/// <summary>
 ///     Create an AuthenticatedSymmetricAlgorithm which verifies the decryption operations done on it
 ///     have state which matches captured encryption state. This overload does not monitor for thread
 ///     safe access to the object.
 /// </summary>
 public static AuthenticatedSymmetricAlgorithm EnableDecryptionVerification(this AuthenticatedSymmetricAlgorithm loggedAlgorithm,
                                                                            AuthenticatedSymmetricEncryptionState encryptionState)
 {
     return(loggedAlgorithm.EnableDecryptionVerification(encryptionState,
                                                         new SymmetricAlgorithmDiagnosticOptions()
     {
         CheckThreadSafety = false
     }));
 }
Exemplo n.º 2
0
 internal AuthenticatedSymmetricAlgorithmVerifier(AuthenticatedSymmetricAlgorithm verificationAlgorithm,
                                                  AuthenticatedSymmetricEncryptionState encryptionState,
                                                  Predicate <CryptographyLockContext <SymmetricAlgorithm> > lockCheckCallback,
                                                  object lockCheckParameter)
     : base(verificationAlgorithm, lockCheckCallback, lockCheckParameter)
 {
     Debug.Assert(encryptionState != null, "encryptionState != null");
     m_encryptionState = encryptionState;
 }
        public static AuthenticatedSymmetricAlgorithm EnableDecryptionVerification(this AuthenticatedSymmetricAlgorithm loggedAlgorithm,
                                                                                   AuthenticatedSymmetricEncryptionState encryptionState,
                                                                                   SymmetricAlgorithmDiagnosticOptions options)
        {
            AuthenticatedSymmetricAlgorithm wrappedAlgorithm =
                (loggedAlgorithm as SymmetricAlgorithm).EnableDecryptionVerification(encryptionState, options) as AuthenticatedSymmetricAlgorithm;

            Debug.Assert(wrappedAlgorithm != null, "Logged authenticated algorithm did not wrap into an authenticated algortihm");
            return(wrappedAlgorithm);
        }
Exemplo n.º 4
0
        protected override void  OnDecryptorCreated(byte[] key, byte[] iv, byte[] authenticatedData, byte[] tag)
        {
            base.OnDecryptorCreated(key, iv, authenticatedData, tag);

            using (AuthenticatedSymmetricEncryptionState decryptionState =
                       new AuthenticatedSymmetricEncryptionState(key, iv, authenticatedData, WrappedAlgorithm))
            {
                m_encryptionState.VerifyDecryptionState(decryptionState);
            }
        }
        /// <summary>
        ///     Make a deep copy of the authenticated encryption state
        /// </summary>
        private AuthenticatedSymmetricEncryptionState(AuthenticatedSymmetricEncryptionState other)
            : base(other)
        {
            Debug.Assert(other != null, "other != null");

            m_cngChainingMode = other.m_cngChainingMode;

            if (other.m_authenticatedData != null)
            {
                m_authenticatedData = new byte[other.m_authenticatedData.Length];
                Array.Copy(other.m_authenticatedData, m_authenticatedData, m_authenticatedData.Length);
            }
        }
        /// <summary>
        ///     Verify that the input decryption state matches our encryption state, throwing an error if
        ///     they do not.
        /// </summary>
        internal override void VerifyDecryptionState(SymmetricEncryptionState decryptionState)
        {
            Debug.Assert(decryptionState != null, "decryptionState != null");

            // All of the symmetric algorithm comparisons need to match
            base.VerifyDecryptionState(decryptionState);

            AuthenticatedSymmetricEncryptionState authenticatedDecryptionState =
                decryptionState as AuthenticatedSymmetricEncryptionState;

            // The base verify decryption state should have caught an algorithm mismatch, which would be the
            // only way that we could be encrypting with an authenticated symmetric algortihm but decrypting
            // with an unauthenticated algorithm.
            Debug.Assert(authenticatedDecryptionState != null, "authenticatedDecryptionState != null");

