private SymmetricAlgorithm GetSymmetricAlgorithm (string algorithmOid, byte[] salt, int iterationCount) { string algorithm = null; int keyLength = 8; // 64 bits (default) int ivLength = 8; // 64 bits (default) PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes (); pd.Password = _password; pd.Salt = salt; pd.IterationCount = iterationCount; switch (algorithmOid) { case PKCS5.pbeWithMD2AndDESCBC: // no unit test available pd.HashName = "MD2"; algorithm = "DES"; break; case PKCS5.pbeWithMD5AndDESCBC: // no unit test available pd.HashName = "MD5"; algorithm = "DES"; break; case PKCS5.pbeWithMD2AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "MD2"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS5.pbeWithMD5AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "MD5"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS5.pbeWithSHA1AndDESCBC: // no unit test available pd.HashName = "SHA1"; algorithm = "DES"; break; case PKCS5.pbeWithSHA1AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS12.pbeWithSHAAnd128BitRC4: // no unit test available pd.HashName = "SHA1"; algorithm = "RC4"; keyLength = 16; ivLength = 0; // N/A break; case PKCS12.pbeWithSHAAnd40BitRC4: // no unit test available pd.HashName = "SHA1"; algorithm = "RC4"; keyLength = 5; ivLength = 0; // N/A break; case PKCS12.pbeWithSHAAnd3KeyTripleDESCBC: pd.HashName = "SHA1"; algorithm = "TripleDES"; keyLength = 24; break; case PKCS12.pbeWithSHAAnd2KeyTripleDESCBC: // no unit test available pd.HashName = "SHA1"; algorithm = "TripleDES"; keyLength = 16; break; case PKCS12.pbeWithSHAAnd128BitRC2CBC: // no unit test available pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 16; break; case PKCS12.pbeWithSHAAnd40BitRC2CBC: pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 5; break; default: throw new NotSupportedException ("unknown oid " + algorithm); } SymmetricAlgorithm sa = SymmetricAlgorithm.Create (algorithm); sa.Key = pd.DeriveKey (keyLength); // IV required only for block ciphers (not stream ciphers) if (ivLength > 0) { sa.IV = pd.DeriveIV (ivLength); sa.Mode = CipherMode.CBC; } return sa; }
private byte[] MAC (byte[] password, byte[] salt, int iterations, byte[] data) { PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes (); pd.HashName = "SHA1"; pd.Password = password; pd.Salt = salt; pd.IterationCount = iterations; HMACSHA1 hmac = (HMACSHA1) HMACSHA1.Create (); hmac.Key = pd.DeriveMAC (20); return hmac.ComputeHash (data, 0, data.Length); }
public void KeyGeneration_Test4 () { PKCS12.DeriveBytes db = new PKCS12.DeriveBytes (); db.HashName = "SHA1"; db.IterationCount = 1000; db.Password = password2; db.Salt = salt5; byte[] key = db.DeriveKey (24); AssertEquals ("Key(1)", "48-3D-D6-E9-19-D7-DE-2E-8E-64-8B-A8-F8-62-F3-FB-FB-DC-2B-CB-2C-02-95-7F", BitConverter.ToString (key)); byte[] iv = db.DeriveIV (8); AssertEquals ("IV(2)", "9D-46-1D-1B-00-35-5C-50", BitConverter.ToString (iv)); db.Salt = salt6; byte[] mac = db.DeriveMAC (20); AssertEquals ("MAC(3)", "5E-C4-C7-A8-0D-F6-52-29-4C-39-25-B6-48-9A-7A-B8-57-C8-34-76", BitConverter.ToString (mac)); }
public void KeyGeneration_Test3 () { PKCS12.DeriveBytes db = new PKCS12.DeriveBytes (); db.HashName = "SHA1"; db.IterationCount = 1000; db.Password = password2; db.Salt = salt4; byte[] key = db.DeriveKey (24); AssertEquals ("Key(1)", "ED-20-34-E3-63-28-83-0F-F0-9D-F1-E1-A0-7D-D3-57-18-5D-AC-0D-4F-9E-B3-D4", BitConverter.ToString (key)); byte[] iv = db.DeriveIV (8); AssertEquals ("IV(2)", "11-DE-DA-D7-75-8D-48-60", BitConverter.ToString (iv)); }
