public void AesGcm1000Rounds() { IShadowsocksAeadCipher aes = new AEAD_AES_128_GCM("password"); byte[] raw = new byte[1024]; for (int i = 0; i < 1000; i++) { RandomNumberGenerator.Fill(raw); var c = aes.EncryptTcp(raw); var p = aes.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } aes = new AEAD_AES_192_GCM("password2"); for (int i = 0; i < 1000; i++) { RandomNumberGenerator.Fill(raw); var c = aes.EncryptTcp(raw); var p = aes.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } aes = new AEAD_AES_256_GCM("password3"); for (int i = 0; i < 1000; i++) { RandomNumberGenerator.Fill(raw); var c = aes.EncryptTcp(raw); var p = aes.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } }
public async Task <WeChatPayPlatformCertificate> GetCertificateAsync(IWeChatPayClient client, WeChatPayOptions options) { // 如果证书序列号已缓存,则直接使用缓存的 var platformCert = _certDictionary.Values.Where(cert => cert.EffectiveTime <DateTime.Now && cert.ExpireTime> DateTime.Now).FirstOrDefault(); if (platformCert != null) { return(platformCert); } // 否则重新下载新的平台证书 var request = new WeChatPayCertificatesRequest(); var response = await client.ExecuteAsync(request, options); foreach (var certificate in response.Certificates) { // 若证书序列号未被缓存,解密证书并加入缓存 if (!_certDictionary.ContainsKey(certificate.SerialNo)) { switch (certificate.EncryptCertificate.Algorithm) { case nameof(AEAD_AES_256_GCM): { var certStr = AEAD_AES_256_GCM.Decrypt(certificate.EncryptCertificate.Nonce, certificate.EncryptCertificate.Ciphertext, certificate.EncryptCertificate.AssociatedData, options.V3Key); var cert = new WeChatPayPlatformCertificate { SerialNo = certificate.SerialNo, EffectiveTime = DateTime.Parse(certificate.EffectiveTime), ExpireTime = DateTime.Parse(certificate.ExpireTime), Certificate = new X509Certificate2(Encoding.ASCII.GetBytes(certStr)) }; _certDictionary.TryAdd(certificate.SerialNo, cert); } break; default: throw new WeChatPayException($"Unknown algorithm: {certificate.EncryptCertificate.Algorithm}"); } } } // 重新从缓存获取 platformCert = _certDictionary.Values.Where(cert => cert.EffectiveTime <DateTime.Now && cert.ExpireTime> DateTime.Now).FirstOrDefault(); if (platformCert != null) { return(platformCert); } else { throw new WeChatPayException("Download certificates failed!"); } }
/// <summary> /// Encrypts an input byte array using AES with a 256 bits key in GCM authenticated mode. /// </summary> /// <param name="text">The input byte array of the string to encrypt.</param> /// <param name="key">The encryption key being used.</param> /// <returns>The base64 encoded output string encrypted with AES.</returns> public static string Encrypt(byte[] text, byte[] key) { if (text == null) { throw new ArgumentNullException(nameof(text)); } if (key == null) { throw new ArgumentNullException(nameof(key)); } var aes = new AEAD_AES_256_GCM(); return(Convert.ToBase64String(aes.EncryptString(text, key))); }
/// <summary> /// Encrypts an input string using AES with a 256 bits key in GCM authenticated mode. /// </summary> /// <param name="text">The plain string input to encrypt.</param> /// <param name="key">The encryption key being used.</param> /// <returns>The base64 encoded output string encrypted with AES.</returns> public static string Encrypt(string text, string key) { if (string.IsNullOrEmpty(text)) { throw new ArgumentNullException(nameof(text)); } if (string.IsNullOrEmpty(key)) { throw new ArgumentNullException(nameof(key)); } var aes = new AEAD_AES_256_GCM(); return(Convert.ToBase64String(aes.EncryptString(text, key))); }
/// <summary> /// Encrypts an input byte array using AES with a 256 bits key in GCM authenticated mode. /// </summary> /// <param name="cipher">The byte array of the cipher to decrypt.</param> /// <param name="key">The encryption key being used.</param> /// <returns>The decrypted output string.</returns> public static string Decrypt(byte[] cipher, byte[] key) { if (cipher == null) { throw new ArgumentNullException(nameof(cipher)); } if (key == null) { throw new ArgumentNullException(nameof(key)); } var aes = new AEAD_AES_256_GCM(); return(Encoding.UTF8.GetString(aes.DecryptString(cipher, key))); }
