/// <summary> /// Resets the current KeysV3 object with the Passphrase, converting it into the proper internal TripleSec encryption and HMAC keys. /// </summary> /// <param name="PassphraseBytes">The Passphrase as a series of bytes.</param> /// <param name="RNG"></param> /// <param name="WipePassphrase">Wipe the passphrase from memory when no longer needed? WARNING: USE WITH CAUTION!!!</param> public void Initialize(byte[] PassphraseBytes, RNGV4 RNG, bool WipePassphrase = false) { if (RNG == null) { RNG = new RNGV4(); } Initialize(PassphraseBytes, RNG.Salt, WipePassphrase); }
/// <summary> /// Resets the current KeysV3 object with the Passphrase, converting it into the proper internal TripleSec encryption and HMAC keys. /// </summary> /// <param name="Passphrase">The Passphrase string.</param> /// <param name="RNG"></param> /// <param name="WipePassphrase">Wipe the passphrase from memory when no longer needed? WARNING: USE WITH CAUTION!!!</param> public void Initialize(string Passphrase, RNGV4 RNG, bool WipePassphrase = false) { if (RNG == null) { RNG = new RNGV4(); } Initialize(new UTF8Encoding().GetBytes(Passphrase), RNG, WipePassphrase); }
/// <summary> /// Creates a new KeysV3 object with the Passphrase converted into the proper internal TripleSec encryption and HMAC keys. /// </summary> /// <param name="Passphrase">The Passphrase string.</param> /// <param name="RNG">A previously generated RNGV3 object (needed for the Salt).</param> /// <param name="WipePassphrase">Wipe the passphrase from memory when no longer needed? WARNING: USE WITH CAUTION!!!</param> public KeysV4(string Passphrase, RNGV4 RNG, bool WipePassphrase = false) { if (RNG == null) { RNG = new RNGV4(); } Initialize(Passphrase, RNG, WipePassphrase); }
// HASHLIB REMOVED -------------! /// <summary> /// Encrypt an array of bytes using the TripleSec protocol with the supplied passphrase. /// </summary> /// <param name="Source"></param> /// <param name="Passphrase"></param> /// <returns></returns> public static byte[] Encrypt(byte[] Source, byte[] Passphrase) { if (Source == null || Source.Length == 0) { throw new ArgumentNullException("Source"); } if (Passphrase == null || Passphrase.Length == 0) { throw new ArgumentNullException("Passphrase"); } #if DEBUG #pragma warning disable 618 // we know in DEBUG mode this will throw an Obsolete warning, this is a legitimate use of this function, so supress it #endif RNGV4 rng = new RNGV4(); // get a new salt and IV's KeysV4 keys = new KeysV4(Passphrase, rng); // build the internal keys based on the Passphrase and generated salt return(Encrypt(Source, keys, rng)); #if DEBUG #pragma warning restore 618 #endif }
/// <summary> /// Encrypt an array of bytes using the TripleSec protocol with the supplied passphrase. Internal function, not intended for use by an end coder. /// </summary> /// <param name="Source">Source array of bytes to process.</param> /// <param name="Keys">The KeysV3 object initialized with the proper keys.</param> /// <param name="IVs">The RNGV3 object initialized with the proper initialization arrays.</param> /// <returns>The encrypted array.