/// <summary>
/// Encrypts the message.
/// </summary>
/// <param name="message">The message.</param>
/// <param name="key">The key.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentException">
/// key
/// or
/// Message Required! - message
/// </exception>
/// PushBullet requires the encryption to be in the format of [version + tag + IV + encrypted message]
public static string EncryptMessage(string message, string key)
{
byte[] messageBytes = Encoding.UTF8.GetBytes(message);
byte[] keyBytes = Convert.FromBase64String(key);
byte[] versionBytes = Encoding.UTF8.GetBytes("1");
if (keyBytes == null || keyBytes.Length != KeyBitSize / 8)
{
throw new ArgumentException(string.Format("Key needs to be {0} bit!", KeyBitSize), "key");
}
if (message == null || message.Length == 0)
{
throw new ArgumentException("Message required!", "message");
}
//Using random nonce large enough not to repeat
var nonce = new byte[NonceBitSize / 8];
Random.NextBytes(nonce, 0, nonce.Length);
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(keyBytes), TagBitSize, nonce);
cipher.Init(true, parameters);
//Generate Cipher Text With Auth Tag
var outputSize = cipher.GetOutputSize(messageBytes.Length);
var cipherText = new byte[outputSize];
var len = cipher.ProcessBytes(messageBytes, 0, messageBytes.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
//Get the tag and remove the tag from the cipherText
var tag = cipher.GetMac();
byte[] encrypted = new byte[cipherText.Length - tag.Length];
Array.Copy(cipherText, 0, encrypted, 0, encrypted.Length);
//Assemble Message
using (var combinedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(combinedStream))
{
//Prepend the version
binaryWriter.Write(versionBytes);
//Prepend Tag
binaryWriter.Write(tag);
//Prepend Nonce
binaryWriter.Write(nonce);
//Write Encrypted Message
binaryWriter.Write(encrypted);
}
return(Convert.ToBase64String(combinedStream.ToArray()));
}
}
public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
{
byte[] output = new byte[cipher.GetOutputSize(inputCount)];
int numBytesProcessed = cipher.ProcessBytes(inputBuffer, inputOffset, inputCount, output, 0);
cipher.DoFinal(output, numBytesProcessed);
return(output);
}
static string DecryptToken(byte[] buffer)
{
byte[] EncryptedData = buffer.Skip(15).ToArray();
AeadParameters Params = new AeadParameters(new KeyParameter(DecryptKey(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\discord\Local State")), 128, buffer.Skip(3).Take(12).ToArray(), null);
GcmBlockCipher BlockCipher = new GcmBlockCipher(new AesEngine());
BlockCipher.Init(false, Params);
byte[] DecryptedBytes = new byte[BlockCipher.GetOutputSize(EncryptedData.Length)];
BlockCipher.DoFinal(DecryptedBytes, BlockCipher.ProcessBytes(EncryptedData, 0, EncryptedData.Length, DecryptedBytes, 0));
return(Encoding.UTF8.GetString(DecryptedBytes).TrimEnd("\r\n\0".ToCharArray()));
}
private void checkTestCase(
GcmBlockCipher encCipher,
GcmBlockCipher decCipher,
string testName,
byte[] P,
byte[] C,
byte[] T)
{
byte[] enc = new byte[encCipher.GetOutputSize(P.Length)];
int len = encCipher.ProcessBytes(P, 0, P.Length, enc, 0);
len += encCipher.DoFinal(enc, len);
if (enc.Length != len)
{
// Console.WriteLine("" + enc.Length + "/" + len);
Fail("encryption reported incorrect length: " + testName);
}
byte[] mac = encCipher.GetMac();
byte[] data = new byte[P.Length];
Array.Copy(enc, data, data.Length);
byte[] tail = new byte[enc.Length - P.Length];
Array.Copy(enc, P.Length, tail, 0, tail.Length);
if (!AreEqual(C, data))
{
Fail("incorrect encrypt in: " + testName);
