/// <inheritdoc />
protected internal override byte[] DeriveKeyMaterial(IKeyDerivationParameters parameters, int desiredKeySize)
{
// Right now we're assuming that KdfGenericBinary is directly usable as a salt
// in RFC2898. When our KeyDerivationParametersFactory class supports
// more parameter types than just BuildForPbkdf2, we might need to adjust this code
// to handle each type of parameter.
byte[] salt = parameters.KdfGenericBinary;
#pragma warning disable CA5379 // Do Not Use Weak Key Derivation Function Algorithm
switch (this.Algorithm)
{
case KeyDerivationAlgorithm.Pbkdf2Sha1:
using (var deriveBytes = new Platform.Rfc2898DeriveBytes(this.Key, salt, parameters.IterationCount))
{
return(deriveBytes.GetBytes(desiredKeySize));
}
default:
#if NETSTANDARD2_0
throw new NotImplementedByReferenceAssemblyException();
#else
using (var deriveBytes = new Platform.Rfc2898DeriveBytes(this.Key, salt, parameters.IterationCount, GetHashAlgorithm(this.Algorithm)))
{
return(deriveBytes.GetBytes(desiredKeySize));
}
#endif
}
#pragma warning restore CA5379 // Do Not Use Weak Key Derivation Function Algorithm
}
public void CreateKey()
{
foreach (var algorithmAndExpectedResult in this.stretchedKeyBase64)
{
this.logger.WriteLine("Testing algorithm: {0}", algorithmAndExpectedResult.Key);
var algorithm = WinRTCrypto.KeyDerivationAlgorithmProvider.OpenAlgorithm(algorithmAndExpectedResult.Key);
ICryptographicKey key = algorithm.CreateKey(this.originalKey);
Assert.NotNull(key);
Assert.Equal(this.originalKey.Length * 8, key.KeySize);
IKeyDerivationParameters parameters = WinRTCrypto.KeyDerivationParameters.BuildForPbkdf2(this.salt, this.iterations);
Assert.Equal(this.iterations, parameters.IterationCount);
CollectionAssertEx.AreEqual(this.salt, parameters.KdfGenericBinary);
try
{
byte[] keyMaterial = WinRTCrypto.CryptographicEngine.DeriveKeyMaterial(key, parameters, 20);
Assert.Equal(algorithmAndExpectedResult.Value, Convert.ToBase64String(keyMaterial));
}
catch (NotSupportedException)
{
this.logger.WriteLine(" - Not supported on this platform");
}
}
}
/// <inheritdoc />
protected internal override byte[] DeriveKeyMaterial(IKeyDerivationParameters parameters, int desiredKeySize)
{
return(Platform.Core.CryptographicEngine.DeriveKeyMaterial(
this.platformKey,
((KeyDerivationParameters)parameters).Parameters,
(uint)desiredKeySize).ToArray());
}
/// <inheritdoc />
public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize)
{
var platformKey = ((CryptographicKey)key).Key;
var platformParameters = ((KeyDerivationParameters)parameters).Parameters;
return(Platform.Core.CryptographicEngine.DeriveKeyMaterial(platformKey, platformParameters, (uint)desiredKeySize).ToArray());
}
/// <inheritdoc />
public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize)
{
// Right now we're assuming that KdfGenericBinary is directly usable as a salt
// in RFC2898. When our KeyDerivationParametersFactory class supports
// more parameter types than just BuildForPbkdf2, we might need to adjust this code
// to handle each type of parameter.
var keyMaterial = ((KeyDerivationCryptographicKey)key).Key;
byte[] salt = parameters.KdfGenericBinary;
var deriveBytes = new Platform.Rfc2898DeriveBytes(keyMaterial, salt, parameters.IterationCount);
return(deriveBytes.GetBytes(desiredKeySize));
}
public void CreateKey()
{
var algorithm = WinRTCrypto.KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithm.Pbkdf2Sha1);
ICryptographicKey key = algorithm.CreateKey(this.originalKey);
Assert.IsNotNull(key);
Assert.AreEqual(this.originalKey.Length * 8, key.KeySize);
IKeyDerivationParameters parameters = WinRTCrypto.KeyDerivationParameters.BuildForPbkdf2(this.salt, this.iterations);
Assert.AreEqual(this.iterations, parameters.IterationCount);
CollectionAssertEx.AreEqual(this.salt, parameters.KdfGenericBinary);
byte[] keyMaterial = WinRTCrypto.CryptographicEngine.DeriveKeyMaterial(key, parameters, 20);
Assert.AreEqual(this.stretchedKeyBase64, Convert.ToBase64String(keyMaterial));
}
/// <inheritdoc />
protected internal override byte[] DeriveKeyMaterial(IKeyDerivationParameters parameters, int desiredKeySize)
{
// Right now we're assuming that KdfGenericBinary is directly usable as a salt
// in RFC2898. When our KeyDerivationParametersFactory class supports
// more parameter types than just BuildForPbkdf2, we might need to adjust this code
// to handle each type of parameter.
