/// <summary> /// Compares plain text input with a computed hash using the configured <c>HashAlgorithm</c>. /// <seealso cref="IHashProvider.CompareHash"/> /// </summary> /// <param name="plaintext"><seealso cref="IHashProvider.CompareHash"/></param> /// <param name="hashedtext"><seealso cref="IHashProvider.CompareHash"/></param> /// <returns><seealso cref="IHashProvider.CompareHash"/></returns> public bool CompareHash(byte[] plaintext, byte[] hashedtext) { ArgumentValidation.CheckForNullReference(plaintext, "plainText"); ArgumentValidation.CheckForNullReference(hashedtext, "hashedText"); ArgumentValidation.CheckForZeroBytes(hashedtext, "hashedText"); bool result = false; byte[] hashedPlainText = null; byte[] salt = null; try { salt = ExtractSalt(hashedtext); hashedPlainText = CreateHashWithSalt(plaintext, salt); } finally { CryptographyUtility.ZeroOutBytes(salt); } result = CryptographyUtility.CompareBytes(hashedPlainText, hashedtext); SecurityCryptoHashCheckEvent.Fire(string.Empty); if (!result) { SecurityCryptoHashCheckFailureEvent.Fire(string.Empty); } return(result); }
private ProtectedKey ProtectKey(byte[] decryptedKey, DataProtectionScope protectionScope) { ProtectedKey protectedKey = ProtectedKey.CreateFromPlaintextKey(decryptedKey, protectionScope); CryptographyUtility.ZeroOutBytes(decryptedKey); return(protectedKey); }
private byte[] DecryptKeyForRestore(string passphrase, byte[] encryptedKey, byte[] salt) { RijndaelManaged archivalEncryptionAlgorithm = new RijndaelManaged(); byte[] restoreKey = GenerateArchivalKey(archivalEncryptionAlgorithm, passphrase, salt); byte[] iv = new byte[archivalEncryptionAlgorithm.BlockSize / 8]; byte[] key = CryptographyUtility.Transform(archivalEncryptionAlgorithm.CreateDecryptor(restoreKey, iv), encryptedKey); CryptographyUtility.ZeroOutBytes(restoreKey); return(key); }
private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt) { byte[] decryptedKey = keyToBeArchived.DecryptedKey; try { return(EncryptKeyForArchival(decryptedKey, passphrase, salt)); } finally { CryptographyUtility.ZeroOutBytes(decryptedKey); } }
private ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope) { byte[] generatedKey = GenerateUnprotectedKey(algorithm); try { return(ProtectedKey.CreateFromPlaintextKey(generatedKey, dataProtectionScope)); } finally { if (generatedKey != null) { CryptographyUtility.ZeroOutBytes(generatedKey); } } }
/// <summary> /// <para>Decrypts bytes with the initialized algorithm and key.</para> /// </summary> /// <param name="encryptedText"><para>The text which you wish to decrypt.</para></param> /// <returns><para>The resulting plaintext.</para></returns> public byte[] Decrypt(byte[] encryptedText) { byte[] output = null; byte[] data = ExtractIV(encryptedText); this.algorithm.Key = Key; using (ICryptoTransform transform = this.algorithm.CreateDecryptor()) { output = Transform(transform, data); } CryptographyUtility.ZeroOutBytes(this.algorithm.Key); return(output); }
/// <summary> /// Compares plain text input with a computed hash. /// </summary> /// <param name="plaintext">The input for which you want to compare the hash to.</param> /// <param name="hashedtext">The hash value for which you want to compare the input to.</param> /// <returns><c>true</c> if plainText hashed is equal to the hashedText. Otherwise, <c>false</c>.</returns> public bool CompareHash(byte[] plaintext, byte[] hashedtext) { if (plaintext == null) { throw new ArgumentNullException("plainText"); } if (hashedtext == null) { throw new ArgumentNullException("hashedText"); } if (hashedtext.Length == 0) { throw new ArgumentException(Resources.ExceptionByteArrayValueMustBeGreaterThanZeroBytes, "hashedText"); } bool result = false; byte[] hashedPlainText = null; byte[] salt = null; try { try { salt = ExtractSalt(hashedtext); hashedPlainText = CreateHashWithSalt(plaintext, salt); } finally { CryptographyUtility.ZeroOutBytes(salt); } result = CryptographyUtility.CompareBytes(hashedPlainText, hashedtext); } catch (Exception e) { InstrumentationProvider.FireCyptographicOperationFailed(Resources.HashComparisonFailed, e); throw; } InstrumentationProvider.FireHashComparisonPerformed(); if (!result) { InstrumentationProvider.FireHashMismatchDetected(); } return(result); }
/// <summary> /// <para>Encrypts bytes with the initialized algorithm and key.</para> /// </summary> /// <param name="plaintext"><para>The plaintext in which you wish to encrypt.</para></param> /// <returns><para>The resulting ciphertext.</para></returns> public byte[] Encrypt(byte[] plaintext) { byte[] output = null; byte[] cipherText = null; this.algorithm.Key = Key; using (ICryptoTransform transform = this.algorithm.CreateEncryptor()) { cipherText = Transform(transform, plaintext); } output = new byte[IVLength + cipherText.Length]; Buffer.BlockCopy(this.algorithm.IV, 0, output, 0, IVLength); Buffer.BlockCopy(cipherText, 0, output, IVLength, cipherText.Length); CryptographyUtility.ZeroOutBytes(this.algorithm.Key); return(output); }