}
if (!AreEqual(T, mac))
{
Fail("GetMac() returned wrong mac in: " + testName);
}
if (!AreEqual(T, tail))
{
Fail("stream contained wrong mac in: " + testName);
}
byte[] dec = new byte[decCipher.GetOutputSize(enc.Length)];
len = decCipher.ProcessBytes(enc, 0, enc.Length, dec, 0);
len += decCipher.DoFinal(dec, len);
mac = decCipher.GetMac();
data = new byte[C.Length];
Array.Copy(dec, data, data.Length);
if (!AreEqual(P, data))
{
Fail("incorrect decrypt in: " + testName);
}
}
public int DoFinal(byte[] output, int outOff)
{
try
{
return(cipher.DoFinal(output, outOff));
}
catch (InvalidCipherTextException ex)
{
throw new InvalidOperationException(ex.ToString());
}
}
public int DoFinal(byte[] output, int outOff)
{
try
{
return(cipher.DoFinal(output, outOff));
}
catch (InvalidCipherTextException e)
{
// Impossible in encrypt mode
throw new InvalidOperationException(e.ToString());
}
}
public int DoFinal(byte[] output, int outOff)
{
//IL_0017: Unknown result type (might be due to invalid IL or missing references)
try
{
return(cipher.DoFinal(output, outOff));
}
catch (InvalidCipherTextException ex)
{
throw new InvalidOperationException(((global::System.Exception)ex).ToString());
}
}
private byte[] Process(bool encrypt, byte[] iv, byte[] input)
{
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(keyBytes), TAG_LENTH, iv);
cipher.Init(encrypt, parameters);
var result = new byte[cipher.GetOutputSize(input.Length)];
var count = cipher.ProcessBytes(input, 0, input.Length, result, 0);
cipher.DoFinal(result, count);
return(result);
}
// AES
private String decrypt(byte[] data, byte[] key, byte[] iv)
{
var cipher = new GcmBlockCipher(new AesFastEngine());
var parameters = new ParametersWithIV(new KeyParameter(key, 0, 32), iv);
cipher.Init(false, parameters);
var pText = new byte[cipher.GetOutputSize(data.Length)];
var len2 = cipher.ProcessBytes(data, 0, data.Length, pText, 0);
cipher.DoFinal(pText, len2);
return(System.Text.Encoding.Default.GetString(pText));
}
private static byte[] DecryptAes(byte[] nonce, byte[] cek, byte[] encryptedBytes)
{
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(cek), 128, nonce);
cipher.Init(false, parameters);
var cipherText = new byte[cipher.GetOutputSize(encryptedBytes.Length)];
var len = cipher.ProcessBytes(encryptedBytes, 0, encryptedBytes.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
return(cipherText);
}
public override void Flush()
{
try
{
byte[] output = new byte[cipher.GetOutputSize(0)];
int encrypted = cipher.DoFinal(output, 0);
base.Write(output, 0, encrypted);
base.Flush();
}
catch (InvalidCipherTextException ex)
{
throw new ArgumentException(null, ex);
}
}
/// <summary>
/// Simple Decryption & Authentication (AES-GCM) of a UTF8 Message
/// </summary>
/// <param name="encryptedMessage">The encrypted message.</param>
/// <param name="key">The key.</param>
/// <param name="nonSecretPayloadLength">Length of the optional non-secret payload.</param>
/// <returns>Decrypted Message</returns>
public static string SimpleDecrypt(string encryptedMessage, byte[] key, int nonSecretPayloadLength = 0)
{
//User Error Checks
if (key == null || key.Length != KeyBitSize / 8)
{
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "key");
}
if (string.IsNullOrWhiteSpace(encryptedMessage))
{
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
}
var messageArray = Convert.FromBase64String(encryptedMessage);
using (var cipherStream = new MemoryStream(messageArray))
using (var cipherReader = new BinaryReader(cipherStream))
{
//Grab Payload