public void KeyGeneration_Test2 () { PKCS12.DeriveBytes db = new PKCS12.DeriveBytes (); db.HashName = "SHA1"; db.IterationCount = 1; db.Password = password1; db.Salt = salt2; byte[] key = db.DeriveKey (24); AssertEquals ("Key(1)", "F3-A9-5F-EC-48-D7-71-1E-98-5C-FE-67-90-8C-5A-B7-9F-A3-D7-C5-CA-A5-D9-66", BitConverter.ToString (key)); byte[] iv = db.DeriveIV (8); AssertEquals ("IV(2)", "C0-A3-8D-64-A7-9B-EA-1D", BitConverter.ToString (iv)); db.Salt = salt3; byte[] mac = db.DeriveMAC (20); AssertEquals ("MAC(3)", "8D-96-7D-88-F6-CA-A9-D7-14-80-0A-B3-D4-80-51-D6-3F-73-A3-12", BitConverter.ToString (mac)); }
public void KeyGeneration_Test1 () { PKCS12.DeriveBytes db = new PKCS12.DeriveBytes (); db.HashName = "SHA1"; db.IterationCount = 1; db.Password = password1; db.Salt = salt1; byte[] key = db.DeriveKey (24); AssertEquals ("Key(1)", "8A-AA-E6-29-7B-6C-B0-46-42-AB-5B-07-78-51-28-4E-B7-12-8F-1A-2A-7F-BC-A3", BitConverter.ToString (key)); byte[] iv = db.DeriveIV (8); AssertEquals ("IV(2)", "79-99-3D-FE-04-8D-3B-76", BitConverter.ToString (iv)); }
private SymmetricAlgorithm GetSymmetricAlgorithm (string algorithmOid, byte[] salt, int iterationCount) { string algorithm = null; int keyLength = 8; // 64 bits (default) int ivLength = 8; // 64 bits (default) PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes (); pd.Password = _password; pd.Salt = salt; pd.IterationCount = iterationCount; switch (algorithmOid) { case PKCS5.pbeWithMD2AndDESCBC: // no unit test available pd.HashName = "MD2"; algorithm = "DES"; break; case PKCS5.pbeWithMD5AndDESCBC: // no unit test available pd.HashName = "MD5"; algorithm = "DES"; break; case PKCS5.pbeWithMD2AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "MD2"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS5.pbeWithMD5AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "MD5"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS5.pbeWithSHA1AndDESCBC: // no unit test available pd.HashName = "SHA1"; algorithm = "DES"; break; case PKCS5.pbeWithSHA1AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS12.pbeWithSHAAnd128BitRC4: // no unit test available pd.HashName = "SHA1"; algorithm = "RC4"; keyLength = 16; ivLength = 0; // N/A break; case PKCS12.pbeWithSHAAnd40BitRC4: // no unit test available pd.HashName = "SHA1"; algorithm = "RC4"; keyLength = 5; ivLength = 0; // N/A break; case PKCS12.pbeWithSHAAnd3KeyTripleDESCBC: pd.HashName = "SHA1"; algorithm = "TripleDES"; keyLength = 24; break; case PKCS12.pbeWithSHAAnd2KeyTripleDESCBC: // no unit test available pd.HashName = "SHA1"; algorithm = "TripleDES"; keyLength = 16; break; case PKCS12.pbeWithSHAAnd128BitRC2CBC: // no unit test available pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 16; break; case PKCS12.pbeWithSHAAnd40BitRC2CBC: pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 5; break; default: throw new NotSupportedException ("unknown oid " + algorithm); } SymmetricAlgorithm sa = null; #if INSIDE_CORLIB && FULL_AOT_RUNTIME // we do not want CryptoConfig to bring the whole crypto stack // in particular Rijndael which is not supported by CommonCrypto switch (algorithm) { case "DES": sa = DES.Create (); break; case "RC2": sa = RC2.Create (); break; case "TripleDES": sa = TripleDES.Create (); break; case "RC4": sa = RC4.Create (); break; default: throw new NotSupportedException (algorithm); } #else sa = SymmetricAlgorithm.Create (algorithm); #endif sa.Key = pd.DeriveKey (keyLength); // IV required only for block ciphers (not stream ciphers) if (ivLength > 0) { sa.IV = pd.DeriveIV (ivLength); sa.Mode = CipherMode.CBC; } return sa; }