public string HashText(string text, string salt, SHA256 hasher)
{
byte[] textWithSaltBytes = Encoding.UTF8.GetBytes(string.Concat(text, salt));
byte[] hashedBytes = hasher.ComputeHash(textWithSaltBytes);
hasher.Clear();
return(Convert.ToBase64String(hashedBytes));
}
/// <summary>
/// Encrypt a string using dual encryption method. Return a encrypted cipher Text
/// </summary>
/// <param name="text">string to be encrypted</param>
/// <param name="useHashing">use hashing? send to for extra secirity</param>
/// <returns></returns>
public static string Encrypt(string text)
{
byte[] textBytes = UTF8Encoding.UTF8.GetBytes(text);
SHA256 sha256 = SHA256.Create();
byte[] keyEncoded = sha256.ComputeHash(key);
sha256.Clear();
RijndaelManaged SymmetricKey = new RijndaelManaged();
SymmetricKey.Mode = CipherMode.CBC;
SymmetricKey.Padding = PaddingMode.Zeros;
byte[] CipherTextBytes = null;
using (ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(keyEncoded, salt))
{
using (MemoryStream MemStream = new MemoryStream())
{
using (CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write))
{
CryptoStream.Write(textBytes, 0, textBytes.Length);
CryptoStream.FlushFinalBlock();
CipherTextBytes = MemStream.ToArray();
MemStream.Close();
CryptoStream.Close();
}
}
}
SymmetricKey.Clear();
return(Convert.ToBase64String(CipherTextBytes));
}
static void Main(string[] args)
{
if (args.Length > 0)
{
string path = args[0];
if (File.Exists(path))
{
string hash;
var file = new FileInfo(path);
using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read))
{
SHA256 sha256 = SHA256.Create();
Byte[] buffer = sha256.ComputeHash(fs);
sha256.Clear();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < buffer.Length; i++)
{
sb.Append(buffer[i].ToString("x2"));
}
hash = sb.ToString();
}
Console.WriteLine("------");
Console.WriteLine($"SHA256:{hash}");
Console.WriteLine("------");
return;
}
}
}
public String SHA256CheckSum(string input_file)
{
if (!File.Exists(@input_file))
{
return(String.Empty);
}
SHA256 sha = SHA256.Create();
StringBuilder sb = new StringBuilder();
try
{
FileStream input_f = File.OpenRead(input_file);
byte[] out_bytes = sha.ComputeHash(input_f);
foreach (byte o in out_bytes)
{
sb.Append(o.ToString("x2"));
}
sha.Clear();
input_f.Close();
}
catch { return(String.Empty); }
return(sb.ToString());
}
private string HashPassword(string password)
{
using (SHA256 mySHA256 = SHA256.Create())
{
byte[] hashedBytes = mySHA256.ComputeHash(Encoding.UTF8.GetBytes(password));
mySHA256.Clear();
return(Convert.ToBase64String(hashedBytes));
}
}
/// <exception cref="NetMQSecurityException">The Finished message must not be received while expecting a another message.</exception>
/// <exception cref="NetMQSecurityException">The peer verification data must be valid.</exception>
private void OnFinished(NetMQMessage incomingMessage, OutgoingMessageBag outgoingMessages)
{
if (
(SecurityParameters.Entity == ConnectionEnd.Client &&
(!m_secureChannel.ChangeSuiteChangeArrived ||
m_lastReceivedMessage != HandshakeType.ServerHelloDone || m_lastSentMessage != HandshakeType.Finished)) ||
(SecurityParameters.Entity == ConnectionEnd.Server &&
(!m_secureChannel.ChangeSuiteChangeArrived ||
m_lastReceivedMessage != HandshakeType.ClientKeyExchange || m_lastSentMessage != HandshakeType.ServerHelloDone)))
{
throw new NetMQSecurityException(NetMQSecurityErrorCode.HandshakeUnexpectedMessage, "Finished received when expecting another message");
}
if (SecurityParameters.Entity == ConnectionEnd.Server)
{
HashLocal(incomingMessage);
}
var finishedMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3)?
