public IEnumerable <byte[]> Encrypt(out byte[] dataKey, IEnumerable <byte[]> plaintextBlobs, IDictionary <string, string> context)
{
byte[] plaintextKey;
_dataKeyProvider.GenerateKey(_config.KeyBits, out plaintextKey, out dataKey, context);
using (ISymmetricAlgorithm algo = _algorithmFactory.CreateAlgorithm(_config))
{
algo.Key = plaintextKey;
algo.GenerateIV();
return(plaintextBlobs.Select(blob => Encrypt(algo, blob)).ToList());
}
}
public DefaultCryptoService(ISymmetricAlgorithm symmetricAlgorithm, IHashAlgorithm hashAlgorithm)
{
if (symmetricAlgorithm == null)
{
throw new ArgumentNullException("symmetricAlgorithm");
}
if (hashAlgorithm == null)
{
throw new ArgumentNullException("hashAlgorithm");
}
this.symmetricAlgorithm = symmetricAlgorithm;
this.hashAlgorithm = hashAlgorithm;
}
private IEnumerable <byte[]> Decrypt(byte[] dataKey, IEnumerable <EncryptedItem> encrypted, IDictionary <string, string> context)
{
byte[] plaintextKey = _dataKeyProvider.DecryptKey(dataKey, context);
var results = new List <byte[]>();
foreach (EncryptedItem item in encrypted)
{
using (ISymmetricAlgorithm algo = _algorithmFactory.CreateAlgorithm(item))
{
algo.Key = plaintextKey;
results.Add(Decrypt(algo, item.Payload));
}
}
return(results);
}
static internal ICryptoTransform NewEncryptor(ISymmetricAlgorithm algorithm, Type type, byte[] rgbKey, ExtendedCipherMode mode, byte[] rgbIv, TransformDirection encryptDirection)
{
if (rgbKey == null)
{
rgbKey = algorithm.GenerateNonWeakKey();
}
if ((mode != ExtendedCipherMode.ECB) && (rgbIv == null))
{
rgbIv = new byte[algorithm.BlockSize / 8];
RandomNumberGeneratorSingleton.GetBytes(rgbIv);
}
ConstructorInfo constructor = type.GetConstructor(BindingFlags.Instance | BindingFlags.NonPublic, null,
new[] { typeof(ISymmetricAlgorithm), typeof(byte[]), typeof(byte[]),
typeof(TransformDirection) }, null);
return((ICryptoTransform)constructor.Invoke(new object[] { algorithm, rgbKey, rgbIv, encryptDirection }));
//return (ICryptoTransform)Activator.CreateInstance(type, BindingFlags.NonPublic, null, new object[] { algorithm, rgbKey, rgbIv, encryptDirection }, null);
}
/// <summary>
/// Creates a new managed transform instance, reading necessary
/// setting values from the provided <see cref="ISymmetricAlgorithm" />
/// instance.
/// </summary>
/// <param name="algorithm">
/// A <see cref="ISymmetricAlgorithm" /> instance from which to take
/// setting values.
/// </param>
/// <param name="rgbIv">
/// The initialization vector to use.
/// </param>
/// <param name="transformDirection">
/// The direction of the transform (encryption or decryption).
/// </param>
/// <param name="endianness">
/// The endianness convention for the algorithm.