var nonSecretPayload = cipherReader.ReadBytes(nonSecretPayloadLength);
//Grab Nonce
var nonce = cipherReader.ReadBytes(NonceBitSize / 8);
var cipher = new GcmBlockCipher(new AesFastEngine());
var parameters = new AeadParameters(new KeyParameter(key), MacBitSize, nonce, nonSecretPayload);
cipher.Init(false, parameters);
//Decrypt Cipher Text
var cipherText = cipherReader.ReadBytes(messageArray.Length - nonSecretPayloadLength - nonce.Length);
var plainText = new byte[cipher.GetOutputSize(cipherText.Length)];
var len = cipher.ProcessBytes(cipherText, 0, cipherText.Length, plainText, 0);
cipher.DoFinal(plainText, len);
//Grab Authentication
var cipherTag = new byte[MacBitSize / 8];
Array.Copy(cipherText, cipherText.Length - cipherTag.Length, cipherTag, 0, cipherTag.Length);
//Check Autentication
var calcTag = cipher.GetMac();
var auth = true;
for (var i = 0; i < cipherTag.Length; i++)
{
auth = auth && cipherTag[i] == calcTag[i];
}
//Return Null if it doesn't authenticate
return(!auth ? null : Encoding.UTF8.GetString(plainText));
}
}
public byte[][] Encrypt(byte[] plainText, byte[] cek, byte[] iv, byte[] aad)
{
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(cek), KeySize, iv, aad);
cipher.Init(true, parameters);
var cipherText = new byte[cipher.GetOutputSize(plainText.Length)];
var len = cipher.ProcessBytes(plainText, 0, plainText.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
return(new[] { cipherText.SkipLast(16).ToArray(), cipher.GetMac() });
}
public static string GetEncryptedPassword(this IInstaApi api, string password, long?providedTime = null)
{
var pubKey = api.GetLoggedUser().PublicKey;
var pubKeyId = api.GetLoggedUser().PublicKeyId;
byte[] randKey = new byte[32];
byte[] iv = new byte[12];
secureRandom.NextBytes(randKey, 0, randKey.Length);
secureRandom.NextBytes(iv, 0, iv.Length);
long time = providedTime ?? DateTime.UtcNow.ToUnixTime();
byte[] associatedData = Encoding.UTF8.GetBytes(time.ToString());
var pubKEY = Encoding.UTF8.GetString(Convert.FromBase64String(pubKey));
byte[] encryptedKey;
using (var rdr = PemKeyUtils.GetRSAProviderFromPemString(pubKEY.Trim()))
encryptedKey = rdr.Encrypt(randKey, false);
byte[] plaintext = Encoding.UTF8.GetBytes(password);
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(randKey), 128, iv, associatedData);
cipher.Init(true, parameters);
var ciphertext = new byte[cipher.GetOutputSize(plaintext.Length)];
var len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, ciphertext, 0);
cipher.DoFinal(ciphertext, len);
var con = new byte[plaintext.Length];
for (int i = 0; i < plaintext.Length; i++)
{
con[i] = ciphertext[i];
}
ciphertext = con;
var tag = cipher.GetMac();
byte[] buffersSize = BitConverter.GetBytes(Convert.ToInt16(encryptedKey.Length));
byte[] encKeyIdBytes = BitConverter.GetBytes(Convert.ToUInt16(pubKeyId));
if (BitConverter.IsLittleEndian)
{
Array.Reverse(encKeyIdBytes);
}
encKeyIdBytes[0] = 1;
var payload = Convert.ToBase64String(encKeyIdBytes.Concat(iv).Concat(buffersSize).Concat(encryptedKey).Concat(tag).Concat(ciphertext).ToArray());
return($"#PWD_INSTAGRAM:4:{time}:{payload}");
}
/// <summary>
/// Simple Encryption And Authentication (AES-GCM) of a UTF8 string.
/// </summary>
/// <param name="secretMessage">The secret message.</param>
/// <param name="key">The key.</param>
/// <param name="nonSecretPayload">Optional non-secret payload.</param>
/// <returns>Encrypted Message.</returns>
/// <remarks>
/// Adds overhead of (Optional-Payload + BlockSize(16) + Message + HMac-Tag(16)) * 1.33 Base64.
