public void TestDecryptStream() { // Test vector (official ECB test vector #356) var pbIV = new byte[16]; var pbTestKey = new byte[32]; var pbTestData = new byte[16]; var pbReferenceCT = new byte[16] { 0x75, 0xD1, 0x1B, 0x0E, 0x3A, 0x68, 0xC4, 0x22, 0x3D, 0x88, 0xDB, 0xF0, 0x17, 0x97, 0x7D, 0xD7 }; pbTestData[0] = 0x04; // Possible Mono Bug? This only works with size >= 48 var inStream = new MemoryStream(new byte[48]); inStream.Write(pbReferenceCT, 0, pbReferenceCT.Length); inStream.Position = 0; var aes = new StandardAesEngine(); var outStream = aes.DecryptStream(inStream, pbTestKey, pbIV); var outBytes = new BinaryReader(outStream).ReadBytes(16); Assert.That(outBytes, Is.EqualTo(pbTestData)); }
public void TestEncryptStream() { /*var a = CryptoUtil.CreateAes(); * if (a.BlockSize != 128) // AES block size * { * //Debug.Assert(false); * a.BlockSize = 128; * } * * a.IV = _pbIv; * a.KeySize = 256; * a.Key = _pbTestKey; * a.Mode = CipherMode.ECB; * var iCrypt = a.CreateEncryptor(); * * iCrypt.TransformBlock(_pbTestData, 0, 16, _pbTestData, 0); * * Assert.That(MemUtil.ArraysEqual(_pbTestData, _pbReferenceCt), Is.True);*/ using var outStream = new MemoryStream(); var aes = new StandardAesEngine(); using var inStream = aes.EncryptStream(outStream, _pbTestKey, _pbIv); new BinaryWriter(inStream, Encoding.UTF8).Write(_pbTestData); //Assert.That(outStream.Position, Is.EqualTo(16)); //outStream.Position = 0; var outBytes = new BinaryReaderEx(outStream, Encoding.UTF8, string.Empty).ReadBytes(16); Assert.That(MemUtil.ArraysEqual(outBytes, _pbReferenceCt), Is.True); }
public void TestEncryptStream() { // Test vector (official ECB test vector #356) var pbIV = new byte[16]; var pbTestKey = new byte[32]; var pbTestData = new byte[16]; var pbReferenceCT = new byte[16] { 0x75, 0xD1, 0x1B, 0x0E, 0x3A, 0x68, 0xC4, 0x22, 0x3D, 0x88, 0xDB, 0xF0, 0x17, 0x97, 0x7D, 0xD7 }; pbTestData[0] = 0x04; var outStream = new MemoryStream(new byte[16]); var aes = new StandardAesEngine(); var inStream = aes.EncryptStream(outStream, pbTestKey, pbIV); new BinaryWriter(inStream).Write(pbTestData); Assert.That(outStream.Position, Is.EqualTo(16)); outStream.Position = 0; var outBytes = new BinaryReader(outStream).ReadBytes(16); Assert.That(outBytes, Is.EqualTo(pbReferenceCT)); }
private static ProtectedBinary DecryptSecret(byte[] encryptedSecret, ProtectedBinary key, byte[] iv) { using (var ms = new MemoryStream(encryptedSecret)) using (var decryptionStream = new StandardAesEngine().DecryptStream(ms, key.ReadData(), iv)) { return(new ProtectedBinary(true, ReadToEnd(decryptionStream))); } }
private static byte[] EncryptSecret(ProtectedBinary secret, ProtectedBinary key, out byte[] iv) { iv = CryptoRandom.Instance.GetRandomBytes(16); // AES 256 uses 128bits blocks using var ms = new MemoryStream(); using (var encryptionStream = new StandardAesEngine().EncryptStream(ms, key.ReadData(), iv)) { MemUtil.Write(encryptionStream, secret.ReadData()); } return(ms.ToArray()); }
public void TestDecryptStream() { // Possible Mono Bug? This only works with size >= 48 using var inStream = new MemoryStream(new byte[32]); inStream.Write(_pbReferenceCt, 0, _pbReferenceCt.Length); inStream.Position = 0; var aes = new StandardAesEngine(); using var outStream = aes.DecryptStream(inStream, _pbTestKey, _pbIv); var outBytes = new BinaryReaderEx(outStream, Encoding.UTF8, string.Empty).ReadBytes(16); Assert.That(MemUtil.ArraysEqual(outBytes, _pbTestData), Is.True); }
private bool DecryptSecret(byte[] yubiResp, ChallengeInfo inf, out byte[] secret) { secret = new byte[keyLenBytes]; if (inf.IV == null) { return(false); } if (inf.Verification == null) { return(false); } //use the response to decrypt the secret SHA256 sha = SHA256Managed.Create(); byte[] key = sha.ComputeHash(yubiResp); // get a 256 bit key from the 160 bit hmac response StandardAesEngine aes = new StandardAesEngine(); using (MemoryStream msDecrypt = new MemoryStream(inf.EncryptedSecret)) { using (CryptoStream csDecrypt = (CryptoStream)aes.DecryptStream(msDecrypt, key, inf.IV)) { csDecrypt.Read(secret, 0, secret.Length); csDecrypt.Close(); } msDecrypt.Close(); } byte[] secretHash = sha.ComputeHash(secret); for (int i = 0; i < secretHash.Length; i++) { if (secretHash[i] != inf.Verification[i]) { //wrong response Array.Clear(secret, 0, secret.Length); return(false); } } //return the secret sha.Clear(); return(true); }
/// <summary> /// A method for generating encrypted ChallengeInfo to be saved. For security, this method should /// be called every time you get a successful challenge-response pair from the Yubikey. Failure to /// do so will permit password re-use attacks. /// </summary> /// <param name="secret">The un-encrypted secret</param> /// <returns>A fully populated ChallengeInfo object ready to be saved</returns> public ChallengeInfo Encrypt(byte[] secret) { //generate a random challenge for use next time byte[] challenge = GenerateChallenge(); //generate the expected HMAC-SHA1 response for the challenge based on the secret byte[] resp = GenerateResponse(challenge, secret); //use the response to encrypt the secret SHA256 sha = SHA256Managed.Create(); byte[] key = sha.ComputeHash(resp); // get a 256 bit key from the 160 bit hmac response byte[] secretHash = sha.ComputeHash(secret); StandardAesEngine aes = new StandardAesEngine(); const uint aesIVLenBytes = 16; byte[] IV = CryptoRandom.Instance.GetRandomBytes(aesIVLenBytes); byte[] encrypted; using (MemoryStream msEncrypt = new MemoryStream()) { using (CryptoStream csEncrypt = (CryptoStream)aes.EncryptStream(msEncrypt, key, IV)) { csEncrypt.Write(secret, 0, secret.Length); csEncrypt.Close(); } encrypted = msEncrypt.ToArray(); msEncrypt.Close(); } ChallengeInfo inf = new ChallengeInfo(encrypted, IV, challenge, secretHash, LT64); sha.Clear(); return(inf); }