHashInput);
//Equal?
for (int i = 0; i < valHash.Length; i++)
{
if (encr.VerifierHash[i] != valHash[i])
{
return(false);
}
}
return(true);
}
/// <summary>
/// Create the hash.
/// This method is written with the help of Lyquidity library, many thanks for this nice sample
/// </summary>
/// <param name="password">The password</param>
/// <param name="encryptionInfo">The encryption info extracted from the ENCRYPTIOINFO stream inside the OLE document</param>
/// <param name="blockKey">The block key appended to the hash to obtain the final hash</param>
/// <returns>The hash to encrypt the document</returns>
private byte[] GetPasswordHashAgile(string password, EncryptionInfoAgile.EncryptionKeyEncryptor encr, byte[] blockKey)
{
try
{
var hashProvider = GetHashProvider(encr);
var hash = GetPasswordHash(hashProvider, encr.SaltValue, password, encr.SpinCount, encr.HashSize);
var hashFinal = GetFinalHash(hashProvider, encr, blockKey, hash);
return(FixHashSize(hashFinal, encr.KeyBits / 8));
}
catch (Exception ex)
{
throw (new Exception("An error occured when the encryptionkey was created", ex));
}
}
private HashAlgorithm GetHashProvider(EncryptionInfoAgile.EncryptionKeyEncryptor encr)
{
switch (encr.HashAlgorithm)
{
case eHashAlogorithm.MD5:
#if COREFX
return(MD5.Create());
#else
return(new MD5CryptoServiceProvider());
#endif
case eHashAlogorithm.RIPEMD160:
#if COREFX
throw new NotSupportedException("RIPEMD-160 is banned by SDL.");
#else
return(new RIPEMD160Managed());
#endif
case eHashAlogorithm.SHA1:
#if COREFX
return(SHA1.Create());
#else
return(new SHA1CryptoServiceProvider());
#endif
case eHashAlogorithm.SHA256:
#if COREFX
return(SHA256.Create());
#else
return(new SHA256CryptoServiceProvider());
#endif
case eHashAlogorithm.SHA384:
#if COREFX
return(SHA384.Create());
#else
return(new SHA384CryptoServiceProvider());
#endif
case eHashAlogorithm.SHA512:
#if COREFX
return(SHA512.Create());
#else
return(new SHA512CryptoServiceProvider());
#endif
default:
throw new NotSupportedException(string.Format("Hash provider is unsupported. {0}", encr.HashAlgorithm));
}
}
private SymmetricAlgorithm GetEncryptionAlgorithm(EncryptionInfoAgile.EncryptionKeyEncryptor encr)
{
switch (encr.CipherAlgorithm)
{
case eCipherAlgorithm.AES:
return(Aes.Create());
//case eCipherAlgorithm.DES:
// return new DESCryptoServiceProvider();
case eCipherAlgorithm.TRIPLE_DES:
case eCipherAlgorithm.TRIPLE_DES_112:
return(TripleDES.Create());
//case eCipherAlgorithm.RC2:
// return new RC2CryptoServiceProvider();
default:
throw(new NotSupportedException(string.Format("Unsupported Cipher Algorithm: {0}", encr.CipherAlgorithm.ToString())));
}
}
private byte[] DecryptAgileFromKey(EncryptionInfoAgile.EncryptionKeyEncryptor encr, byte[] key, byte[] encryptedData, long size, byte[] iv)
{
SymmetricAlgorithm decryptKey = GetEncryptionAlgorithm(encr);
decryptKey.BlockSize = encr.BlockSize << 3;
decryptKey.KeySize = encr.KeyBits;
#if COREFX
if (encr.CipherChaining == eChainingMode.ChainingModeCBC)
{
decryptKey.Mode = CipherMode.CBC;
}
else
{
throw new NotSupportedException("CipherMode.CFB is not supported yet.");
}
#else
decryptKey.Mode = encr.CipherChaining == eChainingMode.ChainingModeCBC ? CipherMode.CBC : CipherMode.CFB;
#endif
decryptKey.Padding = PaddingMode.Zeros;
ICryptoTransform decryptor = decryptKey.CreateDecryptor(
FixHashSize(key, encr.KeyBits / 8),
FixHashSize(iv, encr.BlockSize, 0x36));
MemoryStream dataStream = new MemoryStream(encryptedData);
CryptoStream cryptoStream = new CryptoStream(dataStream,
decryptor,
CryptoStreamMode.Read);
var decryptedData = new byte[size];
cryptoStream.Read(decryptedData, 0, (int)size);
return(decryptedData);
}