new V0_2.HandshakeMessages.FinishedMessage():
new FinishedMessage();
finishedMessage.SetFromNetMQMessage(incomingMessage);
m_remoteHash.TransformFinalBlock(EmptyArray <byte> .Instance, 0, 0);
byte[] seed = m_remoteHash.Hash;
#if NET40
m_remoteHash.Dispose();
#else
m_remoteHash.Clear();
#endif
m_remoteHash = null;
var label = SecurityParameters.Entity == ConnectionEnd.Client ? ServerFinishedLabel : ClientFinshedLabel;
var verifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength);
#if DEBUG
Debug.WriteLine("[verify_data]:" + BitConverter.ToString(verifyData));
#endif
if (!verifyData.SequenceEqual(finishedMessage.VerifyData))
{
throw new NetMQSecurityException(NetMQSecurityErrorCode.HandshakeVerifyData, "peer verify data wrong");
}
if (SecurityParameters.Entity == ConnectionEnd.Server)
{
AddFinished(outgoingMessages);
#if DEBUG
Debug.WriteLine("[finish]");
#endif
}
m_done = true;
}
/// <summary>
/// シード値を生成します
/// </summary>
/// <param name="str">生成元バイト配列</param>
/// <returns>シード値</returns>
public static byte[] CreateSeed(byte[] str)
{
byte[] baseStr = str;
SHA256 sha = SHA256.Create();
byte[] seed = sha.ComputeHash(baseStr);
sha.Clear();
return(seed);
}
/// <summary>
/// シード値を生成します
/// </summary>
/// <param name="str">生成元文字列</param>
/// <returns>シード値</returns>
public static byte[] CreateSeed(string str)
{
byte[] baseStr = Encoding.UTF8.GetBytes(str);
SHA256 sha = SHA256.Create();
byte[] seed = sha.ComputeHash(baseStr);
sha.Clear();
return(seed);
}
private Byte[] CreateSHA256FromFile(String Path)
{
FileStream fileStream = File.Open(Path, FileMode.Open);
mySHAGenerator = SHA256Managed.Create();
Byte[] myHash = mySHAGenerator.ComputeHash(fileStream);
mySHAGenerator.Clear();
fileStream.Close();
return(myHash);
}
public static string FromString(string content)
{
string result = null;
using (SHA256 sha = SHA256.Create())
using (BytesConverter bc = new BytesConverter())
{
result = bc.ToHexString(sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(content)));
sha.Clear();
}
return(result);
}
public static string FromStream(Stream contentStream)
{
string result = null;
using (SHA256 sha = SHA256.Create())
using (BytesConverter bc = new BytesConverter())
{
result = bc.ToHexString(sha.ComputeHash(contentStream));
sha.Clear();
}
return(result);
}
public static string FromContent(byte[] content, int offset, int count)
{
string result = null;
using (SHA256 sha = SHA256.Create())
using (BytesConverter bc = new BytesConverter())
{
result = bc.ToHexString(sha.ComputeHash(content, offset, count));
sha.Clear();
}
return(result);
}
public static string FromFile(string path, int buffersize)
{
string result = null;
using (SHA256 sha = SHA256.Create())
using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.ReadWrite, buffersize))
using (BytesConverter bc = new BytesConverter())
{
result = bc.ToHexString(sha.ComputeHash(fs));
sha.Clear();
}
return(result);
}
/// <summary>
/// DeCrypt a string using dual encryption method. Return a DeCrypted clear string
/// </summary>
/// <param name="cipherString">encrypted string</param>