/// </param>
protected ManagedTransformBase(ISymmetricAlgorithm algorithm, byte[] rgbIv, TransformDirection transformDirection, Endianness endianness)
{
Endianness = endianness;
_bytesToWords = endianness == Endianness.Little
? (BytesToWords)Utils.BytesToWordsLittleEndian
: Utils.BytesToWordsBigEndian;
_writeWordsIntoBytes = endianness == Endianness.Little
? (WriteWordsIntoBytes)Utils.WriteWordsIntoBytesLittleEndian
: Utils.WriteWordsIntoBytesBigEndian;
PaddingMode = algorithm.Padding;
BlockSizeBytes = algorithm.BlockSize >> 3;
Mode = algorithm.ExtendedMode;
NonceCombinationMode = algorithm.NonceCombinationMode;
_registerShiftSize = algorithm.RegisterShiftSize;
_feedbackValue = new byte[BlockSizeBytes];
_iv = new byte[BlockSizeBytes];
if (rgbIv != null)
{
rgbIv.CopyTo(_feedbackValue, 0);
rgbIv.CopyTo(_iv, 0);
if (Mode == ExtendedCipherMode.CTR)
{
switch (NonceCombinationMode)
{
case NonceCombinationMode.Concatenate:
_counterSize = BlockSizeBytes - rgbIv.Length;
_counter = new byte[_counterSize];
break;
case NonceCombinationMode.Xor:
_counterSize = BlockSizeBytes;
_counter = new byte[_counterSize];
break;
case NonceCombinationMode.Add:
_counterSize = BlockSizeBytes;
_counter = (byte[])_feedbackValue.Clone();
break;
}
_initial = true;
}
}
_transformDirection = transformDirection;
}
private static byte[] Encrypt(ISymmetricAlgorithm algorithm, byte[] plaintext)
{
using (var outputStream = new MemoryStream())
{
using (ICryptoTransform encryptor = algorithm.CreateEncryptor())
{
using (var cryptoStream = new CryptoStream(outputStream, encryptor, CryptoStreamMode.Write))
{
// write the IV to the top of the output stream
outputStream.Write(algorithm.IV, 0, algorithm.IV.Length);
// and then write the rest of the payload as ciphertext
cryptoStream.Write(plaintext, 0, plaintext.Length);
cryptoStream.FlushFinalBlock();
cryptoStream.Flush();
return(outputStream.ToArray());
}
}
}
}
public Stream Decrypt(byte[] dataKey, Stream ciphertextStream, IDictionary <string, string> context)
{
byte[] plaintextKey = _dataKeyProvider.DecryptKey(dataKey, context);
var iv = new byte[IVBytes];
if (!TryFillBuffer(ciphertextStream, iv))
{
throw new CryptographicException("not enough data in input stream");
}
ISymmetricAlgorithm algo = null;
try
{
algo = _algorithmFactory.CreateAlgorithm(_config);
algo.Key = plaintextKey;
algo.IV = iv;
ICryptoTransform decryptor = algo.CreateDecryptor();
Stream cryptoStream = new CryptoStream(ciphertextStream, decryptor, CryptoStreamMode.Read);
// when this stream is disposed, the algo and decryptor will be, too.
return(new StreamWithDisposables(cryptoStream, new IDisposable[] { algo, decryptor }));
}
catch (Exception e)
{
// If we had trouble creating the stream, destroy the algorithm to prevent the key leaking.
if (algo != null)
{
try
{
algo.Dispose();
}
catch (Exception disposalException)
{
throw new AggregateException(e, disposalException);
}
}
throw;
}
}
public DefaultCryptoService(string secretKeyPassword, string initialVectorPassword, string hashKeyString)
{
if (secretKeyPassword == null)
{
throw new ArgumentNullException("secretKeyPassword");
}
if (initialVectorPassword == null)
{
throw new ArgumentNullException("initialVectorPassword");
}
if (hashKeyString == null)
{
throw new ArgumentNullException("hashKey");
}
this.symmetricAlgorithm = new AES(secretKeyPassword, initialVectorPassword);
this.hashAlgorithm = new HMACSHA512(hashKeyString);
}
public Stream Encrypt(out byte[] dataKey, Stream plaintextStream, IDictionary <string, string> context)
{
byte[] plaintextKey;
_dataKeyProvider.GenerateKey(_config.KeyBits, out plaintextKey, out dataKey, context);
ISymmetricAlgorithm algo = null;
try
{
algo = _algorithmFactory.CreateAlgorithm(_config);
algo.Key = plaintextKey;
algo.GenerateIV();
// All these hoops with the concatenated streams, StreamWithDisposable, etc.