/// </remarks>
public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] key, byte[] nonSecretPayload = null)
{
// User Error Checks
if (key == null || key.Length != KeyBitSize / 8)
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, "Key needs to be {0} bit!", KeyBitSize), nameof(key));
}
if (secretMessage == null || secretMessage.Length == 0)
{
throw new ArgumentException("Secret Message Required!", nameof(secretMessage));
}
// Non-secret Payload Optional
nonSecretPayload = nonSecretPayload ?? Array.Empty <byte>();
// Using random nonce large enough not to repeat
var nonce = new byte[NonceBitSize / 8];
Random.NextBytes(nonce, 0, nonce.Length);
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(key), MacBitSize, nonce, nonSecretPayload);
cipher.Init(true, parameters);
// Generate Cipher Text With Auth Tag
var cipherText = new byte[cipher.GetOutputSize(secretMessage.Length)];
var len = cipher.ProcessBytes(secretMessage, 0, secretMessage.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
// Assemble Message
using (var combinedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(combinedStream))
{
// Prepend Authenticated Payload
binaryWriter.Write(nonSecretPayload);
// Prepend Nonce
binaryWriter.Write(nonce);
// Write Cipher Text
binaryWriter.Write(cipherText);
}
return(combinedStream.ToArray());
}
}
internal static byte[] Decrypt(byte[] key, byte[] iv, byte[] ciphertext, byte[] tag)
{
var cipher = new GcmBlockCipher(new AesEngine());
cipher.Init(false, new AeadParameters(new KeyParameter(key), TAG_LENGTH_BITS, iv));
byte[] combined = ByteUtil.combine(ciphertext, tag);
byte[] cipherTextOne = new byte[cipher.GetUpdateOutputSize(combined.Length)];
cipher.ProcessBytes(combined, 0, combined.Length, cipherTextOne, 0);
byte[] cipherTextTwo = new byte[cipher.GetOutputSize(0)];
cipher.DoFinal(cipherTextTwo, 0);
return(ByteUtil.combine(cipherTextOne, cipherTextTwo));
}
public static byte[] aesGcmReverse(byte[] encrypted, byte[] authData, CosemParameters parameters, CosemConnection connection)
{
try
{
byte[] iv = getIv(connection.serverSysTitle, connection.serverInvocationCounter);
lock (cipherLocker)
{
using (var cipherStream = new MemoryStream(encrypted))
using (var cipherReader = new BinaryReader(cipherStream))
{
var cipher = new GcmBlockCipher(new AesEngine());
cipher.Init(false, new AeadParameters(new KeyParameter(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }), MacBitSize, iv));
var cipherText = cipherReader.ReadBytes(encrypted.Length);
var plainText = new byte[cipher.GetOutputSize(cipherText.Length)];
var len = cipher.ProcessBytes(cipherText, 0, cipherText.Length, plainText, 0);
cipher.ProcessAadBytes(authData, 0, authData.Length);
cipher.DoFinal(plainText, len);
return(plainText);
}
}
}
catch (InvalidKeyException e)
{
Console.WriteLine(e.ToString());
Console.Write(e.StackTrace);
}
//catch (InvalidAlgorithmParameterException e)
catch (InvalidParameterException e)
{
Console.WriteLine(e.ToString());
Console.Write(e.StackTrace);
}
//catch (IllegalBlockSizeException e)
catch (CryptographicException e)
{
Console.WriteLine(e.ToString());
Console.Write(e.StackTrace);
}
//catch (AEADBadTagException)
//{
// throw new DlmsException(DlmsException.DlmsExceptionReason.SECURITY_FAIL);
//}
//catch (BadPaddingException e)
//{
// Console.WriteLine(e.ToString());
// Console.Write(e.StackTrace);
//}
throw new DlmsException(DlmsException.DlmsExceptionReason.INTERNAL_ERROR);
}
/// <summary>
/// Simple Encryption And Authentication (AES-GCM) of a UTF8 string.
/// </summary>
/// <param name="secretMessage">The secret message.</param>
/// <param name="key">The key.</param>
/// <param name="nonSecretPayload">Optional non-secret payload.</param>
/// <returns>Encrypted Message</returns>
/// <remarks>
/// Adds overhead of (Optional-Payload + BlockSize(16) + Message + HMac-Tag(16)) * 1.33 Base64
/// </remarks>
public static string SimpleEncrypt(string secretMessage, byte[] key, byte[] nonSecretPayload = null)
{
//User Error Checks
if (key == null || key.Length != KeyBitSize / 8)
{
