public byte[] UnwrapMasterKey(AesKey keyEncryptingKey, byte fileVersionMajor)
{
byte[] wrappedKeyData = GetKeyData();
KeyWrapSalt salt = Salt;
if (fileVersionMajor <= 1)
{
// Due to a bug in 1.1 and earlier we only used a truncated part of the key and salt :-(
// Compensate for this here. Users should be warned if FileVersionMajor <= 1 .
byte[] badKey = new byte[keyEncryptingKey.Length];
Array.Copy(keyEncryptingKey.GetBytes(), 0, badKey, 0, 4);
keyEncryptingKey = new AesKey(badKey);
byte[] badSalt = new byte[salt.Length];
Array.Copy(salt.GetBytes(), 0, badSalt, 0, 4);
salt = new KeyWrapSalt(badSalt);
}
byte[] unwrappedKeyData;
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, Iterations, KeyWrapMode.AxCrypt))
{
unwrappedKeyData = keyWrap.Unwrap(wrappedKeyData);
}
return(unwrappedKeyData);
}
public void TestKeyWrapConstructorWithBadArgument()
{
KeyWrap keyWrap = new KeyWrap(6, KeyWrapMode.Specification);
Assert.Throws <InternalErrorException>(() => { keyWrap.Unwrap(new V1AesCrypto(new V1Aes128CryptoFactory(), _keyEncryptingKey, SymmetricIV.Zero128), _keyData.GetBytes()); }, "Calling with too short wrapped data.");
Assert.Throws <InternalErrorException>(() =>
{
keyWrap = new KeyWrap(5, KeyWrapMode.AxCrypt);
}, "Calling with too few iterations.");
Assert.Throws <InternalErrorException>(() =>
{
keyWrap = new KeyWrap(0, KeyWrapMode.AxCrypt);
}, "Calling with zero (too few) iterations.");
Assert.Throws <InternalErrorException>(() =>
{
keyWrap = new KeyWrap(-100, KeyWrapMode.AxCrypt);
}, "Calling with negative number of iterations.");
Assert.Throws <InternalErrorException>(() =>
{
keyWrap = new KeyWrap(6, (KeyWrapMode)9999);
}, "Calling with bogus KeyWrapMode.");
Assert.Throws <ArgumentNullException>(() =>
{
keyWrap = new KeyWrap(null, 6, KeyWrapMode.Specification);
}, "Calling with null salt argument.");
}
public byte[] UnwrapMasterKey(SymmetricKey keyEncryptingKey, byte fileVersionMajor)
{
if (keyEncryptingKey == null)
{
throw new ArgumentNullException("keyEncryptingKey");
}
byte[] wrappedKeyData = GetKeyData();
Salt salt = Salt;
SymmetricKey masterKeyEncryptingKey = keyEncryptingKey;
if (fileVersionMajor <= 1)
{
// Due to a bug in 1.1 and earlier we only used a truncated part of the key and salt :-(
// Compensate for this here. Users should be warned if FileVersionMajor <= 1 .