/// <summary> /// Decrypts an input string using AES with a 256 bits key in GCM authenticated mode. /// </summary> /// <param name="cipher">The base64 encoded input cipher to decrypt.</param> /// <param name="key">The encryption key being used.</param> /// <returns>The decrypted output string.</returns> public static string Decrypt(string cipher, string key) { if (string.IsNullOrEmpty(cipher)) { throw new ArgumentNullException(nameof(cipher)); } if (string.IsNullOrEmpty(key)) { throw new ArgumentNullException(nameof(key)); } var aes = new AEAD_AES_256_GCM(); return(Encoding.UTF8.GetString(aes.DecryptString(cipher, key))); }
/// <summary> /// Loads JSON configuration key/values from a stream into a provider. /// </summary> /// <param name="stream">The stream to read.</param> public override void Load(Stream stream) { var source = (EncryptedJsonConfigurationSource)Source; try { var encryptedSettings = stream.ToBytes(); var aes = new AEAD_AES_256_GCM(); var settings = aes.DecryptString(encryptedSettings, source.Key); Data = EncryptedJsonConfigurationFileParser.Parse(new MemoryStream(settings)); } catch (JsonException e) { throw new FormatException("Could not parse the encrypted JSON file", e); } }
/// <summary> /// Loads JSON configuration key/values from a stream into a provider. /// </summary> public override void Load() { var source = (EncryptedJsonConfigurationSource)Source; try { var text = Convert.FromBase64String(File.ReadAllText(source.Path)); var aes = new AEAD_AES_256_GCM(); var settings = aes.DecryptString(text, source.Key); Data = EncryptedJsonConfigurationFileParser.Parse(new MemoryStream(settings)); } catch (JsonException e) { throw new FormatException("Could not parse the encrypted JSON file", e); } }
/// <summary> /// 将加密报文解密并反序列化 /// https://pay.weixin.qq.com/wiki/doc/apiv3/wechatpay/wechatpay4_2.shtml /// </summary> public T Parse(string body, string v3key) { T result = null; var notifyCiphertext = default(NotifyCiphertext); var resourcePlaintext = string.Empty; try { if (body.StartsWith("{") && body.EndsWith("}")) { notifyCiphertext = JsonSerializer.Deserialize <NotifyCiphertext>(body, jsonSerializerOptions); } } catch { } switch (notifyCiphertext.Resource.Algorithm) { case nameof(AEAD_AES_256_GCM): { resourcePlaintext = AEAD_AES_256_GCM.Decrypt(notifyCiphertext.Resource.Nonce, notifyCiphertext.Resource.Ciphertext, notifyCiphertext.Resource.AssociatedData, v3key); } break; default: throw new WeChatPayException("Unknown algorithm!"); } try { result = JsonSerializer.Deserialize <T>(resourcePlaintext, jsonSerializerOptions); } catch { } if (result == null) { result = Activator.CreateInstance <T>(); } result.Body = body; result.NotifyCiphertext = notifyCiphertext; result.ResourcePlaintext = resourcePlaintext; return(result); }
private async Task <X509Certificate2> LoadPlatformCertificateAsync(string serial, WeChatPayOptions options) { // 如果证书序列号已缓存,则直接使用缓存的 if (_platformCertificateManager.TryGetValue(serial, out var certificate2)) { return(certificate2); } // 否则重新下载新的平台证书 var request = new WeChatPayCertificatesRequest(); var response = await ExecuteAsync(request, options); foreach (var certificate in response.Certificates) { // 若证书序列号未被缓存,解密证书并加入缓存 if (!_platformCertificateManager.ContainsKey(certificate.SerialNo)) { switch (certificate.EncryptCertificate.Algorithm) { case nameof(AEAD_AES_256_GCM): { var certStr = AEAD_AES_256_GCM.Decrypt(certificate.EncryptCertificate.Nonce, certificate.EncryptCertificate.Ciphertext, certificate.EncryptCertificate.AssociatedData, options.V3Key); var cert = new X509Certificate2(Encoding.UTF8.GetBytes(certStr)); _platformCertificateManager.TryAdd(certificate.SerialNo, cert); } break; default: throw new WeChatPayException($"Unknown algorithm: {certificate.EncryptCertificate.Algorithm}"); } } } // 重新从缓存获取 if (_platformCertificateManager.TryGetValue(serial, out certificate2)) { return(certificate2); } else { throw new WeChatPayException("Download certificates failed!"); } }