/// <param name="useHashing">Did you use hashing to encrypt this data? pass true is yes</param>
/// <returns></returns>
public static string Decrypt(string CipherText)
{
byte[] CipherTextBytes = Convert.FromBase64String(CipherText);
SHA256 sha256 = SHA256.Create();
byte[] keyEncoded = sha256.ComputeHash(key);
sha256.Clear();
RijndaelManaged SymmetricKey = new RijndaelManaged();
SymmetricKey.Mode = CipherMode.CBC;
SymmetricKey.Padding = PaddingMode.Zeros;
byte[] PlainTextBytes = new byte[CipherTextBytes.Length];
int count = 0;
int ByteCount = 0;
using (ICryptoTransform Decryptor = SymmetricKey.CreateDecryptor(keyEncoded, salt))
{
using (MemoryStream MemStream = new MemoryStream(CipherTextBytes))
{
using (CryptoStream CryptoStream = new CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read))
{
ByteCount = CryptoStream.Read(PlainTextBytes, 0, PlainTextBytes.Length);
MemStream.Close();
CryptoStream.Close();
}
}
}
SymmetricKey.Clear();
for (int i = PlainTextBytes.Length - 1; i >= 0; i--)
{
if (PlainTextBytes[i] == 0)
{
count++;
}
}
byte[] oldData = PlainTextBytes;
ByteCount = PlainTextBytes.Length - count;
PlainTextBytes = new byte[ByteCount];
Buffer.BlockCopy(oldData, 0, PlainTextBytes, 0, ByteCount);
return(Encoding.UTF8.GetString(PlainTextBytes, 0, ByteCount));
}
// ファイルハッシュ化
private string GetHash(string targetFile)
{
using (FileStream fs = new FileStream(targetFile, FileMode.Open, FileAccess.Read, FileShare.Read))
{
byte[] tempBytes;
switch (GlobalItem.HashMode)
{
case GlobalItem.EHashMode.SHA256:
SHA256 sha256 = SHA256.Create();
tempBytes = sha256.ComputeHash(fs);
sha256.Clear();
return(BitConverter.ToString(tempBytes).Replace("-", ""));
case GlobalItem.EHashMode.CRC32:
int CRC32_TABLELENGTH = 256;
int CRC32_BUFLENGTH = 255;
uint[] crcTable = new uint[CRC32_TABLELENGTH];
for (uint i = 0; i < CRC32_TABLELENGTH; i++)
{
var x = i;
for (int j = 0; j < 8; j++)
{
x = (uint)((x & 1) == 0 ? x >> 1 : -306674912 ^ x >> 1);
}
crcTable[i] = x;
}
byte[] buf = new byte[fs.Length];
fs.Read(buf, 0, buf.Length);
uint num = uint.MaxValue;
for (int i = 0; i < buf.Length; i++)
{
num = crcTable[(num ^ buf[i]) & CRC32_BUFLENGTH] ^ num >> 8;
}
tempBytes = BitConverter.GetBytes((uint)(num ^ -1));
if (BitConverter.IsLittleEndian)
{
Array.Reverse(tempBytes);
}
return(BitConverter.ToString(tempBytes).Replace("-", ""));
case GlobalItem.EHashMode.MD5:
default:
MD5 md5 = MD5.Create();
tempBytes = md5.ComputeHash(fs);
md5.Clear();
return(BitConverter.ToString(tempBytes).Replace("-", ""));
}
}
}
private string Hash(string input)
{
string output = "";
using (SHA256 mySHA256 = SHA256.Create())
{
var result = mySHA256
.ComputeHash(
Encoding.ASCII.GetBytes(input));
output = Encoding.Default.GetString(result);
mySHA256.Clear();
}
return(output);
}
private bool DecryptSecret(byte[] yubiResp, ChallengeInfo inf, out byte[] secret)
{
secret = new byte[keyLenBytes];
if (inf.IV == null)
{
return(false);
}
if (inf.Verification == null)
{
return(false);
}
//use the response to decrypt the secret
SHA256 sha = SHA256Managed.Create();
byte[] key = sha.ComputeHash(yubiResp); // get a 256 bit key from the 160 bit hmac response