// are to support: using (Stream foo = provider.Encrypt(...)) {...}
ICryptoTransform encryptor = algo.CreateEncryptor();
Stream ivStream = new MemoryStream(algo.IV);
Stream cryptoStream = new CryptoStream(plaintextStream, encryptor, CryptoStreamMode.Read);
Stream streamPair = new ConcatenatedStream(ivStream, cryptoStream);
// when this stream is disposed, so will be all of its constituent streams,
// plus the algorithm and the encryptor.
return(new StreamWithDisposables(streamPair, new IDisposable[] { algo, encryptor }));
}
catch (Exception e)
{
// If we had trouble creating the stream, destroy the algorithm to prevent the key leaking.
if (algo != null)
{
try
{
algo.Dispose();
}
catch (Exception disposalException)
{
throw new AggregateException(e, disposalException);
}
}
throw;
}
}
public DefaultHttpMessageCryptoService(ISymmetricAlgorithm symmetricAlgorithm, IHashAlgorithm hashAlgorithm, ITimestampProvider<string> timestampProvider)
{
if (symmetricAlgorithm == null)
{
throw new ArgumentNullException("symmetricAlgorithm");
}
if (hashAlgorithm == null)
{
throw new ArgumentNullException("hashAlgorithm");
}
if (timestampProvider == null)
{
throw new ArgumentNullException("timestampProvider");
}
this.symmetricAlgorithm = symmetricAlgorithm;
this.hashAlgorithm = hashAlgorithm;
this.timestampProvider = timestampProvider;
}
private byte[] Decrypt(ISymmetricAlgorithm algo, byte[] ivAndCiphertext)
{
// The encrypted payload's first block is the IV, the rest is cipher text.
byte[] iv, ciphertext;
DecodeCiphertext(ivAndCiphertext, out iv, out ciphertext);
algo.IV = iv;
using (var inputStream = new MemoryStream(ciphertext))
{
using (ICryptoTransform decryptor = algo.CreateDecryptor())
{
using (var cryptoStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read))
{
using (var resultStream = new MemoryStream())
{
cryptoStream.CopyTo(resultStream);
return(resultStream.ToArray());
}
}
}
}
}
public ISymmetricAlgorithm CreateAlgorithm(string name, int keyBits, CipherMode mode, PaddingMode padding)
{
ISymmetricAlgorithm algo = null;
try
{
algo = new SymmetricAlgorithmWrapper(SymmetricAlgorithm.Create(name))
{
KeyBits = keyBits,
Mode = mode,
Padding = padding
};
return(algo);
}
catch
{
if (algo != null)
{
algo.Dispose();
}
throw;
}
}
internal static ICryptoTransform NewEncryptor(ISymmetricAlgorithm algorithm, Type type, byte[] rgbKey, ExtendedCipherMode mode, byte[] rgbIv, TransformDirection encryptDirection)
{
if (rgbKey == null)
{
rgbKey = algorithm.GenerateNonWeakKey();
}
if ((mode != ExtendedCipherMode.ECB) && (rgbIv == null))
{
rgbIv = new byte[algorithm.BlockSize / 8];
RandomNumberGeneratorSingleton.GetBytes(rgbIv);
}
ConstructorInfo constructor = type.GetConstructor(BindingFlags.Instance | BindingFlags.NonPublic, null,
new[] { typeof(ISymmetricAlgorithm), typeof(byte[]), typeof(byte[]),
typeof(TransformDirection)}, null);
return (ICryptoTransform)constructor.Invoke(new object[] {algorithm, rgbKey, rgbIv, encryptDirection});
//return (ICryptoTransform)Activator.CreateInstance(type, BindingFlags.NonPublic, null, new object[] { algorithm, rgbKey, rgbIv, encryptDirection }, null);
}
/// <summary>
/// Creates a new managed transform instance, reading necessary
/// setting values from the provided <see cref="ISymmetricAlgorithm" />
/// instance.
/// </summary>
/// <param name="algorithm">
/// A <see cref="ISymmetricAlgorithm" /> instance from which to take
/// setting values.
/// </param>
/// <param name="rgbIv">
/// The initialization vector to use.
/// </param>
/// <param name="transformDirection">
/// The direction of the transform (encryption or decryption).
/// </param>
/// <param name="endianness">
/// The endianness convention for the algorithm.
