internal static string CreateHash(IHashProvider provider, string plaintext)
{
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] resultBytes = provider.CreateHash(plainTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(Convert.ToBase64String(resultBytes));
}
/// <summary>
/// Compares plain text input with a computed hash using the configured <c>HashAlgorithm</c>.
/// <seealso cref="IHashProvider.CompareHash"/>
/// </summary>
/// <param name="plaintext"><seealso cref="IHashProvider.CompareHash"/></param>
/// <param name="hashedtext"><seealso cref="IHashProvider.CompareHash"/></param>
/// <returns><seealso cref="IHashProvider.CompareHash"/></returns>
public bool CompareHash(byte[] plaintext, byte[] hashedtext)
{
ArgumentValidation.CheckForNullReference(plaintext, "plainText");
ArgumentValidation.CheckForNullReference(hashedtext, "hashedText");
ArgumentValidation.CheckForZeroBytes(hashedtext, "hashedText");
bool result = false;
byte[] hashedPlainText = null;
byte[] salt = null;
try
{
salt = ExtractSalt(hashedtext);
hashedPlainText = CreateHashWithSalt(plaintext, salt);
}
finally
{
CryptographyUtility.ZeroOutBytes(salt);
}
result = CryptographyUtility.CompareBytes(hashedPlainText, hashedtext);
SecurityCryptoHashCheckEvent.Fire(string.Empty);
if (!result)
{
SecurityCryptoHashCheckFailureEvent.Fire(string.Empty);
}
return(result);
}
private void AddSaltToHash(byte[] salt, ref byte[] hash)
{
if (!saltEnabled)
{
return;
}
hash = CryptographyUtility.CombineBytes(salt, hash);
}
private ProtectedKey ProtectKey(byte[] decryptedKey, DataProtectionScope protectionScope)
{
ProtectedKey protectedKey = ProtectedKey.CreateFromPlaintextKey(decryptedKey, protectionScope);
CryptographyUtility.ZeroOutBytes(decryptedKey);
return(protectedKey);
}
private byte[] EncryptKeyForArchival(byte[] keyToExport, string passphrase, byte[] salt)
{
RijndaelManaged archivalEncryptionAlgorithm = new RijndaelManaged();
byte[] archivalKey = GenerateArchivalKey(archivalEncryptionAlgorithm, passphrase, salt);
byte[] iv = new byte[archivalEncryptionAlgorithm.BlockSize / 8];
byte[] encryptedKey = CryptographyUtility.Transform(archivalEncryptionAlgorithm.CreateEncryptor(archivalKey, iv), keyToExport);
return(encryptedKey);
}
private void AddSaltToHash(byte[] salt, ref byte[] hash)
{
HashAlgorithmProviderData data = GetHashAlgorithmProviderDataFromCursor();
if (!data.SaltEnabled)
{
return;
}
hash = CryptographyUtility.CombineBytes(salt, hash);
}
internal static string EncryptSymmetric(string symmetricInstance, string plaintext, ConfigurationContext context)
{
ArgumentValidation.CheckForNullReference(symmetricInstance, "symmetricInstance");
ArgumentValidation.CheckForEmptyString(symmetricInstance, "symmetricInstance");
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] cipherTextBytes = EncryptSymmetric(symmetricInstance, plainTextBytes, context);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(Convert.ToBase64String(cipherTextBytes));
}
internal static string CreateHash(string hashInstance, string plaintext, ConfigurationContext context)
{
ArgumentValidation.CheckForNullReference(hashInstance, "hashInstance");
ArgumentValidation.CheckForEmptyString(hashInstance, "hashInstance");
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] resultBytes = CreateHash(hashInstance, plainTextBytes, context);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(Convert.ToBase64String(resultBytes));
}
internal static bool CompareHash(IHashProvider provider, string plaintext, string hashedText)
{
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] hashedTextBytes = Convert.FromBase64String(hashedText);
bool result = provider.CompareHash(plainTextBytes, hashedTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(result);
}
private byte[] DecryptKeyForRestore(string passphrase, byte[] encryptedKey, byte[] salt)
{
RijndaelManaged archivalEncryptionAlgorithm = new RijndaelManaged();
byte[] restoreKey = GenerateArchivalKey(archivalEncryptionAlgorithm, passphrase, salt);
byte[] iv = new byte[archivalEncryptionAlgorithm.BlockSize / 8];
byte[] key = CryptographyUtility.Transform(archivalEncryptionAlgorithm.CreateDecryptor(restoreKey, iv), encryptedKey);
CryptographyUtility.ZeroOutBytes(restoreKey);
return(key);
}
private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt)
{
byte[] decryptedKey = keyToBeArchived.DecryptedKey;
try
{
return(EncryptKeyForArchival(decryptedKey, passphrase, salt));
}
finally
{
CryptographyUtility.ZeroOutBytes(decryptedKey);
}
}
/// <summary>
/// Encrypts a secret using a specified symmetric cryptography provider.
