public string Decrypt(string json, string password) { var jsonObj = JsonConvert.DeserializeObject <SjclJson>(json); var v = jsonObj.V; var adata = Convert.FromBase64String(jsonObj.AData); var iv = Convert.FromBase64String(jsonObj.IV); var salt = Convert.FromBase64String(jsonObj.Salt); var ks = jsonObj.KS; var ts = jsonObj.TS; var iter = jsonObj.Iter; var ct = Convert.FromBase64String(jsonObj.CT); // var cipher = json.Cipher; // var mode = json.Mode; var key = GenKeyBytes(password, salt, ks, iter); var nonSecretPayload = new byte[] { }; var cipher = new CcmBlockCipher(new AesFastEngine()); var parameters = new CcmParameters( new KeyParameter(key), ts, iv.Take(13).ToArray(), nonSecretPayload); cipher.Init(false, parameters); var plainText = new byte[cipher.GetOutputSize(ct.Length)]; var len = cipher.ProcessBytes(ct, 0, ct.Length, plainText, 0); cipher.DoFinal(plainText, len); return(Encoding.UTF8.GetString(plainText)); }
public static string Decrypt(string password, string data) { SJCLBlob ctdata = JsonConvert.DeserializeObject <SJCLBlob>(data); if (ctdata.Cipher != "aes" || ctdata.Mode != "ccm") { throw new InvalidOperationException("Unsupported cipher or mode."); } byte[] cipherText = DecodeBase64(ctdata.CipherText); var derivedMacParameters = DeriveKey(password, ctdata); var l = FindIVLen(cipherText.Length); byte[] iv = new byte[l]; Array.Copy((Array)DecodeBase64(ctdata.IV), (Array)iv, (int)l); var ccmparams = new CcmParameters(derivedMacParameters, ctdata.TagSize, iv, DecodeBase64(ctdata.AuthData)); var ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(false, ccmparams); var plainBytes = new byte[ccmMode.GetOutputSize(cipherText.Length)]; var res = ccmMode.ProcessBytes(cipherText, 0, cipherText.Length, plainBytes, 0); ccmMode.DoFinal(plainBytes, res); return(Encoding.UTF8.GetString(plainBytes)); }
public void Init(bool forEncryption, ICipherParameters parameters) { if (!(parameters is CcmParameters)) { throw new ArgumentException("parameters need to be CCMParameters"); } this.forEncryption = forEncryption; this.parameters = (CcmParameters)parameters; }
private static MemoryStream Encrypt(Stream source, string fileName, out string seed_encoded, out string ident) { // Randomly generate a new seed for upload byte[] seed = new byte[16]; using (RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider()) { rngCsp.GetBytes(seed); } seed_encoded = UrlBase64Encode(seed); // Derive the parameters (key, IV, ident) from the seed byte[] key, iv; DeriveParams(seed, out key, out iv, out ident); // Create a new String->String map for JSON blob, and define filename and metadata Dictionary <string, string> metadataMap = new Dictionary <string, string>(); metadataMap["mime"] = Helpers.IsTextFile(fileName) ? "text/plain" : Helpers.GetMimeType(fileName); metadataMap["name"] = fileName; // Encode the metadata with UTF-16 and a double-null-byte terminator, and append data // Unfortunately, the CCM cipher mode can't stream the encryption, and so we have to GetBytes() on the source. // We do limit the source to 50MB however byte[] data = Encoding.BigEndianUnicode.GetBytes(JsonConvert.SerializeObject(metadataMap)).Concat(new byte[] { 0, 0 }).Concat(source.GetBytes()).ToArray(); // Calculate the length of the CCM IV and copy it over long ccmIVLen = FindIVLen(data.Length); byte[] ccmIV = new byte[ccmIVLen]; Array.Copy(iv, ccmIV, ccmIVLen); // Set up the encryption parameters KeyParameter keyParam = new KeyParameter(key); CcmParameters ccmParams = new CcmParameters(keyParam, MacSize, ccmIV, new byte[0]); CcmBlockCipher ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(true, ccmParams); // Perform the encryption byte[] encBytes = new byte[ccmMode.GetOutputSize(data.Length)]; int res = ccmMode.ProcessBytes(data, 0, data.Length, encBytes, 0); ccmMode.DoFinal(encBytes, res); return(new MemoryStream(encBytes)); }
public string Encrypt(string plainText, string password) { var v = 1; var iter = 10000; var ks = 256; var ts = 64; // var mode = "ccm"; // var cipher = "aes"; var plainTextBytes = Encoding.UTF8.GetBytes(plainText); var adata = new byte[0]; var iv = new byte[16]; var salt = new byte[8]; _random.GetBytes(iv); _random.GetBytes(salt); var key = GenKeyBytes(password, salt, ks, iter); var nonSecretPayload = new byte[] { }; var cipher = new CcmBlockCipher(new AesFastEngine()); var parameters = new CcmParameters( new KeyParameter(key), ts, iv.Take(13).ToArray(), nonSecretPayload); cipher.Init(true, parameters); var cipherText = new byte[cipher.GetOutputSize(plainTextBytes.Length)]; var len = cipher.ProcessBytes(plainTextBytes, 0, plainTextBytes.Length, cipherText, 0); cipher.DoFinal(cipherText, len); return(JsonConvert.SerializeObject(new SjclJson { IV = Convert.ToBase64String(iv), V = v, Iter = iter, KS = ks, TS = ts, Mode = "ccm", Cipher = "aes", AData = Convert.ToBase64String(adata), Salt = Convert.ToBase64String(salt), CT = Convert.ToBase64String(cipherText), })); }
