| public GenerateDerivedMacParameters ( int keySize ) : ICipherParameters | ||
| keySize | int | |
| return | ICipherParameters | |
private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen)
{
PbeParametersGenerator pGen = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pGen.Init(P, S, 1);
KeyParameter key = (KeyParameter)pGen.GenerateDerivedMacParameters(dkLen * 8);
return key.GetKey();
}
//http://stackoverflow.com/questions/34950611/how-to-create-a-pbkdf2-sha256-password-hash-in-c-sharp-bouncy-castle//
public byte[] GeneratePbkdf2Sha256DerivedKey(byte[] password, byte[] salt, int count, int dklen)
{
var pdb = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pdb.Init(password, salt, count);
//if dklen == 32, then it is 256 (8 * 32)
var key = (KeyParameter)pdb.GenerateDerivedMacParameters(8 * dklen);
return key.GetKey();
}
private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen)
{
PbeParametersGenerator pGen = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pGen.Init(P, S, 1);
KeyParameter key = (KeyParameter)pGen.GenerateDerivedMacParameters(dkLen * 8);
return(key.GetKey());
}
public byte[] DeriveKey(string password, byte[] salt)
{
var passwordInBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray());
var keyGenerator = new Pkcs5S2ParametersGenerator();
keyGenerator.Init(passwordInBytes, salt, _iterations);
var keyParameter = (KeyParameter) keyGenerator.GenerateDerivedMacParameters(_keyBitSize);
var keyBytes = keyParameter.GetKey();
return keyBytes;
}
public static bool CheckPassword(string rawPassword, string hashPassword, string salt)
{
Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
byte[] seed = StringHelper.FromBase64String(salt);
kdf.Init(StringHelper.GetBytes(rawPassword), seed, 100);
byte[] hash = ((KeyParameter)kdf.GenerateDerivedMacParameters(8 * rawPassword.Length)).GetKey();
byte[] hashToCheck = StringHelper.FromBase64String(hashPassword);
return AreBytesArraysEqual(hash, hashToCheck);
}
public void TestPBE3()
{
Stopwatch sw = new Stopwatch();
sw.Start();
var rng = new RNGCryptoServiceProvider();
byte[] data = new byte[30];
rng.GetBytes(data);
var pk = new Pkcs5S2ParametersGenerator(new Sha512Digest());
pk.Init(Encoding.UTF8.GetBytes("test"), data, 400000);
pk.GenerateDerivedMacParameters(20 * 8);
sw.Stop();
System.Console.WriteLine(sw.Elapsed.TotalMilliseconds);
}
public static string HashPassword(string rawPassword, string salt, int hashLength = 10)
{
SecureRandom rng = new SecureRandom();
Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
byte[] seed = StringHelper.GetBytes(salt);
kdf.Init(StringHelper.GetBytes(rawPassword), seed, 100);
byte[] hash = ((KeyParameter)kdf.GenerateDerivedMacParameters(8 * hashLength)).GetKey();
salt = StringHelper.ToBase64String(seed);
return StringHelper.ToBase64String(hash);
}
private KeyParameter CreateKey(string password, byte[] salt, int iterations, int keySizeInBits)
{
var generator = new Pkcs5S2ParametersGenerator(new Sha256Digest());
generator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, iterations);
return (KeyParameter)generator.GenerateDerivedMacParameters(keySizeInBits);
}
/// <summary>
/// Simple Decryption and Authentication of a UTF8 message
/// using a key derived from a password
/// </summary>
/// <param name="encryptedMessage">The encrypted message.</param>
/// <param name="password">The password.</param>
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
/// <returns>
/// Decrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Must have a password of minimum length;password</exception>
/// <remarks>
/// Significantly less secure than using random binary keys.