/// </param>
protected ManagedTransformBase(ISymmetricAlgorithm algorithm, byte[] rgbIv, TransformDirection transformDirection, Endianness endianness)
{
Endianness = endianness;
_bytesToWords = endianness == Endianness.Little
? (BytesToWords)Utils.BytesToWordsLittleEndian
: Utils.BytesToWordsBigEndian;
_writeWordsIntoBytes = endianness == Endianness.Little
? (WriteWordsIntoBytes)Utils.WriteWordsIntoBytesLittleEndian
: Utils.WriteWordsIntoBytesBigEndian;
PaddingMode = algorithm.Padding;
BlockSizeBytes = algorithm.BlockSize >> 3;
Mode = algorithm.ExtendedMode;
NonceCombinationMode = algorithm.NonceCombinationMode;
_registerShiftSize = algorithm.RegisterShiftSize;
_feedbackValue = new byte[BlockSizeBytes];
_iv = new byte[BlockSizeBytes];
if (rgbIv != null)
{
rgbIv.CopyTo(_feedbackValue, 0);
rgbIv.CopyTo(_iv, 0);
if (Mode == ExtendedCipherMode.CTR)
{
switch (NonceCombinationMode)
{
case NonceCombinationMode.Concatenate:
_counterSize = BlockSizeBytes - rgbIv.Length;
_counter = new byte[_counterSize];
break;
case NonceCombinationMode.Xor:
_counterSize = BlockSizeBytes;
_counter = new byte[_counterSize];
break;
case NonceCombinationMode.Add:
_counterSize = BlockSizeBytes;
_counter = (byte[])_feedbackValue.Clone();
break;
}
_initial = true;
}
}
_transformDirection = transformDirection;
}
private static byte[] Encrypt(ISymmetricAlgorithm algorithm, byte[] plaintext)
{
using (var outputStream = new MemoryStream())
{
using (ICryptoTransform encryptor = algorithm.CreateEncryptor())
{
using (var cryptoStream = new CryptoStream(outputStream, encryptor, CryptoStreamMode.Write))
{
// write the IV to the top of the output stream
outputStream.Write(algorithm.IV, 0, algorithm.IV.Length);
// and then write the rest of the payload as ciphertext
cryptoStream.Write(plaintext, 0, plaintext.Length);
cryptoStream.FlushFinalBlock();
cryptoStream.Flush();
return outputStream.ToArray();
}
}
}
}
/// <summary>
/// 构造一个 <see cref="ByteArrayEncryptionProvider"/>。
/// </summary>
/// <param name="symmetric">给定的 <see cref="ISymmetricAlgorithm"/>。</param>
/// <param name="algorithms">给定的 <see cref="AlgorithmOptions"/>。</param>
public ByteArrayEncryptionProvider(ISymmetricAlgorithm symmetric,
AlgorithmOptions algorithms)
{
_symmetric = symmetric;
_algorithms = algorithms;
}
internal SerpentManagedTransform(ISymmetricAlgorithm algorithm, byte[] rgbKey, byte[] rgbIv, TransformDirection transformDirection)
: base(algorithm, rgbIv, transformDirection, Endianness.Little)
{
_key = rgbKey;
ComputeKeySchedule();
}
public InternalSymmetricAlgorithmTests()
{
_algorithm = CoreExtensionBuilderHelper.CurrentServices.GetRequiredService <ISymmetricAlgorithm>();
}
private byte[] Decrypt(ISymmetricAlgorithm algo, byte[] ivAndCiphertext)
{
// The encrypted payload's first block is the IV, the rest is cipher text.
byte[] iv, ciphertext;
DecodeCiphertext(ivAndCiphertext, out iv, out ciphertext);
algo.IV = iv;
using (var inputStream = new MemoryStream(ciphertext))
{
using (ICryptoTransform decryptor = algo.CreateDecryptor())
{
using (var cryptoStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read))
{
using (var resultStream = new MemoryStream())
{
cryptoStream.CopyTo(resultStream);
return resultStream.ToArray();
}
}
}
}
}
internal SymmetricAlgorithm(ISymmetricAlgorithm underlyingAlgorithm)
{
Debug.Assert(underlyingAlgorithm != null);
_underlyingAlgorithm = underlyingAlgorithm;
}
