private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen)
{
PbeParametersGenerator pGen = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pGen.Init(P, S, 1);
KeyParameter key = (KeyParameter)pGen.GenerateDerivedMacParameters(dkLen * 8);
return key.GetKey();
}
//http://stackoverflow.com/questions/34950611/how-to-create-a-pbkdf2-sha256-password-hash-in-c-sharp-bouncy-castle//
public byte[] GeneratePbkdf2Sha256DerivedKey(byte[] password, byte[] salt, int count, int dklen)
{
var pdb = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pdb.Init(password, salt, count);
//if dklen == 32, then it is 256 (8 * 32)
var key = (KeyParameter)pdb.GenerateDerivedMacParameters(8 * dklen);
return key.GetKey();
}
private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen)
{
PbeParametersGenerator pGen = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pGen.Init(P, S, 1);
KeyParameter key = (KeyParameter)pGen.GenerateDerivedMacParameters(dkLen * 8);
return(key.GetKey());
}
public byte[] DeriveKey(string password, byte[] salt)
{
var passwordInBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray());
var keyGenerator = new Pkcs5S2ParametersGenerator();
keyGenerator.Init(passwordInBytes, salt, _iterations);
var keyParameter = (KeyParameter) keyGenerator.GenerateDerivedMacParameters(_keyBitSize);
var keyBytes = keyParameter.GetKey();
return keyBytes;
}
public static bool CheckPassword(string rawPassword, string hashPassword, string salt)
{
Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
byte[] seed = StringHelper.FromBase64String(salt);
kdf.Init(StringHelper.GetBytes(rawPassword), seed, 100);
byte[] hash = ((KeyParameter)kdf.GenerateDerivedMacParameters(8 * rawPassword.Length)).GetKey();
byte[] hashToCheck = StringHelper.FromBase64String(hashPassword);
return AreBytesArraysEqual(hash, hashToCheck);
}
public void TestPBE3()
{
Stopwatch sw = new Stopwatch();
sw.Start();
var rng = new RNGCryptoServiceProvider();
byte[] data = new byte[30];
rng.GetBytes(data);
var pk = new Pkcs5S2ParametersGenerator(new Sha512Digest());
pk.Init(Encoding.UTF8.GetBytes("test"), data, 400000);
pk.GenerateDerivedMacParameters(20 * 8);
sw.Stop();
System.Console.WriteLine(sw.Elapsed.TotalMilliseconds);
}
/// <summary>
/// Generates a key from a password and salt and IV
/// </summary>
/// <param name="password"></param>
/// <param name="saltBytes"></param>
/// <param name="ivBytes"></param>
/// <returns></returns>
private static ParametersWithIV GenerateKey(string password, byte[] saltBytes, byte[] ivBytes)
{
var passBytes = PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray());
//create key generator
var generator = new Pkcs5S2ParametersGenerator();
//initialize
generator.Init(passBytes, saltBytes, KEY_DERIVATION_ITERATION);
//generate with a 256bit key, and a 128bit IV
var kp = new ParametersWithIV(generator.GenerateDerivedParameters(ALGORITHM_NAME, KEY_SIZE), ivBytes);
return kp;
}
public static string HashPassword(string rawPassword, string salt, int hashLength = 10)
{
SecureRandom rng = new SecureRandom();
Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
byte[] seed = StringHelper.GetBytes(salt);
kdf.Init(StringHelper.GetBytes(rawPassword), seed, 100);
byte[] hash = ((KeyParameter)kdf.GenerateDerivedMacParameters(8 * hashLength)).GetKey();
salt = StringHelper.ToBase64String(seed);
return StringHelper.ToBase64String(hash);
}
internal override KeyParameter GetEncoded(
string algorithmOid)
{
Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator();
gen.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(this.Password),
this.Salt,
this.IterationCount);
return (KeyParameter) gen.GenerateDerivedParameters(
algorithmOid,
CmsEnvelopedHelper.Instance.GetKeySize(algorithmOid));
}
/// <summary>
/// Simple Encryption And Authentication (AES-GCM) of a UTF8 String
/// using key derived from a password.
/// </summary>
/// <param name="secretMessage">The secret message.</param>
/// <param name="password">The password.</param>
/// <param name="nonSecretPayload">The non secret payload.</param>
/// <returns>
/// Encrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Must have a password of minimum length;password</exception>
/// <remarks>
/// Significantly less secure than using random binary keys.
/// Adds additional non secret payload for key generation parameters.
