コード例 #1
0
ファイル: S2kBasedEncryption.cs プロジェクト: 1hub/springburg
 private static bool VerifyChecksum(
     S2kUsageTag usageTag,
     ReadOnlySpan <byte> data,
     out int checksumLength)
 {
     if (usageTag == S2kUsageTag.Sha1)
     {
         using var sha1 = IncrementalHash.CreateHash(HashAlgorithmName.SHA1);
         sha1.AppendData(data.Slice(0, data.Length - sha1.HashLengthInBytes));
         checksumLength = sha1.HashLengthInBytes;
         return(sha1.GetHashAndReset().AsSpan().SequenceEqual(data.Slice(data.Length - sha1.HashLengthInBytes)));
     }
     else if (usageTag == S2kUsageTag.Checksum)
     {
         int checksum = 0;
         for (int i = 0; i < data.Length - 2; i++)
         {
             checksum += data[i];
         }
         checksumLength = 2;
         return(data[data.Length - 2] == (byte)(checksum >> 8) && data[data.Length - 1] == (byte)checksum);
     }
     else // None
     {
         checksumLength = 0;
         return(true);
     }
 }
コード例 #2
0
ファイル: S2kBasedEncryption.cs プロジェクト: 1hub/springburg
        public static void DecryptSecretKey(ReadOnlySpan <byte> password, ReadOnlySpan <byte> source, Span <byte> destination, out int bytesWritten, int version = 4)
        {
            S2kUsageTag usageTag = (S2kUsageTag)source[0];
            PgpSymmetricKeyAlgorithm encryptionAlgorithm;
            var              salt           = new ReadOnlySpan <byte>();
            long             iterationCount = 0;
            PgpHashAlgorithm hashAlgorithm;

            if (usageTag == S2kUsageTag.Checksum || usageTag == S2kUsageTag.Sha1 /* || usageTag == S2kUsageTag.Aead */)
            {
                encryptionAlgorithm = (PgpSymmetricKeyAlgorithm)source[1];
                byte s2kType = source[2];
                hashAlgorithm = (PgpHashAlgorithm)source[3];
                source        = source.Slice(4);
                if (s2kType > 0 && s2kType <= 3)
                {
                    salt   = source.Slice(0, 8);
                    source = source.Slice(8);
                    if (s2kType == 3)
                    {
                        iterationCount = (16 + (source[0] & 15)) << ((source[0] >> 4) + 6);
                        source         = source.Slice(1);
                    }
                }
                else if (s2kType == 101) // GNU private
                {
                    throw new NotImplementedException();
                }
                else
                {
                    throw new CryptographicException(); // Unknown S2K type
                }
            }
            else if (usageTag == S2kUsageTag.None)
            {
                // No encryption
                bytesWritten = source.Slice(1).TryCopyTo(destination) ? source.Length : 0;
                return;
            }
            else
            {
                // No salt, no iterations, MD5 hash
                encryptionAlgorithm = (PgpSymmetricKeyAlgorithm)usageTag;
                hashAlgorithm       = PgpHashAlgorithm.MD5;
                usageTag            = S2kUsageTag.Checksum;
                source = source.Slice(1);
            }

            int         keySizeInBytes = (PgpUtilities.GetKeySize(encryptionAlgorithm) + 7) / 8;
            Span <byte> keyBytes       = stackalloc byte[keySizeInBytes];

            try
            {
                MakeKey(password, hashAlgorithm, salt, iterationCount, keyBytes);

                using var c = PgpUtilities.GetSymmetricAlgorithm(encryptionAlgorithm);

                // Read the IV
                c.IV  = source.Slice(0, c.BlockSize / 8).ToArray();
                c.Key = keyBytes.ToArray();

                source = source.Slice(c.BlockSize / 8);

                if (destination.Length < source.Length)
                {
                    bytesWritten = 0;
                    return;
                }

                // Do the actual decryption
                bytesWritten = source.Length;
                if (version == 4)
                {
                    using var decryptor = new ZeroPaddedCryptoTransform(c.CreateDecryptor());
                    var data = decryptor.TransformFinalBlock(source.ToArray(), 0, source.Length);
                    data.AsSpan().CopyTo(destination);
                    CryptographicOperations.ZeroMemory(data);
                }
                else if (version == 3)
                {
                    // Version 3 is four RSA parameters encoded as MPIntegers separately
                    var sourceArray = source.ToArray();
                    int pos         = 0;
                    for (int i = 0; i != 4; i++)
                    {
                        int encLen = ((source[pos] << 8) + source[pos + 1] + 7) / 8;
                        destination[pos]     = source[pos];
                        destination[pos + 1] = source[pos + 1];
                        pos += 2;

                        if (encLen > source.Length - pos)
                        {
                            throw new PgpException("out of range encLen found in encData");
                        }

                        using var decryptor = new ZeroPaddedCryptoTransform(c.CreateDecryptor());
                        var data = decryptor.TransformFinalBlock(sourceArray, pos, encLen);
                        data.CopyTo(destination.Slice(pos));
                        CryptographicOperations.ZeroMemory(data);
                        pos += encLen;

                        if (i != 3)
                        {
                            c.IV = source.Slice(pos - (c.BlockSize / 8), c.BlockSize / 8).ToArray();
                        }
                    }

                    destination[pos]     = source[pos];
                    destination[pos + 1] = source[pos + 1];
                }

                if (!VerifyChecksum(usageTag, destination.Slice(0, bytesWritten), out int checksumLength))
                {
                    throw new CryptographicException();
                }

                bytesWritten -= checksumLength;
            }
            finally
            {
                CryptographicOperations.ZeroMemory(keyBytes);
            }
        }