</returns> internal static byte[] Encrypt(byte[] Source, KeysV4 Keys, RNGV4 IVs) #endif { if (Source == null || Source.Length == 0) { throw new ArgumentNullException("Source"); } if (Keys == null || !Keys.IsInitialized || IVs == null || !IVs.IsInitialized) { throw new InvalidOperationException("Keys and IVs objects must not be null (and both must be initialized)"); } // the added IV's and the signatures and the header always add up to the same length added to the original message length // if we're going to run out of memory, it will be here, or shortly thereafter byte[] OUT_BUFFER = new byte[Source.Length + 192]; //standard header stuff // All the header pieces are now copied by the built-in SHA512 method TransformBlock //XSalsa20 is up first byte[] interim = Chaos.NaCl.XSalsa20.Process(Source, Keys.XSalsa20_KEY, IVs.XSalsa20_IV); byte[] interim2 = new byte[interim.Length + IVs.XSalsa20_IV.Length]; // IV included here as it is part of the input to the next process Buffer.BlockCopy(IVs.XSalsa20_IV, 0, interim2, 0, IVs.XSalsa20_IV.Length); Buffer.BlockCopy(interim, 0, interim2, IVs.XSalsa20_IV.Length, interim.Length); ////Twofish is REMOVED FROM V4 //AES is last interim.Wipe(); // DON'T LEAK! BC.Crypto.Modes.SicBlockCipher aes = new BC.Crypto.Modes.SicBlockCipher(new BC.Crypto.Engines.AesEngine()); aes.Init(true, new BC.Crypto.Parameters.ParametersWithIV(new BC.Crypto.Parameters.KeyParameter(Keys.AES_KEY), IVs.AES_IV)); ProcessArray(aes, interim2, interim2); // process array in-place // buffer is copied to output by built-in HMACSHA512 TransFormBlock aes.Reset(); aes = null; HMACSHA512 sha512 = new HMACSHA512(Keys.HMACSHA512_KEY); sha512.TransformBlock(TRIPLESEC_MAGICPLUSVERSION4_BYTES, 0, TRIPLESEC_MAGICPLUSVERSION4_BYTELENGTH, OUT_BUFFER, 0); sha512.TransformBlock(Keys.Salt, 0, Keys.Salt.Length, OUT_BUFFER, SALT_START); sha512.TransformBlock(IVs.AES_IV, 0, IVs.AES_IV.Length, OUT_BUFFER, AES_IV_START); sha512.TransformBlock(interim2, 0, interim2.Length, OUT_BUFFER, CIPHERTEXT_START); sha512.TransformFinalBlock(interim2, 0, 0); // transform final block doesn't copy the output Buffer.BlockCopy(sha512.Hash, 0, OUT_BUFFER, HMACSHA512_START, sha512.Hash.Length); SHA3Managed.HMACSHA3_512 sha3_512 = new SHA3Managed.HMACSHA3_512(Keys.HMACSHA3_512_KEY); sha3_512.HashCore(TRIPLESEC_MAGICPLUSVERSION4_BYTES, 0, TRIPLESEC_MAGICPLUSVERSION4_BYTELENGTH); sha3_512.HashCore(Keys.Salt, 0, Keys.Salt.Length); sha3_512.HashCore(IVs.AES_IV, 0, IVs.AES_IV.Length); sha3_512.HashCore(interim2, 0, interim2.Length); sha3_512.HashFinal(interim2, 0, 0); // transform final block doesn't copy the output Buffer.BlockCopy(sha3_512.Hash, 0, OUT_BUFFER, HMACSHA3_512_START, sha3_512.Hash.Length); //#if DEBUG // System.Diagnostics.Debug.Print("ENCRYPT SIGNATURES: HMACSHA512, HMACSHA3_512, CipherText"); // System.Diagnostics.Debug.Print(BitConverter.ToString(sha512.Hash).Replace("-", "").ToLowerInvariant()); // System.Diagnostics.Debug.Print(BitConverter.ToString(sha3_512.Hash).Replace("-", "").ToLowerInvariant()); // System.Diagnostics.Debug.Print(BitConverter.ToString(OUT_BUFFER).Replace("-","").ToLowerInvariant()); //#endif // HASHLIB REMOVED -------- ! return(OUT_BUFFER); }
public static byte[] Encrypt(byte[] Source, KeysV4 Keys, RNGV4 IVs)
