internal void EncryptAndSign(byte[] inputNullable, int id, EncryptedFieldIds fieldId, out byte[] encrypted, out byte[] hmac)
{
if (inputNullable == null)
{
encrypted = null;
hmac = null;
return;
}
if (inputNullable.Length > 65535)
{
throw new ArgumentException(nameof(inputNullable));
}
GetIVandKeys(id, fieldId, out var iv, out var aesKey, out var hmacKey);
// encode length of input and add padding, to make it good for AES
BinaryProcedures.CreateBinaryWriter(out var ms, out var w);
w.Write((ushort)inputNullable.Length);
w.Write(inputNullable);
var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize;
if (bytesInLastBlock != 0)
{
var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock;
w.Write(_cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock));
}
var inputWithPadding = ms.ToArray();
encrypted = new byte[inputWithPadding.Length];
_cryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, inputWithPadding, encrypted);
hmac = _cryptoLibrary.GetSha256HMAC(hmacKey, encrypted);
}