private SymmetricAlgorithm GetSymmetricAlgorithm (string algorithmOid, byte[] salt, int iterationCount)
{
string algorithm = null;
int keyLength = 8; // 64 bits (default)
int ivLength = 8; // 64 bits (default)
PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes ();
pd.Password = _password;
pd.Salt = salt;
pd.IterationCount = iterationCount;
switch (algorithmOid) {
case PKCS5.pbeWithMD2AndDESCBC: // no unit test available
pd.HashName = "MD2";
algorithm = "DES";
break;
case PKCS5.pbeWithMD5AndDESCBC: // no unit test available
pd.HashName = "MD5";
algorithm = "DES";
break;
case PKCS5.pbeWithMD2AndRC2CBC: // no unit test available
// TODO - RC2-CBC-Parameter (PKCS5)
// if missing default to 32 bits !!!
pd.HashName = "MD2";
algorithm = "RC2";
keyLength = 4; // default
break;
case PKCS5.pbeWithMD5AndRC2CBC: // no unit test available
// TODO - RC2-CBC-Parameter (PKCS5)
// if missing default to 32 bits !!!
pd.HashName = "MD5";
algorithm = "RC2";
keyLength = 4; // default
break;
case PKCS5.pbeWithSHA1AndDESCBC: // no unit test available
pd.HashName = "SHA1";
algorithm = "DES";
break;
case PKCS5.pbeWithSHA1AndRC2CBC: // no unit test available
// TODO - RC2-CBC-Parameter (PKCS5)
// if missing default to 32 bits !!!
pd.HashName = "SHA1";
algorithm = "RC2";
keyLength = 4; // default
break;
case PKCS12.pbeWithSHAAnd128BitRC4: // no unit test available
pd.HashName = "SHA1";
algorithm = "RC4";
keyLength = 16;
ivLength = 0; // N/A
break;
case PKCS12.pbeWithSHAAnd40BitRC4: // no unit test available
pd.HashName = "SHA1";
algorithm = "RC4";
keyLength = 5;
ivLength = 0; // N/A
break;
case PKCS12.pbeWithSHAAnd3KeyTripleDESCBC:
pd.HashName = "SHA1";
algorithm = "TripleDES";
keyLength = 24;
break;
case PKCS12.pbeWithSHAAnd2KeyTripleDESCBC: // no unit test available
pd.HashName = "SHA1";
algorithm = "TripleDES";
keyLength = 16;
break;
case PKCS12.pbeWithSHAAnd128BitRC2CBC: // no unit test available
pd.HashName = "SHA1";
algorithm = "RC2";
keyLength = 16;
break;
case PKCS12.pbeWithSHAAnd40BitRC2CBC:
pd.HashName = "SHA1";
algorithm = "RC2";
keyLength = 5;
break;
default:
throw new NotSupportedException ("unknown oid " + algorithm);
}
SymmetricAlgorithm sa = SymmetricAlgorithm.Create (algorithm);
sa.Key = pd.DeriveKey (keyLength);
// IV required only for block ciphers (not stream ciphers)
if (ivLength > 0) {
sa.IV = pd.DeriveIV (ivLength);
sa.Mode = CipherMode.CBC;
}
return sa;
}
private byte[] MAC (byte[] password, byte[] salt, int iterations, byte[] data)
{
PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes ();
pd.HashName = "SHA1";
pd.Password = password;
pd.Salt = salt;
pd.IterationCount = iterations;
HMACSHA1 hmac = (HMACSHA1) HMACSHA1.Create ();
hmac.Key = pd.DeriveMAC (20);
return hmac.ComputeHash (data, 0, data.Length);
}
public void KeyGeneration_Test4 ()
{
PKCS12.DeriveBytes db = new PKCS12.DeriveBytes ();
db.HashName = "SHA1";
db.IterationCount = 1000;
db.Password = password2;
db.Salt = salt5;
byte[] key = db.DeriveKey (24);
AssertEquals ("Key(1)", "48-3D-D6-E9-19-D7-DE-2E-8E-64-8B-A8-F8-62-F3-FB-FB-DC-2B-CB-2C-02-95-7F", BitConverter.ToString (key));
byte[] iv = db.DeriveIV (8);
AssertEquals ("IV(2)", "9D-46-1D-1B-00-35-5C-50", BitConverter.ToString (iv));
db.Salt = salt6;
byte[] mac = db.DeriveMAC (20);
AssertEquals ("MAC(3)", "5E-C4-C7-A8-0D-F6-52-29-4C-39-25-B6-48-9A-7A-B8-57-C8-34-76", BitConverter.ToString (mac));
}
public void KeyGeneration_Test3 ()
{
PKCS12.DeriveBytes db = new PKCS12.DeriveBytes ();
db.HashName = "SHA1";
db.IterationCount = 1000;
db.Password = password2;
db.Salt = salt4;
byte[] key = db.DeriveKey (24);
AssertEquals ("Key(1)", "ED-20-34-E3-63-28-83-0F-F0-9D-F1-E1-A0-7D-D3-57-18-5D-AC-0D-4F-9E-B3-D4", BitConverter.ToString (key));
byte[] iv = db.DeriveIV (8);
AssertEquals ("IV(2)", "11-DE-DA-D7-75-8D-48-60", BitConverter.ToString (iv));
}
public void KeyGeneration_Test2 ()
