public DoFinal ( byte outBytes, int outOff ) : int | ||
outBytes | byte | |
outOff | int | |
return | int |
public string Encrypt(string data) { SecureRandom random = new SecureRandom(); // Generate 256-bits AES key byte[] aesKey = new byte[32]; random.NextBytes(aesKey); // Generate Initialization Vector byte[] IV = new byte[12]; random.NextBytes(IV); // Apply RSA/None/PKCS1Padding encryption to the AES key byte[] encyptedAESKey = rsaCipher.DoFinal(aesKey); // Apply AES/CCM/NoPadding encryption to the data byte[] cipherText = System.Text.Encoding.UTF8.GetBytes(data); var ccmParameters = new CcmParameters(new KeyParameter(aesKey), 64, IV, new byte[] { }); aesCipher = new CcmBlockCipher(new AesFastEngine()); aesCipher.Init(true, ccmParameters); var encrypted = new byte[aesCipher.GetOutputSize(cipherText.Length)]; var res = aesCipher.ProcessBytes(cipherText, 0, cipherText.Length, encrypted, 0); aesCipher.DoFinal(encrypted, res); // Merge 'IV' and 'encrypted' to 'result' byte[] result = new byte[IV.Length + encrypted.Length]; System.Buffer.BlockCopy(IV, 0, result, 0, IV.Length); System.Buffer.BlockCopy(encrypted, 0, result, IV.Length, encrypted.Length); // Return encrypted data return Prefix + Version + Separator + System.Convert.ToBase64String(encyptedAESKey) + Separator + System.Convert.ToBase64String(result); }
public JObject Encrypt(string key, JObject blob, string adata) { var result = new JObject(); var random = new SecureRandom(); var iv = new byte[32]; var salt = new byte[8]; random.NextBytes(salt); random.NextBytes(iv); try { byte[] plainBytes = Encoding.UTF8.GetBytes(blob.ToString()); byte[] adataBytes = Encoding.UTF8.GetBytes(adata); byte[] nonce = ComputeNonce(iv, plainBytes); KeyParameter keyParam = CreateKey(key, salt, _iter, _ks); var ccm = new AeadParameters(keyParam, MacSize(_ts), nonce, adataBytes); var aes = new CcmBlockCipher(new AesFastEngine()); aes.Init(true, ccm); var enc = new byte[aes.GetOutputSize(plainBytes.Length)]; int res = aes.ProcessBytes(plainBytes, 0, plainBytes.Length, enc, 0); aes.DoFinal(enc, res); result.Add("ct", Base64.ToBase64String(enc)); result.Add("iv", Base64.ToBase64String(iv)); result.Add("salt", Base64.ToBase64String(salt)); result.Add("adata", EncodeAdata(adata)); result.Add("mode", Mode); result.Add("ks", _ks); result.Add("iter", _iter); result.Add("ts", _ts); return result; } catch (Exception e) { throw new ApplicationException("Json encryption failed.", e); } }
public static Stream Encrypt(Stream stream, out string seed_encoded, out string ident_encoded, string fileName) { RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); byte[] seed = new byte[16]; rngCsp.GetBytes(seed); seed_encoded = UrlBase64Encode(seed); SHA512CryptoServiceProvider sha512csp = new SHA512CryptoServiceProvider(); byte[] seed_result = sha512csp.ComputeHash(seed); byte[] key = new byte[32]; Buffer.BlockCopy(seed_result, 0, key, 0, 32); byte[] iv = new byte[16]; Buffer.BlockCopy(seed_result, 32, iv, 0, 16); byte[] ident = new byte[16]; Buffer.BlockCopy(seed_result, 48, ident, 0, 16); ident_encoded = UrlBase64Encode(ident); var fi = new FileInfo(fileName); Dictionary<string, string> args = new Dictionary<string, string>(); // text files aren't detected well by the "ClouDeveloper" mime type library, use ShareX's builtin list first. if (Helpers.IsTextFile(fileName)) { args["mime"] = "text/plain"; } else { var mimeOpts = ClouDeveloper.Mime.MediaTypeNames.GetMediaTypeNames(fi.Extension).ToList(); args["mime"] = mimeOpts.Count > 0 ? mimeOpts[0] : "image/png"; } args["name"] = fileName; byte[] d = Encoding.BigEndianUnicode.GetBytes(JsonConvert.SerializeObject(args)); byte[] rawdata = d.Concat(new byte[] { 0, 0 }).Concat(stream.GetBytes()).ToArray(); int l = FindIVLen(rawdata.Length); byte[] civ = new byte[l]; Array.Copy(iv, civ, l); KeyParameter key_param = new KeyParameter(key); var ccmparams = new CcmParameters(key_param, MacSize, civ, new byte[0]); var ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(true, ccmparams); var encBytes = new byte[ccmMode.GetOutputSize(rawdata.Length)]; var res = ccmMode.ProcessBytes(rawdata, 0, rawdata.Length, encBytes, 0); ccmMode.DoFinal(encBytes, res); return new MemoryStream(encBytes); }
private void ivParamTest( int count, CcmBlockCipher ccm, byte[] k, byte[] n) { byte[] p = Encoding.ASCII.GetBytes("hello world!!"); ccm.Init(true, new ParametersWithIV(new KeyParameter(k), n)); byte[] enc = new byte[p.Length + 8]; int len = ccm.ProcessBytes(p, 0, p.Length, enc, 0); len += ccm.DoFinal(enc, len); ccm.Init(false, new ParametersWithIV(new KeyParameter(k), n)); byte[] tmp = new byte[enc.Length]; len = ccm.ProcessBytes(enc, 0, enc.Length, tmp, 0); len += ccm.DoFinal(tmp, len); byte[] dec = new byte[len]; Array.Copy(tmp, 0, dec, 0, len); if (!AreEqual(p, dec)) { Fail("decrypted stream fails to match in test " + count); } }
private void checkVectors( int count, CcmBlockCipher ccm, byte[] k, int macSize, byte[] n, byte[] a, byte[] p, byte[] t, byte[] c) { ccm.Init(true, new AeadParameters(new KeyParameter(k), macSize, n, a)); byte[] enc = new byte[c.Length]; int len = ccm.ProcessBytes(p, 0, p.Length, enc, 0); len += ccm.DoFinal(enc, len); // ccm.Init(true, new CcmParameters(new KeyParameter(k), macSize, n, a)); // // byte[] enc = ccm.ProcessPacket(p, 0, p.Length); if (!AreEqual(c, enc)) { Fail("encrypted stream fails to match in test " + count); } // ccm.Init(false, new CcmParameters(new KeyParameter(k), macSize, n, a)); // // byte[] dec = ccm.ProcessPacket(enc, 0, enc.Length); ccm.Init(false, new AeadParameters(new KeyParameter(k), macSize, n, a)); byte[] tmp = new byte[enc.Length]; len = ccm.ProcessBytes(enc, 0, enc.Length, tmp, 0); len += ccm.DoFinal(tmp, len); byte[] dec = new byte[len]; Array.Copy(tmp, 0, dec, 0, len); if (!AreEqual(p, dec)) { Fail("decrypted stream fails to match in test " + count); } if (!AreEqual(t, ccm.GetMac())) { Fail("MAC fails to match in test " + count); } }
private void checkVectors( int count, CcmBlockCipher ccm, string additionalDataType, byte[] k, int macSize, byte[] n, byte[] a, byte[] sa, byte[] p, byte[] t, byte[] c) { KeyParameter keyParam = (k == null) ? null : new KeyParameter(k); ccm.Init(true, new AeadParameters(keyParam, macSize, n, a)); byte[] enc = new byte[c.Length]; if (sa != null) { ccm.ProcessAadBytes(sa, 0, sa.Length); } int len = ccm.ProcessBytes(p, 0, p.Length, enc, 0); len += ccm.DoFinal(enc, len); // ccm.Init(true, new AeadParameters(new KeyParameter(k), macSize, n, a)); // // byte[] enc = ccm.ProcessPacket(p, 0, p.Length); if (!AreEqual(c, enc)) { Fail("encrypted stream fails to match in test " + count + " with " + additionalDataType); } // ccm.Init(false, new AeadParameters(new KeyParameter(k), macSize, n, a)); // // byte[] dec = ccm.ProcessPacket(enc, 0, enc.Length); ccm.Init(false, new AeadParameters(new KeyParameter(k), macSize, n, a)); byte[] tmp = new byte[enc.Length]; if (sa != null) { ccm.ProcessAadBytes(sa, 0, sa.Length); } len = ccm.ProcessBytes(enc, 0, enc.Length, tmp, 0); len += ccm.DoFinal(tmp, len); byte[] dec = new byte[len]; Array.Copy(tmp, 0, dec, 0, len); if (!AreEqual(p, dec)) { Fail("decrypted stream fails to match in test " + count + " with " + additionalDataType); } if (!AreEqual(t, ccm.GetMac())) { Fail("MAC fails to match in test " + count + " with " + additionalDataType); } }
