/// <summary>
/// Performs the TPM-defined CFB encrypt using the associated algorithm. This routine assumes that
/// the integrity value has been prepended.
/// </summary>
/// <param name="x"></param>
/// <param name="iv"></param>
/// <returns></returns>
public byte[] Encrypt(byte[] data, byte[] iv = null)
{
byte[] paddedData;
int unpadded = data.Length % BlockSize;
paddedData = unpadded == 0 ? data : Globs.AddZeroToEnd(data, BlockSize - unpadded);
#if TSS_USE_BCRYPT
paddedData = Key.Encrypt(paddedData, null, iv ?? IV);
#else
if (iv != null && iv.Length > 0)
{
Alg.IV = iv;
}
ICryptoTransform enc = Alg.CreateEncryptor();
using (var outStream = new MemoryStream())
{
var s = new CryptoStream(outStream, enc, CryptoStreamMode.Write);
s.Write(paddedData, 0, paddedData.Length);
s.FlushFinalBlock();
paddedData = outStream.ToArray();
}
#endif
return(unpadded == 0 ? paddedData : Globs.CopyData(paddedData, 0, data.Length));
}
/// <summary>
/// Encrypt dataToEncrypt using the specified encodingParams (RSA only).
/// </summary>
/// <param name="plainText"></param>
/// <param name="label"></param>
/// <returns></returns>
public byte[] EncryptOaep(byte[] plainText, byte[] label)
{
if (plainText == null)
{
plainText = new byte[0];
}
if (label == null)
{
label = new byte[0];
}
#if TSS_USE_BCRYPT
var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label);
byte[] cipherText = Key.Encrypt(plainText, paddingInfo);
#elif false
var rr = new RawRsa(RsaProvider.ExportParameters(false), RsaProvider.KeySize);
byte[] cipherText = rr.OaepEncrypt(plainText, OaepHash, label);
#else
RSAParameters parms = RsaProvider.ExportParameters(false);
var alg = new BCryptAlgorithm(Native.BCRYPT_RSA_ALGORITHM);
var key = alg.LoadRSAKey(parms.Exponent, parms.Modulus);
var paddingInfo = new BCryptOaepPaddingInfo(OaepHash, label);
byte[] cipherText = key.Encrypt(plainText, paddingInfo);
key.Destroy();
alg.Close();
#endif
return(cipherText);
}
/// <summary>
/// Performs the TPM-defined CFB encrypt using the associated algorithm.
/// This routine assumes that the integrity value has been prepended.
/// </summary>
/// <param name="data"></param>
/// <param name="iv"></param>
/// <returns></returns>
public byte[] Encrypt(byte[] data, byte[] iv = null)
{
byte[] paddedData;
int unpadded = data.Length % BlockSize;
paddedData = unpadded == 0 ? data : Globs.AddZeroToEnd(data, BlockSize - unpadded);
#if TSS_USE_BCRYPT
paddedData = Key.Encrypt(paddedData, null, iv ?? IV);
#else
bool externalIV = iv != null && iv.Length > 0;
if (externalIV)
{
Alg.IV = iv;
}
ICryptoTransform enc = Alg.CreateEncryptor();
using (var outStream = new MemoryStream())
{
var s = new CryptoStream(outStream, enc, CryptoStreamMode.Write);
s.Write(paddedData, 0, paddedData.Length);
s.FlushFinalBlock();
paddedData = outStream.ToArray();
}
if (externalIV)
{
var src = data;
var res = paddedData;
if (res.Length > iv.Length)
{
src = Globs.CopyData(data, src.Length - iv.Length, iv.Length);
res = Globs.CopyData(paddedData, res.Length - iv.Length, iv.Length);
}
switch (Alg.Mode)
{
case CipherMode.CBC:
case CipherMode.CFB:
res.CopyTo(iv, 0);
break;
case CipherMode.OFB:
XorEngine.Xor(res, src).CopyTo(iv, 0);
break;
case CipherMode.ECB:
break;
case CipherMode.CTS:
Globs.Throw <ArgumentException>("Encrypt: Unsupported symmetric mode");
break;
}
}
#endif
return(unpadded == 0 ? paddedData : Globs.CopyData(paddedData, 0, data.Length));
}