byte[] salt = parameters.KdfGenericBinary;
switch (this.Algorithm)
{
case KeyDerivationAlgorithm.Pbkdf2Sha1:
var deriveBytes = new Platform.Rfc2898DeriveBytes(this.Key, salt, parameters.IterationCount);
return(deriveBytes.GetBytes(desiredKeySize));
default:
// TODO: consider using Platform.PasswordDeriveBytes if it can
// support some more of these algorithms.
throw new NotSupportedException("Only KeyDerivationAlgorithm.Pbkdf2Sha1 is supported for this platform.");
}
}
/// <summary>
/// Derives a key from another key by using a key derivation function.
/// </summary>
/// <param name="parameters">Derivation parameters. The parameters vary depending on the type of KDF algorithm
/// used.</param>
/// <param name="desiredKeySize">Requested size, in bytes, of the derived key.</param>
/// <returns>
/// Buffer that contains the derived key.
/// </returns>
protected internal virtual byte[] DeriveKeyMaterial(IKeyDerivationParameters parameters, int desiredKeySize)
{
throw new NotImplementedException();
}
/// <inheritdoc />
public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize)
{
// Right now we're assuming that KdfGenericBinary is directly usable as a salt
// in RFC2898. When our KeyDerivationParametersFactory class supports
// more parameter types than just BuildForPbkdf2, we might need to adjust this code
// to handle each type of parameter.
var keyDerivation = (KeyDerivationCryptographicKey)key;
byte[] salt = parameters.KdfGenericBinary;
switch (keyDerivation.Algorithm)
{
case KeyDerivationAlgorithm.Pbkdf2Sha1:
var deriveBytes = new Platform.Rfc2898DeriveBytes(keyDerivation.Key, salt, parameters.IterationCount);
return deriveBytes.GetBytes(desiredKeySize);
default:
// TODO: consider using Platform.PasswordDeriveBytes if it can
// support some more of these algorithms.
throw new NotSupportedException("Only KeyDerivationAlgorithm.Pbkdf2Sha1 is supported for this platform.");
}
}
/// <summary>
/// Derives a key from another key by using a key derivation function.
/// </summary>
/// <param name="parameters">Derivation parameters. The parameters vary depending on the type of KDF algorithm
/// used.</param>
/// <param name="desiredKeySize">Requested size, in bytes, of the derived key.</param>
/// <returns>
/// Buffer that contains the derived key.
/// </returns>
protected internal virtual byte[] DeriveKeyMaterial(IKeyDerivationParameters parameters, int desiredKeySize)
{
throw new NotImplementedException();
}
/// <inheritdoc />
public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize)
{
return(((CryptographicKey)key).DeriveKeyMaterial(parameters, desiredKeySize));
}
/// <inheritdoc />
protected internal override byte[] DeriveKeyMaterial(IKeyDerivationParameters parameters, int desiredKeySize)
{
var platformParameters = ((KeyDerivationParameters)parameters).Parameters;
return Platform.CryptographicEngine.DeriveKeyMaterial(this.key, platformParameters, (uint)desiredKeySize).ToArray();
}
/// <inheritdoc />
public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize)
{
return ((CryptographicKey)key).DeriveKeyMaterial(parameters, desiredKeySize);
}
/// <inheritdoc />
public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize)
{
var platformKey = ((CryptographicKey)key).Key;
var platformParameters = ((KeyDerivationParameters)parameters).Parameters;
return Platform.Core.CryptographicEngine.DeriveKeyMaterial(platformKey, platformParameters, (uint)desiredKeySize).ToArray();
}