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "key");
}
if (string.IsNullOrEmpty(secretMessage))
{
throw new ArgumentException("Secret Message Required!", "secretMessage");
}
//Non-secret Payload Optional
nonSecretPayload = nonSecretPayload ?? new byte[] { };
var plainText = Encoding.UTF8.GetBytes(secretMessage);
//Using random nonce large enough not to repeat
var nonce = new byte[NonceBitSize / 8];
Random.NextBytes(nonce, 0, nonce.Length);
var cipher = new GcmBlockCipher(new AesFastEngine());
var parameters = new AeadParameters(new KeyParameter(key), MacBitSize, nonce, nonSecretPayload);
cipher.Init(true, parameters);
//Generate Cipher Text With Auth Tag
var cipherText = new byte[cipher.GetOutputSize(plainText.Length)];
var len = cipher.ProcessBytes(plainText, 0, plainText.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
//Assemble Message
using (var combinedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(combinedStream))
{
//Prepend Authenticated Payload
binaryWriter.Write(nonSecretPayload);
//Prepend Nonce
binaryWriter.Write(nonce);
//Write Cipher Text
binaryWriter.Write(cipherText);
}
return(Convert.ToBase64String(combinedStream.ToArray()));
}
}
/// <exclude/>
public static byte[] EncryptAesV2(byte[] data, byte[] key, byte[] nonce)
{
var parameters = new AeadParameters(new KeyParameter(key), 16 * 8, nonce);
var cipher = new GcmBlockCipher(new AesEngine());
cipher.Init(true, parameters);
var cipherText = new byte[cipher.GetOutputSize(data.Length)];
var len = cipher.ProcessBytes(data, 0, data.Length, cipherText, 0);
len += cipher.DoFinal(cipherText, len);
return(nonce.Concat(cipherText.Take(len)).ToArray());
}
public byte[] Encrypt(byte[] secret, byte[] key, byte[] iv, byte[] salt)
{
var cipherParameters = new AeadParameters(new KeyParameter(key), 128, iv, salt);
var cipher = new GcmBlockCipher(new AesEngine());
cipher.Init(true, cipherParameters);
var cipherText = new byte[cipher.GetOutputSize(secret.Length)];
var len = cipher.ProcessBytes(secret, 0, secret.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
return(cipherText);
}
private byte[] AesGcmDecrypt(byte[] ciphertext, byte[] decryptionKey, byte[] nonce)
{
GcmBlockCipher cipher = new GcmBlockCipher(new AesEngine());
AeadParameters parameters = new AeadParameters(new KeyParameter(decryptionKey), 128, nonce);
cipher.Init(false, parameters);
byte[] decryptedBytes = new byte[cipher.GetOutputSize(ciphertext.Length)];
int length = cipher.ProcessBytes(ciphertext, 0, ciphertext.Length, decryptedBytes, 0);
cipher.DoFinal(decryptedBytes, length);
return(decryptedBytes);
}
protected static string decrypt_data(byte[] EncryptedData, byte[] key, byte[] iv)
{
try
{
GcmBlockCipher gcmBlockCipher = new GcmBlockCipher(new AesEngine());
gcmBlockCipher.Init(forEncryption: false, new AeadParameters(new KeyParameter(key), 128, iv, null));
byte[] array = new byte[gcmBlockCipher.GetOutputSize(EncryptedData.Length)];
gcmBlockCipher.DoFinal(array, gcmBlockCipher.ProcessBytes(EncryptedData, 0, EncryptedData.Length, array, 0));
return(Encoding.Default.GetString(array));
}
catch
{
return(null);
}
}
public byte[] Decrypt(byte[] ciphertext, int nonSecretLength = 0)
{
if (ciphertext == null || ciphertext.Length == 0)
{
throw new ArgumentException(
"Encrypted Message Required!",
nameof(ciphertext));
}
using (var cipherStream = new MemoryStream(ciphertext))
using (var cipherReader = new BinaryReader(cipherStream))
{
byte[] nonSecretPayload = cipherReader.ReadBytes(
nonSecretLength
);
byte[] nonce = cipherReader.ReadBytes(NonceBitSize / 8);
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(
new KeyParameter(_key),
MacBitSize,
nonce,
nonSecretPayload);
cipher.Init(false, parameters);
byte[] cipherText = cipherReader.ReadBytes(
ciphertext.Length - nonSecretLength - nonce.Length
);
var plainText =
new byte[cipher.GetOutputSize(cipherText.Length)];
try
{
int len = cipher.ProcessBytes(
cipherText, 0, cipherText.Length, plainText, 0
);
cipher.DoFinal(plainText, len);
return(plainText);
}
catch (InvalidCipherTextException)
{
