public Task <byte[]> Pbkdf2(byte[] password, byte[] salt, CryptoHashAlgorithm algorithm, int iterations)
{
int keySize;
HashAlgorithmName algor;
switch (algorithm)
{
case CryptoHashAlgorithm.Sha256:
keySize = 256;
algor = HashAlgorithmName.SHA256;
break;
case CryptoHashAlgorithm.Sha512:
keySize = 512;
algor = HashAlgorithmName.SHA512;
break;
default:
throw new ArgumentException($"Unsupported PBKDF2 algorithm ({algorithm})",
nameof(algorithm));
}
var keyByteSize = keySize / 8;
using (var kdf = new Rfc2898DeriveBytes(password, salt, iterations, algor))
{
return(Task.FromResult(kdf.GetBytes(keyByteSize)));
}
}
public Task <byte[]> RsaDecryptAsync(byte[] data, byte[] privateKey, CryptoHashAlgorithm algorithm)
{
var provider = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(ToAsymmetricAlgorithm(algorithm));
var cryptoKey = provider.ImportKeyPair(privateKey, CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo);
return(Task.FromResult(CryptographicEngine.Decrypt(cryptoKey, data)));
}
private const uint PBKDFAlgorithm = 2; // kCCPBKDF2
public byte[] Pbkdf2(byte[] password, byte[] salt, CryptoHashAlgorithm algorithm, int iterations)
{
uint keySize = 32;
uint pseudoRandomAlgorithm = 3; // kCCPRFHmacAlgSHA256
if (algorithm == CryptoHashAlgorithm.Sha512)
{
keySize = 64;
pseudoRandomAlgorithm = 5; // kCCPRFHmacAlgSHA512
}
else if (algorithm != CryptoHashAlgorithm.Sha256)
{
throw new ArgumentException("Unsupported PBKDF2 algorithm.");
}
var keyData = new NSMutableData();
keyData.Length = keySize;
var passwordData = NSData.FromArray(password);
var saltData = NSData.FromArray(salt);
var result = CCKeyCerivationPBKDF(PBKDFAlgorithm, passwordData.Bytes, passwordData.Length, saltData.Bytes,
saltData.Length, pseudoRandomAlgorithm, Convert.ToUInt32(iterations), keyData.MutableBytes,
keyData.Length);
byte[] keyBytes = new byte[keyData.Length];
Marshal.Copy(keyData.Bytes, keyBytes, 0, Convert.ToInt32(keyData.Length));
return(keyBytes);
}
public byte[] Pbkdf2(byte[] password, byte[] salt, CryptoHashAlgorithm algorithm, int iterations)
{
int keySize = 256;
IDigest digest = null;
if (algorithm == CryptoHashAlgorithm.Sha256)
{
keySize = 256;
digest = new Sha256Digest();
}
else if (algorithm == CryptoHashAlgorithm.Sha512)
{
keySize = 512;
digest = new Sha512Digest();
}
else
{
throw new ArgumentException("Unsupported PBKDF2 algorithm.");
}
var generator = new Pkcs5S2ParametersGenerator(digest);
generator.Init(password, salt, iterations);
return(((KeyParameter)generator.GenerateDerivedMacParameters(keySize)).GetKey());
}
public Task <byte[]> Pbkdf2Async(byte[] password, byte[] salt, CryptoHashAlgorithm algorithm, int iterations)
{
if (algorithm != CryptoHashAlgorithm.Sha256 && algorithm != CryptoHashAlgorithm.Sha512)
{
throw new ArgumentException("Unsupported PBKDF2 algorithm.");
}
return(Task.FromResult(_cryptoPrimitiveService.Pbkdf2(password, salt, algorithm, iterations)));
}
public Task <byte[]> RsaEncryptAsync(byte[] data, byte[] publicKey, CryptoHashAlgorithm algorithm)
{
var provider = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(ToAsymmetricAlgorithm(algorithm));
var cryptoKey = provider.ImportPublicKey(publicKey,
CryptographicPublicKeyBlobType.X509SubjectPublicKeyInfo);
return(Task.FromResult(CryptographicEngine.Encrypt(cryptoKey, data)));
}
public Task <byte[]> HmacAsync(byte[] value, byte[] key, CryptoHashAlgorithm algorithm)
{
var provider = MacAlgorithmProvider.OpenAlgorithm(ToMacAlgorithm(algorithm));
var hasher = provider.CreateHash(key);
hasher.Append(value);
return(Task.FromResult(hasher.GetValueAndReset()));
}
public async Task <byte[]> Pbkdf2(byte[] password, byte[] salt, CryptoHashAlgorithm algorithm, int iterations)
{
var b64 = await _js.InvokeAsync <string>("bw_web.pbkdf2",
Convert.ToBase64String(password),
Convert.ToBase64String(salt),
iterations);
return(Convert.FromBase64String(b64));
}
private AsymmetricAlgorithm ToAsymmetricAlgorithm(CryptoHashAlgorithm algorithm)
{
switch (algorithm)
{
case CryptoHashAlgorithm.Sha1:
return(AsymmetricAlgorithm.RsaOaepSha1);
// RsaOaepSha256 is not supported on iOS
// ref: https://github.com/AArnott/PCLCrypto/issues/124
// case CryptoHashAlgorithm.SHA256:
// return AsymmetricAlgorithm.RsaOaepSha256;
default:
throw new ArgumentException("Unsupported asymmetric algorithm.");
}
}
private MacAlgorithm ToMacAlgorithm(CryptoHashAlgorithm algorithm)
{
switch (algorithm)
{
case CryptoHashAlgorithm.Sha1:
return(MacAlgorithm.HmacSha1);
case CryptoHashAlgorithm.Sha256:
return(MacAlgorithm.HmacSha256);
case CryptoHashAlgorithm.Sha512:
return(MacAlgorithm.HmacSha512);
default:
throw new ArgumentException("Unsupported mac algorithm.");
}
}
private HashAlgorithm ToHashAlgorithm(CryptoHashAlgorithm algorithm)
{
switch (algorithm)
{
case CryptoHashAlgorithm.Sha1:
return(HashAlgorithm.Sha1);
case CryptoHashAlgorithm.Sha256:
return(HashAlgorithm.Sha256);
case CryptoHashAlgorithm.Sha512:
return(HashAlgorithm.Sha512);
case CryptoHashAlgorithm.Md5:
return(HashAlgorithm.Md5);
default:
throw new ArgumentException("Unsupported hash algorithm.");
}
}
public Task <byte[]> Pbkdf2Async(string password, byte[] salt, CryptoHashAlgorithm algorithm, int iterations)
{
password = NormalizePassword(password);
return(Pbkdf2Async(Encoding.UTF8.GetBytes(password), salt, algorithm, iterations));
}
public Task <byte[]> Pbkdf2Async(byte[] password, string salt, CryptoHashAlgorithm algorithm, int iterations)
{
return(Pbkdf2Async(password, Encoding.UTF8.GetBytes(salt), algorithm, iterations));
}
public Task <byte[]> HashAsync(byte[] value, CryptoHashAlgorithm algorithm)
{
var provider = HashAlgorithmProvider.OpenAlgorithm(ToHashAlgorithm(algorithm));
return(Task.FromResult(provider.HashData(value)));
}
public Task <byte[]> HashAsync(string value, CryptoHashAlgorithm algorithm)
{
return(HashAsync(Encoding.UTF8.GetBytes(value), algorithm));
}
