}// Encrypt()
public static byte[] Decrypt(byte[] masterKey, byte[] ciphertext, byte[] salt = null)
{
int cipherLength = ciphertext.Length - minCiphertextLength;
if (cipherLength <= 0) return null;
int ivcipherLength = aesIVLength + cipherLength;
byte[] encKey, macKey;
using (var hkdf = new HKDF(hmacFactory, masterKey, salt))
{
macKey = hkdf.GetBytes(macKeyLength);
encKey = hkdf.GetBytes(encKeyLength);
}
using (var aes = aesFactory())
{
aes.Key = encKey;
using (var hmac = hmacFactory())
{
hmac.Key = macKey;
var fullmacActual = hmac.ComputeHash(ciphertext, 0, ivcipherLength);
if (!Util.Xor(fullmacActual, 0, macLength, ciphertext, ivcipherLength, macLength)) return null;
var iv = new byte[aesIVLength];
Buffer.BlockCopy(ciphertext, 0, iv, 0, aesIVLength);
aes.IV = iv;
using (var stream = new MemoryStream())
{
using (var aesDecryptor = aes.CreateDecryptor())
{
using (var cryptoStream = new CryptoStream(stream, aesDecryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(ciphertext, aesIVLength, cipherLength);
}// using cryptoStream
}// using aesDecryptor
return stream.ToArray();
}// using stream
}// using hmac
}// using aes
}// Decrypt()
public static byte[] Decrypt(byte[] masterKey, byte[] ciphertext, byte[] salt = null)
{
int cipherLength = ciphertext.Length - minCiphertextLength;
if (cipherLength <= 0) return null;
int ivcipherLength = aesIVLength + cipherLength;
byte[] encKey, macKey;
using (var hkdf = new HKDF(hmacFactory, masterKey, salt))
{
macKey = hkdf.GetBytes(macKeyLength);
encKey = hkdf.GetBytes(encKeyLength);
}
using (var aes = aesFactory())
{
aes.Key = encKey;
using (var hmac = hmacFactory())
{
hmac.Key = macKey;
var fullmacActual = hmac.ComputeHash(ciphertext, 0, ivcipherLength);
if (!Util.Xor(fullmacActual, 0, macLength, ciphertext, ivcipherLength, macLength)) return null;
var iv = new byte[aesIVLength];
Buffer.BlockCopy(ciphertext, 0, iv, 0, aesIVLength);
aes.IV = iv;
using (var stream = new MemoryStream())
{
using (var aesDecryptor = aes.CreateDecryptor())
{
using (var cryptoStream = new CryptoStream(stream, aesDecryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(ciphertext, aesIVLength, cipherLength);
}// using cryptoStream
}// using aesDecryptor
return stream.ToArray();
}// using stream
}// using hmac
}// using aes
}
public static byte[] Encrypt(byte[] masterKey, byte[] plaintext, byte[] salt = null)
{
byte[] encKey, macKey;
using (var hkdf = new HKDF(hmacFactory, masterKey, salt))
{
macKey = hkdf.GetBytes(macKeyLength);
encKey = hkdf.GetBytes(encKeyLength);
}
using (var aes = aesFactory())
{
aes.Key = encKey;
var iv = aes.IV; // generates new IV
using (var stream = new MemoryStream())
{
stream.Write(iv, 0, iv.Length);
using (var aesEncryptor = aes.CreateEncryptor())
{
using (var cryptoStream = new CryptoStream(stream, aesEncryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plaintext, 0, plaintext.Length);
cryptoStream.FlushFinalBlock();
using (var hmac = hmacFactory())
{
hmac.Key = macKey;
var fullmac = hmac.ComputeHash(stream.GetBuffer(), 0, (int)stream.Length);
stream.Write(fullmac, 0, macLength);
return stream.ToArray();
}// using hmac
}// using cryptoStream
}// using aesEncryptor
}// using stream
}// using aes
}// Encrypt()
public static byte[] Encrypt(byte[] masterKey, byte[] plaintext, byte[] salt = null)
{
byte[] encKey, macKey;
using (var hkdf = new HKDF(hmacFactory, masterKey, salt))
{
macKey = hkdf.GetBytes(macKeyLength);
encKey = hkdf.GetBytes(encKeyLength);
}
using (var aes = aesFactory())
{
aes.Key = encKey;
var iv = aes.IV; // generates new IV
using (var stream = new MemoryStream())
{
stream.Write(iv, 0, iv.Length);
using (var aesEncryptor = aes.CreateEncryptor())
{
using (var cryptoStream = new CryptoStream(stream, aesEncryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plaintext, 0, plaintext.Length);
cryptoStream.FlushFinalBlock();
using (var hmac = hmacFactory())
{
hmac.Key = macKey;
var fullmac = hmac.ComputeHash(stream.GetBuffer(), 0, (int)stream.Length);
stream.Write(fullmac, 0, macLength);
return stream.ToArray();
}// using hmac
}// using cryptoStream
}// using aesEncryptor
}// using stream
}// using aes
}
static HashResult HashWithAuthentication(byte[] text, byte[] salt, byte[] key, EnmHashingAlgorithm algorithm)
{
if (text == null || text.Length == 0)
return null;
if (salt == null || salt.Length < SALT_LENGTH)
throw new ArgumentException("Must be atleast " + SALT_LENGTH.ToString() + " characters in length", "salt");
if (key == null || key.Length < MIN_SECRETKEY_LENGTH)
throw new ArgumentException("Must be atleast " + MIN_SECRETKEY_LENGTH.ToString() + " characters in length", "masterKey");
// Tussenstap: Genereer nu o.b.v. de (master)key en de salt een nieuwe afgeleide sleutel waarmee we gaan hashen: de zogenaamde hashKey.
// Dit doen we zodat je de key niet kan herleiden uit de hash die we straks gaan genereren.
byte[] hashkeyBytes; // De hashkey. Hiermee gaan we zometeen hashen
using (var hkdf = new HKDF(SecurityDrivenDotNet.HMACFactories.HMACSHA512, key, salt))
hashkeyBytes = hkdf.GetBytes(64);
// Magic: Transformeer de data, met behulp van de sleutel, naar een onleesbare maar voorspelbare hash.
var hash = new HMAC2(algorithm.Factory(), hashkeyBytes).ComputeHash(text);
// Retourneer het resultaat als een BASE-64 encoded string
return new HashResult(algorithm.ToString(), Convert.ToBase64String(salt), Convert.ToBase64String(hash));
}