StandardAesEngine aes = new StandardAesEngine();
using (MemoryStream msDecrypt = new MemoryStream(inf.EncryptedSecret))
{
using (CryptoStream csDecrypt = (CryptoStream)aes.DecryptStream(msDecrypt, key, inf.IV))
{
csDecrypt.Read(secret, 0, secret.Length);
csDecrypt.Close();
}
msDecrypt.Close();
}
byte[] secretHash = sha.ComputeHash(secret);
for (int i = 0; i < secretHash.Length; i++)
{
if (secretHash[i] != inf.Verification[i])
{
//wrong response
Array.Clear(secret, 0, secret.Length);
return(false);
}
}
//return the secret
sha.Clear();
return(true);
}
private static bool DecryptSecret(byte[] encryptedSecret, byte[] yubiResp, byte[] iv, byte[] verification, out byte[] secret)
{
//use the response to decrypt the secret
SHA256 sha = SHA256Managed.Create();
byte[] key = sha.ComputeHash(yubiResp); // get a 256 bit key from the 160 bit hmac response
AesManaged aes = new AesManaged();
aes.KeySize = key.Length * sizeof(byte) * 8; //pedantic, but foolproof
aes.Key = key;
aes.IV = iv;
aes.Padding = PaddingMode.PKCS7;
secret = new byte[keyLenBytes];
ICryptoTransform dec = aes.CreateDecryptor();
using (MemoryStream msDecrypt = new MemoryStream(encryptedSecret))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, dec, CryptoStreamMode.Read))
{
csDecrypt.Read(secret, 0, secret.Length);
csDecrypt.Close();
csDecrypt.Clear();
}
msDecrypt.Close();
}
byte[] secretHash = sha.ComputeHash(secret);
for (int i = 0; i < secretHash.Length; i++)
{
if (secretHash[i] != verification[i])
{
MessageService.ShowWarning("Incorrect response!");
Array.Clear(secret, 0, secret.Length);
return(false);
}
}
//return the secret
sha.Clear();
aes.Clear();
return(true);
}
/// <summary>
/// Creates the initial genesis block used in a blockchain
/// </summary>
/// <param name="block">output</param>
/// <search>
/// create, block, hash, sha256, blockchain, genesis, start
/// </search>
public static Block CreateGenesisBlock()
{
int index = 0;
DateTime timestamp = DateTime.Now;
string data = "Genesis Block";
string str = index.ToString() + timestamp.ToString() + data.ToString();
SHA256 hash = SHA256.Create();
using (MemoryStream ms = new MemoryStream(System.Text.Encoding.UTF8.GetBytes(str)))
{
hash.ComputeHash(ms);
}
SHA256 previousHash = SHA256.Create();
previousHash.Clear();
Block blk = dtBlockchain.Block.Create(index, timestamp, data, hash, previousHash);
return(blk);
}
public string encriptar(string pw)
{
string salt = "asdsadSapkfmpakfmapkfmasdasdh";
int iteraciones = 1500;
SHA256 sha256 = SHA256.Create();
string finalContra = pw + salt;
byte[] bytesPassword = System.Text.Encoding.UTF8.GetBytes(finalContra);
try
{
for (int i = 0; i <= iteraciones - 1; i++)
{
bytesPassword = sha256.ComputeHash(bytesPassword);
}
}
finally
{
sha256.Clear();
}
return(BitConverter.ToString(bytesPassword).Replace("-", ""));
}
/// <summary>
/// A method for generating encrypted ChallengeInfo to be saved. For security, this method should
/// be called every time you get a successful challenge-response pair from the Yubikey. Failure to
/// do so will permit password re-use attacks.