/// </remarks>
public static byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null)
{
nonSecretPayload = nonSecretPayload ?? new byte[] { };
//User Error Checks
if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)
throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password");
if (secretMessage == null || secretMessage.Length == 0)
throw new ArgumentException("Secret Message Required!", "secretMessage");
var generator = new Pkcs5S2ParametersGenerator();
//Use Random Salt to minimize pre-generated weak password attacks.
var salt = new byte[SaltBitSize / 8];
Random.NextBytes(salt);
generator.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()),
salt,
Iterations);
//Generate Key
var key = (KeyParameter)generator.GenerateDerivedMacParameters(KeyBitSize);
//Create Full Non Secret Payload
var payload = new byte[salt.Length + nonSecretPayload.Length];
Array.Copy(nonSecretPayload, payload, nonSecretPayload.Length);
Array.Copy(salt, 0, payload, nonSecretPayload.Length, salt.Length);
return SimpleEncrypt(secretMessage, key.GetKey(), payload);
}
static PbeParametersGenerator MakePbeGenerator(
string type,
IDigest digest,
byte[] key,
byte[] salt,
int iterationCount)
{
PbeParametersGenerator generator;
if (type.Equals(Pkcs5S1))
{
generator = new Pkcs5S1ParametersGenerator(digest);
}
else if (type.Equals(Pkcs5S2))
{
generator = new Pkcs5S2ParametersGenerator();
}
else if (type.Equals(Pkcs12))
{
generator = new Pkcs12ParametersGenerator(digest);
}
else if (type.Equals(OpenSsl))
{
generator = new OpenSslPbeParametersGenerator();
}
else
{
throw new ArgumentException("Unknown PBE type: " + type, "type");
}
generator.Init(key, salt, iterationCount);
return generator;
}
private KeyParameter CreateKey(string password, byte[] salt, int iterations, int keySizeInBits)
{
var generator = new Pkcs5S2ParametersGenerator(new Sha256Digest());
generator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, iterations);
return (KeyParameter)generator.GenerateDerivedMacParameters(keySizeInBits);
}
public override void PerformTest()
{
char[] password = "******".ToCharArray();
PbeParametersGenerator generator = new Pkcs5S2ParametersGenerator();
EncryptedPrivateKeyInfo info = null;
try
{
info = EncryptedPrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(sample));
}
catch (System.Exception e)
{
Fail("failed construction - exception " + e.ToString(), e);
}
PbeS2Parameters alg = PbeS2Parameters.GetInstance(info.EncryptionAlgorithm.Parameters);
Pbkdf2Params func = Pbkdf2Params.GetInstance(alg.KeyDerivationFunc.Parameters);
EncryptionScheme scheme = alg.EncryptionScheme;
if (func.KeyLength != null)
{
keySize = func.KeyLength.IntValue * 8;
}
int iterationCount = func.IterationCount.IntValue;
byte[] salt = func.GetSalt();
generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount);
DerObjectIdentifier algOid = scheme.Algorithm;
byte[] iv;
if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc))
{
RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(scheme.Asn1Object);
iv = rc2Params.GetIV();
}
else
{
iv = ((Asn1OctetString) scheme.Asn1Object).GetOctets();
}
ICipherParameters param = new ParametersWithIV(
generator.GenerateDerivedParameters(algOid.Id, keySize), iv);
cipher.Init(false, param);
byte[] data = info.GetEncryptedData();
byte[] outBytes = new byte[cipher.GetOutputSize(data.Length)];
int len = cipher.ProcessBytes(data, 0, data.Length, outBytes, 0);
try
{
len += cipher.DoFinal(outBytes, len);
}
catch (Exception e)
{
Fail("failed DoFinal - exception " + e.ToString());
}
if (result.Length != len)
{
Fail("failed length");
}
for (int i = 0; i != len; i++)
{
if (outBytes[i] != result[i])
{
Fail("failed comparison");
}
}
}
public override void PerformTest()
{
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new DesEngine()));
SimpleTest test = new PbeTest(this, 0, cipher, sample1, 64);
test.PerformTest();
cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new DesEdeEngine()));
test = new PbeTest(this, 1, cipher, sample2, 192);
test.PerformTest();
cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new RC2Engine()));
test = new PbeTest(this, 2, cipher, sample3, 0);
test.PerformTest();
//
// RFC 3211 tests
//
char[] password = "******".ToCharArray();
PbeParametersGenerator generator = new Pkcs5S2ParametersGenerator();
byte[] salt = Hex.Decode("1234567878563412");
generator.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(password),
salt,
5);
if (!AreEqual(((KeyParameter)generator.GenerateDerivedParameters("DES", 64)).GetKey(),
Hex.Decode("d1daa78615f287e6")))
{
Fail("64 test failed");
}
password = "******".ToCharArray();
generator.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(password),
salt,
500);
if (!AreEqual(((KeyParameter)generator.GenerateDerivedParameters("DESEDE", 192)).GetKey(),
Hex.Decode("6a8970bf68c92caea84a8df28510858607126380cc47ab2d")))
{
Fail("192 test failed");
}
generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, 60000);
if (!AreEqual(((KeyParameter)generator.GenerateDerivedParameters("DESEDE", 192)).GetKey(),
Hex.Decode("29aaef810c12ecd2236bbcfb55407f9852b5573dc1c095bb")))
{
Fail("192 (60000) test failed");
}
}
/// <summary>
/// Simple Decryption and Authentication of a UTF8 message
/// using a key derived from a password
/// </summary>
/// <param name="encryptedMessage">The encrypted message.</param>
/// <param name="password">The password.</param>
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
/// <returns>
/// Decrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Must have a password of minimum length;password</exception>
/// <remarks>
/// Significantly less secure than using random binary keys.
