private Stream EncryptStream(Stream s, ICipherEngine iCipher,
byte[] pbKey, int cbIV, bool bEncrypt)
{
byte[] pbIV = (m_pbEncryptionIV ?? MemUtil.EmptyByteArray);
if(pbIV.Length != cbIV)
{
Debug.Assert(false);
throw new Exception(KLRes.FileCorrupted);
}
if(bEncrypt)
return iCipher.EncryptStream(s, pbKey, pbIV);
return iCipher.DecryptStream(s, pbKey, pbIV);
}
private Stream AttachStreamDecryptor(Stream s)
{
MemoryStream ms = new MemoryStream();
Debug.Assert(m_pbMasterSeed.Length == 32);
if (m_pbMasterSeed.Length != 32)
{
throw new FormatException(KLRes.MasterSeedLengthInvalid);
}
ms.Write(m_pbMasterSeed, 0, 32);
byte[] pKey32 = m_pwDatabase.MasterKey.GenerateKey32(m_pbTransformSeed,
m_pwDatabase.KeyEncryptionRounds).ReadData();
if ((pKey32 == null) || (pKey32.Length != 32))
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
ms.Write(pKey32, 0, 32);
#if KeePass2PCL
var sha256 = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha256);
var aesKey = sha256.HashData(ms.ToArray());
#else
SHA256Managed sha256 = new SHA256Managed();
byte[] aesKey = sha256.ComputeHash(ms.ToArray());
#endif
ms.Dispose();
Array.Clear(pKey32, 0, 32);
if ((aesKey == null) || (aesKey.Length != 32))
{
throw new SecurityException(KLRes.FinalKeyCreationFailed);
}
ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(m_pwDatabase.DataCipherUuid);
if (iEngine == null)
{
throw new SecurityException(KLRes.FileUnknownCipher);
}
return(iEngine.DecryptStream(s, aesKey, m_pbEncryptionIV));
}
public byte[] Decrypt(ProtectedBinary encodedData, ProtectedBinary password)
{
byte[] rawData = encodedData.ReadData();
byte[] rawPassword = password.ReadData();
try
{
using (var stream = new MemoryStream(rawData))
using (var decryptingStream = _cipherEngine.DecryptStream(stream, rawPassword, _encryptionIV))
using (var reader = new MemoryStream())
{
decryptingStream.CopyTo(reader);
return(reader.ToArray());
}
}
finally
{
MemUtil.ZeroByteArray(rawData);
MemUtil.ZeroByteArray(rawPassword);
}
}
/// <summary>
/// The attach stream decryptor.
/// </summary>
/// <param name="s">
/// The s.
/// </param>
/// <returns>
/// The <see cref="Stream"/>.
/// </returns>
/// <exception cref="FormatException">
/// </exception>
/// <exception cref="SecurityException">
/// </exception>
private Stream AttachStreamDecryptor(Stream s, CancellationToken token)
{
MemoryStream ms = new MemoryStream();
Debug.Assert(this.m_pbMasterSeed.Length == 32);
if (this.m_pbMasterSeed.Length != 32)
{
throw new FormatException(KLRes.MasterSeedLengthInvalid);
}
ms.Write(this.m_pbMasterSeed, 0, 32);
byte[] pKey32 = this.m_pwDatabase.MasterKey.GenerateKey32(this.m_pbTransformSeed, this.m_pwDatabase.KeyEncryptionRounds, token).ReadData();
if ((pKey32 == null) || (pKey32.Length != 32))
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
ms.Write(pKey32, 0, 32);
var sha256 = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha256);
byte[] aesKey = sha256.HashData(ms.ToArray().AsBuffer()).ToArray();
ms.Dispose();
Array.Clear(pKey32, 0, 32);
if ((aesKey == null) || (aesKey.Length != 32))
{
throw new SecurityException(KLRes.FinalKeyCreationFailed);
}
ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(this.m_pwDatabase.DataCipherUuid);
if (iEngine == null)
{
throw new SecurityException(KLRes.FileUnknownCipher);
}
return(iEngine.DecryptStream(s, aesKey, this.m_pbEncryptionIV));
}
private Stream AttachStreamDecryptor(Stream s)
{
MemoryStream ms = new MemoryStream();
Debug.Assert(m_pbMasterSeed.Length == 32);
if (m_pbMasterSeed.Length != 32)
{
throw new FormatException(KLRes.MasterSeedLengthInvalid);
}
ms.Write(m_pbMasterSeed, 0, 32);
byte[] pKey32 = m_pwDatabase.MasterKey.GenerateKey32(m_pbTransformSeed,
m_pwDatabase.KeyEncryptionRounds).ReadData();
if ((pKey32 == null) || (pKey32.Length != 32))
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
ms.Write(pKey32, 0, 32);
byte[] aesKey = Crypto.SHA256.ComputeHash(ms.ToArray());
ms.Close();
Array.Clear(pKey32, 0, 32);
if ((aesKey == null) || (aesKey.Length != 32))
{
throw new SecurityException(KLRes.FinalKeyCreationFailed);
}
ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(m_pwDatabase.DataCipherUuid);
if (iEngine == null)
{
throw new SecurityException(KLRes.FileUnknownCipher);
}
return(iEngine.DecryptStream(s, aesKey, m_pbEncryptionIV));
}