            // If we have authenticated data, make sure it matches
            if (m_authenticatedData != null)
            {
                // If we have authenticated data, then the decryption state also needs to have authenticated
                // data, and that data needs to match.
                if (authenticatedDecryptionState.m_authenticatedData == null ||
                    !CompareBytes(m_authenticatedData, authenticatedDecryptionState.m_authenticatedData))
                {
                    ThrowDiagnosticException(Resources.AuthenticatedDataMismatch,
                                             m_authenticatedData.Length * 8,
                                             HexString(m_authenticatedData),
                                             authenticatedDecryptionState.m_authenticatedData != null ? authenticatedDecryptionState.m_authenticatedData.Length * 8 : 0,
                                             HexString(authenticatedDecryptionState.m_authenticatedData));
                }
            }
            else if (authenticatedDecryptionState.m_authenticatedData != null)
            {
                // We had no authenticated data during encryption, but we have some during decryption, so we
                // have a mismatch.
                ThrowDiagnosticException(Resources.AuthenticatedDataMismatch,
                                         0,
                                         HexString(null),
                                         authenticatedDecryptionState.m_authenticatedData.Length * 8,
                                         HexString(authenticatedDecryptionState.m_authenticatedData));
            }

            // Make sure the CNG chaining modes match
            if (m_cngChainingMode != authenticatedDecryptionState.m_cngChainingMode)
            {
                ThrowDiagnosticException(Resources.CngChainingModeMismatch,
                                         m_cngChainingMode,
                                         authenticatedDecryptionState.m_cngChainingMode);
            }
        }
        protected override void  OnEncryptorCreated(byte[] key, byte[] iv, byte[] authenticatedData)
        {
            base.OnEncryptorCreated(key, iv, authenticatedData);

            // An encryptor is being created, which means that all of the encryption parameters must be set at
            // this point.  Capture them so that they can be extracted for later verification.

            if (m_lastCapturedEncryptionState != null)
            {
                m_lastCapturedEncryptionState.Dispose();
            }

            m_lastCapturedEncryptionState = new AuthenticatedSymmetricEncryptionState(key,
                                                                                      iv,
                                                                                      authenticatedData,
                                                                                      WrappedAlgorithm);
        }
        /// <summary>
        ///     Create a SymmetricAlgorithm which verifies the decryption operations done on it have state
        ///     which matches captured encryption state.
        /// </summary>
        public static SymmetricAlgorithm EnableDecryptionVerification(this SymmetricAlgorithm loggedAlgorithm,
                                                                      SymmetricEncryptionState encryptionState,
                                                                      SymmetricAlgorithmDiagnosticOptions options)
        {
            if (encryptionState == null)
            {
                throw new ArgumentNullException("encryptionState");
            }
            if (options == null)
            {
                throw new ArgumentNullException("options");
            }

#if !FXONLY_BUILD
            AuthenticatedSymmetricAlgorithm authenticatedLoggedAlgorithm =
                loggedAlgorithm as AuthenticatedSymmetricAlgorithm;

            if (authenticatedLoggedAlgorithm != null)
            {
                AuthenticatedSymmetricEncryptionState authenticatedEncryptionState =
                    encryptionState as AuthenticatedSymmetricEncryptionState;

                if (authenticatedEncryptionState == null)
                {
                    throw new ArgumentException(Resources.NeedAuthenticatedEncryptionState, "encryptionState");
                }

                return(new AuthenticatedSymmetricAlgorithmVerifier(authenticatedLoggedAlgorithm,
                                                                   authenticatedEncryptionState,
                                                                   options.CheckThreadSafety ? options.LockCheckCallback : null,
                                                                   options.CheckThreadSafety ? options.LockCheckParameter : null));
            }
            else
#endif // !FXONLY_BUILD
            {
                return(new SymmetricAlgorithmVerifier(loggedAlgorithm,
                                                      encryptionState,
                                                      options.CheckThreadSafety ? options.LockCheckCallback : null,
                                                      options.CheckThreadSafety ? options.LockCheckParameter : null));
            }
        }