/// </summary>
/// <param name="symmetricInstance">A symmetric instance from configuration.</param>
/// <param name="plaintext">The input as a base64 encoded string for which you want to encrypt.</param>
/// <returns>The resulting cipher text as a base64 encoded string.</returns>
public static string EncryptSymmetric(string symmetricInstance, string plaintext)
{
if (string.IsNullOrEmpty(symmetricInstance))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "symmetricInstance");
}
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] cipherTextBytes = EncryptSymmetric(symmetricInstance, plainTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(Convert.ToBase64String(cipherTextBytes));
}
internal static string EncryptSymmetric(ISymmetricCryptoProvider provider, string plaintext)
{
if (string.IsNullOrEmpty(plaintext))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "plaintext");
}
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] cipherTextBytes = provider.Encrypt(plainTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(Convert.ToBase64String(cipherTextBytes));
}
internal static string DecryptSymmetric(string symmetricInstance, string ciphertextBase64, ConfigurationContext context)
{
ArgumentValidation.CheckForNullReference(symmetricInstance, "symmetricInstance");
ArgumentValidation.CheckForEmptyString(symmetricInstance, "symmetricInstance");
byte[] cipherTextBytes = Convert.FromBase64String(ciphertextBase64);
byte[] decryptedBytes = DecryptSymmetric(symmetricInstance, cipherTextBytes, context);
string decryptedString = UnicodeEncoding.Unicode.GetString(decryptedBytes);
CryptographyUtility.GetRandomBytes(decryptedBytes);
return(decryptedString);
}
/// <summary>
/// Computes the hash value of plain text using the given hash provider instance
/// </summary>
/// <param name="hashInstance">A hash instance from configuration.</param>
/// <param name="plaintext">The input for which to compute the hash.</param>
/// <returns>The computed hash code.</returns>
public static string CreateHash(string hashInstance, string plaintext)
{
if (string.IsNullOrEmpty(hashInstance))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "hashInstance");
}
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] resultBytes = CreateHash(hashInstance, plainTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(Convert.ToBase64String(resultBytes));
}
internal static bool CompareHash(string hashInstance, string plaintext, string hashedText, ConfigurationContext context)
{
ArgumentValidation.CheckForNullReference(hashInstance, "hashInstance");
ArgumentValidation.CheckForEmptyString(hashInstance, "hashInstance");
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] hashedTextBytes = Convert.FromBase64String(hashedText);
bool result = CompareHash(hashInstance, plainTextBytes, hashedTextBytes, context);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(result);
}
private void AddSaltToPlainText(ref byte[] salt, ref byte[] plaintext)
{
if (!saltEnabled)
{
return;
}
if (salt == null)
{
salt = CryptographyUtility.GetRandomBytes(SaltLength);
}
plaintext = CryptographyUtility.CombineBytes(salt, plaintext);
}
internal static string DecryptSymmetric(ISymmetricCryptoProvider provider, string ciphertextBase64)
{
if (string.IsNullOrEmpty(ciphertextBase64))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "ciphertextBase64");
}
byte[] cipherTextBytes = Convert.FromBase64String(ciphertextBase64);
byte[] decryptedBytes = provider.Decrypt(cipherTextBytes);
string decryptedString = UnicodeEncoding.Unicode.GetString(decryptedBytes);
CryptographyUtility.GetRandomBytes(decryptedBytes);
return(decryptedString);
}
private ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope)
{
byte[] generatedKey = GenerateUnprotectedKey(algorithm);
try
{
return(ProtectedKey.CreateFromPlaintextKey(generatedKey, dataProtectionScope));
}
finally
{
if (generatedKey != null)
{
CryptographyUtility.ZeroOutBytes(generatedKey);
}
}
}
/// <summary>
/// Gets the cryptographer used for hashing.
/// </summary>
/// <returns>
/// A <see cref="HashCryptographer"/> object.
/// </returns>
protected virtual HashCryptographer GetHashCryptographer()
{
try
{
CheckAlgorithmType();
}
catch (ConfigurationException ex)
{
CryptographyUtility.LogCryptographyException(ex);
throw;
}
HashAlgorithmProviderData data = GetHashAlgorithmProviderDataFromCursor();
return(new HashCryptographer(data.AlgorithmType));
}
private void AddSaltToPlainText(ref byte[] salt, ref byte[] plaintext)
{
HashAlgorithmProviderData data = GetHashAlgorithmProviderDataFromCursor();
if (!data.SaltEnabled)
{
return;
}
if (salt == null)
{
salt = CryptographyUtility.GetRandomBytes(SaltLength);
}
plaintext = CryptographyUtility.CombineBytes(salt, plaintext);
}
/// <summary>
/// Compares plain text input with a computed hash using the given hash provider instance.
/// </summary>
/// <remarks>
/// Use this method to compare hash values. Since hashes contain a random "salt" value, two seperately generated
/// hashes of the same plain text will result in different values.