public JObject Decrypt(string key, JObject json) { try { byte[] iv = Base64.Decode(json.GetValue("iv").ToString()); byte[] cipherText = Base64.Decode(json.GetValue("ct").ToString()); byte[] adataBytes = DecodeAdataBytes(json.GetValue("adata").ToString()); byte[] nonce = ComputeNonce(iv, cipherText); if (json.GetValue("mode").ToString() != "ccm") { throw new ApplicationException("Can only decrypt ccm mode encrypted data."); } KeyParameter keyParam = CreateKey( key, Base64.Decode(json.GetValue("salt").ToString()), json.GetValue("iter").ToObject<int>(), json.GetValue("ks").ToObject<int>()); var ccm = new AeadParameters( keyParam, MacSize(json.GetValue("ts").ToObject<int>()), nonce, adataBytes); var aes = new CcmBlockCipher(new AesFastEngine()); aes.Init(false, ccm); var plainBytes = new byte[aes.GetOutputSize(cipherText.Length)]; int res = aes.ProcessBytes( cipherText, 0, cipherText.Length, plainBytes, 0); aes.DoFinal(plainBytes, res); var text = Encoding.UTF8.GetString(plainBytes); return JObject.Parse(text); } catch (InvalidCipherTextException) { throw; } catch (Exception e) { throw new ApplicationException("Json decryption failed.", e); } }
private static MemoryStream Encrypt(Stream source, string fileName, out string seed_encoded, out string ident) { // Randomly generate a new seed for upload byte[] seed = new byte[16]; using (RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider()) { rngCsp.GetBytes(seed); } seed_encoded = UrlBase64Encode(seed); // Derive the parameters (key, IV, ident) from the seed byte[] key, iv; DeriveParams(seed, out key, out iv, out ident); // Create a new String->String map for JSON blob, and define filename and metadata Dictionary<string, string> metadataMap = new Dictionary<string, string>(); metadataMap["mime"] = Helpers.IsTextFile(fileName) ? "text/plain" : Helpers.GetMimeType(fileName); metadataMap["name"] = fileName; // Encode the metadata with UTF-16 and a double-null-byte terminator, and append data // Unfortunately, the CCM cipher mode can't stream the encryption, and so we have to GetBytes() on the source. // We do limit the source to 50MB however byte[] data = Encoding.BigEndianUnicode.GetBytes(JsonConvert.SerializeObject(metadataMap)).Concat(new byte[] { 0, 0 }).Concat(source.GetBytes()).ToArray(); // Calculate the length of the CCM IV and copy it over long ccmIVLen = FindIVLen(data.Length); byte[] ccmIV = new byte[ccmIVLen]; Array.Copy(iv, ccmIV, ccmIVLen); // Set up the encryption parameters KeyParameter keyParam = new KeyParameter(key); CcmParameters ccmParams = new CcmParameters(keyParam, MacSize, ccmIV, new byte[0]); CcmBlockCipher ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(true, ccmParams); // Perform the encryption byte[] encBytes = new byte[ccmMode.GetOutputSize(data.Length)]; int res = ccmMode.ProcessBytes(data, 0, data.Length, encBytes, 0); ccmMode.DoFinal(encBytes, res); return new MemoryStream(encBytes); }