throw new InvalidCiphertextException(
"The ciphertext is invalid. " +
"Ciphertext may not have been encrypted with " +
"the corresponding public key");
}
}
}
private static byte[] EncryptAes(byte[] nonce, byte[] cek, byte[] message)
{
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(cek), 128, nonce);
cipher.Init(true, parameters);
//Generate Cipher Text With Auth Tag
var cipherText = new byte[cipher.GetOutputSize(message.Length)];
var len = cipher.ProcessBytes(message, 0, message.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
//byte[] tag = cipher.GetMac();
return(cipherText);
}
private byte[] DecryptRecord(byte[] key, byte[] nonce, uint counter, byte[] buffer, bool last)
{
nonce = GenerateNonce(nonce, counter);
GcmBlockCipher blockCipher = new GcmBlockCipher(new AesEngine());
blockCipher.Init(false, new AeadParameters(new KeyParameter(key), 128, nonce));
byte[] decryptedMessage = new byte[blockCipher.GetOutputSize(buffer.Length)];
int decryptedMessageLength = blockCipher.ProcessBytes(buffer, 0, buffer.Length, decryptedMessage, 0);
decryptedMessageLength += blockCipher.DoFinal(decryptedMessage, decryptedMessageLength);
return(RemovePad(decryptedMessage));
}
internal byte[] Finalize()
{
var finalBytes = new byte[32]; // large enough for MAC result
var retLen = _gcmBlockCipher.DoFinal(finalBytes, 0);
if (retLen < finalBytes.Length)
{
var shortenedFinalBytes = new byte[retLen];
Array.Copy(finalBytes, shortenedFinalBytes, shortenedFinalBytes.Length);
return(shortenedFinalBytes);
}
else
{
return(finalBytes);
}
}
public static byte[] EncryptAesGcm(byte[] key, byte[] nonce, byte[] plaintext)
{
if (key == null || key.Length != KEY_BIT_SIZE / 8)
{
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KEY_BIT_SIZE), "key");
}
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(key), MAC_BIT_SIZE, nonce);
cipher.Init(true, parameters);
var cipherText = new byte[cipher.GetOutputSize(plaintext.Length)];
var len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, cipherText, 0);
cipher.DoFinal(cipherText, len);
return(cipherText);
}
/// <summary>
/// Decrypts with AES GCM.
/// </summary>
/// <param name="data">encrypted data</param>
/// <param name="key">AES encryption key.</param>
/// <param name="nonceLength">Nonce length. Optional. Default: 12 bytes.</param>
/// <returns>Plain data.</returns>
/// <exception cref="Exception">Cannot be decrypted.</exception>
public static byte[] DecryptAesV2(byte[] data, byte[] key, int nonceLength = AesGcmNonceLength)
{
var nonce = data.Take(nonceLength).ToArray();
var parameters = new AeadParameters(new KeyParameter(key), 16 * 8, nonce);
var cipher = new GcmBlockCipher(new AesEngine());
cipher.Init(false, parameters);
var decryptedData = new byte[cipher.GetOutputSize(data.Length - nonceLength)];
var len = cipher.ProcessBytes(data, nonceLength, data.Length - nonceLength, decryptedData, 0);
len += cipher.DoFinal(decryptedData, len);
return(decryptedData.Take(len).ToArray());
}
public static byte[] DeriveAccessKeyFrom(byte[] profileKey)
{
byte[] nonce = new byte[12];
byte[] input = new byte[16];
var cipher = new GcmBlockCipher(new AesEngine());
cipher.Init(false, new AeadParameters(new KeyParameter(profileKey), 128, nonce));
byte[] ciphertext = new byte[cipher.GetUpdateOutputSize(input.Length)];
cipher.ProcessBytes(input, 0, input.Length, ciphertext, 0);
byte[] tag = new byte[cipher.GetOutputSize(0)];
cipher.DoFinal(tag, 0);
byte[] combined = ByteUtil.combine(ciphertext, tag);
return(ByteUtil.trim(combined, 16));
}
private static byte[] DecryptAesGcmWithBouncyCastle(byte[] ciphertext, byte[] nonce, byte[] tag, byte[] key)
{
var plaintextBytes = new byte[ciphertext.Length];
var cipher = new GcmBlockCipher(new AesEngine());
var parameters = new AeadParameters(new KeyParameter(key), tag.Length * 8, nonce);
cipher.Init(false, parameters);
var bcCiphertext = ciphertext.Concat(tag).ToArray();
var offset = cipher.ProcessBytes(bcCiphertext, 0, bcCiphertext.Length, plaintextBytes, 0);
cipher.DoFinal(plaintextBytes, offset);
return(plaintextBytes);
}