/// </remarks>
/// <param name="hashInstance">A hash instance from configuration.</param>
/// <param name="plaintext">The input as a string for which you want to compare the hash to.</param>
/// <param name="hashedText">The hash as a string for which you want to compare the input to.</param>
/// <returns><c>true</c> if plainText hashed is equal to the hashedText. Otherwise, <c>false</c>.</returns>
public static bool CompareHash(string hashInstance, string plaintext, string hashedText)
{
if (string.IsNullOrEmpty(hashInstance))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "hashInstance");
}
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] hashedTextBytes = Convert.FromBase64String(hashedText);
bool result = CompareHash(hashInstance, plainTextBytes, hashedTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return(result);
}
/// <summary>
/// <para>Decrypts bytes with the initialized algorithm and key.</para>
/// </summary>
/// <param name="encryptedText"><para>The text which you wish to decrypt.</para></param>
/// <returns><para>The resulting plaintext.</para></returns>
public byte[] Decrypt(byte[] encryptedText)
{
byte[] output = null;
byte[] data = ExtractIV(encryptedText);
this.algorithm.Key = Key;
using (ICryptoTransform transform = this.algorithm.CreateDecryptor())
{
output = Transform(transform, data);
}
CryptographyUtility.ZeroOutBytes(this.algorithm.Key);
return(output);
}
/// <summary>
/// Compares plain text input with a computed hash.
/// </summary>
/// <param name="plaintext">The input for which you want to compare the hash to.</param>
/// <param name="hashedtext">The hash value for which you want to compare the input to.</param>
/// <returns><c>true</c> if plainText hashed is equal to the hashedText. Otherwise, <c>false</c>.</returns>
public bool CompareHash(byte[] plaintext, byte[] hashedtext)
{
if (plaintext == null)
{
throw new ArgumentNullException("plainText");
}
if (hashedtext == null)
{
throw new ArgumentNullException("hashedText");
}
if (hashedtext.Length == 0)
{
throw new ArgumentException(Resources.ExceptionByteArrayValueMustBeGreaterThanZeroBytes, "hashedText");
}
bool result = false;
byte[] hashedPlainText = null;
byte[] salt = null;
try
{
try
{
salt = ExtractSalt(hashedtext);
hashedPlainText = CreateHashWithSalt(plaintext, salt);
}
finally
{
CryptographyUtility.ZeroOutBytes(salt);
}
result = CryptographyUtility.CompareBytes(hashedPlainText, hashedtext);
}
catch (Exception e)
{
InstrumentationProvider.FireCyptographicOperationFailed(Resources.HashComparisonFailed, e);
throw;
}
InstrumentationProvider.FireHashComparisonPerformed();
if (!result)
{
InstrumentationProvider.FireHashMismatchDetected();
}
return(result);
}
/// <summary>
/// Decrypts a cipher text using a specified symmetric cryptography provider.
/// </summary>
/// <param name="symmetricInstance">A symmetric instance from configuration.</param>
/// <param name="ciphertextBase64">The cipher text as a base64 encoded string for which you want to decrypt.</param>
/// <returns>The resulting plain text as a string.</returns>
public static string DecryptSymmetric(string symmetricInstance, string ciphertextBase64)
{
if (string.IsNullOrEmpty(symmetricInstance))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "symmetricInstance");
}
if (string.IsNullOrEmpty(ciphertextBase64))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "ciphertextBase64");
}
byte[] cipherTextBytes = Convert.FromBase64String(ciphertextBase64);
byte[] decryptedBytes = DecryptSymmetric(symmetricInstance, cipherTextBytes);
string decryptedString = UnicodeEncoding.Unicode.GetString(decryptedBytes);
CryptographyUtility.GetRandomBytes(decryptedBytes);
return(decryptedString);
}
/// <summary>
/// <para>Encrypts bytes with the initialized algorithm and key.</para>
/// </summary>
/// <param name="plaintext"><para>The plaintext in which you wish to encrypt.</para></param>
/// <returns><para>The resulting ciphertext.</para></returns>
public byte[] Encrypt(byte[] plaintext)
{
byte[] output = null;
byte[] cipherText = null;
this.algorithm.Key = Key;
using (ICryptoTransform transform = this.algorithm.CreateEncryptor())
{
cipherText = Transform(transform, plaintext);
}
output = new byte[IVLength + cipherText.Length];
Buffer.BlockCopy(this.algorithm.IV, 0, output, 0, IVLength);
Buffer.BlockCopy(cipherText, 0, output, IVLength, cipherText.Length);
CryptographyUtility.ZeroOutBytes(this.algorithm.Key);
return(output);
}
private static byte[] Transform(ICryptoTransform transform, byte[] buffer)
{
return(CryptographyUtility.Transform(transform, buffer));
}
private byte[] GenerateSalt()
{
return(CryptographyUtility.GetRandomBytes(16));
}