public static string Encrypt(string password, string data) { RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); byte[] salt = new byte[8]; rngCsp.GetBytes(salt); byte[] iv = new byte[16]; rngCsp.GetBytes(iv); SJCLBlob ctdata = new SJCLBlob() { Mode = "ccm", Cipher = "aes", AuthData = "", Iterations = 2000, KeySize = 256, TagSize = 64, Salt = Convert.ToBase64String(salt), IV = Convert.ToBase64String(iv), V = 1 }; var key = DeriveKey(password, ctdata); byte[] rawdata = Encoding.UTF8.GetBytes(data); var l = FindIVLen(rawdata.Length); byte[] civ = new byte[l]; Array.Copy((Array)iv, (Array)civ, (int)l); var ccmparams = new CcmParameters(key, ctdata.TagSize, civ, DecodeBase64(ctdata.AuthData)); var ccmMode = new CcmBlockCipher(new AesFastEngine()); ccmMode.Init(true, ccmparams); var encBytes = new byte[ccmMode.GetOutputSize(rawdata.Length)]; var res = ccmMode.ProcessBytes(rawdata, 0, rawdata.Length, encBytes, 0); ccmMode.DoFinal(encBytes, res); ctdata.CipherText = Convert.ToBase64String(encBytes); return(JsonConvert.SerializeObject(ctdata)); }
public string Encrypt(string data) { SecureRandom random = new SecureRandom(); // Generate 256-bits AES key byte[] aesKey = new byte[32]; random.NextBytes(aesKey); // Generate Initialization Vector byte[] IV = new byte[12]; random.NextBytes(IV); // Apply RSA/None/PKCS1Padding encryption to the AES key byte[] encyptedAESKey = rsaCipher.DoFinal(aesKey); // Apply AES/CCM/NoPadding encryption to the data byte[] cipherText = System.Text.Encoding.UTF8.GetBytes(data); var ccmParameters = new CcmParameters(new KeyParameter(aesKey), 64, IV, new byte[] { }); aesCipher = new CcmBlockCipher(new AesFastEngine()); aesCipher.Init(true, ccmParameters); var encrypted = new byte[aesCipher.GetOutputSize(cipherText.Length)]; var res = aesCipher.ProcessBytes(cipherText, 0, cipherText.Length, encrypted, 0); aesCipher.DoFinal(encrypted, res); // Merge 'IV' and 'encrypted' to 'result' byte[] result = new byte[IV.Length + encrypted.Length]; System.Buffer.BlockCopy(IV, 0, result, 0, IV.Length); System.Buffer.BlockCopy(encrypted, 0, result, IV.Length, encrypted.Length); // Return encrypted data return(Prefix + Version + Separator + System.Convert.ToBase64String(encyptedAESKey) + Separator + System.Convert.ToBase64String(result)); }
internal static IParameters <Algorithm> GetCipherParameters(AlgorithmIdentifier encScheme) { DerObjectIdentifier encSchemeAlg = encScheme.Algorithm; if (encSchemeAlg.On(NistObjectIdentifiers.Aes)) { if (encSchemeAlg.Equals(NistObjectIdentifiers.IdAes128Ecb) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes192Ecb) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes256Ecb)) { return(FipsAes.Ecb); } if (encSchemeAlg.Equals(NistObjectIdentifiers.IdAes128Cbc) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes192Cbc) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes256Cbc)) { byte[] iv = DerOctetString.GetInstance(encScheme.Parameters).GetOctets(); return(FipsAes.Cbc.WithIV(iv)); } if (encSchemeAlg.Equals(NistObjectIdentifiers.IdAes128Cfb) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes192Cfb) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes256Cfb)) { byte[] iv = DerOctetString.GetInstance(encScheme.Parameters).GetOctets(); return(FipsAes.Cfb128.WithIV(iv)); } if (encSchemeAlg.Equals(NistObjectIdentifiers.IdAes128Ofb) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes192Ofb) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes256Ofb)) { byte[] iv = DerOctetString.GetInstance(encScheme.Parameters).GetOctets(); return(FipsAes.Ofb.WithIV(iv)); } if (encSchemeAlg.Equals(NistObjectIdentifiers.IdAes128Ccm) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes192Ccm) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes256Ccm)) { CcmParameters authParams = CcmParameters.GetInstance(encScheme.Parameters); return(FipsAes.Ccm.WithIV(authParams.GetNonce()).WithMacSize(authParams.IcvLen * 8)); } if (encSchemeAlg.Equals(NistObjectIdentifiers.IdAes128Gcm) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes192Gcm) || encSchemeAlg.Equals(NistObjectIdentifiers.IdAes256Gcm)) { GcmParameters authParams = GcmParameters.GetInstance(encScheme.Parameters); return(FipsAes.Ccm.WithIV(authParams.GetNonce()).WithMacSize(authParams.IcvLen * 8)); } } if (encSchemeAlg.Equals(NttObjectIdentifiers.IdCamellia128Cbc) || encSchemeAlg.Equals(NttObjectIdentifiers.IdCamellia192Cbc) || encSchemeAlg.Equals(NttObjectIdentifiers.IdCamellia256Cbc)) { byte[] iv = DerOctetString.GetInstance(encScheme.Parameters).GetOctets(); return(Camellia.Cbc.WithIV(iv)); } if (encSchemeAlg.Equals(PkcsObjectIdentifiers.DesEde3Cbc)) { byte[] iv = DerOctetString.GetInstance(encScheme.Parameters).GetOctets(); return(FipsTripleDes.Cbc.WithIV(iv)); } if (encSchemeAlg.Equals(KisaObjectIdentifiers.IdSeedCbc)) { byte[] iv = DerOctetString.GetInstance(encScheme.Parameters).GetOctets(); return(Seed.Cbc.WithIV(iv)); } throw new ArgumentException("cannot match algorithm"); }