{
PKCS12.DeriveBytes db = new PKCS12.DeriveBytes ();
db.HashName = "SHA1";
db.IterationCount = 1;
db.Password = password1;
db.Salt = salt2;
byte[] key = db.DeriveKey (24);
AssertEquals ("Key(1)", "F3-A9-5F-EC-48-D7-71-1E-98-5C-FE-67-90-8C-5A-B7-9F-A3-D7-C5-CA-A5-D9-66", BitConverter.ToString (key));
byte[] iv = db.DeriveIV (8);
AssertEquals ("IV(2)", "C0-A3-8D-64-A7-9B-EA-1D", BitConverter.ToString (iv));
db.Salt = salt3;
byte[] mac = db.DeriveMAC (20);
AssertEquals ("MAC(3)", "8D-96-7D-88-F6-CA-A9-D7-14-80-0A-B3-D4-80-51-D6-3F-73-A3-12", BitConverter.ToString (mac));
}
public void KeyGeneration_Test1 ()
{
PKCS12.DeriveBytes db = new PKCS12.DeriveBytes ();
db.HashName = "SHA1";
db.IterationCount = 1;
db.Password = password1;
db.Salt = salt1;
byte[] key = db.DeriveKey (24);
AssertEquals ("Key(1)", "8A-AA-E6-29-7B-6C-B0-46-42-AB-5B-07-78-51-28-4E-B7-12-8F-1A-2A-7F-BC-A3", BitConverter.ToString (key));
byte[] iv = db.DeriveIV (8);
AssertEquals ("IV(2)", "79-99-3D-FE-04-8D-3B-76", BitConverter.ToString (iv));
}
private SymmetricAlgorithm GetSymmetricAlgorithm (string algorithmOid, byte[] salt, int iterationCount)
{
string algorithm = null;
int keyLength = 8; // 64 bits (default)
int ivLength = 8; // 64 bits (default)
PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes ();
pd.Password = _password;
pd.Salt = salt;
pd.IterationCount = iterationCount;
switch (algorithmOid) {
case PKCS5.pbeWithMD2AndDESCBC: // no unit test available
pd.HashName = "MD2";
algorithm = "DES";
break;
case PKCS5.pbeWithMD5AndDESCBC: // no unit test available
pd.HashName = "MD5";
algorithm = "DES";
break;
case PKCS5.pbeWithMD2AndRC2CBC: // no unit test available
// TODO - RC2-CBC-Parameter (PKCS5)
// if missing default to 32 bits !!!
pd.HashName = "MD2";
algorithm = "RC2";
keyLength = 4; // default
break;
case PKCS5.pbeWithMD5AndRC2CBC: // no unit test available
// TODO - RC2-CBC-Parameter (PKCS5)
// if missing default to 32 bits !!!
pd.HashName = "MD5";
algorithm = "RC2";
keyLength = 4; // default
break;
case PKCS5.pbeWithSHA1AndDESCBC: // no unit test available
pd.HashName = "SHA1";
algorithm = "DES";
break;
case PKCS5.pbeWithSHA1AndRC2CBC: // no unit test available
// TODO - RC2-CBC-Parameter (PKCS5)
// if missing default to 32 bits !!!
pd.HashName = "SHA1";
algorithm = "RC2";
keyLength = 4; // default
break;
case PKCS12.pbeWithSHAAnd128BitRC4: // no unit test available
pd.HashName = "SHA1";
algorithm = "RC4";
keyLength = 16;
ivLength = 0; // N/A
break;
case PKCS12.pbeWithSHAAnd40BitRC4: // no unit test available
pd.HashName = "SHA1";
algorithm = "RC4";
keyLength = 5;
ivLength = 0; // N/A
break;
case PKCS12.pbeWithSHAAnd3KeyTripleDESCBC:
pd.HashName = "SHA1";
algorithm = "TripleDES";
keyLength = 24;
break;
case PKCS12.pbeWithSHAAnd2KeyTripleDESCBC: // no unit test available
pd.HashName = "SHA1";
algorithm = "TripleDES";
keyLength = 16;
break;
case PKCS12.pbeWithSHAAnd128BitRC2CBC: // no unit test available
pd.HashName = "SHA1";
algorithm = "RC2";
keyLength = 16;
break;
case PKCS12.pbeWithSHAAnd40BitRC2CBC:
pd.HashName = "SHA1";
algorithm = "RC2";
keyLength = 5;
break;
default:
throw new NotSupportedException ("unknown oid " + algorithm);
}
SymmetricAlgorithm sa = null;
#if INSIDE_CORLIB && FULL_AOT_RUNTIME
// we do not want CryptoConfig to bring the whole crypto stack
// in particular Rijndael which is not supported by CommonCrypto
switch (algorithm) {
case "DES":
sa = DES.Create ();
break;
case "RC2":
sa = RC2.Create ();
break;
case "TripleDES":
sa = TripleDES.Create ();
break;
case "RC4":
sa = RC4.Create ();
break;
default:
throw new NotSupportedException (algorithm);
}
#else
sa = SymmetricAlgorithm.Create (algorithm);
#endif
sa.Key = pd.DeriveKey (keyLength);
// IV required only for block ciphers (not stream ciphers)
if (ivLength > 0) {
sa.IV = pd.DeriveIV (ivLength);
sa.Mode = CipherMode.CBC;
}
return sa;
}