/// <summary> /// Encrypt the message using the passed key and pre-calculated nonce. /// </summary> /// <param name="messageBytes"></param> /// <param name="encryptionKeyHex"></param> /// <param name="nonceBytes"></param> /// <returns></returns> private static byte[] EncryptMessage(byte[] messageBytes, string encryptionKeyHex, byte[] nonceBytes) { if (string.IsNullOrEmpty(encryptionKeyHex)) return messageBytes; var key = StringToByteArray(encryptionKeyHex); var cipher = new CcmBlockCipher(new AesFastEngine()); var parameters = new CcmParameters(new KeyParameter(key), 64, nonceBytes, new byte[] {}); //var parameters = new CcmParameters(new KeyParameter(key), 64, nonceBytes, System.Text.Encoding.UTF8.GetBytes("testing much data")); cipher.Init(true, parameters); var encryptedBytes = new byte[cipher.GetOutputSize(messageBytes.Length)]; var res = cipher.ProcessBytes(messageBytes, 0, messageBytes.Length, encryptedBytes, 0); cipher.DoFinal(encryptedBytes, res); return encryptedBytes; }
private static byte[] DecryptMessage(byte[] encryptedBytes, string encryptionKeyHex) { if (string.IsNullOrEmpty(encryptionKeyHex)) return encryptedBytes; var headerBytes = encryptedBytes.Take(1).ToArray(); // 0xFF var nonceBytes = encryptedBytes.Skip(1).Take(7).ToArray(); encryptedBytes = encryptedBytes.Skip(8).ToArray(); var key = StringToByteArray(encryptionKeyHex); var cipher = new CcmBlockCipher(new AesFastEngine()); var parameters = new CcmParameters(new KeyParameter(key), 64, nonceBytes, new byte[] { }); cipher.Init(false, parameters); var plainBytes = new byte[cipher.GetOutputSize(encryptedBytes.Length)]; var res = cipher.ProcessBytes(encryptedBytes, 0, encryptedBytes.Length, plainBytes, 0); cipher.DoFinal(plainBytes, res); return plainBytes; }
public static string Decrypt(string password, string data) { SJCLBlob ctdata = JsonConvert.DeserializeObject<SJCLBlob>(data); if (ctdata.Cipher != "aes" || ctdata.Mode != "ccm") throw new InvalidOperationException("Unsupported cipher or mode."); byte[] cipherText = DecodeBase64(ctdata.CipherText); var derivedMacParameters = DeriveKey(password, ctdata); var l = FindIVLen(cipherText.Length); byte[] iv = new byte[l]; Array.Copy((Array) DecodeBase64(ctdata.IV), (Array) iv, (int) l); var ccmparams = new CcmParameters(derivedMacParameters, ctdata.TagSize, iv, DecodeBase64(ctdata.AuthData)); var ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(false, ccmparams); var plainBytes = new byte[ccmMode.GetOutputSize(cipherText.Length)]; var res = ccmMode.ProcessBytes(cipherText, 0, cipherText.Length, plainBytes, 0); ccmMode.DoFinal(plainBytes, res); return Encoding.UTF8.GetString(plainBytes); }
public static string Encrypt(string password, string data) { RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); byte[] salt = new byte[8]; rngCsp.GetBytes(salt); byte[] iv = new byte[16]; rngCsp.GetBytes(iv); SJCLBlob ctdata = new SJCLBlob() { Mode = "ccm", Cipher = "aes", AuthData = "", Iterations = 2000, KeySize = 256, TagSize = 64, Salt = Convert.ToBase64String(salt), IV = Convert.ToBase64String(iv), V = 1 }; var key = DeriveKey(password, ctdata); byte[] rawdata = Encoding.UTF8.GetBytes(data); var l = FindIVLen(rawdata.Length); byte[] civ = new byte[l]; Array.Copy((Array) iv, (Array) civ, (int) l); var ccmparams = new CcmParameters(key, ctdata.TagSize, civ, DecodeBase64(ctdata.AuthData)); var ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(true, ccmparams); var encBytes = new byte[ccmMode.GetOutputSize(rawdata.Length)]; var res = ccmMode.ProcessBytes(rawdata, 0, rawdata.Length, encBytes, 0); ccmMode.DoFinal(encBytes, res); ctdata.CipherText = Convert.ToBase64String(encBytes); return JsonConvert.SerializeObject(ctdata); }