/// </remarks>
public static byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0)
{
//User Error Checks
if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)
throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password");
if (encryptedMessage == null || encryptedMessage.Length == 0)
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
var generator = new Pkcs5S2ParametersGenerator();
//Grab Salt from Payload
var salt = new byte[SaltBitSize / 8];
Array.Copy(encryptedMessage, nonSecretPayloadLength, salt, 0, salt.Length);
generator.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()),
salt,
Iterations);
//Generate Key
var key = (KeyParameter)generator.GenerateDerivedMacParameters(KeyBitSize);
return SimpleDecrypt(encryptedMessage, key.GetKey(), salt.Length + nonSecretPayloadLength);
}
/// <summary>
/// Simple Encryption And Authentication (AES-GCM) of a UTF8 String
/// using key derived from a password.
/// </summary>
/// <param name="secretMessage">The secret message.</param>
/// <param name="password">The password.</param>
/// <param name="nonSecretPayload">The non secret payload.</param>
/// <returns>
/// Encrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Must have a password of minimum length;password</exception>
/// <remarks>
/// Significantly less secure than using random binary keys.
/// Adds additional non secret payload for key generation parameters.
/// </remarks>
public static byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null)
{
nonSecretPayload = nonSecretPayload ?? new byte[] { };
//User Error Checks
if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)
throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password");
if (secretMessage == null || secretMessage.Length == 0)
throw new ArgumentException("Secret Message Required!", "secretMessage");
var generator = new Pkcs5S2ParametersGenerator();
//Use Random Salt to minimize pre-generated weak password attacks.
var salt = new byte[SaltBitSize / 8];
Random.NextBytes(salt);
generator.Init(
PbeParametersGenerator.Pkcs5PasswordToBytes(password.ToCharArray()),
salt,
Iterations);
//Generate Key
var key = (KeyParameter)generator.GenerateDerivedMacParameters(KeyBitSize);
//Create Full Non Secret Payload
var payload = new byte[salt.Length + nonSecretPayload.Length];
Array.Copy(nonSecretPayload, payload, nonSecretPayload.Length);
Array.Copy(salt, 0, payload, nonSecretPayload.Length, salt.Length);
return SimpleEncrypt(secretMessage, key.GetKey(), payload);
}
/// <summary>
/// Generate an AES key using a given password and salt.
/// </summary>
/// <param name="password">The password to be used to create the key.</param>
/// <param name="salt">The 32 byte long array to be used to create the key.</param>
public void GenerateKey(string password, byte[] salt)
{
Pkcs5S2ParametersGenerator generator = new Pkcs5S2ParametersGenerator();
byte[] passwordBytes = Pkcs5S2ParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray());
generator.Init(passwordBytes, salt, 20000);
aes_key = (KeyParameter) generator.GenerateDerivedMacParameters(AES_256);
}
/// <summary>
/// Generate an AES key. A key generated by this method would typically be
/// encrypted using RSA and sent to the recipient along with data that was
/// encrypted with the key. The recipient would then decrypt the key using
/// RSA then use the key to decrypt the data.
/// </summary>
public void GenerateKey()
{
Pkcs5S2ParametersGenerator generator = new Pkcs5S2ParametersGenerator();
SecureRandom random = new SecureRandom();
byte[] password = new byte[SALT_SIZE];
random.NextBytes(password);
generator.Init(password, GenerateSalt(), 20000);
aes_key = (KeyParameter) generator.GenerateDerivedMacParameters(AES_256);
}
/// <summary>
/// Computes the PBKDF2-SHA256 hash of a password.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <param name="salt">The salt.</param>
/// <param name="iterations">The PBKDF2 iteration count.</param>
/// <param name="outputBytes">The length in bytes of the hash to
/// generate.</param>
/// <returns>A hash of the password.</returns>
private static byte[] PBKDF2(string password, byte[] salt,
uint iterations, int outputBytes)
{
Pkcs5S2ParametersGenerator gen =
new Pkcs5S2ParametersGenerator(new Sha256Digest());
gen.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(
password.ToCharArray()), salt, Iterations);
KeyParameter key = (KeyParameter) gen
.GenerateDerivedMacParameters(HashByteSize * 8);
return key.GetKey();
}