/// <summary> /// Resets the current KeysV3 object with the Passphrase, converting it into the proper internal TripleSec encryption and HMAC keys. /// </summary> /// <param name="PassphraseBytes">The Passphrase as a series of bytes.</param> /// <param name="Salt">The Salt as a series of bytes or NULL/NOTHING to use a newly created random sequence of bytes (use the Salt property to retrieve the created array).</param> /// <param name="WipePassphrase">Wipe the passphrase from memory when no longer needed? WARNING: USE WITH CAUTION!!!</param> public void Initialize(byte[] PassphraseBytes, byte[] Salt = null, bool WipePassphrase = false) { // all constructors and initializers end up here if (PassphraseBytes == null || PassphraseBytes.Length == 0) { throw new ArgumentNullException("PassphraseBytes"); } byte[] _tempSalt = null; if (Salt == null) { _tempSalt = new RNGV4().Salt; } else if (Salt.Length != 16) { throw new ArgumentOutOfRangeException("Salt", "Salt must be 16 bytes or NULL/NOTHING."); } else { _tempSalt = (byte[])Salt.Clone(); } lock (LOCKTHIS) { // remove old SCRYPT reference //byte[] KEYS = CryptSharp.Utility.SCrypt.ComputeDerivedKey( // PassphraseBytes, _tempSalt, // SCRYPT_CPU_COST, SCRYPT_BLOCKS, SCRYPT_PARALLEL_THREADS, SCRYPT_PARALLEL_THREADS, SCRYPT_OUTPUT_BYTES); // add new SCryptManaged reference byte[] KEYS = ScryptManaged.Scrypt.ComputeDerivedHash( PassphraseBytes, _tempSalt, SCRYPT_CPU_COST, SCRYPT_BLOCKS, SCRYPT_PARALLEL_THREADS, SCRYPT_OUTPUT_BYTES); // USE THE FOLLOWING WITH EXTREME CAUTION, THE PASSPHRASE WILL BE CLEANED A LONG WAY UP THE HEAP!!!! if (WipePassphrase) // WARNING: only do this if asked, as it will wipe ALL the way back up the call stack!!!!! { PassphraseBytes.Wipe(); // get it out of memory absolutely as soon as possible! } this.Clear(); _salt = (byte[])_tempSalt.Clone(); _tempSalt.Wipe(); this._hmacsha512key = new byte[48]; this._hmacsha3_512key = new byte[48]; this._aeskey = new byte[32]; this._xsalsa20key = new byte[32]; Buffer.BlockCopy(KEYS, 0, this._hmacsha512key, 0, this._hmacsha512key.Length); Buffer.BlockCopy(KEYS, 48, this._hmacsha3_512key, 0, this._hmacsha3_512key.Length); Buffer.BlockCopy(KEYS, 48 + 48, this._aeskey, 0, this._aeskey.Length); Buffer.BlockCopy(KEYS, 48 + 48 + 32, this._xsalsa20key, 0, this._xsalsa20key.Length); _ready = true; //#if DEBUG // System.Diagnostics.Debug.Print("V4 KEYS-----------------"); // System.Diagnostics.Debug.Print("Passphrase Input: " + BitConverter.ToString(PassphraseBytes).Replace("-", "").ToLowerInvariant()); // System.Diagnostics.Debug.Print("Salt: " + BitConverter.ToString(this._salt).Replace("-", "").ToLowerInvariant()); // System.Diagnostics.Debug.Print("HMACSHA512 Key: " + BitConverter.ToString(this._hmacsha512key).Replace("-","").ToLowerInvariant()); // System.Diagnostics.Debug.Print("HMACSHA3_512 Key: " + BitConverter.ToString(this._hmacsha3_512key).Replace("-", "").ToLowerInvariant()); // System.Diagnostics.Debug.Print("AES Key: " + BitConverter.ToString(this._aeskey).Replace("-", "").ToLowerInvariant()); // System.Diagnostics.Debug.Print("XSALSA20 Key: " + BitConverter.ToString(this._xsalsa20key).Replace("-", "").ToLowerInvariant()); //#endif } }