/// </summary>
/// <param name="secret">The un-encrypted secret</param>
/// <returns>A fully populated ChallengeInfo object ready to be saved</returns>
public ChallengeInfo Encrypt(byte[] secret)
{
//generate a random challenge for use next time
byte[] challenge = GenerateChallenge();
//generate the expected HMAC-SHA1 response for the challenge based on the secret
byte[] resp = GenerateResponse(challenge, secret);
//use the response to encrypt the secret
SHA256 sha = SHA256Managed.Create();
byte[] key = sha.ComputeHash(resp); // get a 256 bit key from the 160 bit hmac response
byte[] secretHash = sha.ComputeHash(secret);
StandardAesEngine aes = new StandardAesEngine();
const uint aesIVLenBytes = 16;
byte[] IV = CryptoRandom.Instance.GetRandomBytes(aesIVLenBytes);
byte[] encrypted;
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = (CryptoStream)aes.EncryptStream(msEncrypt, key, IV))
{
csEncrypt.Write(secret, 0, secret.Length);
csEncrypt.Close();
}
encrypted = msEncrypt.ToArray();
msEncrypt.Close();
}
ChallengeInfo inf = new ChallengeInfo(encrypted, IV, challenge, secretHash, LT64);
sha.Clear();
return(inf);
}
// FIXME [KeyContainerPermission (SecurityAction.Assert, KeyContainerName = "DAPI",
// Flags = KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Decrypt)]
public static byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope)
{
if (encryptedData == null)
{
throw new ArgumentNullException("encryptedData");
}
byte[] decdata = null;
Rijndael aes = Rijndael.Create();
RSA rsa = GetKey(scope);
int headerSize = (rsa.KeySize >> 3);
bool valid1 = (encryptedData.Length >= headerSize);
if (!valid1)
{
headerSize = encryptedData.Length;
}
byte[] header = new byte[headerSize];
Buffer.BlockCopy(encryptedData, 0, header, 0, headerSize);
byte[] secret = null;
byte[] key = null;
byte[] iv = null;
bool valid2 = false;
bool valid3 = false;
bool valid4 = false;
SHA256 hash = SHA256.Create();
try
{
try
{
RSAOAEPKeyExchangeDeformatter deformatter = new RSAOAEPKeyExchangeDeformatter(rsa);
secret = deformatter.DecryptKeyExchange(header);
valid2 = (secret.Length == 68);
}
catch
{
valid2 = false;
}
if (!valid2)
{
secret = new byte[68];
}
// known values for structure (version 1 or 2)
valid3 = ((secret[1] == 16) && (secret[18] == 16) && (secret[35] == 32));
key = new byte[16];
Buffer.BlockCopy(secret, 2, key, 0, 16);
iv = new byte[16];
Buffer.BlockCopy(secret, 19, iv, 0, 16);
if ((optionalEntropy != null) && (optionalEntropy.Length > 0))
{
// the decrypted data won't be valid if the entropy isn't
// the same as the one used to protect (encrypt) it
byte[] mask = hash.ComputeHash(optionalEntropy);
for (int i = 0; i < 16; i++)
{
key[i] ^= mask[i];
iv[i] ^= mask[i + 16];
}
valid3 &= (secret[0] == 2); // with entropy
}
else
{
valid3 &= (secret[0] == 1); // without entropy
}
using (MemoryStream ms = new MemoryStream())
{
ICryptoTransform t = aes.CreateDecryptor(key, iv);
using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write))
{
try
{
cs.Write(encryptedData, headerSize, encryptedData.Length - headerSize);
cs.Close();
}
catch
{
// whatever, we keep going
}
}
decdata = ms.ToArray();
}
byte[] digest = hash.ComputeHash(decdata);
valid4 = true;
for (int i = 0; i < 32; i++)
{
if (digest[i] != secret[36 + i])
{
valid4 = false;
}
}
}
finally
{
if (key != null)
{
Array.Clear(key, 0, key.Length);
key = null;
}
if (secret != null)
{
Array.Clear(secret, 0, secret.Length);
secret = null;
}
if (iv != null)