public void AesGcmBasics() { byte[] raw = new byte[1024]; RandomNumberGenerator.Fill(raw); IShadowsocksAeadCipher aead = new AEAD_AES_128_GCM("password"); { var c = aead.EncryptUdp(raw); var p = aead.DecryptUdp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } { RandomNumberGenerator.Fill(raw); var c = aead.EncryptTcp(raw); var p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); RandomNumberGenerator.Fill(raw); c = aead.EncryptTcp(raw); p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); RandomNumberGenerator.Fill(raw); c = aead.EncryptTcp(raw); p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } aead = new AEAD_AES_192_GCM("password"); { RandomNumberGenerator.Fill(raw); var c = aead.EncryptUdp(raw); var p = aead.DecryptUdp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } { RandomNumberGenerator.Fill(raw); var c = aead.EncryptTcp(raw); var p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); RandomNumberGenerator.Fill(raw); c = aead.EncryptTcp(raw); p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); RandomNumberGenerator.Fill(raw); c = aead.EncryptTcp(raw); p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } aead = new AEAD_AES_256_GCM("password"); { RandomNumberGenerator.Fill(raw); var c = aead.EncryptUdp(raw); var p = aead.DecryptUdp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } { RandomNumberGenerator.Fill(raw); var c = aead.EncryptTcp(raw); var p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); RandomNumberGenerator.Fill(raw); c = aead.EncryptTcp(raw); p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); RandomNumberGenerator.Fill(raw); c = aead.EncryptTcp(raw); p = aead.DecryptTcp(c.SignificantMemory); Assert.IsTrue(p.SignificantMemory.Span.SequenceEqual(raw.AsSpan())); } }
private static ExitCode RunCryptOptionsAndReturnExitCode(CryptOptions cryptOptions) { AesEncryptionResult aesEncryptionResult = null; switch (cryptOptions.InputType.ToLower()) { case "string": { switch (cryptOptions.Algorithm.ToLower()) { case "aes128cbc": aesEncryptionResult = new AE_AES_128_CBC_HMAC_SHA_256().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password); break; case "aes192cbc": aesEncryptionResult = new AE_AES_192_CBC_HMAC_SHA_384().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password); break; case "aes256cbc": aesEncryptionResult = new AE_AES_256_CBC_HMAC_SHA_512().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password); break; case "aes128gcm": aesEncryptionResult = new AEAD_AES_128_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData); break; case "aes192gcm": aesEncryptionResult = new AEAD_AES_192_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData); break; case "aes256gcm": aesEncryptionResult = new AEAD_AES_256_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData); break; default: aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Unknown algorithm \"{cryptOptions.Algorithm}\"." }; break; } } break; case "file": { switch (cryptOptions.Algorithm.ToLower()) { case "aes128cbc": { using (var progressBar = new ProgressBar()) { var aes128 = new AE_AES_128_CBC_HMAC_SHA_256(); aes128.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); }; aes128.OnEncryptionMessage += (msg) => { /*Console.WriteLine(msg);*/ progressBar.WriteLine(msg); }; aesEncryptionResult = aes128.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile); } } break; case "aes192cbc": { using (var progressBar = new ProgressBar()) { var aes192 = new AE_AES_192_CBC_HMAC_SHA_384(); aes192.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); }; aes192.OnEncryptionMessage += (msg) => { /*Console.WriteLine(msg);*/ progressBar.WriteLine(msg); }; aesEncryptionResult = aes192.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile); } } break; case "aes256cbc": { using (var progressBar = new ProgressBar()) { var aes256 = new AE_AES_256_CBC_HMAC_SHA_512(); aes256.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); }; aes256.OnEncryptionMessage += (msg) => { /*Console.WriteLine(msg);*/ progressBar.WriteLine(msg); }; aesEncryptionResult = aes256.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile); } } break; case "aes128gcm": case "aes192gcm": case "aes256gcm": aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Algorithm \"{cryptOptions.Algorithm}\" currently not available for file encryption." }; break; default: aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Unknown algorithm \"{cryptOptions.Algorithm}\"." }; break; } } break; default: aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Unknown input type \"{cryptOptions.InputType}\"." }; break; } if (aesEncryptionResult.Success) { Console.WriteLine((cryptOptions.InputType.ToLower().Equals("string") ? aesEncryptionResult.EncryptedDataBase64String : aesEncryptionResult.Message)); return(ExitCode.Sucess); } else { Console.WriteLine(aesEncryptionResult.Message); return(ExitCode.Error); } }