byte[] badKey = new byte[masterKeyEncryptingKey.Size / 8];
Array.Copy(keyEncryptingKey.GetBytes(), 0, badKey, 0, 4);
masterKeyEncryptingKey = new SymmetricKey(badKey);
byte[] badSalt = new byte[salt.Length];
Array.Copy(salt.GetBytes(), 0, badSalt, 0, 4);
salt = new Salt(badSalt);
}
KeyWrap keyWrap = new KeyWrap(salt, KeyWrapIterations, KeyWrapMode.AxCrypt);
byte[] unwrappedKeyData = keyWrap.Unwrap(Resolve.CryptoFactory.Legacy.CreateCrypto(masterKeyEncryptingKey, null, 0), wrappedKeyData);
return(unwrappedKeyData);
}
public void TestWrapWithBadArgument()
{
KeyWrap keyWrap = new KeyWrap(100, KeyWrapMode.Specification);
{
byte[] nullKeyMaterial = null;
Assert.Throws <ArgumentNullException>(() => keyWrap.Wrap(new V2AesCrypto(SymmetricKey.Zero256, SymmetricIV.Zero128, 0), nullKeyMaterial));
}
}
public void TestUnwrap()
{
byte[] unwrapped;
KeyWrap keyWrap = new KeyWrap(6, KeyWrapMode.Specification);
unwrapped = keyWrap.Unwrap(new V1AesCrypto(new V1Aes128CryptoFactory(), _keyEncryptingKey, SymmetricIV.Zero128), _wrapped);
Assert.That(unwrapped, Is.EquivalentTo(_keyData.GetBytes()), "Unwrapped the wrong data");
}
public void TestKeyWrapConstructorWithBadArgument()
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 6, KeyWrapMode.Specification))
{
Assert.Throws <InternalErrorException>(() => { keyWrap.Unwrap(_keyData.GetBytes()); }, "Calling with too short wrapped data.");
}
Assert.Throws <InternalErrorException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, new KeyWrapSalt(32), 6, KeyWrapMode.AxCrypt))
{
}
}, "Calling with too long salt.");
Assert.Throws <InternalErrorException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 5, KeyWrapMode.AxCrypt))
{
}
}, "Calling with too few iterations.");
Assert.Throws <InternalErrorException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 0, KeyWrapMode.AxCrypt))
{
}
}, "Calling with zero (too few) iterations.");
Assert.Throws <InternalErrorException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, -100, KeyWrapMode.AxCrypt))
{
}
}, "Calling with negative number of iterations.");
Assert.Throws <InternalErrorException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 6, (KeyWrapMode)9999))
{
}
}, "Calling with bogus KeyWrapMode.");
Assert.Throws <ArgumentNullException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(null, new KeyWrapSalt(16), 6, KeyWrapMode.AxCrypt))
{
}
}, "Calling with null key argument.");
Assert.Throws <ArgumentNullException>(() =>
{
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, null, 6, KeyWrapMode.Specification))
{
}
}, "Calling with null salt argument.");
}
public void RewrapMasterKey(AesKey masterKey, AesKey keyEncryptingKey)
{
KeyWrapSalt salt = new KeyWrapSalt(keyEncryptingKey.Length);
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, Iterations, KeyWrapMode.AxCrypt))
{
byte[] wrappedKeyData = keyWrap.Wrap(masterKey);
Set(wrappedKeyData, salt, Iterations);
}
}
public void TestUnwrap()
{
byte[] unwrapped;
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 6, KeyWrapMode.Specification))
{
unwrapped = keyWrap.Unwrap(_wrapped);
}
Assert.That(unwrapped, Is.EquivalentTo(_keyData.GetBytes()), "Unwrapped the wrong data");
}
private void Initialize(AesKey keyEncryptingKey)
{
AesKey masterKey = new AesKey();
long iterations = OS.Current.KeyWrapIterations;
KeyWrapSalt salt = new KeyWrapSalt(keyEncryptingKey.Length);
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt))
{
byte[] wrappedKeyData = keyWrap.Wrap(masterKey);
Set(wrappedKeyData, salt, iterations);
}
}
private void Initialize(long keyWrapIterations)
{
DerivationSalt = _keyEncryptingKey.DerivationSalt;