{
Array.Clear(iv, 0, iv.Length);
iv = null;
}
aes.Clear();
hash.Clear();
}
// single point of error (also limits timing informations)
if (!valid1 || !valid2 || !valid3 || !valid4)
{
if (decdata != null)
{
Array.Clear(decdata, 0, decdata.Length);
decdata = null;
}
throw new CryptographicException("Invalid data.");
}
return(decdata);
}
// FIXME [KeyContainerPermission (SecurityAction.Assert, KeyContainerName = "DAPI",
// Flags = KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Create)]
public static byte[] Protect(byte[] userData, byte[] optionalEntropy, DataProtectionScope scope)
{
if (userData == null)
{
throw new ArgumentNullException("userData");
}
Rijndael aes = Rijndael.Create();
aes.KeySize = 128;
byte[] encdata = null;
using (MemoryStream ms = new MemoryStream())
{
ICryptoTransform t = aes.CreateEncryptor();
using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write))
{
cs.Write(userData, 0, userData.Length);
cs.Close();
encdata = ms.ToArray();
}
}
byte[] key = null;
byte[] iv = null;
byte[] secret = null;
byte[] header = null;
SHA256 hash = SHA256.Create();
try
{
key = aes.Key;
iv = aes.IV;
secret = new byte[1 + 1 + 16 + 1 + 16 + 1 + 32];
byte[] digest = hash.ComputeHash(userData);
if ((optionalEntropy != null) && (optionalEntropy.Length > 0))
{
// the same optionalEntropy will be required to get the data back
byte[] mask = hash.ComputeHash(optionalEntropy);
for (int i = 0; i < 16; i++)
{
key[i] ^= mask[i];
iv[i] ^= mask[i + 16];
}
secret[0] = 2; // entropy
}
else
{
secret[0] = 1; // without entropy
}
secret[1] = 16; // key size
Buffer.BlockCopy(key, 0, secret, 2, 16);
secret[18] = 16; // iv size
Buffer.BlockCopy(iv, 0, secret, 19, 16);
secret[35] = 32; // digest size
Buffer.BlockCopy(digest, 0, secret, 36, 32);
RSAOAEPKeyExchangeFormatter formatter = new RSAOAEPKeyExchangeFormatter(GetKey(scope));
header = formatter.CreateKeyExchange(secret);
}
finally
{
if (key != null)
{
Array.Clear(key, 0, key.Length);
key = null;
}
if (secret != null)
{
Array.Clear(secret, 0, secret.Length);
secret = null;
}
if (iv != null)
{
Array.Clear(iv, 0, iv.Length);
iv = null;
}
aes.Clear();
hash.Clear();
}
byte[] result = new byte[header.Length + encdata.Length];
Buffer.BlockCopy(header, 0, result, 0, header.Length);
Buffer.BlockCopy(encdata, 0, result, header.Length, encdata.Length);
return(result);
}
/// <summary>
/// Decrypt salted data using keys linked to the user account.
/// </summary>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="optionalEntropy">The salt to apply to the data after decryption.</param>
/// <returns>The decrypted data.</returns>
public static byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy)
{
if (encryptedData == null)
{
throw new ArgumentNullException("encryptedData");
}
byte[] decdata = null;
Rijndael aes = Rijndael.Create();
RSA rsa = GetKey();
int headerSize = rsa.KeySize >> 3;
bool valid1 = encryptedData.Length >= headerSize;
if (!valid1)
{
headerSize = encryptedData.Length;
}
byte[] header = new byte[headerSize];
Buffer.BlockCopy(encryptedData, 0, header, 0, headerSize);
byte[] secret = null;
byte[] key = null;
byte[] iv = null;
bool valid2 = false;
bool valid3 = false;
bool valid4 = false;
SHA256 hash = SHA256.Create();
try
{
try
{
RSAOAEPKeyExchangeDeformatter deformatter = new RSAOAEPKeyExchangeDeformatter(rsa);
secret = deformatter.DecryptKeyExchange(header);
valid2 = secret.Length == 68;
}
catch
{
valid2 = false;
}
if (!valid2)