/// </remarks>
public static byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0)
{
//User Error Checks
if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)
throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password");
if (encryptedMessage == null || encryptedMessage.Length == 0)
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
var generator = new Pkcs5S2ParametersGenerator();
//Grab Salt from Payload
var salt = new byte[SaltBitSize / 8];
Array.Copy(encryptedMessage, nonSecretPayloadLength, salt, 0, salt.Length);
generator.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()),
salt,
Iterations);
//Generate Key
var key = (KeyParameter)generator.GenerateDerivedMacParameters(KeyBitSize);
return SimpleDecrypt(encryptedMessage, key.GetKey(), salt.Length + nonSecretPayloadLength);
}
/// <summary>
/// Gets the derived bytes using the store's parameters
/// </summary>
/// <param name="length">The length.</param>
/// <param name="passwordPrompt">The password prompt.</param>
/// <returns></returns>
/// <exception cref="InvalidKeySetException">Hmac_Sha256 not supported.</exception>
protected byte[] GetDerivedBytes(int length, Func<string> passwordPrompt)
{
PbeParametersGenerator pdb;
if (Hmac == PbeHashType.HmacSha1)
{
pdb = new Pkcs5S2ParametersGenerator();
pdb.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(passwordPrompt().ToCharArray()), Salt,
IterationCount);
}
else if (Hmac == PbeHashType.HmacSha256)
{
throw new InvalidKeySetException("Hmac_Sha256 not supported.");
}
else
{
throw new InvalidKeySetException("Unknown Pbe Cipher");
}
var key = (KeyParameter) pdb.GenerateDerivedMacParameters(length*8);
return key.GetKey();
}
/// <summary>
/// Generate an AES key using a given password and salt.
/// </summary>
/// <param name="password">The password to be used to create the key.</param>
/// <param name="salt">The 32 byte long array to be used to create the key.</param>
public void GenerateKey(string password, byte[] salt)
{
Pkcs5S2ParametersGenerator generator = new Pkcs5S2ParametersGenerator();
byte[] passwordBytes = Pkcs5S2ParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray());
generator.Init(passwordBytes, salt, 20000);
aes_key = (KeyParameter) generator.GenerateDerivedMacParameters(AES_256);
}
/// <summary>
/// Generate an AES key. A key generated by this method would typically be
/// encrypted using RSA and sent to the recipient along with data that was
/// encrypted with the key. The recipient would then decrypt the key using
/// RSA then use the key to decrypt the data.
/// </summary>
public void GenerateKey()
{
Pkcs5S2ParametersGenerator generator = new Pkcs5S2ParametersGenerator();
SecureRandom random = new SecureRandom();
byte[] password = new byte[SALT_SIZE];
random.NextBytes(password);
generator.Init(password, GenerateSalt(), 20000);
aes_key = (KeyParameter) generator.GenerateDerivedMacParameters(AES_256);
}
/// <summary>
/// Computes the PBKDF2-SHA256 hash of a password.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <param name="salt">The salt.</param>
/// <param name="iterations">The PBKDF2 iteration count.</param>
/// <param name="outputBytes">The length in bytes of the hash to
/// generate.</param>
/// <returns>A hash of the password.</returns>
private static byte[] PBKDF2(string password, byte[] salt,
uint iterations, int outputBytes)
{
Pkcs5S2ParametersGenerator gen =
new Pkcs5S2ParametersGenerator(new Sha256Digest());
gen.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(
password.ToCharArray()), salt, Iterations);
KeyParameter key = (KeyParameter) gen
.GenerateDerivedMacParameters(HashByteSize * 8);
return key.GetKey();
}