DerivationIterations = _keyEncryptingKey.DerivationIterations;
Salt salt = new Salt(_keyEncryptingKey.DerivedKey.Size);
KeyWrap keyWrap = new KeyWrap(salt, keyWrapIterations, KeyWrapMode.Specification);
ICrypto crypto = _cryptoFactory.CreateCrypto(_keyEncryptingKey.DerivedKey, null, 0);
_unwrappedKeyData = Resolve.RandomGenerator.Generate(_keyEncryptingKey.DerivedKey.Size / 8 + crypto.BlockLength);
byte[] wrappedKeyData = keyWrap.Wrap(crypto, _unwrappedKeyData);
Set(wrappedKeyData, salt, keyWrapIterations);
}
public void RewrapMasterKey(SymmetricKey masterKey, SymmetricKey keyEncryptingKey, long keyWrapIterations)
{
if (masterKey == null)
{
throw new ArgumentNullException("masterKey");
}
Salt salt = new Salt(masterKey.Size);
KeyWrap keyWrap = new KeyWrap(salt, keyWrapIterations, KeyWrapMode.AxCrypt);
byte[] wrappedKeyData = keyWrap.Wrap(Resolve.CryptoFactory.Legacy.CreateCrypto(keyEncryptingKey, null, 0), masterKey);
Set(wrappedKeyData, salt, keyWrapIterations);
}
public void TestWrap()
{
byte[] wrapped;
KeyWrap keyWrap = new KeyWrap(6, KeyWrapMode.Specification);
wrapped = keyWrap.Wrap(new V1AesCrypto(new V1Aes128CryptoFactory(), _keyEncryptingKey, SymmetricIV.Zero128), _keyData);
Assert.That(wrapped, Is.EquivalentTo(_wrapped), "The wrapped data is not correct according to specification.");
keyWrap = new KeyWrap(6, KeyWrapMode.Specification);
Assert.Throws <ArgumentNullException>(() =>
{
wrapped = keyWrap.Wrap(new V1AesCrypto(new V1Aes128CryptoFactory(), _keyEncryptingKey, SymmetricIV.Zero128), (SymmetricKey)null);
});
}
public void TestWrapAndUnwrapAxCryptMode()
{
SymmetricKey keyToWrap = new SymmetricKey(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 });
Salt salt = new Salt(new byte[] { 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 });
long keyWrapIterations = 12345;
byte[] wrapped;
KeyWrap keyWrap = new KeyWrap(salt, keyWrapIterations, KeyWrapMode.AxCrypt);
wrapped = keyWrap.Wrap(new V1AesCrypto(new V1Aes128CryptoFactory(), _keyEncryptingKey, SymmetricIV.Zero128), keyToWrap);
byte[] unwrapped;
keyWrap = new KeyWrap(salt, keyWrapIterations, KeyWrapMode.AxCrypt);
unwrapped = keyWrap.Unwrap(new V1AesCrypto(new V1Aes128CryptoFactory(), _keyEncryptingKey, SymmetricIV.Zero128), wrapped);
Assert.That(unwrapped, Is.EquivalentTo(keyToWrap.GetBytes()), "The unwrapped data should be equal to original.");
}
private byte[] UnwrapMasterKeyData()
{
if (_keyEncryptingKey == null)
{
return(new byte[0]);
}
byte[] saltBytes = new byte[_keyEncryptingKey.DerivedKey.Size / 8];
Array.Copy(GetDataBlockBytesReference(), WRAP_SALT_OFFSET, saltBytes, 0, saltBytes.Length);
Salt salt = new Salt(saltBytes);
KeyWrap keyWrap = new KeyWrap(salt, KeyWrapIterations, KeyWrapMode.Specification);
ICrypto crypto = _cryptoFactory.CreateCrypto(_keyEncryptingKey.DerivedKey, null, 0);
byte[] wrappedKeyData = GetKeyData(crypto.BlockLength, _keyEncryptingKey.DerivedKey.Size / 8);
return(keyWrap.Unwrap(crypto, wrappedKeyData));
}
public void TestUnwrapFromSimpleFile()
{
using (Stream testStream = FakeRuntimeFileInfo.ExpandableMemoryStream(Resources.helloworld_key_a_txt))
{
KeyWrap1HeaderBlock keyWrapHeaderBlock = null;
using (AxCryptReader axCryptReader = AxCryptReader.Create(testStream))
{
int headers = 0;
while (axCryptReader.Read())
{
switch (axCryptReader.CurrentItemType)
{
case AxCryptItemType.None:
break;
case AxCryptItemType.MagicGuid:
break;
case AxCryptItemType.HeaderBlock:
if (axCryptReader.CurrentHeaderBlock.HeaderBlockType == HeaderBlockType.KeyWrap1)
{
keyWrapHeaderBlock = (KeyWrap1HeaderBlock)axCryptReader.CurrentHeaderBlock;
++headers;
}
break;
case AxCryptItemType.Data:
break;
case AxCryptItemType.EndOfStream:
break;
default:
break;
}
}
Assert.That(headers, Is.EqualTo(1), "We're expecting exactly one KeyWrap1 block to be found!");
byte[] wrapped = keyWrapHeaderBlock.GetKeyData();
using (KeyWrap keyWrap = new KeyWrap(new Passphrase("a").DerivedPassphrase, keyWrapHeaderBlock.Salt, keyWrapHeaderBlock.Iterations, KeyWrapMode.AxCrypt))
{
byte[] unwrapped = keyWrap.Unwrap(wrapped);
Assert.That(unwrapped.Length, Is.Not.EqualTo(0), "An unwrapped key is invalid if it is returned as a zero-length array.");
}
}
}
}
public void TestWrap()
{
byte[] wrapped;
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 6, KeyWrapMode.Specification))
{
wrapped = keyWrap.Wrap(_keyData);
}
Assert.That(wrapped, Is.EquivalentTo(_wrapped), "The wrapped data is not correct according to specification.");
using (KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 6, KeyWrapMode.Specification))
{
Assert.Throws <ArgumentNullException>(() =>
{
wrapped = keyWrap.Wrap(null);
});
}
}
public void TestUnwrapFromSimpleFile()
{
using (Stream testStream = FakeDataStore.ExpandableMemoryStream(Resources.helloworld_key_a_txt))
{
V1KeyWrap1HeaderBlock keyWrapHeaderBlock = null;
using (V1AxCryptReader axCryptReader = new V1AxCryptReader(new LookAheadStream(testStream)))
{
int headers = 0;
while (axCryptReader.Read())
{
switch (axCryptReader.CurrentItemType)
{
case AxCryptItemType.None:
break;
case AxCryptItemType.MagicGuid:
break;
case AxCryptItemType.HeaderBlock:
if (axCryptReader.CurrentHeaderBlock.HeaderBlockType == HeaderBlockType.KeyWrap1)
{
keyWrapHeaderBlock = (V1KeyWrap1HeaderBlock)axCryptReader.CurrentHeaderBlock;
++headers;
}
break;
case AxCryptItemType.Data:
break;
case AxCryptItemType.EndOfStream:
break;
default:
break;
}
}
Assert.That(headers, Is.EqualTo(1), "We're expecting exactly one KeyWrap1 block to be found!");
byte[] wrapped = keyWrapHeaderBlock.GetKeyData();
KeyWrap keyWrap = new KeyWrap(keyWrapHeaderBlock.Salt, keyWrapHeaderBlock.KeyWrapIterations, KeyWrapMode.AxCrypt);
byte[] unwrapped = keyWrap.Unwrap(new V1AesCrypto(new V1Aes128CryptoFactory(), new V1DerivedKey(new Passphrase("a")).DerivedKey, SymmetricIV.Zero128), wrapped);
Assert.That(unwrapped.Length, Is.Not.EqualTo(0), "An unwrapped key is invalid if it is returned as a zero-length array.");
}
}
}
public static void TestDispose()
{
KeyWrap keyWrap = new KeyWrap(_keyEncryptingKey, 6, KeyWrapMode.Specification);
keyWrap.Dispose();
Assert.Throws <ObjectDisposedException>(() =>
{
keyWrap.Wrap(new AesKey());
});
Assert.Throws <ObjectDisposedException>(() =>
{
keyWrap.Unwrap(new byte[16 + 8]);
});
Assert.DoesNotThrow(() =>
{
keyWrap.Dispose();
});
}
public void TestWrapAndUnwrapAxCryptMode()
{
AesKey keyToWrap = new AesKey(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 });
AesKey keyEncryptingKey = new AesKey(new byte[] { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
KeyWrapSalt salt = new KeyWrapSalt(new byte[] { 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 });
long iterations = 12345;
byte[] wrapped;
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt))
{
wrapped = keyWrap.Wrap(keyToWrap);
}
byte[] unwrapped;
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt))
{
unwrapped = keyWrap.Unwrap(wrapped);
}
Assert.That(unwrapped, Is.EquivalentTo(keyToWrap.GetBytes()), "The unwrapped data should be equal to original.");
}
public void TestUnwrapWithBadArgument()
{
KeyWrap keyWrap = new KeyWrap(100, KeyWrapMode.Specification);
Assert.Throws <InternalErrorException>(() => keyWrap.Unwrap(new V2AesCrypto(SymmetricKey.Zero256, SymmetricIV.Zero128, 0), new byte[25]));
}