{
secret = new byte[68];
}
valid3 = (secret[1] == 16) && (secret[18] == 16) && (secret[35] == 32);
key = new byte[16];
Buffer.BlockCopy(secret, 2, key, 0, 16);
iv = new byte[16];
Buffer.BlockCopy(secret, 19, iv, 0, 16);
if ((optionalEntropy != null) && (optionalEntropy.Length > 0))
{
byte[] mask = hash.ComputeHash(optionalEntropy);
for (int i = 0; i < 16; i++)
{
key[i] ^= mask[i];
iv[i] ^= mask[i + 16];
}
valid3 &= secret[0] == 2;
}
else
{
valid3 &= secret[0] == 1;
}
using (MemoryStream ms = new MemoryStream())
{
ICryptoTransform t = aes.CreateDecryptor(key, iv);
using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write))
{
try
{
cs.Write(encryptedData, headerSize, encryptedData.Length - headerSize);
cs.Close();
}
catch { }
}
decdata = ms.ToArray();
}
byte[] digest = hash.ComputeHash(decdata);
valid4 = true;
for (int i = 0; i < 32; i++)
{
if (digest[i] != secret[36 + i])
{
valid4 = false;
}
}
}
finally
{
if (key != null)
{
Array.Clear(key, 0, key.Length);
key = null;
}
if (secret != null)
{
Array.Clear(secret, 0, secret.Length);
secret = null;
}
if (iv != null)
{
Array.Clear(iv, 0, iv.Length);
iv = null;
}
aes.Clear();
hash.Clear();
}
if (!valid1 || !valid2 || !valid3 || !valid4)
{
if (decdata != null)
{
Array.Clear(decdata, 0, decdata.Length);
decdata = null;
}
throw new CryptographicException("Invalid data.");
}
return(decdata);
}
public void Dispose()
{
_sha256.Clear();
_sha256.Dispose();
}
private bool EncryptAndSave(byte[] secret)
{
//generate a random challenge for use next time
byte[] challenge = GenerateChallenge();
//generate the expected HMAC-SHA1 response for the challenge based on the secret
byte[] resp = GenerateResponse(challenge, secret);
//use the response to encrypt the secret
SHA256 sha = SHA256Managed.Create();
byte[] key = sha.ComputeHash(resp); // get a 256 bit key from the 160 bit hmac response
byte[] secretHash = sha.ComputeHash(secret);
AesManaged aes = new AesManaged();
aes.KeySize = key.Length * sizeof(byte) * 8; //pedantic, but foolproof
aes.Key = key;
aes.GenerateIV();
aes.Padding = PaddingMode.PKCS7;
byte[] iv = aes.IV;
byte[] encrypted;
ICryptoTransform enc = aes.CreateEncryptor();
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, enc, CryptoStreamMode.Write))
{
csEncrypt.Write(secret, 0, secret.Length);
csEncrypt.FlushFinalBlock();
encrypted = msEncrypt.ToArray();
csEncrypt.Close();
csEncrypt.Clear();
}
msEncrypt.Close();
}
sha.Clear();
aes.Clear();
Stream s = null;
try
{
FileTransactionEx ft = new FileTransactionEx(mInfo,
false);
s = ft.OpenWrite();
XmlWriterSettings settings = new XmlWriterSettings();
settings.CloseOutput = true;
settings.Indent = true;
settings.IndentChars = "\t";
settings.NewLineOnAttributes = true;
XmlWriter xml = XmlWriter.Create(s, settings);
xml.WriteStartDocument();
xml.WriteStartElement("data");
xml.WriteStartElement("aes");
xml.WriteElementString("encrypted", Convert.ToBase64String(encrypted));
xml.WriteElementString("iv", Convert.ToBase64String(iv));
xml.WriteEndElement();
xml.WriteElementString("challenge", Convert.ToBase64String(challenge));
xml.WriteElementString("verification", Convert.ToBase64String(secretHash));
xml.WriteElementString("lt64", LT64.ToString());
xml.WriteEndElement();
xml.WriteEndDocument();
xml.Close();
ft.CommitWrite();
}
catch (Exception)
{
MessageService.ShowWarning(String.Format("Error: unable to write to file {0}", mInfo.Path));
return(false);
}
finally
{
s.Close();
}
return(true);
}
